There is a package, net.sf.acegisecurity.providers.rcp, which provides everything you need. Basically your server-side has a bean exposed, RemoteAuthenticationManagerImpl:
This bean can receive a remote authentication request (via a standard remoting protocol such as Hessian) and will delegate to the server-side AuthenticationManager to determine if the authentication is valid, and if so, the GrantedAuthoritys that apply to that user.
public GrantedAuthority attemptAuthentication(String username,
String password) throws RemoteAuthenticationException;
On the RCP side you use the RemoteAuthenticationProvider. It passes authentication requests to the server-side RemoteAuthenticationManagerImpl. For successful authentications, it builds an Authentication that can then be placed onto the client-side ContextHolder. Typically you'll use the details in that Authentication to setup the BASIC authentication headers of your remoting client proxies, and/or enable secured actions in the RCP project.
Check out the Petclinic RCP sample to see all of this in action.