Now that SoftHashMapCache is available and production quality in that it won't introduce memory leaks (making it a better option than a HashtableCache), we can remove the hard dependency on Ehcache in JSecurity core.
So, now the question is: 1. Do we enable a MemoryCacheManager (which would use a SoftHashMapCache) automatically by default? or 2. Do we disable caching entirely, expecting the end-user to explicitly configure a CacheManager to enable it? If we think #1 is the preferred, and an end-user does NOT want caching enabled at all, we could easily provide a NoOpCacheManager that they would configure explicitly. This dummy implementation would satisfy the CacheManager calls, it would just do nothing. If we think #2 is the preferred, it is very easy for the end-user to enable it. Something like this in the .ini config: cacheManager = org.jsecurity.cache.MemoryCacheManager securityManager.cacheManager = $cacheManager What does everyone think?
