Refactoring the ModularRealmAuthorizer to use the Strategy design pattern (like the ModularRealmAuthenticator) is probably the best approach. This allows pluggable strategies to be used so you don't need to subclass.
As far as SHIRO-231 is concerned, I agree with it, but I really think we need to revert that change until 2.0. We should not introduce fundamental (breaking) API changes in a minor version release. (This is the reason for the APR versioning guidelines at least). Thoughts? Les
