Realms use key factories, certificate factories, password factories, etc. Most of the time they just use the default installed providers. Enhance the realms to accept an optional Supplier<Provider[]> which will be used to load these kinds of things. The default supplier should be Security::getProviders().