Just lookup the DataSource from JNDI and then use the getConnection(username, password) form to obtain the connection.
Thanks for the quick reply. I understand what you said and I know how to use the getConnection with the DAO design pattern. My delima is that I am using CMP Entity Beans to access fine grained objects in the datasources, how would I configure the container to use getConnection with CMP Entity Beans?
Should I create a different security realm for each of the application managed security datasources with a login module that reads the configuration datasource for user name and password for the specific datasource? If so should I then leave the password and username attributes out of their specific *-ds.xml files? As I read the documentation if I do this the JAAS principal information will be used in the connect string, is that right, and will it be the JAAS information from the correct login module?
Really I am only trying to setup a pooled connection to be used by the current user via his alias to the given datasource. It seems that if I use the Login Module stuff then my Application Server authentication may not work as expected?
How far off am I?
Yes, you have to handle this at the login module level, but this is not application-managed-security, which cannot be used with CMP as the application is not the one obtaining the connection. Its container managed security with the security context derived from the caller's context, and there should not be any username/password in the *-ds.xml (unless there is a meaningful default).
So if the connection credentials are simply those of the caller then use a security realm that uses the org.jboss.resource.security.CallerIdentityLoginModule login module. If you need the connection credentials to be some function of the caller identity, then create your own login module using the CallerIdentityLoginModule as a starting point.