From a6634383f3313ab94e41046a6f426eac8b1515da Mon Sep 17 00:00:00 2001
From: Andrew Kim <andrekim@cisco.com>
Date: Fri, 6 Dec 2013 17:02:31 -0600
Subject: [PATCH] Prevent password hash from being shown

The URL 'http://controller-ip:8080/admin/users' no longer displays the
user's password hashes

Change-Id: I0664bf21d1087a437ab9420c9e39b3129620aefa
Signed-off-by: Andrew Kim <andrekim@cisco.com>
---
 .../controller/web/DaylightWebAdmin.java      | 13 ++++++---
 .../opendaylight/controller/web/UserBean.java | 27 +++++++++++++++++++
 2 files changed, 36 insertions(+), 4 deletions(-)
 create mode 100644 opendaylight/web/root/src/main/java/org/opendaylight/controller/web/UserBean.java

diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
index 3c28152c25..4c8a6b8439 100644
--- a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
+++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/DaylightWebAdmin.java
@@ -143,17 +143,22 @@ public class DaylightWebAdmin {
         return gson.toJson(result);
     }
 
-    @RequestMapping("/users")
+    @RequestMapping(value = "/users", method = RequestMethod.GET)
     @ResponseBody
-    public List<UserConfig> getUsers() {
+    public List<UserBean> getUsers() {
         IUserManager userManager = (IUserManager) ServiceHelper.getGlobalInstance(IUserManager.class, this);
         if (userManager == null) {
             return null;
         }
 
-        List<UserConfig> userConfList = userManager.getLocalUserList();
+        List<UserBean> result = new ArrayList<UserBean>();
+        List<UserConfig> configs = userManager.getLocalUserList();
+        for (UserConfig config : configs) {
+            UserBean bean = new UserBean(config);
+            result.add(bean);
+        }
 
-        return userConfList;
+        return result;
     }
 
     /*
diff --git a/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/UserBean.java b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/UserBean.java
new file mode 100644
index 0000000000..4d30ed34e9
--- /dev/null
+++ b/opendaylight/web/root/src/main/java/org/opendaylight/controller/web/UserBean.java
@@ -0,0 +1,27 @@
+package org.opendaylight.controller.web;
+
+import java.util.List;
+
+import org.opendaylight.controller.usermanager.UserConfig;
+
+public class UserBean {
+    private String user;
+    private List<String> roles;
+
+    public UserBean(String user, List<String> roles) {
+        this.user = user;
+        this.roles = roles;
+    }
+
+    public UserBean(UserConfig config) {
+        this(config.getUser(), config.getRoles());
+    }
+
+    public String getUser() {
+        return user;
+    }
+
+    public List<String> getRoles() {
+        return roles;
+    }
+}
\ No newline at end of file
-- 
2.36.6