OF-2009: Encrypt default value of encrypted properties

[MilanTyagi2004]

Description

Currently, system properties that are marked as encrypted or sensitive have their configured values masked as "hidden" in the Value column of the System Properties page. However, their default values are still displayed in plain text in both the Default column and the property's edit form.

This can unintentionally expose sensitive default values such as passwords, API tokens, or encryption keys through the Admin Console.

This change updates the Admin Console UI to mask the default values of encrypted or sensitive properties, making their behavior consistent with the handling of configured values.

Proposed Changes

Admin Console

Modified: system-properties.jsp

• Added a check for property.hidden when rendering the Default column.
• When a property is marked as hidden, the default value is displayed as:

<span class="hidden">hidden</span>

• This also masks the default value shown in the edit form, as the existing doEdit() JavaScript function reads the displayed value directly from the table row.

Verification

Automated Verification

• Successfully executed:

mvnw.cmd test -pl xmppserver -Dtest=SystemPropertyTest

• All tests completed successfully.

Manual Verification

1. Open Admin Console → Server → System Properties.
2. Locate an encrypted or sensitive property.
3. Verify that the Default column displays "hidden" instead of the actual default value.
4. Open the property's edit dialog.
5. Verify that the Default: field also displays "hidden" rather than the underlying value.

Build Verification

• Verified that JSPs compile successfully without errors.
• Confirmed that the System Properties page renders correctly after the change.

Impact

• No architectural or behavioral changes.
• No configuration or API changes.
• UI-only change to prevent accidental disclosure of sensitive default values.
• Existing functionality remains unchanged.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro Plus

Run ID: 1d7aae75-7233-4b23-b356-b210f211c5e3

📥 Commits

Reviewing files that changed from the base of the PR and between 75c25b0 and de1f3db.

📒 Files selected for processing (1)

• xmppserver/src/main/webapp/system-properties.jsp

---

📝 Walkthrough

Walkthrough

This PR modifies the system-properties.jsp template to update how property visibility is displayed. The change replaces the conditional rendering logic in the default value column: instead of showing an "unknown" label when a property is not a system property, the page now shows a "hidden" label when the property's hidden flag is set to true. This aligns the UI label with the actual property attribute being checked.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description check	✅ Passed	The pull request description clearly explains the issue (sensitive default values being exposed), the proposed solution (masking default values in the Default column), and includes verification steps and impact analysis.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}