It's sometimes required to reuse a business logic layer to authenticate a user. Let's say a JPA set of entities and business logic to connect to a backend.
In order to avoid putting all the app in the container, we created the LazyRealm (which is also a CDI enabler) so that you can provide the realm in your webapp.
It's fine, but then, it requires the user to always create a realm wrapper to which the LazyRealm can delegate to. The wrapper can get business beans and delegate the authentication.
It could be better to instead have a generic CDI realm firing CDI events so that the webapp can react and do the authentication.