You could make 2 modules, one for the login widget, and another for the admin widget. Each widget will insert itself into a div in whichever html (or jsp) page you want.
For example, create a *.gwt.xml for each module, for example: login.gwt.xml and admin.gwt.xml. These files should both be created at the root of your gwt package, for example: com.gwt.example.
Next, create an "Entry Point" class for each (each class will implement EntryPoint). For example, Login.java might look like:
package com.gwt.example.myproject.client;
public class Login implements EntryPoint {
public void onModuleLoad() {
... create loginWidget ..
RootPanel.get("my-login-div").add(loginWidget);
}
}
So, now, when you do a gwt compile, it should create a bunch of files under war/com.gwt.example. The two you're interested in are com.gwt.example.login.nocache.js and com.gwt.example.admin.nocache.js.
Now, you can add these two js scripts into any html and/or jsp page as needed.
To complete the example, you could add the following html to add the login widget:
<html>
....other stuff...
<script type="text/javascript" language="javascript" src="com.gwt.example.login.nocache.js"></script>
....other stuff....
<div id="my-login-widget"></div>
....the rest of your html markup....
</html>
So, when you browse to this html page, it loads compiled gwt javascript, which knows to load onModuleLoad, which looks for div with id="my-login-widget" and inserts the login widget.
I've never used Spring Security, so can't be much help, other than this article looks like it might describe how to make Spring Security work over ajax.