I did try NTLM authentication using jciFS . It did work sometimes., but sometimes the Domain Controller threw a 'Access Violation' exception. I didnt have the time and energy to figure out what was wrong. So I took an alternate approach.
I setup Apache WebServer with the kerberos module (mod_kerberos). I then used mod_jk connnector to connect Apache with
Tomcat.
So with this setup, Apache does the SSO authentication and passes in the logged in user id as a request attribute to Tomcat. Tomcat grabs the user id, queries Active Directory and gets the user's group and sets appropriate access permission.
Not pretty, but it works for me.
MCSD, SCJP, SCWCD, SCBCD, SCJD (in progress - URLybird 1.2.1)