Have people tried to build on top of Shiro a centralized authentication / authorization service? The architecture doc seems to suggest that's an expected use case. Are there already bindings that provide HTTP API over Shiro? I'd like to have a centralized server that can manage authorization / authentication / session management for multiple different applications.
If no bindings exist, any potential issues to watch out for using Shiro over HTTP? I am very much concerned about performance with the http overhead. Thanks, Jean
