Yes, you are right the "
application-managed-securit"is not available in EAP6
Hence if you pass any credential while getting the connection from the DataSource like following, Then those credentials will take preference as it is defined as part of the SE specification :
So i see that the code change is the only option.
If you are looking for an anonymous access you can do so by removing the security-realm="ApplicationRealm" from the <http-interface> element (Security Realms - JBoss AS 7.1 - Project Documentation Editor)