thanks for the reply ragavgomatam. but the problem I am trying to look at is removal of the successful login from the cache. From my example above. Lets say:
1) My DefaultCacheTimeout in jboss-service.xml is set to default (30 mins).
2)I log in as john successfully (username:john, password 1234). Principal john gets cached.
3) I close my browser in 2 minutes. I open my browser after 10 mins. I am prompted with a login screen.
4) I log in, but *incorrectly*. username:john, password 1111. The error page I have defined in my web.xml kicks in.
*At this point, I also want to remove from the cache, the successful login from step 2.*
5) So, now, if john goes back to the login page and logs in correctly, I want to authenticate against my database instead of the cache.

For this I needed a way to go through the subjects, catch the correct subject, get the correct principal and remove it from the correct principal set, yes? That is where I am a bit stuck in, how does one get to all the subjects? I can see the principal being set in the commit method, but in logout, the Set is blank. I believe this is because on my second login attempt, the subject is different that the previous one (successful attempt at step 2).

Another question is: If we cannot call the logout, how do I log out of my web application? Would I need to try session invalidation? I am confused as to how this will remove the principal from JBoss cache.
thanks.

I see....but is there no way to directly get at a subject from my previous login, inside my customloginmodule?
thanks

ragavgomatam, if I do programatic flushing via JMX in my custom login module, wouldn't that be equivalent? do you see any dis advantage of doing this?
I am looking at these options because I wanted to remove the subject from the cache only based on some condition and not everytime the user closes the browser.
let me know your thoughts

http://wiki.jboss.org/wiki/CachingLoginCredentials