About https://issues.jboss.org/browse/EXOJCR-1619, to avoid any misunderstanding, can you ask internally how we can flush cached credentials (as described here http://docs.jboss.org/jbosssecurity/docs/6.0/security_guide/html_single/index.html#The_JBoss_Security_Extension_Architecture-The_JaasSecurityManagerService_MBean) on JBoss AS 7? Maybe it is not needed anymore? Or do you expect that I ask the question in the forum of JBoss AS 7?