Hi all, I've updated the Play integration to Shiro to 2.1, and stuck a warning on it as I haven't subjected it to any kind of testing.
Play doesn't use the Servlet API, so I couldn't use the shiro-web integration -- to ensure that sessions are never created, I looked at the web security manager, subject context and subject factory, and made sure anything that pointed to a new session simply returned null. Code appears to work correctly -- let me know if there's something bizarrely wrong or missing in it. https://github.com/wsargent/play-shiro Will.
