From d4450da5d77d2071e620b6336eaf36a9d21161fb Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Mon, 28 Sep 2015 23:27:58 +0200 Subject: [PATCH 1/6] Fixed goathills lesson with JSP now load correctly again --- .../owasp/webgoat/plugins/PluginsLoader.java | 25 ++++++------- .../classloader/PluginClassLoaderFactory.java | 31 ---------------- .../PluginClassLoaderRepository.java | 35 ------------------- .../org/owasp/webgoat/session/Course.java | 4 +-- 4 files changed, 11 insertions(+), 84 deletions(-) delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/classloader/PluginClassLoaderFactory.java delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/classloader/PluginClassLoaderRepository.java diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index bca1a18a9..b725d9d9f 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -1,9 +1,8 @@ package org.owasp.webgoat.plugins; import com.google.common.collect.Lists; +import org.apache.catalina.loader.WebappClassLoader; import org.apache.commons.io.FileUtils; -import org.owasp.webgoat.plugins.classloader.PluginClassLoaderFactory; -import org.owasp.webgoat.plugins.classloader.PluginClassLoaderRepository; import org.owasp.webgoat.util.LabelProvider; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -11,7 +10,6 @@ import org.springframework.util.ResourceUtils; import java.io.IOException; import java.net.URL; -import java.net.URLClassLoader; import java.nio.file.FileVisitResult; import java.nio.file.Files; import java.nio.file.Path; @@ -35,7 +33,6 @@ public class PluginsLoader implements Runnable { private static final String WEBGOAT_PLUGIN_EXTENSION = "jar"; private final Logger logger = LoggerFactory.getLogger(this.getClass()); private final Path pluginSource; - private final PluginClassLoaderRepository repository; private Path pluginTarget; /** @@ -44,26 +41,28 @@ public class PluginsLoader implements Runnable { * @param pluginSource a {@link java.nio.file.Path} object. * @param pluginTarget a {@link java.nio.file.Path} object. */ - public PluginsLoader(PluginClassLoaderRepository repository, Path pluginSource, Path pluginTarget) { + public PluginsLoader(Path pluginSource, Path pluginTarget) { this.pluginSource = Objects.requireNonNull(pluginSource, "plugin source cannot be null"); this.pluginTarget = Objects.requireNonNull(pluginTarget, "plugin target cannot be null"); - this.repository = Objects.requireNonNull(repository, "repository cannot be null"); } /** *

loadPlugins.

* - * @param reload a boolean. * @return a {@link java.util.List} object. */ - public List loadPlugins(final boolean reload) { + public List loadPlugins() { List plugins = Lists.newArrayList(); + WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader(); try { PluginFileUtils.createDirsIfNotExists(pluginTarget); cleanupExtractedPluginsDirectory(); List jars = listJars(); - initClassLoader(jars); + for (URL url : jars) { + cl.addRepository(url.toString()); + } + plugins = processPlugins(jars); } catch (Exception e) { logger.error("Loading plugins failed", e); @@ -71,11 +70,7 @@ public class PluginsLoader implements Runnable { return plugins; } - private void initClassLoader(List jars) { - URLClassLoader classLoader = PluginClassLoaderFactory.createClassLoader(jars); - this.repository.replaceClassLoader(classLoader); - Thread.currentThread().setContextClassLoader(classLoader); - } + private void cleanupExtractedPluginsDirectory() { Path i18nDirectory = pluginTarget.resolve("plugin/i18n/"); @@ -135,6 +130,6 @@ public class PluginsLoader implements Runnable { /** {@inheritDoc} */ @Override public void run() { - loadPlugins(true); + loadPlugins(); } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/classloader/PluginClassLoaderFactory.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/classloader/PluginClassLoaderFactory.java deleted file mode 100644 index cd20a0215..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/classloader/PluginClassLoaderFactory.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.owasp.webgoat.plugins.classloader; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.net.URL; -import java.net.URLClassLoader; -import java.util.List; - -/** - * Create a classloader for the plugins - */ -public class PluginClassLoaderFactory { - - private static final Logger logger = LoggerFactory.getLogger(PluginClassLoaderFactory.class); - - public static URLClassLoader createClassLoader(List urls) { - return new URLClassLoader(urls.toArray(new URL[urls.size()]), determineParentClassLoader()); - } - - private static ClassLoader determineParentClassLoader() { - ClassLoader parent = Thread.currentThread().getContextClassLoader(); - try { - parent = Thread.currentThread().getContextClassLoader().getParent() - .loadClass("org.apache.jasper.runtime.JspContextWrapper").getClassLoader(); - } catch (ClassNotFoundException e) { - logger.info("Tomcat JspContextWrapper not found, probably not running on Tomcat..."); - } - return parent; - } -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/classloader/PluginClassLoaderRepository.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/classloader/PluginClassLoaderRepository.java deleted file mode 100644 index 994aea0b5..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/classloader/PluginClassLoaderRepository.java +++ /dev/null @@ -1,35 +0,0 @@ -package org.owasp.webgoat.plugins.classloader; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - -import java.io.IOException; -import java.net.URLClassLoader; - -/** - * Holds the classloaders for the plugins. For now all the plugins are loaded by the same - * classloader. This class can be extended to contain a classloader per plugin. - */ -public class PluginClassLoaderRepository { - - private static final Logger logger = LoggerFactory.getLogger(PluginClassLoaderRepository.class); - private URLClassLoader currentPluginLoader; - - /** - * @return the plugin classloader - */ - public URLClassLoader get() { - return currentPluginLoader; - } - - public void replaceClassLoader(URLClassLoader classLoader) { - if (this.currentPluginLoader != null) { - try { - this.currentPluginLoader.close(); - } catch (IOException e) { - logger.warn("Unable to close the current classloader", e); - } - } - this.currentPluginLoader = classLoader; - } -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java index d4cc0ed2b..936cfdcb5 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/session/Course.java @@ -5,7 +5,6 @@ import org.owasp.webgoat.lessons.AbstractLesson; import org.owasp.webgoat.lessons.Category; import org.owasp.webgoat.plugins.Plugin; import org.owasp.webgoat.plugins.PluginsLoader; -import org.owasp.webgoat.plugins.classloader.PluginClassLoaderRepository; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -66,7 +65,6 @@ public class Course { final Logger logger = LoggerFactory.getLogger(Course.class); - private final PluginClassLoaderRepository repository = new PluginClassLoaderRepository(); private final List lessons = new LinkedList(); private final static String PROPERTIES_FILENAME = HammerHead.propertiesPath; @@ -337,7 +335,7 @@ public class Course { return; } lessons.clear(); - List plugins = new PluginsLoader(repository, Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins(true); + List plugins = new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).loadPlugins(); for (Plugin plugin : plugins) { try { AbstractLesson lesson = plugin.getLesson().get(); From 33d251a1479180f6e574365e2544930b8f365aec Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Tue, 29 Sep 2015 20:39:09 +0200 Subject: [PATCH 2/6] Fixed goathills lesson with JSP now load correctly again(2) --- .../org/owasp/webgoat/plugins/Plugin.java | 6 ++-- .../plugins/PluginContextListener.java | 36 +++++++++++++++++++ .../owasp/webgoat/plugins/PluginsLoader.java | 31 ++++++++++++---- .../webgoat/service/PluginReloadService.java | 7 ++++ 4 files changed, 71 insertions(+), 9 deletions(-) create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java index 5c57e9139..7cd012d05 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java @@ -2,12 +2,12 @@ package org.owasp.webgoat.plugins; import com.google.common.base.Optional; import com.google.common.collect.Lists; +import org.apache.catalina.loader.WebappClassLoader; import org.owasp.webgoat.lessons.AbstractLesson; import org.springframework.util.StringUtils; import java.io.File; import java.io.IOException; -import java.net.URLClassLoader; import java.nio.file.Path; import java.util.Arrays; import java.util.HashMap; @@ -43,10 +43,10 @@ public class Plugin { private void findLesson(String name) { String realClassName = StringUtils.trimLeadingCharacter(name, '/').replaceAll("/", ".").replaceAll(".class", ""); //TODO should be passed in (refactor) - URLClassLoader cl = (URLClassLoader) Thread.currentThread().getContextClassLoader(); + WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader(); try { - Class clazz = cl.loadClass(realClassName); + Class clazz = cl.loadClass(realClassName, true); if (AbstractLesson.class.isAssignableFrom(clazz)) { this.lesson = clazz; diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java new file mode 100644 index 000000000..43e58d07f --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java @@ -0,0 +1,36 @@ +package org.owasp.webgoat.plugins; + +import javax.servlet.ServletContextEvent; +import javax.servlet.ServletContextListener; +import javax.servlet.annotation.WebListener; +import java.nio.file.Paths; + +/** + * Created by nanne_000 on 9/29/2015. + */ +@WebListener +public class PluginContextListener implements ServletContextListener { + @Override + public void contextInitialized(ServletContextEvent event) { + String pluginPath = event.getServletContext().getRealPath("plugin_lessons"); + String targetPath = event.getServletContext().getRealPath("plugin_extracted"); + + if (event.getServletContext().getInitParameter("plugins_loaded") == null) { + new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars(); + } + event.getServletContext().setInitParameter("plugins_loaded", ""); + } + + @Override + public void contextDestroyed(ServletContextEvent event) { +// String targetPath = event.getServletContext().getRealPath("plugin_extracted"); +// WebappClassLoader cl = (WebappClassLoader)Thread.currentThread().getContextClassLoader(); +// cl.closeJARs(true); +// Path webInfLib = Paths.get(targetPath).getParent().resolve(cl.getJarPath().replaceFirst("\\/", "")); +// try { +// FileUtils.cleanDirectory(webInfLib.toFile()); +// } catch (IOException e) { +// e.printStackTrace(); +// } + } +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index b725d9d9f..930ebbf30 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -13,7 +13,9 @@ import java.net.URL; import java.nio.file.FileVisitResult; import java.nio.file.Files; import java.nio.file.Path; +import java.nio.file.Paths; import java.nio.file.SimpleFileVisitor; +import java.nio.file.StandardCopyOption; import java.nio.file.attribute.BasicFileAttributes; import java.util.List; import java.util.Objects; @@ -46,6 +48,25 @@ public class PluginsLoader implements Runnable { this.pluginTarget = Objects.requireNonNull(pluginTarget, "plugin target cannot be null"); } + public void copyJars() { + try { + WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader(); + cl.setAntiJARLocking(true); + + List jars = listJars(); + + cl.closeJARs(true); + Path webInfLib = pluginTarget.getParent().resolve(cl.getJarPath().replaceFirst("\\/", "")); + for (URL jar : jars) { + Path sourceJarFile = Paths.get(jar.toURI()); + Files.copy(sourceJarFile, webInfLib.resolve(sourceJarFile.getFileName()), + StandardCopyOption.REPLACE_EXISTING); + } + } catch (Exception e) { + logger.error("Loading plugins failed", e); + } + } + /** *

loadPlugins.

* @@ -59,9 +80,6 @@ public class PluginsLoader implements Runnable { PluginFileUtils.createDirsIfNotExists(pluginTarget); cleanupExtractedPluginsDirectory(); List jars = listJars(); - for (URL url : jars) { - cl.addRepository(url.toString()); - } plugins = processPlugins(jars); } catch (Exception e) { @@ -71,13 +89,12 @@ public class PluginsLoader implements Runnable { } - private void cleanupExtractedPluginsDirectory() { Path i18nDirectory = pluginTarget.resolve("plugin/i18n/"); FileUtils.deleteQuietly(i18nDirectory.toFile()); } - private List listJars() throws IOException { + public List listJars() throws IOException { final List jars = Lists.newArrayList(); Files.walkFileTree(pluginSource, new SimpleFileVisitor() { @@ -127,7 +144,9 @@ public class PluginsLoader implements Runnable { return extractorCallables; } - /** {@inheritDoc} */ + /** + * {@inheritDoc} + */ @Override public void run() { loadPlugins(); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java b/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java index 9415446cc..83ece5a64 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/service/PluginReloadService.java @@ -30,6 +30,7 @@ */ package org.owasp.webgoat.service; +import org.owasp.webgoat.plugins.PluginsLoader; import org.owasp.webgoat.session.WebSession; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,6 +41,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.ResponseBody; import javax.servlet.http.HttpSession; +import java.nio.file.Paths; /** *

PluginReloadService class.

@@ -61,6 +63,11 @@ public class PluginReloadService extends BaseService { public @ResponseBody ResponseEntity reloadPlugins(HttpSession session) { WebSession webSession = (WebSession) session.getAttribute(WebSession.SESSION); + logger.debug("Loading plugins into cache"); + String pluginPath = session.getServletContext().getRealPath("plugin_lessons"); + String targetPath = session.getServletContext().getRealPath("plugin_extracted"); + new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars(); + webSession.getCourse().loadLessonFromPlugin(session.getServletContext()); return new ResponseEntity("Plugins reload refresh the WebGoat page!",HttpStatus.OK); } From 6a00d66f8b3d258b858efe28fe60a6e99a69070c Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Tue, 29 Sep 2015 21:41:36 +0200 Subject: [PATCH 3/6] Plugins are now reloaded --- .../plugins/PluginBackgroundLoader.java | 34 ------------------- .../plugins/PluginContextListener.java | 19 ++++------- .../owasp/webgoat/plugins/PluginsLoader.java | 22 ++++-------- 3 files changed, 13 insertions(+), 62 deletions(-) delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java deleted file mode 100644 index ce0fb0f1e..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginBackgroundLoader.java +++ /dev/null @@ -1,34 +0,0 @@ -package org.owasp.webgoat.plugins; - -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; -import javax.servlet.annotation.WebListener; -import java.util.concurrent.Executors; -import java.util.concurrent.ScheduledExecutorService; - -@WebListener -/** - *

PluginBackgroundLoader class.

- * - * @version $Id: $Id - */ -public class PluginBackgroundLoader implements ServletContextListener { - - private ScheduledExecutorService scheduler; - - /** {@inheritDoc} */ - @Override - public void contextInitialized(ServletContextEvent event) { - String pluginPath = event.getServletContext().getRealPath("plugin_lessons"); - String targetPath = event.getServletContext().getRealPath("plugin_extracted"); - - scheduler = Executors.newSingleThreadScheduledExecutor(); - //scheduler.scheduleAtFixedRate(new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)), 10, 5, TimeUnit.MINUTES); - } - - /** {@inheritDoc} */ - @Override - public void contextDestroyed(ServletContextEvent event) { - scheduler.shutdownNow(); - } -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java index 43e58d07f..6de0c9a0a 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java @@ -6,31 +6,26 @@ import javax.servlet.annotation.WebListener; import java.nio.file.Paths; /** - * Created by nanne_000 on 9/29/2015. + * Copy the plugins to the WEB-INF/lib directory to take advantage of the automatic reloading of an application + * server. */ @WebListener public class PluginContextListener implements ServletContextListener { + + private static boolean alreadyLoaded = false; + @Override public void contextInitialized(ServletContextEvent event) { String pluginPath = event.getServletContext().getRealPath("plugin_lessons"); String targetPath = event.getServletContext().getRealPath("plugin_extracted"); - if (event.getServletContext().getInitParameter("plugins_loaded") == null) { + if (!alreadyLoaded) { new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars(); + alreadyLoaded = true; } - event.getServletContext().setInitParameter("plugins_loaded", ""); } @Override public void contextDestroyed(ServletContextEvent event) { -// String targetPath = event.getServletContext().getRealPath("plugin_extracted"); -// WebappClassLoader cl = (WebappClassLoader)Thread.currentThread().getContextClassLoader(); -// cl.closeJARs(true); -// Path webInfLib = Paths.get(targetPath).getParent().resolve(cl.getJarPath().replaceFirst("\\/", "")); -// try { -// FileUtils.cleanDirectory(webInfLib.toFile()); -// } catch (IOException e) { -// e.printStackTrace(); -// } } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index 930ebbf30..ef9453403 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -15,7 +15,6 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.nio.file.SimpleFileVisitor; -import java.nio.file.StandardCopyOption; import java.nio.file.attribute.BasicFileAttributes; import java.util.List; import java.util.Objects; @@ -30,7 +29,7 @@ import java.util.concurrent.Executors; * * @version $Id: $Id */ -public class PluginsLoader implements Runnable { +public class PluginsLoader { private static final String WEBGOAT_PLUGIN_EXTENSION = "jar"; private final Logger logger = LoggerFactory.getLogger(this.getClass()); @@ -48,6 +47,9 @@ public class PluginsLoader implements Runnable { this.pluginTarget = Objects.requireNonNull(pluginTarget, "plugin target cannot be null"); } + /** + * Copy jars to the lib directory + */ public void copyJars() { try { WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader(); @@ -55,12 +57,10 @@ public class PluginsLoader implements Runnable { List jars = listJars(); - cl.closeJARs(true); Path webInfLib = pluginTarget.getParent().resolve(cl.getJarPath().replaceFirst("\\/", "")); for (URL jar : jars) { Path sourceJarFile = Paths.get(jar.toURI()); - Files.copy(sourceJarFile, webInfLib.resolve(sourceJarFile.getFileName()), - StandardCopyOption.REPLACE_EXISTING); + FileUtils.copyFileToDirectory(sourceJarFile.toFile(), webInfLib.toFile()); } } catch (Exception e) { logger.error("Loading plugins failed", e); @@ -74,7 +74,6 @@ public class PluginsLoader implements Runnable { */ public List loadPlugins() { List plugins = Lists.newArrayList(); - WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader(); try { PluginFileUtils.createDirsIfNotExists(pluginTarget); @@ -88,13 +87,12 @@ public class PluginsLoader implements Runnable { return plugins; } - private void cleanupExtractedPluginsDirectory() { Path i18nDirectory = pluginTarget.resolve("plugin/i18n/"); FileUtils.deleteQuietly(i18nDirectory.toFile()); } - public List listJars() throws IOException { + private List listJars() throws IOException { final List jars = Lists.newArrayList(); Files.walkFileTree(pluginSource, new SimpleFileVisitor() { @@ -143,12 +141,4 @@ public class PluginsLoader implements Runnable { } return extractorCallables; } - - /** - * {@inheritDoc} - */ - @Override - public void run() { - loadPlugins(); - } } From 2ca5dda37b44513ed0faad3efb89a3ed89301088 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Wed, 30 Sep 2015 19:03:49 +0200 Subject: [PATCH 4/6] Reloading finished --- webgoat-container/.gitignore | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/webgoat-container/.gitignore b/webgoat-container/.gitignore index 11d73197f..6503556df 100644 --- a/webgoat-container/.gitignore +++ b/webgoat-container/.gitignore @@ -4,4 +4,5 @@ target/ /src/main/webapp/plugin_lessons/*.jar /src/main/webapp/plugin_extracted/* dependency-reduced-pom.xml -src/main/webapp/users/guest.org.owasp.webgoat.lessons.BackDoors.props \ No newline at end of file +src/main/webapp/users/guest.org.owasp.webgoat.lessons.BackDoors.props +/src/main/webapp/WEB-INF/lib/*.jar \ No newline at end of file From 219b38315b57d7d17ce265e7f243a0a053595f31 Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Wed, 30 Sep 2015 19:10:33 +0200 Subject: [PATCH 5/6] Make sure WEB-INF/lib dir is available --- webgoat-container/src/main/webapp/WEB-INF/lib/placeholder.txt | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 webgoat-container/src/main/webapp/WEB-INF/lib/placeholder.txt diff --git a/webgoat-container/src/main/webapp/WEB-INF/lib/placeholder.txt b/webgoat-container/src/main/webapp/WEB-INF/lib/placeholder.txt new file mode 100644 index 000000000..e69de29bb From 487bc71df135092d73953fdb15dcba92efabc39f Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Wed, 30 Sep 2015 23:08:10 +0200 Subject: [PATCH 6/6] Moved the logic to the plugin loader which makes the context listener obsolete --- .../plugins/PluginContextListener.java | 31 ------------------- .../owasp/webgoat/plugins/PluginsLoader.java | 21 ++++++++----- 2 files changed, 13 insertions(+), 39 deletions(-) delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java deleted file mode 100644 index 6de0c9a0a..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginContextListener.java +++ /dev/null @@ -1,31 +0,0 @@ -package org.owasp.webgoat.plugins; - -import javax.servlet.ServletContextEvent; -import javax.servlet.ServletContextListener; -import javax.servlet.annotation.WebListener; -import java.nio.file.Paths; - -/** - * Copy the plugins to the WEB-INF/lib directory to take advantage of the automatic reloading of an application - * server. - */ -@WebListener -public class PluginContextListener implements ServletContextListener { - - private static boolean alreadyLoaded = false; - - @Override - public void contextInitialized(ServletContextEvent event) { - String pluginPath = event.getServletContext().getRealPath("plugin_lessons"); - String targetPath = event.getServletContext().getRealPath("plugin_extracted"); - - if (!alreadyLoaded) { - new PluginsLoader(Paths.get(pluginPath), Paths.get(targetPath)).copyJars(); - alreadyLoaded = true; - } - } - - @Override - public void contextDestroyed(ServletContextEvent event) { - } -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index ef9453403..c14bf7817 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -32,6 +32,7 @@ import java.util.concurrent.Executors; public class PluginsLoader { private static final String WEBGOAT_PLUGIN_EXTENSION = "jar"; + private static boolean alreadyLoaded = false; private final Logger logger = LoggerFactory.getLogger(this.getClass()); private final Path pluginSource; private Path pluginTarget; @@ -52,18 +53,21 @@ public class PluginsLoader { */ public void copyJars() { try { - WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader(); - cl.setAntiJARLocking(true); + if (!alreadyLoaded) { + WebappClassLoader cl = (WebappClassLoader) Thread.currentThread().getContextClassLoader(); + cl.setAntiJARLocking(true); - List jars = listJars(); + List jars = listJars(); - Path webInfLib = pluginTarget.getParent().resolve(cl.getJarPath().replaceFirst("\\/", "")); - for (URL jar : jars) { - Path sourceJarFile = Paths.get(jar.toURI()); - FileUtils.copyFileToDirectory(sourceJarFile.toFile(), webInfLib.toFile()); + Path webInfLib = pluginTarget.getParent().resolve(cl.getJarPath().replaceFirst("\\/", "")); + for (URL jar : jars) { + Path sourceJarFile = Paths.get(jar.toURI()); + FileUtils.copyFileToDirectory(sourceJarFile.toFile(), webInfLib.toFile()); + } + alreadyLoaded = true; } } catch (Exception e) { - logger.error("Loading plugins failed", e); + logger.error("Copying plugins failed", e); } } @@ -73,6 +77,7 @@ public class PluginsLoader { * @return a {@link java.util.List} object. */ public List loadPlugins() { + copyJars(); List plugins = Lists.newArrayList(); try {