Using spring security with vaadin 23, but own authorization code (Not URL-Route based)

In the past we have used our own authentication+authorization code in side vaadin applications, where authentication+authorization data was stored in a database.
Since we now need to integrate SSO with Azure AD, we are looking into switching to spring security, which has AzureAD SSO support.
Question: Is it possible to use vaadin spring security with authentication + role fetching from AzureAD, but then still use our own authorization code, or do we have to completetly swithc to spring security also for authorization?

Without knowing any more details, I guess the answer is yes

Basically we have the logged in user instance in the Vaadin session and we use al isAllowed(user, module, task) type of security query

I don’t see why that would need to change

You should probably do something like that anyway, even with route-based security