- Introduced user registration

- Now using Spring Boot for classloading, this way local development does not need to restart the complete server
- Fixed all kinds of dependencies on the names of the lessons necessary to keep in mind during the creation of a lesson.
- Simplied loading of resources, by adding resource mappings in MvcConfig.
- Refactored plugin loading, now only one class is left for loading the lessons.

webgoat-lessons/xxe/src/main/resources/html/XXE.html

@@ -27,7 +27,7 @@
         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
         <form class="attack-form" accept-charset="UNKNOWN" prepareData="register" method="POST" name="form"
               action="/WebGoat/XXE/simple" contentType="application/xml">
-            <script th:src="@{/plugin_lessons/plugin/XXE/js/xxe.js}"
+            <script th:src="@{/lesson_js/xxe.js}"
                     language="JavaScript"></script>
             <div id="lessonContent">
                 <strong>Registration form</strong>
@@ -77,7 +77,7 @@
         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
         <form class="attack-form" accept-charset="UNKNOWN" prepareData="registerJson" method="POST" name="form"
               action="/WebGoat/XXE/content-type" contentType="application/json">
-            <script th:src="@{/plugin_lessons/plugin/XXE/js/xxe.js}"
+            <script th:src="@{/lesson_js/xxe.js}"
                     language="JavaScript"></script>
             <div id="lessonContent">
                 <strong>Registration form</strong>
@@ -135,13 +135,13 @@
         <!-- using attack-form class on your form will allow your request to be ajaxified and stay within the display framework for webgoat -->
         <!-- you can write your own custom forms, but standard form submission will take you to your endpoint and outside of the WebGoat framework -->
         <!-- of course, you can write your own ajax submission /handling in your own javascript if you like -->
-        <form class="attack-form" accept-charset="UNKNOWN" prepareData="registerJson" method="POST" name="form"
-              action="/WebGoat/XXE/blind" contentType="application/json">
-            <script th:src="@{/plugin_lessons/plugin/XXE/js/xxe.js}"
+        <form class="attack-form" accept-charset="UNKNOWN" prepareData="register" method="POST" name="form"
+              action="/WebGoat/XXE/blind" contentType="application/xml">
+            <script th:src="@{/lesson_js/xxe.js}"
                     language="JavaScript"></script>
             <div id="lessonContent">
                 <strong>Registration form</strong>
-                <form prepareData="registerJson" accept-charset="UNKNOWN" method="POST" name="form" action="#attack/307/100">
+                <form prepareData="register" accept-charset="UNKNOWN" method="POST" name="form" action="#attack/307/100">
                     <table>
                         <tr>
                             <td>Username</td>

webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_blind.adoc

@@ -4,7 +4,7 @@ In some cases you will see no output because although your attack might have wor
 Or the resource you are trying to read contains illegal XML character which causes the parser to fail.
 Let's start with an example, in this case we reference a external DTD which we control on our own server.
 
-Our WebGoat server by default has an /xxe/ping endpoint which we can use. In real case this can be any server you control.
+Our WebGoat server by default has an /xxe/ping endpoint which we can use. *This can be any server you control.*
 
 [source]
 ----

webgoat-lessons/xxe/src/main/resources/lessonPlans/en/XXE_blind_assignment.adoc

@@ -1,7 +1,7 @@
 == Blind XXE assignment
 
 In the previous page we showed you how you can ping a server with a XXE attack, in this assigment try to make a DTD which will upload the
-contents of ~/.webgoat/plugin/XXE/secret.txt to our server. For Linux: `/home/USER/.webgoat/plugin/XXE/secret.txt`, for Windows
-this would be `c:/Users/USER/.webgoat/plugin/XXE/secret.txt`
+contents of ~/.webgoat/plugin/XXE/secret.txt to our server. For Linux: `/home/USER/.webgoat/XXE/secret.txt`, for Windows
+this would be `c:/Users/USER/.webgoat/XXE/secret.txt`
 
 Try to upload this file using the following endpoint: `http://localhost:8080/WebGoat/XXE/ping?text=[contents_file]` (NOTE: this endpoint is under your full control)