I first thaught that I have to host it on an external Server but I did not know what is all possible with zimbra (I did not exactly know server extensions) and so it is easier to connect the zimlet with my http-service.
I have looked at the LoginTag but I found a solution which is a little bit more elegant. With the ExtensionDispatcherServlet (which you need for register the service) you can get the authToken of the actual request. And with this token you can see if the user has authorization (or not).
I think this is enough for me at first. The Taglib is perhaps a little bit too complicated for this purpose.
AuthToken token =ExtensionDispatcherServlet.getAuthTokenFromHttpReq(req, false);
Thank you very much yutaka. A good community around a project is so helpful
Ps. How can I mark this thread as "[SOLVED]"?