This is a trusted client problem, without looking to deep into JDBC regarding authentication extensions on top of the standard JDBC connections credentials, I suggest that you wrap all requests through your own DB layer.
I have actually implemented a JDBC wrapper using Ajax where the client issues direct SQL statements from within JS to a Servlet which translates those into DB requests, I implemented update and query and the whole implementation is less than 300 lines Java Servlet code and 60 lines of JS code.
The solution does not include any authentication but that is easily added on top of the HTTP layer. Anyway you have a trusted client problem, it does not solve the problem where a hacked client can access the whole database schema outside any predefined or specified use cases, e.g:
select * FROM records
Instead of the backend request:
SELECT id, data, val, ... FROM records WHERE userid = ...
Which only selects the records that was created by the authenticated user. The only way to ensure that security is maintained is to only access the DB through predefined data retrieval/modification methods. Otherwise the security and data isolation must be enforced by the Database itself, Read "expensive big O database" :)
My 400 line JS/Java example above is used in a test system for in house usage only.