When you use Apache Tomcat
V5.5 or V6.0, the user repository in
a production environment is typically an LDAP directory or relational
database, but by default is the tomcat-users.xml file. In the tomcat-users.xml
file, which is located in the
<tomcat-users>
<user name="bob" password="guesswhat" roles="user"/>
</tomcat-users>