Bug 1012596

Summary: RBAC: Unable to cancel "Run as" restrictions in domain
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Jakub Cechacek <jcechace>
Component: Web ConsoleAssignee: Harald Pehl <hpehl>
Status: CLOSED CURRENTRELEASE QA Contact: Jakub Cechacek <jcechace>
Severity: urgent Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.2.0CC: brian.stansberry, dosoudil, hpehl, jcechace, jkudrnac
Target Milestone: ER7   
Target Release: EAP 6.2.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
Cause: Consequence: Workaround (if any): Results:
 Story Points: ---
Clone Of: Environment:
Last Closed: 2013-12-15 16:20:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1014047    

Description Jakub Cechacek 2013-09-26 17:25:22 UTC 
After restricting your permission with "Run as" in domain, the tool becomes unavailable due to auth error. 

How to reproduce

1) log in as superuser 
2) use "Run as" to restrict your permissions to monitor
3) try to revert 2)
Comment 1 Heiko Braun 2013-09-27 11:50:52 UTC 
Can you elaborate on this: "the tool becomes unavailable due to auth error. " ?
Comment 2 Jakub Cechacek 2013-09-30 07:51:42 UTC 
@Heiko 

When trying to open "Run as" window after it was used previously, the attempt will end up with "Unknown error - Authentication required"
Comment 3 JBoss JIRA Server 2013-09-30 13:09:36 UTC 
Harald Pehl <hpehl> updated the status of jira HAL-222 to Resolved
Comment 4 JBoss JIRA Server 2013-09-30 13:09:36 UTC 
Harald Pehl <hpehl> made a comment on jira HAL-222

Clear RUN_AS cookie in bootstrap
Comment 5 Vladimir Dosoudil 2013-10-01 11:59:44 UTC 
Moving back to ASSIGNED (https://docspace.corp.redhat.com/docs/DOC-154626).
There's no PR to eap 6.x github repo https://github.com/jbossas/jboss-eap/
Comment 6 Vladimir Dosoudil 2013-10-01 12:47:16 UTC 
The umbrella issue #1014047 is available now.
Comment 10 Jakub Cechacek 2013-10-08 16:20:06 UTC 
Still not fixed in ER5.
Comment 13 Harald Pehl 2013-10-25 10:49:17 UTC 
EAP 6.2.0.ER6 uses release-stream-2.0.3.Final-redhat-1-resources.jar which does contains the bug as described above.

However this is fixed in release-stream >=2.0.4.Final. Using ER7 must not show the bug as this version uses HAL release stream 2.0.5.Final.

You can test this now by replacing the console in ER6:

1. Get the latest HAL release stream "release-stream-2.0.5.Final-resources.jar" from https://repository.jboss.org/nexus/index.html#nexus-search;quick~release-stream

2. Overwrite the console in ER6:
cp release-stream-2.0.5.Final-resources.jar <ER6_HOME>/modules/system/layers/base/org/jboss/as/console/eap/release-stream-2.0.3.Final-redhat-1-resources.jar

3. Restart ER6 and reload the console.
Comment 14 Brian Stansberry 2013-10-25 21:34:10 UTC 
Moving to MODIFIED since the 2.0.5.Final console is in the EAP branch.
Comment 15 Jakub Cechacek 2013-11-05 14:18:43 UTC 
The main issue of this BZ was resolved -- verified 6.2.0.ER7.

However I've talked to Harald and discovered that the only reliable way to clear ROLE headers is logout, thus see BZ1026823