This sample release (if properly installed) knows about five users: alan, donar, pj2, radar, thorgal, all having the same password as their user name and all of them beig part of the same group -- drdcal. (Being part of the drdcal group allows simple rolemapping in the deployment descriptor.)
Amount of users is constant and there is no need to change it once the application is deployed, though it is possible.
You have to set J2EE server to know these users, this is an implementation specific task (on Sun J2EE 1.4 beta one can use the j2ee-admin web interface). While adding the user one should keep in mind:
Uses MySQL database. Uses just SQL92, so it should be possible to rewrite the application to use any possible database.
Connection to database is set up and destroyed in ServletContextListener. Before autentication the connection is cheked, if something goes wrong, user is not allowed to login.
To make application more portable (school, home), there are several database uri's hardcoded in the source and at the startup (in ServletContextListener) the first successfull connection is used.
Database should be populated before first usage and first login. Use the appropriate link from main page.