JIRA caches different data in JiraAuthenticationContextImpl for each request in ThreadLocal. That data is cleared after each request by Jira in case of HTTP requests, so there is no problem there.
When you use com.atlassian.jira.security.JiraAuthenticationContext directly or indirectly from your code in separate thread, you need to clear the cache. In other case you will have thread which leaks ThreadLocal and holds large amount of memory in com.atlassian.jira.bc.issue.search.QueryCacheImpl$QueryCacheLiteralsKey.
Example of indirect use of JiraAuthenticationContext:
- Create/Update public documentation for developers which references JiraThreadLocalUtil or OffRequestThreadExecutor.
- Explain use cases of JiraThreadLocalUtil and share examples of proper API method.
- As a workaround, you will need to add a cache clear somewhere to prevent these objects from accumulating over time. Here's some general docs on this api:
- An example of how plugin vendor implemented this: TransitionWorkflowExtended.html