Apache Shiro and Spring Security seems to be competing frameworks when it comes to application security.

I'm not going to ask the usual question i.e what's the main difference but rather something strikingly odd I read at Infoq

Who’s Using Shiro?
Many open-source communities are using Shiro as well, for example, Spring, Grails, Wicket, Tapestry, Tynamo, Mule, and Vaadin, just to name a few.

Source: http://www.infoq.com/articles/apache-shiro
What part of Spring uses Shiro exactly? Where does Spring Security take part in the Spring portfolio if that's really the case? Is there something that Shiro has that Spring Security can't do for the Spring team?

Thanks. Just a curious thought