From 168aaa8d2474bc82f1fac82521cf93e53e362df7 Mon Sep 17 00:00:00 2001
From: Alessandro Boch <aboch@cisco.com>
Date: Fri, 14 Jun 2013 17:16:01 -0700
Subject: [PATCH] Adding container authorization code in web bundles

- This is for passing the front-end the privilege the current user has on the container and for enforcing the authorization filter in the web bundles rest api handlers.

Signed-off-by: Alessandro Boch <aboch@cisco.com>
---
 .../sal/authorization/Privilege.java          |   4 +-
 .../controller/devices/web/Devices.java       | 284 +++++++++++-------
 .../devices/web/DevicesJsonBean.java          |  11 +
 .../controller/flows/web/Flows.java           |  64 ++--
 .../controller/web/DaylightWebUtil.java       |  62 ++--
 .../controller/topology/web/Topology.java     |  72 ++---
 .../troubleshoot/web/Troubleshoot.java        | 184 +++++++-----
 .../web/TroubleshootingJsonBean.java          |   8 +-
 8 files changed, 393 insertions(+), 296 deletions(-)

diff --git a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/Privilege.java b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/Privilege.java
index 63babe7d0a..fb9662366f 100644
--- a/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/Privilege.java
+++ b/opendaylight/sal/api/src/main/java/org/opendaylight/controller/sal/authorization/Privilege.java
@@ -9,10 +9,12 @@
 
 package org.opendaylight.controller.sal.authorization;
 
+import java.io.Serializable;
+
 /**
  * It represents the group/resource access privilege
  */
-public enum Privilege {
+public enum Privilege implements Serializable {
     NONE(""), // no privilege
     READ("r"), // read only
     USE("u"), // use
diff --git a/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/Devices.java b/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/Devices.java
index 188be8aee6..534c2c293c 100644
--- a/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/Devices.java
+++ b/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/Devices.java
@@ -20,7 +20,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.codehaus.jackson.map.ObjectMapper;
-import org.opendaylight.controller.usermanager.IUserManager;
 import org.opendaylight.controller.web.DaylightWebUtil;
 import org.opendaylight.controller.web.IDaylightWeb;
 import org.springframework.stereotype.Controller;
@@ -30,12 +29,14 @@ import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.opendaylight.controller.forwarding.staticrouting.IForwardingStaticRouting;
 import org.opendaylight.controller.forwarding.staticrouting.StaticRouteConfig;
+import org.opendaylight.controller.sal.authorization.Privilege;
 import org.opendaylight.controller.sal.authorization.UserLevel;
 import org.opendaylight.controller.sal.core.Config;
 import org.opendaylight.controller.sal.core.Name;
 import org.opendaylight.controller.sal.core.Node;
 import org.opendaylight.controller.sal.core.NodeConnector;
 import org.opendaylight.controller.sal.core.Tier;
+import org.opendaylight.controller.sal.utils.GlobalConstants;
 import org.opendaylight.controller.sal.utils.HexEncode;
 import org.opendaylight.controller.sal.utils.ServiceHelper;
 import org.opendaylight.controller.sal.utils.Status;
@@ -82,13 +83,20 @@ public class Devices implements IDaylightWeb {
 
     @RequestMapping(value = "/nodesLearnt", method = RequestMethod.GET)
     @ResponseBody
-    public DevicesJsonBean getNodesLearnt(HttpServletRequest request, @RequestParam(required = false) String container) {
+    public DevicesJsonBean getNodesLearnt(HttpServletRequest request,
+            @RequestParam(required = false) String container) {
         Gson gson = new Gson();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
         ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                 .getInstance(ISwitchManager.class, containerName, this);
         List<Map<String, String>> nodeData = new ArrayList<Map<String, String>>();
-        if (switchManager != null) {
+        if (switchManager != null && privilege != Privilege.NONE) {
             for (Switch device : switchManager.getNetworkDevices()) {
                 HashMap<String, String> nodeDatum = new HashMap<String, String>();
                 Node node = device.getNode();
@@ -174,6 +182,7 @@ public class Devices implements IDaylightWeb {
 
         DevicesJsonBean result = new DevicesJsonBean();
         result.setNodeData(nodeData);
+        result.setPrivilege(privilege);
         List<String> columnNames = new ArrayList<String>();
         columnNames.add("Node ID");
         columnNames.add("Node Name");
@@ -199,13 +208,19 @@ public class Devices implements IDaylightWeb {
             @RequestParam("nodeId") String nodeId,
             @RequestParam("tier") String tier,
             @RequestParam("operationMode") String operationMode,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil
+                .getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean resultBean = new StatusJsonBean();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                     .getInstance(ISwitchManager.class, containerName, this);
@@ -224,9 +239,16 @@ public class Devices implements IDaylightWeb {
 
     @RequestMapping(value = "/staticRoutes", method = RequestMethod.GET)
     @ResponseBody
-    public DevicesJsonBean getStaticRoutes(HttpServletRequest request, @RequestParam(required = false) String container) {
+    public DevicesJsonBean getStaticRoutes(HttpServletRequest request,
+            @RequestParam(required = false) String container) {
         Gson gson = new Gson();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
         IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
                 .getInstance(IForwardingStaticRouting.class, containerName,
                         this);
@@ -239,16 +261,19 @@ public class Devices implements IDaylightWeb {
         if (routeConfigs == null) {
             return null;
         }
-        for (StaticRouteConfig conf : routeConfigs.values()) {
-            Map<String, String> staticRoute = new HashMap<String, String>();
-            staticRoute.put("name", conf.getName());
-            staticRoute.put("staticRoute", conf.getStaticRoute());
-            staticRoute.put("nextHopType", conf.getNextHopType());
-            staticRoute.put("nextHop", conf.getNextHop());
-            staticRoute.put("json", gson.toJson(conf));
-            staticRoutes.add(staticRoute);
+        if (privilege != Privilege.NONE) {
+            for (StaticRouteConfig conf : routeConfigs.values()) {
+                Map<String, String> staticRoute = new HashMap<String, String>();
+                staticRoute.put("name", conf.getName());
+                staticRoute.put("staticRoute", conf.getStaticRoute());
+                staticRoute.put("nextHopType", conf.getNextHopType());
+                staticRoute.put("nextHop", conf.getNextHop());
+                staticRoute.put("json", gson.toJson(conf));
+                staticRoutes.add(staticRoute);
+            }
         }
         DevicesJsonBean result = new DevicesJsonBean();
+        result.setPrivilege(privilege);
         result.setColumnNames(StaticRouteConfig.getGuiFieldsNames());
         result.setNodeData(staticRoutes);
         return result;
@@ -260,13 +285,19 @@ public class Devices implements IDaylightWeb {
             @RequestParam("routeName") String routeName,
             @RequestParam("staticRoute") String staticRoute,
             @RequestParam("nextHop") String nextHop,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil
+                .getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean result = new StatusJsonBean();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
         try {
             IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
                     .getInstance(IForwardingStaticRouting.class, containerName,
@@ -294,13 +325,18 @@ public class Devices implements IDaylightWeb {
     @ResponseBody
     public StatusJsonBean deleteStaticRoute(
             @RequestParam("routesToDelete") String routesToDelete,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean resultBean = new StatusJsonBean();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
         try {
             IForwardingStaticRouting staticRouting = (IForwardingStaticRouting) ServiceHelper
                     .getInstance(IForwardingStaticRouting.class, containerName,
@@ -329,22 +365,33 @@ public class Devices implements IDaylightWeb {
 
     @RequestMapping(value = "/subnets", method = RequestMethod.GET)
     @ResponseBody
-    public DevicesJsonBean getSubnetGateways(HttpServletRequest request, @RequestParam(required = false) String container) {
+    public DevicesJsonBean getSubnetGateways(HttpServletRequest request,
+            @RequestParam(required = false) String container) {
         Gson gson = new Gson();
         List<Map<String, String>> subnets = new ArrayList<Map<String, String>>();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-        ISwitchManager switchManager = (ISwitchManager) ServiceHelper
-                .getInstance(ISwitchManager.class, containerName, this);
-        if (switchManager != null) {
-            for (SubnetConfig conf : switchManager.getSubnetsConfigList()) {
-                Map<String, String> subnet = new HashMap<String, String>();
-                subnet.put("name", conf.getName());
-                subnet.put("subnet", conf.getSubnet());
-                subnet.put("json", gson.toJson(conf));
-                subnets.add(subnet);
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(
+                userName, containerName, this);
+
+        if (privilege != Privilege.NONE) {
+            ISwitchManager switchManager = (ISwitchManager) ServiceHelper
+                    .getInstance(ISwitchManager.class, containerName, this);
+            if (switchManager != null) {
+                for (SubnetConfig conf : switchManager.getSubnetsConfigList()) {
+                    Map<String, String> subnet = new HashMap<String, String>();
+                    subnet.put("name", conf.getName());
+                    subnet.put("subnet", conf.getSubnet());
+                    subnet.put("json", gson.toJson(conf));
+                    subnets.add(subnet);
+                }
             }
         }
         DevicesJsonBean result = new DevicesJsonBean();
+        result.setPrivilege(privilege);
         result.setColumnNames(SubnetConfig.getGuiFieldsNames());
         result.setNodeData(subnets);
         return result;
@@ -355,13 +402,18 @@ public class Devices implements IDaylightWeb {
     public StatusJsonBean addSubnetGateways(
             @RequestParam("gatewayName") String gatewayName,
             @RequestParam("gatewayIPAddress") String gatewayIPAddress,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean resultBean = new StatusJsonBean();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                     .getInstance(ISwitchManager.class, containerName, this);
@@ -386,13 +438,18 @@ public class Devices implements IDaylightWeb {
     @ResponseBody
     public StatusJsonBean deleteSubnetGateways(
             @RequestParam("gatewaysToDelete") String gatewaysToDelete,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, container, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean resultBean = new StatusJsonBean();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                     .getInstance(ISwitchManager.class, containerName, this);
@@ -419,14 +476,18 @@ public class Devices implements IDaylightWeb {
     public StatusJsonBean addSubnetGatewayPort(
             @RequestParam("portsName") String portsName,
             @RequestParam("ports") String ports,
-            @RequestParam("nodeId") String nodeId,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            @RequestParam("nodeId") String nodeId, HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean resultBean = new StatusJsonBean();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                     .getInstance(ISwitchManager.class, containerName, this);
@@ -453,13 +514,18 @@ public class Devices implements IDaylightWeb {
     public StatusJsonBean deleteSubnetGatewayPort(
             @RequestParam("gatewayName") String gatewayName,
             @RequestParam("nodePort") String nodePort,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean resultBean = new StatusJsonBean();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
         try {
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                     .getInstance(ISwitchManager.class, containerName, this);
@@ -483,38 +549,51 @@ public class Devices implements IDaylightWeb {
 
     @RequestMapping(value = "/spanPorts", method = RequestMethod.GET)
     @ResponseBody
-    public DevicesJsonBean getSpanPorts(HttpServletRequest request, @RequestParam(required = false) String container) {
+    public DevicesJsonBean getSpanPorts(HttpServletRequest request,
+            @RequestParam(required = false) String container) {
         Gson gson = new Gson();
-        List<String> spanConfigs_json = new ArrayList<String>();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-        ISwitchManager switchManager = (ISwitchManager) ServiceHelper
-                .getInstance(ISwitchManager.class, containerName, this);
-        if (switchManager != null) {
-            for (SpanConfig conf : switchManager.getSpanConfigList()) {
-                spanConfigs_json.add(gson.toJson(conf));
-            }
-        }
-        ObjectMapper mapper = new ObjectMapper();
         List<Map<String, String>> spanConfigs = new ArrayList<Map<String, String>>();
-        for (String config_json : spanConfigs_json) {
-            try {
-                @SuppressWarnings("unchecked")
-                Map<String, String> config_data = mapper.readValue(config_json,
-                        HashMap.class);
-                Map<String, String> config = new HashMap<String, String>();
-                for (String name : config_data.keySet()) {
-                    config.put(name, config_data.get(name));
-                    // Add switch name value (non-configuration field)
-                    config.put("nodeName",
-                            getNodeDesc(config_data.get("nodeId"), containerName));
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(
+                userName, containerName, this);
+
+        if (privilege != Privilege.NONE) {
+            List<String> spanConfigs_json = new ArrayList<String>();
+            ISwitchManager switchManager = (ISwitchManager) ServiceHelper
+                    .getInstance(ISwitchManager.class, containerName, this);
+            if (switchManager != null) {
+                for (SpanConfig conf : switchManager.getSpanConfigList()) {
+                    spanConfigs_json.add(gson.toJson(conf));
+                }
+            }
+            ObjectMapper mapper = new ObjectMapper();
+
+            for (String config_json : spanConfigs_json) {
+                try {
+                    @SuppressWarnings("unchecked")
+                    Map<String, String> config_data = mapper.readValue(config_json,
+                            HashMap.class);
+                    Map<String, String> config = new HashMap<String, String>();
+                    for (String name : config_data.keySet()) {
+                        config.put(name, config_data.get(name));
+                        // Add switch name value (non-configuration field)
+                        config.put("nodeName",
+                                getNodeDesc(config_data.get("nodeId"), containerName));
+                    }
+                    config.put("json", config_json);
+                    spanConfigs.add(config);
+                } catch (Exception e) {
+                    // TODO: Handle the exception.
                 }
-                config.put("json", config_json);
-                spanConfigs.add(config);
-            } catch (Exception e) {
-                // TODO: Handle the exception.
             }
         }
+
         DevicesJsonBean result = new DevicesJsonBean();
+        result.setPrivilege(privilege);
         result.setColumnNames(SpanConfig.getGuiFieldsNames());
         result.setNodeData(spanConfigs);
         return result;
@@ -522,8 +601,18 @@ public class Devices implements IDaylightWeb {
 
     @RequestMapping(value = "/nodeports")
     @ResponseBody
-    public Map<String, Object> getNodePorts(HttpServletRequest request, @RequestParam(required = false) String container) {
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+    public Map<String, Object> getNodePorts(HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+            return null;
+        }
+
+
         ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                 .getInstance(ISwitchManager.class, containerName, this);
         if (switchManager == null) {
@@ -537,7 +626,7 @@ public class Devices implements IDaylightWeb {
             port = new HashMap<Short, String>(); // new port
             Set<NodeConnector> nodeConnectorSet = node.getNodeConnectors();
 
-            if (nodeConnectorSet != null)
+            if (nodeConnectorSet != null) {
                 for (NodeConnector nodeConnector : nodeConnectorSet) {
                     String nodeConnectorName = ((Name) switchManager
                             .getNodeConnectorProp(nodeConnector,
@@ -545,6 +634,7 @@ public class Devices implements IDaylightWeb {
                     port.put((Short) nodeConnector.getID(), nodeConnectorName
                             + "(" + nodeConnector.getID() + ")");
                 }
+            }
 
             nodes.put(node.getNode().toString(), port);
         }
@@ -556,15 +646,20 @@ public class Devices implements IDaylightWeb {
     @ResponseBody
     public StatusJsonBean addSpanPort(
             @RequestParam("jsonData") String jsonData,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
             Gson gson = new Gson();
-            String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                     .getInstance(ISwitchManager.class, containerName, this);
             SpanConfig cfgObject = gson.fromJson(jsonData, SpanConfig.class);
@@ -588,15 +683,20 @@ public class Devices implements IDaylightWeb {
     @ResponseBody
     public StatusJsonBean deleteSpanPorts(
             @RequestParam("spanPortsToDelete") String spanPortsToDelete,
-            HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
+            HttpServletRequest request,
+            @RequestParam(required = false) String container) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT
+                .toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return unauthorizedMessage();
         }
 
         StatusJsonBean resultBean = new StatusJsonBean();
         try {
             Gson gson = new Gson();
-            String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
             ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                     .getInstance(ISwitchManager.class, containerName, this);
             String[] spans = spanPortsToDelete.split("###");
@@ -634,26 +734,6 @@ public class Devices implements IDaylightWeb {
                 : description;
     }
 
-    /**
-     * Is the operation permitted for the given level
-     *
-     * @param level
-     */
-    private boolean authorize(UserLevel level, HttpServletRequest request) {
-        IUserManager userManager = (IUserManager) ServiceHelper
-                .getGlobalInstance(IUserManager.class, this);
-        if (userManager == null) {
-            return false;
-        }
-
-        String username = request.getUserPrincipal().getName();
-        UserLevel userLevel = userManager.getUserLevel(username);
-        if (userLevel.toNumber() <= level.toNumber()) {
-            return true;
-        }
-        return false;
-    }
-
     private StatusJsonBean unauthorizedMessage() {
         StatusJsonBean message = new StatusJsonBean();
         message.setStatus(false);
diff --git a/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/DevicesJsonBean.java b/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/DevicesJsonBean.java
index 6b77f119ed..ce0b3763e0 100644
--- a/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/DevicesJsonBean.java
+++ b/opendaylight/web/devices/src/main/java/org/opendaylight/controller/devices/web/DevicesJsonBean.java
@@ -11,9 +11,12 @@ package org.opendaylight.controller.devices.web;
 import java.util.List;
 import java.util.Map;
 
+import org.opendaylight.controller.sal.authorization.Privilege;
+
 public class DevicesJsonBean {
     private List<String> columnNames;
     private List<Map<String, String>> nodeData;
+    private Privilege privilege;
 
     public List<String> getColumnNames() {
         return columnNames;
@@ -30,4 +33,12 @@ public class DevicesJsonBean {
     public void setNodeData(List<Map<String, String>> nodeData) {
         this.nodeData = nodeData;
     }
+
+    public void setPrivilege(Privilege privilege) {
+        this.privilege = privilege;
+    }
+
+    public Privilege getPrivilege() {
+        return privilege;
+    }
 }
diff --git a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java
index e1cfcc5708..f9e6a6aaae 100644
--- a/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java
+++ b/opendaylight/web/flows/src/main/java/org/opendaylight/controller/flows/web/Flows.java
@@ -18,17 +18,18 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.opendaylight.controller.forwardingrulesmanager.FlowConfig;
 import org.opendaylight.controller.forwardingrulesmanager.IForwardingRulesManager;
+import org.opendaylight.controller.sal.authorization.Privilege;
 import org.opendaylight.controller.sal.authorization.UserLevel;
 import org.opendaylight.controller.sal.core.Name;
 import org.opendaylight.controller.sal.core.Node;
 import org.opendaylight.controller.sal.core.NodeConnector;
+import org.opendaylight.controller.sal.utils.GlobalConstants;
 import org.opendaylight.controller.sal.utils.ServiceHelper;
 import org.opendaylight.controller.sal.utils.Status;
 import org.opendaylight.controller.sal.utils.StatusCode;
 import org.opendaylight.controller.switchmanager.ISwitchManager;
 import org.opendaylight.controller.switchmanager.Switch;
 import org.opendaylight.controller.switchmanager.SwitchConfig;
-import org.opendaylight.controller.usermanager.IUserManager;
 import org.opendaylight.controller.web.DaylightWebUtil;
 import org.opendaylight.controller.web.IDaylightWeb;
 import org.springframework.stereotype.Controller;
@@ -75,7 +76,13 @@ public class Flows implements IDaylightWeb {
     @RequestMapping(value = "/main")
     @ResponseBody
     public Set<Map<String, Object>> getFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+            return null;
+        }
 
         // fetch frm
         IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
@@ -112,7 +119,13 @@ public class Flows implements IDaylightWeb {
     @RequestMapping(value = "/node-ports")
     @ResponseBody
     public Map<String, Object> getNodePorts(HttpServletRequest request, @RequestParam(required = false) String container) {
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+            return null;
+        }
 
         ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                 .getInstance(ISwitchManager.class, containerName, this);
@@ -159,7 +172,13 @@ public class Flows implements IDaylightWeb {
     @RequestMapping(value = "/node-flows")
     @ResponseBody
     public Map<String, Object> getNodeFlows(HttpServletRequest request, @RequestParam(required = false) String container) {
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) == Privilege.NONE) {
+            return null;
+        }
 
         ISwitchManager switchManager = (ISwitchManager) ServiceHelper
                 .getInstance(ISwitchManager.class, containerName, this);
@@ -198,12 +217,14 @@ public class Flows implements IDaylightWeb {
             @RequestParam(required = false) String body,
             @RequestParam(required = true) String nodeId,
             HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return "Operation not authorized";
         }
 
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
         IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
                 .getInstance(IForwardingRulesManager.class, containerName, this);
         if (frm == null) {
@@ -229,12 +250,14 @@ public class Flows implements IDaylightWeb {
             @PathVariable("name") String name,
             @RequestParam(required = true) String action,
             HttpServletRequest request, @RequestParam(required = false) String container) {
-        if (!isUserAuthorized(UserLevel.NETWORKADMIN, request)) {
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Authorization check
+        String userName = request.getUserPrincipal().getName();
+        if (DaylightWebUtil.getContainerPrivilege(userName, containerName, this) != Privilege.WRITE) {
             return "Operation not authorized";
         }
 
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-
         IForwardingRulesManager frm = (IForwardingRulesManager) ServiceHelper
                 .getInstance(IForwardingRulesManager.class, containerName, this);
         if (frm == null) {
@@ -257,25 +280,4 @@ public class Flows implements IDaylightWeb {
         return (result.isSuccess()) ? StatusCode.SUCCESS.toString() : result
                 .getDescription();
     }
-
-    /**
-     * Returns whether the current user's level is same or above the required
-     * authorization level.
-     *
-     * @param requiredLevel
-     *            the authorization level required
-     */
-    private boolean isUserAuthorized(UserLevel requiredLevel,
-            HttpServletRequest request) {
-        IUserManager userManager = (IUserManager) ServiceHelper
-                .getGlobalInstance(IUserManager.class, this);
-        if (userManager == null) {
-            return false;
-        }
-
-        String username = request.getUserPrincipal().getName();
-        UserLevel userLevel = userManager.getUserLevel(username);
-        return (userLevel.ordinal() <= requiredLevel.ordinal());
-    }
-
 }
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebUtil.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebUtil.java
index a7f7133cb2..ab2abe9c9e 100644
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebUtil.java
+++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebUtil.java
@@ -1,43 +1,55 @@
 package org.opendaylight.controller.web;
 
-import java.util.Set;
-
-import javax.servlet.http.HttpServletRequest;
-
 import org.opendaylight.controller.containermanager.IContainerAuthorization;
-import org.opendaylight.controller.sal.authorization.Resource;
+import org.opendaylight.controller.sal.authorization.Privilege;
 import org.opendaylight.controller.sal.utils.GlobalConstants;
 import org.opendaylight.controller.sal.utils.ServiceHelper;
+import org.opendaylight.controller.usermanager.IUserManager;
 
 public class DaylightWebUtil {
-    private static String defaultName = GlobalConstants.DEFAULT.toString();
 
     /**
-     * Returns the container that this user is authorized to access. If the user is not authorized to the requested
-     * container, then this method will return the default container.
+     * Returns the access privilege the user has on the specified container
      *
-     * @param request - HttpServletRequest object to retrieve username
-     * @param container - requested container
-     * @param bundle - respective bundle
-     * @return container name if cleared, else it will always be 'default'
+     * @param userName
+     *            The user name
+     * @param container
+     *            The container name. If null, the default container will be assumed
+     * @param bundle
+     *            The bundle originating the request
+     * @return The access privilege the user is granted on the container
      */
-    public static String getAuthorizedContainer(HttpServletRequest request, String container, Object bundle) {
-        if (container == null) {
-            return defaultName;
+    public static Privilege getContainerPrivilege(String userName,
+            String container, Object bundle) {
+        // Derive the target resource
+        String resource = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Retrieve the Container Authorization service
+        IContainerAuthorization auth = (IContainerAuthorization) ServiceHelper
+                .getGlobalInstance(IContainerAuthorization.class, bundle);
+        if (auth != null) {
+            return auth.getResourcePrivilege(userName, resource);
         }
 
-        String username = request.getUserPrincipal().getName();
-        IContainerAuthorization containerAuthorization = (IContainerAuthorization)
-                ServiceHelper.getGlobalInstance(IContainerAuthorization.class, bundle);
-        if (containerAuthorization != null) {
-            Set<Resource> resources = containerAuthorization.getAllResourcesforUser(username);
-            for(Resource resource : resources) {
-                String name = (String) resource.getResource();
-                if(container.equals(name)) {
-                    return name;
+        /*
+         * Container Authorization service not available. We can only derive the
+         * access privilege to the default container based on user level
+         */
+        if (resource.equals(GlobalConstants.DEFAULT.toString())) {
+            IUserManager userManager = (IUserManager) ServiceHelper
+                    .getGlobalInstance(IUserManager.class, bundle);
+            if (userManager != null) {
+                switch (userManager.getUserLevel(userName)) {
+                case NETWORKADMIN:
+                    return Privilege.WRITE;
+                case NETWORKOPERATOR:
+                    return Privilege.READ;
+                default:
+                    return Privilege.NONE;
                 }
             }
         }
-        return defaultName;
+
+        return Privilege.NONE;
     }
 }
\ No newline at end of file
diff --git a/opendaylight/web/topology/src/main/java/org/opendaylight/controller/topology/web/Topology.java b/opendaylight/web/topology/src/main/java/org/opendaylight/controller/topology/web/Topology.java
index 62b64a5184..db3a264041 100644
--- a/opendaylight/web/topology/src/main/java/org/opendaylight/controller/topology/web/Topology.java
+++ b/opendaylight/web/topology/src/main/java/org/opendaylight/controller/topology/web/Topology.java
@@ -25,9 +25,7 @@ import java.util.Set;
 import javax.servlet.http.HttpServletRequest;
 
 import org.opendaylight.controller.configuration.IConfigurationAware;
-import org.opendaylight.controller.containermanager.IContainerAuthorization;
-import org.opendaylight.controller.sal.authorization.Resource;
-import org.opendaylight.controller.sal.authorization.UserLevel;
+import org.opendaylight.controller.sal.authorization.Privilege;
 import org.opendaylight.controller.sal.core.Bandwidth;
 import org.opendaylight.controller.sal.core.Edge;
 import org.opendaylight.controller.sal.core.Host;
@@ -47,9 +45,7 @@ import org.opendaylight.controller.switchmanager.ISwitchManager;
 import org.opendaylight.controller.switchmanager.Switch;
 import org.opendaylight.controller.switchmanager.SwitchConfig;
 import org.opendaylight.controller.topologymanager.ITopologyManager;
-import org.opendaylight.controller.usermanager.IUserManager;
 import org.opendaylight.controller.web.DaylightWebUtil;
-import org.opendaylight.controller.web.IDaylightWeb;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -92,7 +88,15 @@ public class Topology implements IObjectReader, IConfigurationAware {
     @RequestMapping(value = "/visual.json", method = RequestMethod.GET)
     @ResponseBody
     public Collection<Map<String, Object>> getLinkData(@RequestParam(required = false) String container, HttpServletRequest request) {
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+        if (privilege == Privilege.NONE) {
+            return null;
+        }
 
         ITopologyManager topologyManager = (ITopologyManager) ServiceHelper
                 .getInstance(ITopologyManager.class, containerName, this);
@@ -384,11 +388,15 @@ public class Topology implements IObjectReader, IConfigurationAware {
     public Map<String, Object> post(@PathVariable String nodeId, @RequestParam(required = true) String x,
                 @RequestParam(required = true) String y, @RequestParam(required = false) String container,
                 HttpServletRequest request) {
-        if (!authorize(UserLevel.NETWORKADMIN, request)) {
-                return new HashMap<String, Object>(); // silently disregard new node position
-        }
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
 
-        String containerName = getAuthorizedContainer(request, container);
+        if (privilege != Privilege.WRITE) {
+            return new HashMap<String, Object>(); // silently disregard new node position
+        }
 
         String id = new String(nodeId);
 
@@ -539,51 +547,13 @@ public class Topology implements IObjectReader, IConfigurationAware {
         public static final String HOST = "host";
     }
 
-    private boolean authorize(UserLevel level, HttpServletRequest request) {
-        IUserManager userManager = (IUserManager) ServiceHelper
-                .getGlobalInstance(IUserManager.class, this);
-        if (userManager == null) {
-                return false;
-        }
-
-        String username = request.getUserPrincipal().getName();
-        UserLevel userLevel = userManager.getUserLevel(username);
-        if (userLevel.toNumber() <= level.toNumber()) {
-                return true;
-        }
-        return false;
-    }
-
-    private String getAuthorizedContainer(HttpServletRequest request, String container) {
-        String username = request.getUserPrincipal().getName();
-        IContainerAuthorization containerAuthorization = (IContainerAuthorization) ServiceHelper.
-                        getGlobalInstance(IContainerAuthorization.class, this);
-        if (containerAuthorization != null) {
-                Set<Resource> resources = containerAuthorization.getAllResourcesforUser(username);
-                if (authorizeContainer(container, resources)) {
-                        return container;
-                }
-        }
-
-        return GlobalConstants.DEFAULT.toString();
-    }
-
-    private boolean authorizeContainer(String container, Set<Resource> resources) {
-        for(Resource resource : resources) {
-                String containerName = (String) resource.getResource();
-                if (containerName.equals(container)) {
-                        return true;
-                }
-        }
-
-        return false;
-    }
-
     @SuppressWarnings("unchecked")
         private void loadConfiguration() {
         ObjectReader objReader = new ObjectReader();
         metaCache = (Map<String, Map<String, Map<String, Object>>>) objReader.read(this, topologyWebFileName);
-        if (metaCache == null) metaCache = new HashMap<String, Map<String, Map<String, Object>>>();
+        if (metaCache == null) {
+            metaCache = new HashMap<String, Map<String, Map<String, Object>>>();
+        }
     }
 
     @Override
diff --git a/opendaylight/web/troubleshoot/src/main/java/org/opendaylight/controller/troubleshoot/web/Troubleshoot.java b/opendaylight/web/troubleshoot/src/main/java/org/opendaylight/controller/troubleshoot/web/Troubleshoot.java
index bde4152f5b..f5fda3d1bc 100644
--- a/opendaylight/web/troubleshoot/src/main/java/org/opendaylight/controller/troubleshoot/web/Troubleshoot.java
+++ b/opendaylight/web/troubleshoot/src/main/java/org/opendaylight/controller/troubleshoot/web/Troubleshoot.java
@@ -14,6 +14,7 @@ import java.util.Arrays;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
@@ -21,6 +22,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.opendaylight.controller.sal.action.Action;
 import org.opendaylight.controller.sal.action.Output;
 import org.opendaylight.controller.sal.action.SetVlanId;
+import org.opendaylight.controller.sal.authorization.Privilege;
 import org.opendaylight.controller.sal.authorization.UserLevel;
 import org.opendaylight.controller.sal.core.Node;
 import org.opendaylight.controller.sal.core.NodeConnector;
@@ -50,10 +52,22 @@ import org.springframework.web.bind.annotation.ResponseBody;
 @RequestMapping("/")
 public class Troubleshoot implements IDaylightWeb {
     private static final UserLevel AUTH_LEVEL = UserLevel.CONTAINERUSER;
+    private static final List<String> flowStatsColumnNames = Arrays.asList("Node", "In Port",
+            "DL Src", "DL Dst", "DL Type", "DL Vlan", "NW Src", "NW Dst",
+            "NW Proto", "TP Src", "TP Dst", "Actions", "Bytes", "Packets",
+            "Time (s)", "Timeout (s)", "Out Port(s)", "Out Vlan",
+            "Priority");
+    private static final List<String> portStatsColumnNames = Arrays.asList("Node Connector",
+            "Rx Pkts", "Tx Pkts", "Rx Bytes", "Tx Bytes", "Rx Drops",
+            "Tx Drops", "Rx Errs", "Tx Errs", "Rx Frame Errs",
+            "Rx OverRun Errs", "Rx CRC Errs", "Collisions");
+    private static final List<String> nodesColumnNames = Arrays.asList("Node", "Node ID", "Statistics");
+    private static final List<String> nodeStatsColumnNames = Arrays.asList("Node", "Node ID", "Statistics");
     private final String WEB_NAME = "Troubleshoot";
     private final String WEB_ID = "troubleshoot";
     private final short WEB_ORDER = 4;
 
+
     public Troubleshoot() {
         ServiceHelper.registerGlobalService(IDaylightWeb.class, this, null);
     }
@@ -81,30 +95,29 @@ public class Troubleshoot implements IDaylightWeb {
     @RequestMapping(value = "/existingNodes", method = RequestMethod.GET)
     @ResponseBody
     public TroubleshootingJsonBean getExistingNodes(HttpServletRequest request, @RequestParam(required = false) String container) {
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-        ISwitchManager switchManager = (ISwitchManager) ServiceHelper
-                .getInstance(ISwitchManager.class, containerName, this);
-        List<HashMap<String, String>> lines = new ArrayList<HashMap<String, String>>();
-        Set<Node> nodeSet = null;
-        if (switchManager != null) {
-            nodeSet = switchManager.getNodes();
-        }
-        if (nodeSet != null) {
-            for (Node node : nodeSet) {
-                HashMap<String, String> device = new HashMap<String, String>();
-                device.put("nodeName", switchManager.getNodeDescription(node));
-                device.put("nodeId", node.toString());
-                lines.add(device);
+        List<Map<String, String>> lines = new ArrayList<Map<String, String>>();
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+        if (privilege != Privilege.NONE) {
+            ISwitchManager switchManager = (ISwitchManager) ServiceHelper
+                    .getInstance(ISwitchManager.class, containerName, this);
+            Set<Node> nodeSet = (switchManager != null) ? switchManager.getNodes() : null;
+            if (nodeSet != null) {
+                for (Node node : nodeSet) {
+                    Map<String, String> device = new HashMap<String, String>();
+                    device.put("nodeName", switchManager.getNodeDescription(node));
+                    device.put("nodeId", node.toString());
+                    lines.add(device);
+                }
             }
         }
-        TroubleshootingJsonBean result = new TroubleshootingJsonBean();
 
-        List<String> guiFieldNames = new ArrayList<String>();
-        guiFieldNames.add("Node");
-        guiFieldNames.add("Node ID");
-        guiFieldNames.add("Statistics");
-
-        result.setColumnNames(guiFieldNames);
+        TroubleshootingJsonBean result = new TroubleshootingJsonBean();
+        result.setColumnNames(nodesColumnNames);
         result.setNodeData(lines);
         return result;
     }
@@ -112,35 +125,34 @@ public class Troubleshoot implements IDaylightWeb {
     @RequestMapping(value = "/uptime", method = RequestMethod.GET)
     @ResponseBody
     public TroubleshootingJsonBean getUptime(HttpServletRequest request, @RequestParam(required = false) String container) {
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-        ISwitchManager switchManager = (ISwitchManager) ServiceHelper
-                .getInstance(ISwitchManager.class, containerName, this);
-        List<HashMap<String, String>> lines = new ArrayList<HashMap<String, String>>();
-        Set<Node> nodeSet = null;
-        if (switchManager != null) {
-            nodeSet = switchManager.getNodes();
-        }
-        if (nodeSet != null) {
-            for (Node node : nodeSet) {
-                HashMap<String, String> device = new HashMap<String, String>();
-                device.put("nodeName", switchManager.getNodeDescription(node));
-                device.put("nodeId", node.toString());
-                TimeStamp timeStamp = (TimeStamp) switchManager.getNodeProp(
-                        node, TimeStamp.TimeStampPropName);
-                Long time = (timeStamp == null) ? 0 : timeStamp.getValue();
-                String date = (time == 0) ? "" : (new Date(time)).toString();
-                device.put("connectedSince", date);
-                lines.add(device);
+        List<Map<String, String>> lines = new ArrayList<Map<String, String>>();
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+        if (privilege != Privilege.NONE) {
+            ISwitchManager switchManager = (ISwitchManager) ServiceHelper
+                    .getInstance(ISwitchManager.class, containerName, this);
+            Set<Node> nodeSet = (switchManager != null) ? switchManager.getNodes() : null;
+            if (nodeSet != null) {
+                for (Node node : nodeSet) {
+                    Map<String, String> device = new HashMap<String, String>();
+                    device.put("nodeName", switchManager.getNodeDescription(node));
+                    device.put("nodeId", node.toString());
+                    TimeStamp timeStamp = (TimeStamp) switchManager.getNodeProp(
+                            node, TimeStamp.TimeStampPropName);
+                    Long time = (timeStamp == null) ? 0 : timeStamp.getValue();
+                    String date = (time == 0) ? "" : (new Date(time)).toString();
+                    device.put("connectedSince", date);
+                    lines.add(device);
+                }
             }
         }
-        TroubleshootingJsonBean result = new TroubleshootingJsonBean();
 
-        List<String> guiFieldNames = new ArrayList<String>();
-        guiFieldNames.add("Node");
-        guiFieldNames.add("Node ID");
-        guiFieldNames.add("Connected");
-
-        result.setColumnNames(guiFieldNames);
+        TroubleshootingJsonBean result = new TroubleshootingJsonBean();
+        result.setColumnNames(nodeStatsColumnNames);
         result.setNodeData(lines);
         return result;
     }
@@ -150,24 +162,27 @@ public class Troubleshoot implements IDaylightWeb {
     public TroubleshootingJsonBean getFlowStats(
             @RequestParam("nodeId") String nodeId,
             HttpServletRequest request, @RequestParam(required = false) String container) {
-        Node node = Node.fromString(nodeId);
-        List<HashMap<String, String>> cells = new ArrayList<HashMap<String, String>>();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-        IStatisticsManager statisticsManager = (IStatisticsManager) ServiceHelper
-                .getInstance(IStatisticsManager.class, containerName, this);
-
-        List<FlowOnNode> statistics = statisticsManager.getFlows(node);
-        for (FlowOnNode stats : statistics) {
-            cells.add(this.convertFlowStatistics(node, stats, containerName));
+        List<Map<String, String>> cells = new ArrayList<Map<String, String>>();
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+        if (privilege != Privilege.NONE) {
+            IStatisticsManager statisticsManager = (IStatisticsManager) ServiceHelper
+                    .getInstance(IStatisticsManager.class, containerName, this);
+            if (statisticsManager != null) {
+                Node node = Node.fromString(nodeId);
+                List<FlowOnNode> statistics = statisticsManager.getFlows(node);
+                for (FlowOnNode stats : statistics) {
+                    cells.add(this.convertFlowStatistics(node, stats, containerName));
+                }
+            }
         }
-        List<String> columnNames = new ArrayList<String>();
-        columnNames.addAll(Arrays.asList(new String[] { "Node", "In Port",
-                "DL Src", "DL Dst", "DL Type", "DL Vlan", "NW Src", "NW Dst",
-                "NW Proto", "TP Src", "TP Dst", "Actions", "Bytes", "Packets",
-                "Time (s)", "Timeout (s)", "Out Port(s)", "Out Vlan",
-                "Priority" }));
+
         TroubleshootingJsonBean result = new TroubleshootingJsonBean();
-        result.setColumnNames(columnNames);
+        result.setColumnNames(flowStatsColumnNames);
         result.setNodeData(cells);
         return result;
     }
@@ -177,30 +192,35 @@ public class Troubleshoot implements IDaylightWeb {
     public TroubleshootingJsonBean getPortStats(
             @RequestParam("nodeId") String nodeId,
             HttpServletRequest request, @RequestParam(required = false) String container) {
-        Node node = Node.fromString(nodeId);
-        List<HashMap<String, String>> cells = new ArrayList<HashMap<String, String>>();
-        String containerName = DaylightWebUtil.getAuthorizedContainer(request, container, this);
-        IStatisticsManager statisticsManager = (IStatisticsManager) ServiceHelper
-                .getInstance(IStatisticsManager.class, containerName, this);
-        List<NodeConnectorStatistics> statistics = statisticsManager
-                .getNodeConnectorStatistics(node);
-        for (NodeConnectorStatistics stats : statistics) {
-            cells.add(this.convertPortsStatistics(stats));
+        List<Map<String, String>> cells = new ArrayList<Map<String, String>>();
+        String containerName = (container == null) ? GlobalConstants.DEFAULT.toString() : container;
+
+        // Derive the privilege this user has on the current container
+        String userName = request.getUserPrincipal().getName();
+        Privilege privilege = DaylightWebUtil.getContainerPrivilege(userName, containerName, this);
+
+        if (privilege != Privilege.NONE) {
+            IStatisticsManager statisticsManager = (IStatisticsManager) ServiceHelper
+                    .getInstance(IStatisticsManager.class, containerName, this);
+            if (statisticsManager != null) {
+                Node node = Node.fromString(nodeId);
+                List<NodeConnectorStatistics> statistics = statisticsManager
+                        .getNodeConnectorStatistics(node);
+                for (NodeConnectorStatistics stats : statistics) {
+                    cells.add(this.convertPortsStatistics(stats));
+                }
+            }
         }
+
         TroubleshootingJsonBean result = new TroubleshootingJsonBean();
-        List<String> columnNames = new ArrayList<String>();
-        columnNames.addAll(Arrays.asList(new String[] { "Node Connector",
-                "Rx Pkts", "Tx Pkts", "Rx Bytes", "Tx Bytes", "Rx Drops",
-                "Tx Drops", "Rx Errs", "Tx Errs", "Rx Frame Errs",
-                "Rx OverRun Errs", "Rx CRC Errs", "Collisions" }));
-        result.setColumnNames(columnNames);
+        result.setColumnNames(portStatsColumnNames);
         result.setNodeData(cells);
         return result;
     }
 
-    private HashMap<String, String> convertPortsStatistics(
+    private Map<String, String> convertPortsStatistics(
             NodeConnectorStatistics ncStats) {
-        HashMap<String, String> row = new HashMap<String, String>();
+        Map<String, String> row = new HashMap<String, String>();
 
         row.put("nodeConnector",
                 String.valueOf(ncStats.getNodeConnector().toString()));
@@ -223,10 +243,10 @@ public class Troubleshoot implements IDaylightWeb {
         return row;
     }
 
-    private HashMap<String, String> convertFlowStatistics(Node node,
+    private Map<String, String> convertFlowStatistics(Node node,
             FlowOnNode flowOnNode,
             String containerName) {
-        HashMap<String, String> row = new HashMap<String, String>();
+        Map<String, String> row = new HashMap<String, String>();
         Flow flow = flowOnNode.getFlow();
         Match match = flow.getMatch();
         ISwitchManager switchManager = (ISwitchManager) ServiceHelper
diff --git a/opendaylight/web/troubleshoot/src/main/java/org/opendaylight/controller/troubleshoot/web/TroubleshootingJsonBean.java b/opendaylight/web/troubleshoot/src/main/java/org/opendaylight/controller/troubleshoot/web/TroubleshootingJsonBean.java
index 1030c49511..3c9a8b0b26 100644
--- a/opendaylight/web/troubleshoot/src/main/java/org/opendaylight/controller/troubleshoot/web/TroubleshootingJsonBean.java
+++ b/opendaylight/web/troubleshoot/src/main/java/org/opendaylight/controller/troubleshoot/web/TroubleshootingJsonBean.java
@@ -9,12 +9,12 @@
 
 package org.opendaylight.controller.troubleshoot.web;
 
-import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 public class TroubleshootingJsonBean {
     private List<String> columnNames;
-    private List<HashMap<String, String>> nodeData;
+    private List<Map<String, String>> nodeData;
 
     public List<String> getColumnNames() {
         return columnNames;
@@ -24,11 +24,11 @@ public class TroubleshootingJsonBean {
         this.columnNames = columnNames;
     }
 
-    public List<HashMap<String, String>> getNodeData() {
+    public List<Map<String, String>> getNodeData() {
         return nodeData;
     }
 
-    public void setNodeData(List<HashMap<String, String>> nodeData) {
+    public void setNodeData(List<Map<String, String>> nodeData) {
         this.nodeData = nodeData;
     }
 }
-- 
2.36.6