Hi all ! I read CachingLoginCredentials at http://wiki.jboss.org/wiki/Wiki.jsp?page=CachingLoginCredentials. I set DefaultCacheTimeout = 0 but I have a problem is: I allow clients can change password. So after that, if Client A was changed password and call a method of a bean ---> Authentication fail !. Have any way, after A was changed passwd, A still work normall (but DefaultCacheTimeout = 0)???