For some CloudBees containers (not all currently) - there is a private mode that you can turn on (for example when an app is in development, or only for a small group to use).
You can do this with Play! 2 via the Global settings and filters/interceptors:
All you need to so is copy that file into your controllers directory - and you are done.
To turn it on you run “bees config:set password=SECRETKEY” - it will then prompt for basic auth the next time you redeploy/restart the app - so you can keep your app private with a throw-away key (it ignores the user name in the current implementation - you can change that behaviour if you want).
We are also looking at ways to do openid/oauth type access control for apps - watch this space.
UPDATE: If you have an existing Global.java in your play project, you can still use this, as per https://groups.google.com/forum/?fromgroups=#!topic/play-framework/4lmK8V2_6QI (thanks to James Roper and google!)