If you use adf security in your application and you also selected anonymous access in the adf wizard then you automatically are logged in as anonymous if this page does not have security and if you go to a page where there is no anonymous security defined then you get a login window or you can start the following url /project-context/adfAuthentication to get the login windows.
Here you define in the pagedef of the page that to see the page you have to have the view permission.
If you run the adf security wizard then the following files are created or changed
element sec:JaasSecurityContext added
anonymous login account
and of course the web.xml
If you start the adf security wizard yourself then select no identity store by step 4. Then you use the jazn of the embedded oc4j, the other options gives jazn errors
Make sure if you run on windows xp that you start jdeveloper in single user mode ( jdeveloper -singleuser) else the jazn editor in the embedded oc4j does nothing.
In the next adf security blog I will demostrate the different security options in a page.