anonymous wrote : | The point is, there is no reason why application managed security means that the username and password have to be passed to the jca provided connection factory getConnection call. | Yes it does. Unless you want to put the ConnectionRequestInfo data somewhere else, like a properties file there is no way for the JCA layer to be able to reconstruct a connection for recovery in this scenario. If it's being yanked from somewhere else, fine, but at that point your are no longer in application-managed security land your in a half ass *-ds.xml file land with the security information residing in a different place. anonymous wrote : | If it is available because some user passed it in, fine, but it is not how server frameworks should be coded. | Propose an alternative to the problem: A connection that has been created via getConnection(username, password) has failed. The RecoveryManager needs to be able to recreate the connection and initiate recovery on the underlying resource. So, what should the JCA layer do. Remember, you don't have the username/password because it is 'application managed'. Where does this information come from? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4009645#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...