This is not the case. JAAS supports multiple LoginModules (which is seen in the JAAS configuration file in the documentation page you linked to) each of which is flagged with required, requisite, sufficient, or optional. See http://docs.oracle.com/javase/1.5.0/docs/api/javax/security/auth/login/Configuration.html
If you have two LoginModules, each of which is "sufficient" this means that either one of them can authenticate the user.
