The legacy security subsystem contains a deployment unit processor which establishes the JACC Policy for a deployment as it is deployed, once this subsystem is removed the policy is no longer established.

We need an equivalent within the WildFly Elytron subsystem, at the same time we need to avoid duplication. Ideally if one subsystem can detect the other it can skip installing it's own DUPs but failing that the DUP will need to check if the other is present. As we are looking at the required steps to remove legacy security by default we may want to consider the Elytron approach having a higher priority.