private SecurityService getSecurityService()
{
// this is ugly, the underlying API doesn't understand that there is more than one <security-service>,
// each with one or more <auth-realm>. So we'll just take the first config
final Domain domainConfig = getDomainRootProxy().child(Domain.class);
final Config config = domainConfig.getConfigs().getConfig().values().iterator().next();
return config.getSecurityService();
}