I n your own words please explain how Apache Shiro is a viable alternative to Spring Security for user authentication