Why does a Realm extend Authorizer? Shouldn't only the AuthorizingRealm implement Authorizer? This makes the AuthenticatingRealm fairly useless since you need to implement a bunch of authorizing operations even if your realm is not supposed to do anything more than just authenticate. There's probably a good reason for Authorizer being the top level interface rather than Realm, but it's just not immediately obvious for me. Even then, I hope we could straighten this out in a future release since it just doesn't seem right to me. Les, care to comment, I bet you have a pretty good insight into this.
Kalle
