As we are marching towards the 1.0.0 I decided assign a few more issues to myself, one of them being Regarding SHIRO-110: Remove org.apache.shiro.mgt.SubjectBinder and its usages. There really weren't too many places left so it's an easy removal. The only only area where I'm not completely sure what to do is SecurityManager.getSubject(). Supposedly an implementation could always create a subject but there's createSubject for that purpose so getSubject() might be redundant and somewhat misleading. SecurityManager.getSubject was added in 0.9. Should we deprecate SecurityManager.getSubject() or outright remove it? If we leave it alone or just deprecate, DefaultSecurityManager.getSubject() could call ThreadContext.getSubject() - same as SecurityUtils and as a fallback createSubject(new HashMap()). SecurityManager.getSubject() is only called from SecurityUtils within Shiro but SecurityManager is a fairly visible interface.
Les, do you think we should getSubject() as is and provide the default implementation as suggested? If it's simpler to talk when you see the code, I could commit the suggested implementation and we could review afterwards. Kalle
