So WSO2 DSS have the ability to provide dynamic user authentication, which is documented here [1]. You can either give a static mapping configuration, or else provide a Java class implementation to give the mapping dynamically at runtime. So how this works is, it maps the service authenticated Carbon user with the database user. So you will have to use like UsernameToken to be used with the data service, and you will have to provide a user/password when calling the service, which will in-turn be mapped to a database user.
So if this approach is not feasible, and if you really need to provide the user/password in the message payload, then a possibility would be to write an Axis2 handler and inject the current messages's username+password as the "username" MessageContext property, so internally when we read the username we would be getting the "username+password" we set earlier in the handler. (I can't really remember if the MessageContext property is "username" or not, better check it out). So anyways, as I've mentioned, this information will be later available at "DynamicUserAuthenticator#lookupCredentials(String user)" method's "user" parameter. So from there, we can just decode the username/password from that and return it from that method, which will be used when creating the database connections.
[1] http://docs.wso2.org/wiki/display/DSS301/Dynamic+User+Authentication
Cheers, Anjana.