security subsystem fails to add JASPI authentication configuration

The security subsystem is either not parsing the JASPI config or interpreting the resulting add operation correctly. The login-module-stack tag requires a name attribute. The parsed ModelNode does not reflect the attribute name of 'name' only the value. When org.jboss.as.security.SecurityDomainAdd.processJASPIAuth(...) is executed an exception is thrown when validating that 'name' exists. (stack.require(NAME).asString() Below is an example config recreating the problem, the ModelNodes created from the config and the resulting exception. Attempts to add a child 'name' element to the configuration as a work around caused failures during parsing of the security subsystem.

Example JASPI configuration consistent with jboss-as-security_1_1.xsd

<security-domain name="tutor-ldap">
<authentication-jaspi>
<login-module-stack name="ldap-stack" >
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="bindDN" value="uid=admin,ou=system"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="baseCtxDN" value="ou=users,ou=system"/>
<module-option name="baseFilter" value="(sn=

{0})"/>
<module-option name="rolesCtxDN" value="ou=groups,ou=system"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="roleAttributeIsDN" value="false"/>
<module-option name="java.naming.referral" value="follow"/>
<module-option name="roleRecursion" value="-1"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="allowEmptyPasswords" value="false"/>
</login-module>
</login-module-stack>
<auth-module code="org.jboss.as.web.security.jaspi.modules.HTTPFormServerAuthModule" login-module-stack-ref="ldap-stack">
</auth-module>
</authentication-jaspi>
</security-domain>

h3.Operations created during parsing of authentication-jaspi config

{
"operation" => "add",
"address" => [
("subsystem" => "security"),
("security-domain" => "tutor-ldap")
]
}, {
"operation" => "add",
"address" => [
("subsystem" => "security"),
("security-domain" => "tutor-ldap"),
("authentication" => "jaspi")
],
"auth-modules" => [{ "code" => "org.jboss.as.web.security.jaspi.modules.HTTPFormServerAuthModule", "login-module-stack-ref" => "ldap-stack", "module-options" => undefined }]
}, {
"operation" => "add",
"address" => [
("subsystem" => "security"),
("security-domain" => "tutor-ldap"),
("authentication" => "jaspi"),
("login-module-stack" => "ldap-stack")
],
"login-modules" => [{
"code" => "LdapExtended",
"flag" => "required",
"module-options" => [
("java.naming.provider.url" => "ldap://localhost:10389"),
("bindDN" => "uid=admin,ou=system"),
("bindCredential" => "secret"),
("baseCtxDN" => "ou=users,ou=system"),
("baseFilter" => "(sn={0}

)"),
("rolesCtxDN" => "ou=groups,ou=system"),
("roleFilter" => "(member=

{1})"),
("roleAttributeID" => "cn"),
("roleAttributeIsDN" => "false"),
("java.naming.referral" => "follow"),
("roleRecursion" => "-1"),
("searchScope" => "SUBTREE_SCOPE"),
("java.naming.security.authentication" => "simple"),
("allowEmptyPasswords" => "false")
]
}

h3.ModelNode during execution of add operation

"cache-type" => undefined,
"authentication" => {"jaspi" => {
"auth-modules" => [{ "code" => "org.jboss.as.web.security.jaspi.modules.HTTPFormServerAuthModule", "login-module-stack-ref" => "ldap-stack", "module-options" => undefined }],
"login-module-stack" => {"ldap-stack" => {"login-modules" => [{
"code" => "LdapExtended",
"flag" => "required",
"module-options" => [
("java.naming.provider.url" => "ldap://localhost:10389"),
("bindDN" => "uid=admin,ou=system"),
("bindCredential" => "secret"),
("baseCtxDN" => "ou=users,ou=system"),
("baseFilter" => "(sn={0})"),
("rolesCtxDN" => "ou=groups,ou=system"),
("roleFilter" => "(member={1}

)"),
("roleAttributeID" => "cn"),
("roleAttributeIsDN" => "false"),
("java.naming.referral" => "follow"),
("roleRecursion" => "-1"),
("searchScope" => "SUBTREE_SCOPE"),
("java.naming.security.authentication" => "simple"),
("allowEmptyPasswords" => "false")
]
}]}}
}}
}

Exception thrown during process of operations

08:11:13,947 ERROR [org.jboss.as.controller.management-operation] (ServerService Thread Pool – 44) JBAS014612: Operation ("add") failed - address: ([
("subsystem" => "security"),
("security-domain" => "tutor-ldap")
]): java.util.NoSuchElementException: No child 'name' exists
at org.jboss.dmr.ModelValue.requireChild(ModelValue.java:362) [jboss-dmr-1.1.1.Final.jar:]
at org.jboss.dmr.PropertyModelValue.requireChild(PropertyModelValue.java:156) [jboss-dmr-1.1.1.Final.jar:]
at org.jboss.dmr.ModelNode.require(ModelNode.java:812) [jboss-dmr-1.1.1.Final.jar:]
at org.jboss.as.security.SecurityDomainAdd.processJASPIAuth(SecurityDomainAdd.java:333) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd.createApplicationPolicy(SecurityDomainAdd.java:213) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd.launchServices(SecurityDomainAdd.java:167) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd$1.execute(SecurityDomainAdd.java:156) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd$1.execute(SecurityDomainAdd.java:157) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd$1.execute(SecurityDomainAdd.java:157) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.security.SecurityDomainAdd$1.execute(SecurityDomainAdd.java:157) [jboss-as-security-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.server.AbstractDeploymentChainStep.execute(AbstractDeploymentChainStep.java:46) [jboss-as-server-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.server.AbstractDeploymentChainStep.execute(AbstractDeploymentChainStep.java:46) [jboss-as-server-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.executeStep(AbstractOperationContext.java:359) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.doCompleteStep(AbstractOperationContext.java:254) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.AbstractOperationContext.completeStep(AbstractOperationContext.java:190) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at org.jboss.as.controller.ParallelBootOperationStepHandler$ParallelBootTask.run(ParallelBootOperationStepHandler.java:311) [jboss-as-controller-7.1.0.CR1-SNAPSHOT.jar:]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_25]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_25]
at java.lang.Thread.run(Thread.java:662) [:1.6.0_25]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)