Bug 1012596 - RBAC: Unable to cancel "Run as" restrictions in domain
RBAC: Unable to cancel "Run as" restrictions in domain
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web Console (Show other bugs)
Unspecified Unspecified
unspecified Severity urgent
: ER7
: EAP 6.2.0
Assigned To: Harald Pehl
Jakub Cechacek
Russell Dickenson
Depends On:
Blocks: 1014047
  Show dependency treegraph
Reported: 2013-09-26 13:25 EDT by Jakub Cechacek
Modified: 2013-12-15 11:20 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
Cause: Consequence: Workaround (if any): Results:
Story Points: ---
Clone Of:
Last Closed: 2013-12-15 11:20:52 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
JBoss Issue Tracker HAL-222 Major Resolved Unable to cancel "Run as" restrictions in domain 2013-11-21 11:32:42 EST

  None (edit)
Description Jakub Cechacek 2013-09-26 13:25:22 EDT
After restricting your permission with "Run as" in domain, the tool becomes unavailable due to auth error. 

How to reproduce

1) log in as superuser 
2) use "Run as" to restrict your permissions to monitor
3) try to revert 2)
Comment 1 Heiko Braun 2013-09-27 07:50:52 EDT
Can you elaborate on this: "the tool becomes unavailable due to auth error. " ?
Comment 2 Jakub Cechacek 2013-09-30 03:51:42 EDT

When trying to open "Run as" window after it was used previously, the attempt will end up with "Unknown error - Authentication required"
Comment 3 JBoss JIRA Server 2013-09-30 09:09:36 EDT
Harald Pehl <hpehl@redhat.com> updated the status of jira HAL-222 to Resolved
Comment 4 JBoss JIRA Server 2013-09-30 09:09:36 EDT
Harald Pehl <hpehl@redhat.com> made a comment on jira HAL-222

Clear RUN_AS cookie in bootstrap
Comment 5 Vladimir Dosoudil 2013-10-01 07:59:44 EDT
Moving back to ASSIGNED (https://docspace.corp.redhat.com/docs/DOC-154626).
There's no PR to eap 6.x github repo https://github.com/jbossas/jboss-eap/
Comment 6 Vladimir Dosoudil 2013-10-01 08:47:16 EDT
The umbrella issue #1014047 is available now.
Comment 10 Jakub Cechacek 2013-10-08 12:20:06 EDT
Still not fixed in ER5.
Comment 13 Harald Pehl 2013-10-25 06:49:17 EDT
EAP 6.2.0.ER6 uses release-stream-2.0.3.Final-redhat-1-resources.jar which does contains the bug as described above.

However this is fixed in release-stream >=2.0.4.Final. Using ER7 must not show the bug as this version uses HAL release stream 2.0.5.Final.

You can test this now by replacing the console in ER6:

1. Get the latest HAL release stream "release-stream-2.0.5.Final-resources.jar" from https://repository.jboss.org/nexus/index.html#nexus-search;quick~release-stream

2. Overwrite the console in ER6:
cp release-stream-2.0.5.Final-resources.jar <ER6_HOME>/modules/system/layers/base/org/jboss/as/console/eap/release-stream-2.0.3.Final-redhat-1-resources.jar

3. Restart ER6 and reload the console.
Comment 14 Brian Stansberry 2013-10-25 17:34:10 EDT
Moving to MODIFIED since the 2.0.5.Final console is in the EAP branch.
Comment 15 Jakub Cechacek 2013-11-05 09:18:43 EST
The main issue of this BZ was resolved -- verified 6.2.0.ER7.

However I've talked to Harald and discovered that the only reliable way to clear ROLE headers is logout, thus see BZ1026823

Note You need to log in before you can comment on or make changes to this bug.