This still is not application managed security ala getConnection(username, password). The admin may have to use a hardware key fob to supply this info. If the recovery security configuration allows for a ConsoleCallbackHandler to obtain the information, that is the user's choice. Its still external configuration to jca as far as I can see. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4009656#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...