Hi we run through the same problem.
I found (http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html) this information regarding caching:
"Note that you can configure the JaasSecurityManager to use a cache of authentication information so that a JAAS login is not performed on every method invocation. If no cache is specified in the JaasSecurityManager's configuration, a timed cache is used by default."
From our test JBoss refresh cached authentication information in 30 minutes range (30 minutes after change was made actually).
I still looking to configure caching mechanizm (change cached time, enforce refreshing...)
If you get more information regarding caching, can you share it?
There are two solutions for Authentication caching, that I was able to find:
1. Set Cached timeout (by default it is 30 minutes)
This site explains how to do it:
2. Flush authentication info.
This site has solution: