I am looking for an example of how one might set different CachePolicies, or at least different timeouts, for different application-policies. I am unable to find anything other than a brief mention of AuthenticationCacheJndiName in the documentation.

My main application-policy governs web user access using a subclass of HttpServletRequestLoginModule. At the same time I have an application-policy using SecureIdentityLoginModule to allow encrypted passwords for each of my datasources. The user authentication policy needs to have a very short timeout so changes to user rights are reflected rather quickly. However, the database passwords won't change outside a server restart so theoretically I should never expire them.

Stress testing is showing problems with JaasSecurityManager.updateCache when the datasources are under load; even with the fix for http://jira.jboss.org/jira/browse/JBAS-3141 in place. Tuning the caching seems like a good option.