A user needs to be able to change their own password. However, JBoss 2.4.4 caches the user information after it does the initial login.

Using Scott Stark's "How To" article as a baseline, run example2-test0 which has the password "echoman". Now change the password in the database to "echoone" and login again as echoman -- you still get in. Change the build file to switch the password to "echoone" -- that works too. Now change the build file back to log in as "echoman" and it fails. Note: echoone still works.

A simple solution to have the password change take effect immediately:
1) User logs in with the old password and changes the password to a new value. Now, both passwords will work.
2) Unbeknownst, relogin with the new password. Now, only the new password works.

I can live with this.