The aggregate security realm supports specifying an aggregate of an authentication realm and one or more authorization realms. For more information about how the aggregate realm works, check out this blog post.

This task involves adding logging to indicate when we found the security identity for authentication and when we found the security identity for authorization.

To better understand the flow, add breakpoints to the AggregateRealmTest
and AggregateSecurityRealm classes.