#305 UserSessionData bean to provide stateful session data

webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java

@@ -36,10 +36,7 @@ import org.owasp.webgoat.plugins.PluginClassLoader;
 import org.owasp.webgoat.plugins.PluginEndpointPublisher;
 import org.owasp.webgoat.plugins.PluginsExtractor;
 import org.owasp.webgoat.plugins.PluginsLoader;
-import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.*;
-import org.owasp.webgoat.session.UserTracker;
-import org.owasp.webgoat.session.WebSession;
-import org.owasp.webgoat.session.WebgoatContext;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.SpringApplication;
@@ -87,6 +84,12 @@ public class WebGoat extends SpringBootServletInitializer {
         return new WebSession(webgoatContext);
     }
 
+    @Bean
+    @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
+    public UserSessionData userSessionData() {
+        return new UserSessionData("test","data");
+    }
+
     @Bean
     public PluginEndpointPublisher pluginEndpointPublisher(ApplicationContext applicationContext) {
         return new PluginEndpointPublisher(applicationContext);

webgoat-container/src/main/java/org/owasp/webgoat/endpoints/AssignmentEndpoint.java

@@ -26,6 +26,7 @@
 package org.owasp.webgoat.endpoints;
 
 import org.owasp.webgoat.lessons.AttackResult;
+import org.owasp.webgoat.session.UserSessionData;
 import org.owasp.webgoat.session.UserTracker;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -47,6 +48,8 @@ public abstract class AssignmentEndpoint extends Endpoint {
     private UserTracker userTracker;
     @Autowired
 	private WebSession webSession;
+    @Autowired
+    private UserSessionData userSessionData;
 
   
 	//// TODO: 11/13/2016 events better fit?
@@ -63,6 +66,10 @@ public abstract class AssignmentEndpoint extends Endpoint {
   		return webSession;
   	}
 
+  	protected UserSessionData getUserSessionData() {
+        return userSessionData;
+    }
+
     @Override
     public final String getPath() {
         return this.getClass().getAnnotationsByType(Path.class)[0].value();

webgoat-container/src/main/java/org/owasp/webgoat/session/UserSessionData.java

@@ -0,0 +1,32 @@
+package org.owasp.webgoat.session;
+
+import java.util.HashMap;
+
+/**
+ * Created by jason on 1/4/17.
+ */
+public class UserSessionData {
+
+    private HashMap<String,String> userSessionData = new HashMap<>();
+
+    public UserSessionData() {
+    }
+
+    public UserSessionData(String key, String value) {
+        setValue(key,value);
+    }
+
+    //GETTERS & SETTERS
+    public String getValue(String key) {
+        return userSessionData.get(key);
+    }
+
+    public void setValue(String key, String value) {
+        if (userSessionData.containsKey(key)) {
+            userSessionData.replace(key,value);
+        } else {
+            userSessionData.put(key,value);
+        }
+    }
+
+}