The Shiro framework's default concrete implementation of the {@link SecurityManager} interface, based around a collection of {@link hunt.shiro.realm.Realm}s. This implementation delegates its authentication, authorization, and session operations to wrapped {@link Authenticator}, {@link Authorizer}, and {@link hunt.shiro.session.mgt.SessionManager SessionManager} instances respectively via superclass implementation. <p/> To greatly reduce and simplify configuration, this implementation (and its superclasses) will create suitable defaults for all of its required dependencies, <em>except</em> the required one or more {@link Realm Realm}s. Because {@code Realm} implementations usually interact with an application's data model, they are almost always application specific; you will want to specify at least one custom {@code Realm} implementation that 'knows' about your application's data/security model (via {@link #setRealm} or one of the overloaded constructors). All other attributes in this class hierarchy will have suitable defaults for most enterprise applications. <p/> <b>RememberMe notice</b>: This class supports the ability to configure a {@link #setRememberMeManager RememberMeManager} for {@code RememberMe} identity services for login/logout, BUT, a default instance <em>will not</em> be created for this attribute at startup. <p/> Because RememberMe services are inherently client tier-specific and therefore aplication-dependent, if you want {@code RememberMe} services enabled, you will have to specify an instance yourself via the {@link #setRememberMeManager(RememberMeManager) setRememberMeManager} mutator. However if you're reading this JavaDoc with the expectation of operating in a Web environment, take a look at the {@code hunt.shiro.web.DefaultWebSecurityManager} implementation, which <em>does</em> support {@code RememberMe} services by default at startup.