When running a repository via the ModeShape AS subsystem, this repository always uses a JAAS security domain (by default modeshape-security) and creates behind the scenes a container-specific AuthenticationProvider which uses this security domain.

On the other hand, the AS kit offers the possibility of user-defined custom Authentication providers. If these are present in the configuration, we should make sure they are added first in the chain of providers which will be invoked to authenticate a user, before the built-in container providers.