First of all, you should be aware that no matter what you do, if an attacker gains access to your server files, he will be able to steal the password.
If you use an app server’s datasource then you just move the location of the plaintext password to a different file.
If you use some form of encryption to avoid storing a plaintext password your app will still have to decrypt it with another password which it will already have. If an attacker goes to great lengths to gain access to your system you can be fairly confident that he will know that too. What you are doing is obfuscating (and gaining a false sense of security) rather than actually securing it.
A more secure solution is for a user to provide the password (or a password to decrypt the DB password) during your app’s startup, but that will make administration really difficult. And if you are already paranoid (the good security kind, not the crazy kind) that someone has access to your server, you should consider that the DB password will reside in the system memory.
Other than that, keep your password in your configuration file (which you can be fairly confident that the server won’t show to the outside world), lock down your system and give the database user only the minimum permissions required.