I have a web application that runs under JBoss on a Linux server. I need my users to be able to type their Windows username and password into the web form and be authenticated against the Windows Domain Controller. I'm not particular to how this is done. This could be done via LDAP, Kerberos, native NTLM calls from Java, etc. It doesn't really matter to me how its done. I basically have 3 requirements and as long as the solution meets the requirements points will be awarded.
1) The solution must authenticate the windows credentials and return the list of security groups the user is a member of (only if authentication is successful, otherwise send a failure message)
2) The solution must be cross platform. Since I'm running on a Linux platform I can't use dll's or things that are Windows specific. Ideally the solution will be pure Java.
3) The solution must work in both Firefox and IE (I'm not using, and can't use NTLM in IE for authentication).
Bonus points will be awarded for sample code that illustrates the solution.