Uploaded image for project: 'JBoss Enterprise Application Platform'
  1. JBoss Enterprise Application Platform
  2. JBEAP-19051

[GSS](7.3.z) HAL-1677 - Broken 'domain.xml' after migration of <host-scoped-roles> leading to 'Boostrap error' in HAL

    Details

    • Target Release:
    • Steps to Reproduce:
      Hide
      • Install a vanilla JBoss EAP 7.1.6 and a vanilla JBoss EAP 7.2.3
      • On JBoss EAP 7.1.6 change the domain.xml/management configuration to this:
            <management>
                <access-control provider="simple">
                    <host-scoped-roles>
                        <role name="custom-role-name" base-role="Administrator">
                        </role>
                    </host-scoped-roles>
                    <role-mapping>
                        <role name="SuperUser">
                            <include>
                                <user name="$local"/>
                            </include>
                        </role>
                    </role-mapping>
                </access-control>
            </management>
        
        
      • Run the migration $JBOSS_72_HOME/bin/jboss-server-migration.sh -s $JBOSS_71_HOME -t $JBOSS_72_HOME
      • Add an arbitrary management user to JBoss EAP 7.2.3
      • Start JBoss EAP 7.2.3 server in domain mode and access the HAL http://localhost:9990
      Show
      Install a vanilla JBoss EAP 7.1.6 and a vanilla JBoss EAP 7.2.3 On JBoss EAP 7.1.6 change the domain.xml / management configuration to this: <management> <access-control provider= "simple" > <host-scoped-roles> <role name= "custom-role-name" base-role= "Administrator" > </role> </host-scoped-roles> <role-mapping> <role name= "SuperUser" > <include> <user name= "$local" /> </include> </role> </role-mapping> </access-control> </management> Run the migration $JBOSS_72_HOME/bin/jboss-server-migration.sh -s $JBOSS_71_HOME -t $JBOSS_72_HOME Add an arbitrary management user to JBoss EAP 7.2.3 Start JBoss EAP 7.2.3 server in domain mode and access the HAL http://localhost:9990
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Add the missing nested <host> element manually in the domain.xml of the target.

      Show
      Add the missing nested <host> element manually in the domain.xml of the target.
    • QE Test Coverage:
      +

      Description

      When migrating a domain configuration from JBoss EAP 7.1.6 having a broken <host-scoped-roles> configuration, the resulting domain.xml on EAP 7.2 is broken as well.

      JBoss EAP 7.1 is relaxed during accessing the HAL and simply ignores the broken configuration, whereas JBoss EAP 7.2 will not allow access to the HAL and report a Bootstrap error.

      The jboss-server-migration.[sh|bat] should identify this broken configuration and deny the migration of it.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  soul2zimate Chao Wang
                  Reporter:
                  soul2zimate Chao Wang
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: