From 1849197784f51b57e571e1ba152cfdd3bc3f6a35 Mon Sep 17 00:00:00 2001 From: "rogan.dawes" Date: Tue, 10 Jul 2007 11:50:13 +0000 Subject: [PATCH] Move database specific items into WebgoatContext Update DatabaseUtilities to use a webgoatContext to create a Connection git-svn-id: http://webgoat.googlecode.com/svn/trunk@138 4033779f-a91e-0410-96ef-6bf7bf53c507 --- .../webgoat/session/DatabaseUtilities.java | 14 ++++++++---- .../org/owasp/webgoat/session/WebSession.java | 12 ---------- .../owasp/webgoat/session/WebgoatContext.java | 22 +++++++++++++++++++ 3 files changed, 32 insertions(+), 16 deletions(-) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java index 5dfec7157..eb209b8bd 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/DatabaseUtilities.java @@ -63,14 +63,20 @@ public class DatabaseUtilities public static Connection makeConnection(WebSession s) throws ClassNotFoundException, SQLException { - Class.forName(s.getWebgoatContext().getDatabaseDriver()); + return makeConnection(s.getWebgoatContext()); + } + + public static Connection makeConnection(WebgoatContext context) + throws ClassNotFoundException, SQLException + { + Class.forName(context.getDatabaseDriver()); - String password = s.getWebgoatContext().getDatabasePassword(); - String conn = s.getWebgoatContext().getDatabaseConnectionString(); + String password = context.getDatabasePassword(); + String conn = context.getDatabaseConnectionString(); if (password == null || password.equals("")) { return (DriverManager.getConnection(conn)); } else { - String user = s.getWebgoatContext().getDatabaseUser(); + String user = context.getDatabaseUser(); return DriverManager.getConnection(conn, user, password); } } diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java index 6886aa117..1ab55c520 100644 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebSession.java @@ -193,8 +193,6 @@ public class WebSession private int previousScreen = ERROR; - private static boolean databaseBuilt = false; - private static Connection connection = null; private int hintNum = -1; @@ -264,16 +262,6 @@ public class WebSession this.context = context; course = new Course(); course.loadCourses( enterprise, context, "/" ); - - // FIXME: hack to save context for web service calls - DatabaseUtilities.servletContextRealPath = context.getRealPath("/"); - System.out.println("Context Path: " + DatabaseUtilities.servletContextRealPath); - // FIXME: need to solve concurrency problem here -- make tables for this user - if ( !databaseBuilt ) - { - new RefreshDBScreen().refreshDB( this ); - databaseBuilt = true; - } } public static synchronized Connection getConnection(WebSession s) diff --git a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java index cde9fd9ed..e36d6fa99 100755 --- a/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java +++ b/ webgoat/main/project/JavaSource/org/owasp/webgoat/session/WebgoatContext.java @@ -1,7 +1,11 @@ package org.owasp.webgoat.session; +import java.sql.Connection; + import javax.servlet.http.HttpServlet; +import org.owasp.webgoat.lessons.admin.RefreshDBScreen; + public class WebgoatContext { public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString"; @@ -12,6 +16,8 @@ public class WebgoatContext { public final static String DATABASE_PASSWORD = "DatabasePassword"; + private static boolean databaseBuilt = false; + private String databaseConnectionString; private String realConnectionString = null; @@ -31,6 +37,22 @@ public class WebgoatContext { databaseDriver = servlet.getInitParameter(DATABASE_DRIVER); databaseUser = servlet.getInitParameter(DATABASE_USER); databasePassword = servlet.getInitParameter(DATABASE_PASSWORD); + + // FIXME: hack to save context for web service calls + DatabaseUtilities.servletContextRealPath = servlet.getServletContext().getRealPath("/"); + System.out.println("Context Path: " + DatabaseUtilities.servletContextRealPath); + // FIXME: need to solve concurrency problem here -- make tables for this user + if ( !databaseBuilt ) { + try { + Connection conn = DatabaseUtilities.makeConnection(this); + new CreateDB().makeDB(conn); + conn.close(); + databaseBuilt = true; + } catch (Exception e) { + e.printStackTrace(); + } + } + } /**