Each type of user owns a role that reflects expected behaviour and actions. See DefaultSecurityUsers (or application.properties) class that collects all usernames and passwords for default users. To define which URL is secured by which role an OpenHub uses WebSecurityConfig, respectively AdminSecurityConfig classes.
There are the following default users and passwords from application.properties:
# username and password for accessing web service of this integration platform by other systems
If custom security is required first of all is to define own global authentication via GlobalAuthenticationConfigurerAdapter (see GlobalSecurityConfig). Probably you will use #init(AuthenticationManagerBuilder) method to define authentication manager (manager of users and their roles).