Poor man's authentication in applications deployed on an OC4J instance of an Oracle 10.1.3.x application server often comes down to using basic HTTP authentication and storing user names and passwords in the jazn-data.xml file located in the src/META-INF folder of your ViewController (or UserInterface) project. The technique is documented in Chapter 10 of the Oracle Application Development Framework: Tutorial 10g Release 3 (10.1.3).
A question that I had to answer the first time i started using this was how to change a user's password. I posted this to the JDeveloper forum and Frank Nimphius explained that it is as easy as entering the text in clear text preceded by an ! and then restarting the OC4J instance. The passowrd gets automatically hashed.
The other thing I found out is that, when the application gets redeployed then the jazn-data.xml file does not get copied to the application server so you are left with the initial users created during the initial deployment.
The actual file is stored in $ORACLE_HOME/j2ee/OC4J_NAME//application-deployments/myApp
where OC4J_NAME is the name of the oc4j instance and MyApp is the name of the j2ee application.
The best way for me to handle this is to edit and test it on local PC, then copy it to the application server and restart OC4J. So for my EOrders application deployed in the OC4J_SAP instance the story goes like this :
oracle@lachesis:~/product/10.1.3.1/OracleAS_1/j2ee/OC4J_SAP/application-deployments/EOrders> scp thanassis@lxBakalidis:/home/thanassis/jdevhome/mywork/EOrders/View Controller/src/META-INF/jazn-data.xml . Password: jazn-data.xml 100% 2419 2.4KB/s 00:00 oracle@lachesis:~/product/10.1.3.1/OracleAS_1/j2ee/OC4J_SAP/application-deployments/EOrders> vi jazn-data.xml oracle@lachesis:~/product/10.1.3.1/OracleAS_1/j2ee/OC4J_SAP/application-deployments/EOrders> opmnctl startproc process-type=OC4J_SAP opmnctl: starting opmn managed processes... oracle@lachesis:~/product/10.1.3.1/OracleAS_1/j2ee/OC4J_SAP/application-deployments/EOrders>