If the server is installed and running in an application server, like Apache Tomcat, the authentication system provided by the application server is used. For, e.g. Apache Tomcat the default user administration takes place in the tomcat-users.xml file.

Important: Please refer to the documentation of the application server for setting up the credentials.

Some application server allow to define different credential stores for each application or to use a single store. This is important if you're planning to use Single Sign On.

Once you've defined the users and roles in the realm of your application server, you have to modify the web.xml to use the roles in our application as well. The location of this file depends on the application server. Add the roles to be used to the XML file:

   ...
   <security-role>
      <role-name>users</role-name>
   </security-role>
   <security-role>
      <role-name>guests</role-name>
   </security-role>
</web-app>