Shiro is very customizable. It provides interfaces for doing your Authentication and Authorization. If you ever need to change your authentication from Basic to Oauth, all you have to do is implement a new class and plug it in.
The interfaces to look into are Realm
, AuthenticatingRealm
, AuthorizingRealm
, Subject
, AuthenticationToken
and SimpleAuthorizationInfo
.