+ *
* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * please see http://www.owasp.org/ - * + *
* Copyright (c) 2002 - 20014 Bruce Mayhew - * + *
* This program is free software; you can redistribute it and/or modify it under the terms of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - * + *
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. - * + *
* You should have received a copy of the GNU General Public License along with this program; if * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. - * + *
* Getting Source ============== - * + *
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* @author WebGoat
- * @since October 28, 2003
* @version $Id: $Id
+ * @since October 28, 2003
*/
package org.owasp.webgoat.controller;
+import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.RandomLessonAdapter;
import org.owasp.webgoat.plugins.YmlBasedLesson;
import org.owasp.webgoat.session.WebSession;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
+import java.util.List;
+import java.util.Optional;
@Controller
@@ -69,4 +75,24 @@ public class StartLesson {
model.setViewName("lesson_content");
return model;
}
+
+ @RequestMapping(value = {"*.lesson"}, produces = "text/html")
+ public ModelAndView lessonPage(HttpServletRequest request) {
+ // I will set here the thymeleaf fragment location based on the resource requested.
+ ModelAndView model = new ModelAndView();
+ SecurityContext context = SecurityContextHolder.getContext();
+ GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next();
+ String path = request.getServletPath(); // we now got /a/b/c/AccessControlMatrix.lesson
+ String lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson"));
+ WebSession ws = (WebSession) request.getSession().getAttribute(WebSession.SESSION);
+ List