I deployed a simple test ear on Branch_4_2 and found that it got associated with HsqlDbRealm. That seems odd. The ear is very straightforward. A webapp with a couple servlets and an ejb jar with one SLSB. Nothing is specified as being secured; there aren't even any jboss-specific deployment descriptors in the ear. I'm using this ear to try to track down a classloader leak on undeploy. Found a reference chain leading back to the TimedCachePolicy in JaasSecurityManager. Not sure if that's a problem -- should the cache be flushed on undeploy, or is it expected the ref will eventually clear when the entry times out? Pending finding an answer to the above, I decided to just have my test flush the "other" cache so I could see if there were other leakage paths. But it didn't work -- for some reason the entry was stored in the "HsqlDbRealm" cache. I have no idea why. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3994890#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...