This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
On application startup, you can obtain all the usernames and passwords and store them in an arraylist in the session. Thereafter you can obtain these in your jsp from the arrayList and compare the user entered user names and passwords and verify. However, note that this will manke your session object size heavy, and morethe number of users, greater will be the disadvantage, as compared to a server or database hit.
I agree with Pratik Lohia. One small suggestion, instead of maintaining as a session object, you can construct a class that can act as a cache and when ever you need, this object may be referred. Implement this class as read/load once with a singleton instance available in memory. So the first time the user info is requested, you can load the properties and all further requests may just read it from this one. The difference is that all user info is maintained out of session.