I have a connection pool configured, although I�m not quite sure that makes any sense because how can the application server keep a pool of connections when we don�t provide a user ID and password with the connection pool properties?
That's correct, the connection pool abstracts away from individual users. If everyone has their own password, then you need to create a new connection (or connection pool, although that might be overkill or unfeasible) for every user.
I�ve read somewhere that once we let the container handle authentication; we no longer have access to the user ID and password through the code.
That's true for the servers I know, and that is, of course, the whole point of container-managed authentication.
Currently we are temporarily disabling the form-based authentication and grabbing the user ID and password and passing it on down through the code to the JDBC connection, but that doesn�t sound correct and I would like to fix it.
It seems weird, but that's because web auth and DB auth are two different things - it's very unusual for the accounts or password to be identical. That's why there is no ready-made integration between the two.