Try this site:
It's a tutorial to implement basic-http authentication in jboss 2.4.4 but it should also work on jb3. Note that in the web.xml, where you put "basic" inside you should use "form" instead, so that you get form-based login. Now all you need is to specify the login- and error-page and put a form on the first one containing "j_password", "j_username" and calling the action "j_security_check". The specification of the pages inside the web.xml works like this:
For more information please mail to me, since I'm not reading this forum regularly.
I think the biggest problemm here is to configure jboss3 realms properly so that it does authenticate.
If someone got it to work, please post the config files example here. Files looking for are: