Index: SecurityManager.java
===================================================================
--- SecurityManager.java	(revision 107225)
+++ SecurityManager.java	(working copy)
@@ -240,7 +240,11 @@
       boolean trace = log.isTraceEnabled();
       boolean hasRole = false;
 
-      SubjectInfo info = (SubjectInfo) authCache.get(token.getSessionId());
+      SubjectInfo info = null;
+      synchronized (authCache)
+      {
+         info = (SubjectInfo) authCache.get(token.getSessionId());
+      }
       if (info == null)
          throw new JMSSecurityException("User session is not valid");