ANNOUNCEMENT: community.oracle.com is currently Read only due to planned upgrade until 29-Sep-2020 9:30 AM Pacific Time. Any changes made during Read only mode will be lost and will need to be re-entered when the application is back read/write.
Thus we can register users in the Application Server or create them locally using (java -jar ords.war user ...) which is only recommended for development / test environments.
So, when I access a secured resource I will be prompted for a username/password. If I use user credentials which I registered in Glassfish ... I can successfully log in. If there is no matching user it will pick up the credentials from the local "credentials" file. The point is that in the instructions ( https://docs.oracle.com/cd/E56351_01/doc.30/e56293/develop.htm#AELIG90056) we just create a new user. But where is the connection between the user and the J2EE application ords.war? We didn't apply any security realm to ords.war.
Anybody knows what is happening behind the scenes?