For more Information read this:
http://community.jboss.org/docs/DOC-16876
Server Side ( standalone.xml )
/etc/krb5.keytab
User needs read right on this file. ( how to create this is same as in AS 5.1 .. )
rpm's :
libgssapi.i386
libgsasl.i386
Some Parameters for AS7 JVM ( tested with Java 6 )
-Djavax.security.auth.useSubjectCredsOnly=false -Dsun.security.jgss.native=true -Dsun.security.jgss.lib=/usr/lib/libgssapi.so.2
Optional Debug Options : -Djavax.net.debug=true -Dsun.security.krb5.debug=true
..
..
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="host" cache-type="default">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule"
flag="required">
<module-option name="debug" value="true"/>
<module-option name="principal"
value="HTTP/myserver.myServerDomain.com@MyWindowsDomain.com"/>
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="keyTab" value="/etc/krb5.keytab"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="SPNEGO" cache-type="default">
<authentication>
<login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule"
flag="requisite">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="host"/>
<module-option name="removeRealmFromPrincipal" value="true"/>
</login-module>
</authentication>
</security-domain>
..
..
In you Web App ( WAR )
- Add to your Application Delivery WAR/WEB-INF/jboss-web.xml
This is needed so Web Container support Negotiation Authentication:
<jboss-web>
<security-domain>java:/jaas/SPNEGO</security-domain>
<valve>
<class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>
</valve>
<jacc-star-role-allow>true</jacc-star-role-allow>
</jboss-web>
- Add to your Application Delivery WAR/WEB-INF/web.xml
<security-constraint>
<display-name>Security Constraint on Conversation
</display-name>
<web-resource-collection>
<web-resource-name>examplesWebApp</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>RequiredRole</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>SPNEGO</auth-method>
<realm-name>SPNEGO</realm-name>
</login-config>
<security-role>
<description> role required to log in to the Application </description>
<role-name>RequiredRole</role-name>
</security-role>
Enjoy Login to you Web Application using your Windows Login...