Description:

When migrating a domain configuration from JBoss EAP 7.1.6 having a broken <host-scoped-roles> configuration, the resulting domain.xml on EAP 7.2 is broken as well.

JBoss EAP 7.1 is relaxed during accessing the HAL and simply ignores the broken configuration, whereas JBoss EAP 7.2 will not allow access to the HAL and report a Bootstrap error.

The jboss-server-migration.[sh|bat] should identify this broken configuration and deny the migration of it.

Reproduce:

• Install a vanilla JBoss EAP 7.1.6 and a vanilla JBoss EAP 7.2.3
• On JBoss EAP 7.1.6 change the domain.xml/management configuration to this:

      <management>
          <access-control provider="simple">
              <host-scoped-roles>
                  <role name="custom-role-name" base-role="Administrator">
                  </role>
              </host-scoped-roles>
              <role-mapping>
                  <role name="SuperUser">
                      <include>
                          <user name="$local"/>
                      </include>
                  </role>
              </role-mapping>
          </access-control>
      </management>
  
  

• Run the migration $JBOSS_72_HOME/bin/jboss-server-migration.sh -s $JBOSS_71_HOME -t $JBOSS_72_HOME
• Add an arbitrary management user to JBoss EAP 7.2.3
• Start JBoss EAP 7.2.3 server in domain mode and access the HAL http://localhost:9990