1 of 1 people found this helpful
I'm not familiar with Apache Shiro, so maybe someone who is might provide more insight. At first glance, it certainly seems possible to integrate it for authentication and authorization. Note that ACL authorization is performed inside ModeShape and at this time is not extensible; of course you can implement your own authorization mechanism.
If you haven't already, look at our documentation about implementing your own authorization and authentication providers. We also have several implementations of these inside our codebase, and I believe other folks have implemented their own.