From 00eeae911de24bb42d8846edaf75ba8d16aa1343 Mon Sep 17 00:00:00 2001 From: Jason White Date: Thu, 5 Jan 2017 17:28:53 -0500 Subject: [PATCH] #305 UserSessionData bean to provide stateful session data --- .../main/java/org/owasp/webgoat/WebGoat.java | 11 ++++--- .../webgoat/endpoints/AssignmentEndpoint.java | 7 ++++ .../webgoat/session/UserSessionData.java | 32 +++++++++++++++++++ 3 files changed, 46 insertions(+), 4 deletions(-) create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/session/UserSessionData.java diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java index b537389d9..7c5ef1213 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java @@ -36,10 +36,7 @@ import org.owasp.webgoat.plugins.PluginClassLoader; import org.owasp.webgoat.plugins.PluginEndpointPublisher; import org.owasp.webgoat.plugins.PluginsExtractor; import org.owasp.webgoat.plugins.PluginsLoader; -import org.owasp.webgoat.session.Course; -import org.owasp.webgoat.session.UserTracker; -import org.owasp.webgoat.session.WebSession; -import org.owasp.webgoat.session.WebgoatContext; +import org.owasp.webgoat.session.*; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.SpringApplication; @@ -87,6 +84,12 @@ public class WebGoat extends SpringBootServletInitializer { return new WebSession(webgoatContext); } + @Bean + @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS) + public UserSessionData userSessionData() { + return new UserSessionData("test","data"); + } + @Bean public PluginEndpointPublisher pluginEndpointPublisher(ApplicationContext applicationContext) { return new PluginEndpointPublisher(applicationContext); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentEndpoint.java b/webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentEndpoint.java index b1cbd9544..d26b3a199 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentEndpoint.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentEndpoint.java @@ -26,6 +26,7 @@ package org.owasp.webgoat.endpoints; import org.owasp.webgoat.lessons.AttackResult; +import org.owasp.webgoat.session.UserSessionData; import org.owasp.webgoat.session.UserTracker; import org.owasp.webgoat.session.WebSession; import org.springframework.beans.factory.annotation.Autowired; @@ -47,6 +48,8 @@ public abstract class AssignmentEndpoint extends Endpoint { private UserTracker userTracker; @Autowired private WebSession webSession; + @Autowired + private UserSessionData userSessionData; //// TODO: 11/13/2016 events better fit? @@ -63,6 +66,10 @@ public abstract class AssignmentEndpoint extends Endpoint { return webSession; } + protected UserSessionData getUserSessionData() { + return userSessionData; + } + @Override public final String getPath() { return this.getClass().getAnnotationsByType(Path.class)[0].value(); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/UserSessionData.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/UserSessionData.java new file mode 100644 index 000000000..bed4b2b94 --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/UserSessionData.java @@ -0,0 +1,32 @@ +package org.owasp.webgoat.session; + +import java.util.HashMap; + +/** + * Created by jason on 1/4/17. + */ +public class UserSessionData { + + private HashMap userSessionData = new HashMap<>(); + + public UserSessionData() { + } + + public UserSessionData(String key, String value) { + setValue(key,value); + } + + //GETTERS & SETTERS + public String getValue(String key) { + return userSessionData.get(key); + } + + public void setValue(String key, String value) { + if (userSessionData.containsKey(key)) { + userSessionData.replace(key,value); + } else { + userSessionData.put(key,value); + } + } + +}