I have done a demo which implement my own custom Authentication.the class named 'MyAuthenticationProvider'implements the interface AuthenticationProvider and the class of 'MySecurityContext' implements both SecurityContext and AuthorizationProvider.But I don't understand how to use the shiro's Authentication and Authorization in modeshape.I want to store my users,roles and resources in modeshape as its nodes and porperties.I am not sure that I should extend modeshape provider with shiro, or I should use my custom Authentication to control modeshape and use shiro to control my apllication.
To determine whether ModeShape should create a session given a set of credentials using content in the repository will require some bootstrapping, since your AuthenticationProvider implementation will have to be able to access the content and thus be authenticated. I'm not exactly sure how best to do this. It may require an enhancement in 4.0.
Authorization is much easier, since you can implement the AdvancedAuthorizationProvider interface, and this already provides a way for your provider to access the session content.