In the SecurityUtils documentation it mentions that a non-static application singleton is preferred over a VM static singleton:
http://shiro.apache.org/static/current/apidocs/org/apache/shiro/SecurityUtils.html#setSecurityManager(org.apache.shiro.mgt.SecurityManager) However all the examples I find talk about using the following method to get the subject: SecurityUtils.getSubject() I am having trouble putting these two concepts together. If you are using a non-static application singleton (for the SecurityManager) does that not mean you should interact directly with SecurityManager (rather than SecurityUtils)? However the SecurityManager does not have methods such as getSubject(). Alternatively, I thought the application could get the subject from the thread state but I don't think this is correct either. Does anyone know how a non-static application singleton implementation would typically work? Cheers, Stuart
