Hai, We are also facing the same problem. Our problem is we are spawning threads (which access ejb methods!). After spawning the thread we are changing the password. After that when the thread accesses the Bean methods Security exception is thrown. Please let us know if you find a solution for this.
no solution found: we invalidate the session and force the user to login again
Actually we are also invalidating the session and forcing the user to logout. But in our case we need to restart the server also apart from the client.
We found a solution. Actually after updating the password you need to logout using the LoginContext of that user and login again.
eg., LoginContext.logout () and LoginContext.login ().
Hope this helps