Using them like a stack is not currently supported, this is actually one scenario we are trying to gather more information on real world scenarios to cover further.
Generally is is the responsibility of the realm mapper(s) to select the realm.
Could you please describe further the scenario you are trying to cover?
Hello Darran, thank you for your attention.
The idea is to do something similar to what you can find in this link (password stacking): https://samaxes.com/2007/05/jboss-stacking-login-modules/
Is there something newer I can use to achieve this or am I stuck with JAAS?
For that situation you would want to use an aggregate security realm definition to chain two security realms together, that way one will be used for the authentication step and the other for loading the authorization information.