If Shiro is configured for both authentication and authorization (as recommended), then this class is in the role of Authenticator .

However, although there are two objects, they are set up to share the same SecurityManager Shiro SecurityManager (bound to a thread-local).

class AuthenticatorShiro {
  AuthenticatorShiro(CausewayConfiguration configuration)
  boolean canAuthenticate(Class<? extends AuthenticationRequest> authenticationRequestClass)
  InteractionContext authenticate(AuthenticationRequest request, String code)
  void logout(InteractionContext context)
  InteractionContext authenticationFor(AuthenticationRequest request, String validationCode, AuthenticationToken token, Subject currentSubject)