It seems you've confused between the database user definition and application users.
The database user definition is required by the database server (hsqldb in your case). The application server (Tersus/Tomcat) must provide valid user credentials in order to open a connection and accept requests. The user credentials are provided via the context (configuration) file.Unless you've changed the default configuration of your database, which I presume you have not, the user and password specified in the context file should be left at their defaults, which are "sa" and "" (empty string) respectively.
Application users are, as explained @ http://www.tersus.com/#Id=324, used to control access by end users to specific parts/functionality in a given application. When implemented the user credentials (such as the default Super/Super) should be provided by the end user (on-line via the browser), rather than in a configuration file, just as you would login to any other web applications out there.
As a side note, which is not directly connected to this issue, you should consider upgrading tomcat to 6.0, which is the recommended version by Tersus (as mentioned @ http://www.tersus.com/#Id=1385). This is important, since the 5.5 stream is nearing end of life (see http://tomcat.apache.org/tomcat-55-eol.html), and doubly so given that you're not using the latest version from that stream (5.5.35), and as far as I remember, upgrading to the latest version will create incompatibilities with Tersus, and therefore is not practical).
For best results, use the Firefox browser..