shiro.ini is a poor means for configuration in our configuration-rich ODL context. Some primary concerns involve the fact that shiro.ini is not replicated nor consistent across a cluster of ODL nodes. This change will depend on the fact that proper authorization to restrict these models is installed so that not anyone can change the auth mechanisms (i.e., rogue user switches to a tautology authentication/authorization implementation). Additionally lack of proper SOA means that services can't be dynamically decided at runtime (i.e., swap out backing implementation).

Simply put, shiro.ini sucks. This was a known limitation when shiro was first integrated, but was swallowed hook line and sinker for the other advantages that the integration provided. It is time for us to change this so that shiro is configured using a more mature and robust mechanism (i.e., clustered-app-config).