Basic authentication, Tomcat Security Realms, OpenLDAP, JAAS, j_security_check, AD
There's actually a fair amount of overlap in this list. j_security_check indicates
form authentication which -like basic authentication- is one of the forms of web app security as defined by the
servlet spec. Tomcat ties these to repositories of user information called
realms. Out of the box, Tomcat ships with realms that keep the user information (usernames, passwords and roles) in files, databases, LDAP or JAAS. I believe that AD is accessible via LDAP, so that could be used as well.
Before going into more detail, does this help? Let us know if you have more specific questions (which I think is likely - it's a confusing subject when one first approaches it).
[ July 25, 2008: Message edited by: Ulf Dittmer ]