Is there any point in setting the user-name and password attributes on a datasource in a ds.xml file if a security-domain is set? Would the user-name and password attributes ever have any effect?
I'm specifically curious about hsqldb-ds.xml. It contains both methods of declaring a username, but the username in the security domain seems to be be the one being used.
Yes, the static username/password would be used as the defaults if the security domain allowed for unauthenticated users. The hsqldb setup does not allow a connection without a username/password.