Any client that runs in WebSphere Application Server - Express, such as a servlet or JSP, can look up a Java 2 Connector (J2C) resource (such as a data source) in the Java Naming and Directory Interface (JNDI) namespace and obtain connections without providing authentication data. These clients use a component managed authentication alias defined on the resource, which is the default value used when the user and password are not supplied on the getConnection call. However, you can pass the user and password on the getConnection call, as well as disable security of lookups using WebSphere Application Server - Express.
See the following topics for detailed information on how to manage lookup security:
Pass user and password on the getConnection call
This topic explains the necessary prerequisites before the user and and password can be passed on the getConnection call.Disable lookup security
Although it is not recommended, it is possible to turn off the secure mode for a particular data source or connection factory.