JSEC-42 - made SecurityManager extend SessionManager instead of SessionFactory (reasons documented in the issue).