Not directly, no. The Secure module is designed for UI based authentication. That said, building security around a controller using HTTP Authentication is pretty trivial.

There are a number of options, which depend on your use case on how to make this work. If you are building RESTful web services, then using HTTP Auth may be the way to go, but if you are using AJAX, that has already used the login page, then checking the cookie may be you answer.

If you look at the Http.Request object, you will see that it contains both a username and password fields. These are specifically used for HTTP authentication. So, you could have an action that does the following

public static void myJSONAction() {
    if ("secretuser".equals(request.user) && "secret".equals(request.password)) {
        // do some JSON
    }
    else {
        // tell them they are not authorised to this content
        unauthorized( "Secret Realm" ); 
    }
}

Alternatively, if your JSON is used as AJAX on a website, I would be tempted to just check the secure module’s cookie (take a look at the source to find the name of the cookie) to determine who the logged in user is.