I use the following code to flush the role, but I use the request.isUserInRole('Anonymous'), the result is still true:
private void logout() throws Exception { String domainName = "EatOutDomain"; MBeanServer server = (MBeanServer) MBeanServerFactory .findMBeanServer(null).get(0); String jaasMgrName= "jboss.security:service=JaasSecurityManager"; ObjectName jaasMgr = new ObjectName(jaasMgrName); Object[] params = { domainName }; String[] signature = { "java.lang.String" }; List users = (List) server.invoke(jaasMgr, "getAuthenticationCachePrincipals", params, signature); for (int i = 0; i < users.size(); i++) { SimplePrincipal principal = (SimplePrincipal) users.get(i); Object[] pParams = { domainName, principal }; String[] pSignature = { "java.lang.String", "java.security.Principal"}; server.invoke(jaasMgr, "flushAuthenticationCache", pParams, pSignature);