The AAF Services are RESTful HTTP/S accessed. However, utilizing AAF for Authentication and Authorization depends on the Technology used. Your Service may be a Java Servlet, at which point, you would utilize the J2EE Plugin (CadiFilter) which utilizes the CADI Framework in an easy-to-plugin manner, but if your code is not a Servlet, you can utilize the CADI Framework Directly.
In the following list, please choose the best technology fit going forward.
CADI provides a J2EE (Servlet-api) compliant "CadiFilter". This is added to you service the way other Filters are, and, in best practice, utilizes a "cadi.properties" file to setup
TODO - Using CADI as Filter
This technology uses the exact same code as the CADI Filter, but allows you to create and call the underlying objects directly.