When migrating RemoteHostValve or RemoteAddrValve which contains multiple allows or denies or contains both as in [1], it is migrated incorrectly. In the resulting expression the acl attribute should be in format acl={'xxx allow', 'yyy deny'}, but instead it results in acl='xxx allow, yyy deny' which is incorrect and results in exception when doing any request to the server.

Marking as critical as that it was migrated incorrectly the customer will not find out during migration but when actually doing request to the server.

Might be interesting to ehugonne1@redhat.com

[1]

 <valve name="request-filter" module="org.jboss.as.web" class-name="org.apache.catalina.valves.RemoteAddrValve">
        <param param-name="deny" param-value="10.0.0.1"/>
        <param param-name="allow" param-value="127.*"/>
    </valve>