Interesting project. I'm no great expert, but I'll throw my 2-cents in for what it's worth
Offhand, I reckon you wouldn't be able to use Unix security.
Picture this: Your users are on their PCs hitting your intranet through their web-browsers. What's happening at the server end? Answer: the client's requests are being handled by your web-server.
And that's the problem. Your WebServer is a single process, with its own user-id and protection. Unix security never sees the "remote" user-id, and it doesn't have the faintest idea which user the web-server is servicing at the moment.
In fact, of course, the WebServer could very well be servicing a user that doesn't even have a logon id on the unix box (just like you don't have a logon id at the machine that's hosting JavaRanch).
The closest you can get to it is that you can get the WebServer to prompt for a login against one of its own user-ids, and that enables users to access various directories protect by the ".htaccess" files. Of course, ".htaccess" is a filename coded into the WebServers, not Unix.