As stated, I am developing a springboot application with following tech stack: 1. CAS for SSO 2. LDAP for usrname, password storage
Till here all works fine. Now I need to add apache shiro for authorization. I am not sure about what should be the realm definition as I don't want authentication to be done by Shiro. I am not able to find any decent example with this combination.
Well.. Shiro gives too many things.. Authentication + authorization + encryption etc.
In my case, ACL can be achieved using CustomVoter in spring security.
Hence, decided not to use Shiro.