This is an article for people seeking ways by which they can secure their Java EE Web Apps. I am assuming that your web app contains servlets, jsps, html etc. If you have a Seam based app, then Seam Security is what you should look for.
Bare Minimum Security
This is when you just want to secure your web app in the most minimalistic way. Something like the default jmx-console that you want to ship with JBoss AS7.
Step 1: Add a security-constraint to your web.xml
Step 2: Add a security-domain to your jboss-web.xml
Step 3: Configure a security domain in standalone.xml
Step 4: Have users.properties and roles.properties files in WEB-INF/classes directory of your web application
That is it. How do you achieve these steps? Look in the references below.