Change SecurityContextHolder to ThreadLocal due to IBM JDK 1.3 issues as described at http://tinyurl.com/8zhka and reported by Scott McCrory on acegisecurity-developer 8 November 2005.

core/src/main/java/org/acegisecurity/context/SecurityContextHolder.java

@@ -35,13 +35,13 @@ import org.springframework.util.Assert;
  * @author Ben Alex
  * @version $Id$
  *
- * @see java.lang.InheritableThreadLocal
+ * @see java.lang.ThreadLocal
  * @see net.sf.acegisecurity.context.HttpSessionContextIntegrationFilter
  */
 public class SecurityContextHolder {
     //~ Static fields/initializers =============================================
 
-    private static InheritableThreadLocal contextHolder = new InheritableThreadLocal();
+    private static ThreadLocal contextHolder = new ThreadLocal();
 
     //~ Methods ================================================================
 

doc/docbook/acegi.xml

@@ -366,9 +366,9 @@
         <literal>Authentication</literal>. All Acegi Security classes query
         the <literal>SecurityContextHolder</literal> for obtaining the current
         <literal>SecurityContext</literal> (and in turn the principal).
-        <literal>SecurityContextHolder</literal> is an
-        <literal>InheritableThreadLocal</literal>, meaning it is associated
-        with the current thread of execution.</para>
+        <literal>SecurityContextHolder</literal> is a
+        <literal>ThreadLocal</literal>, meaning it is associated with the
+        current thread of execution.</para>
       </sect2>
 
       <sect2 id="security-contexts-storage">