Extend your aspect to enforce an authenticated user when @Authenticated methods or constructors are executed.

To model the authentication, we will present the user with an input dialog where he/she can select the role. This is of course a simplification: in production, we would of course have to prompt for login and password and verify these against a password database.

The code to manage the current role for the user and to present the authentication dialog is shown here:

import javax.swing.JOptionPane;
import figures.annotations.Authenticated;
 
public aspect AccessControl {
  ...
  Authenticated.Role role;
 
  public void authenticate() {
    role = (Authenticated.Role)
      JOptionPane.showInputDialog(null,
        "Select role", "Input",
        JOptionPane.INFORMATION_MESSAGE, null,
        Authenticated.Role.values(), role);
  }
  ...
}

As long as the user is not authenticated, we keep presenting him the authentication dialog. In other words, the actual access control check can be as simple as:

while(role == null)
  authenticate();