If a datasource security configuration includes both user-name and security-domain, the config will be rejected by DsSecurityImpl, via CredentialImpl.validate():

   public void validate() throws ValidateException
   {
      if (userName != null)
      {
         if (securityDomain != null)
         {
            throw new ValidateException(bundle.invalidSecurityConfiguration());
         }
      }
   }

If this is an invalid combination, the xsd should state this, and the relevant attribute definitions in the subsystem should use setAlternatives(...) as well.