[ http://jira.jboss.com/jira/browse/JBAS-3012?page=comments#action_12384499 ] joshmoore commented on JBAS-3012: --------------------------------- Scott, could you clarify what you think the cause is here? We are running into this as well. A long running server had over 100K login modules plus 400K SimplePrincipals and 100K SecurityAssociationHandlers, SimpleGroups, etc. which eventually brought it to its knees. I've posted a screen shot from jprofiler at https://trac.openmicroscopy.org.uk/omero/ticket/818 , and confirmed that calling DynamicLoginConfig's flushAuthenticationCaches does free almost everything up. Not, however, the SecurityAssociation$SubjectContext instances. I'm still looking into that. My planned work-around is to periodically call flushAuthenticationCaches. Any thoughts? Many thanks, Josh Moore Glencoe Software, Inc. The Open Microscopy Environment From: jboss-service.xml <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="omero:service=LoginConfig"> <attribute name="AuthConfig">META-INF/jboss-login.xml</attribute> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> From: jboss-login.xml <policy> <application-policy name="OmeroSecurity"> <authentication> <login-module code = "ome.security.JBossLoginModule" flag = "required"> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "dsJndiName">java:/omeroDS</module-option> <module-option name = "hashAlgorithm">MD5</module-option> -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira