The copy of the Subject made by the JaasSecurityService is just a shallow copy of the various subject sets. This is fine for immutable objects, but if there are mutable objects that are destroyed when the cache is flushed and the login module executes this can have side effects on other threads. The only way this can be avoided is to make a deep copy using clone for objects that implement Cloneable and override the Object.clone method to correctly implement a deep copy. We should add such a deep copy option.