There's 2 ways to use Windows security in
JEE. The easy way is to connect the appserver to Active Directory using LDAP. In pure
Tomcat, there's an LDAP security realm that does this that you set up in the Tomcat application Context. For JBoss, I think that it goes in the jboss configuration file for that webapp. This is all portable
Java, and should work the same way under both Windows and Linux - although NOTE: The gcj Java system that's installed as the default JVM under Debian is NOT 100% compliant; you have to use a Sun JVM or equivalent.
There's also a messier and less portable way to authenticate against Windows. It requires a specialized module PLUS changing some desktop browser settings for IE or Firefox. The advantage of that method is that you don't get a separate login for your webapp - since you're already logged into Windows, it inherits your Windows security context. Which can be convenient, as long as you don't need to use a different identity in your webapp and are OK with the idea that being logged into Windows means that anyone who has access to your Windows machine is automatically granted access to the webapp.
The second (more integral) approach is not part of the standard distribution - it requires a third-party add-on, plus, as I said, every computer that wants to use it has to be configured, since that ability is turned off by default (I know that's unusual for Microsoft, but that's how it is). Most people are content just to use the LDAP security Realm.