Travis now builds Docker and create a Github release.

Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications

webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java

@@ -1,23 +1,15 @@
 package org.owasp.webgoat;
 
 import lombok.AllArgsConstructor;
-import org.owasp.webgoat.login.LoginEvent;
 import org.owasp.webgoat.session.Course;
-import org.owasp.webgoat.users.WebGoatUser;
-import org.springframework.jms.core.JmsTemplate;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.servlet.ModelAndView;
 
-import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.Optional;
-
-import static java.util.Optional.empty;
-import static java.util.Optional.of;
 
 /**
  * *************************************************************************************************
@@ -58,34 +50,12 @@ import static java.util.Optional.of;
 public class HammerHead {
 
     private final Course course;
-    private JmsTemplate jmsTemplate;
 
     /**
      * Entry point for WebGoat, redirects to the first lesson found within the course.
      */
     @RequestMapping(path = "/attack", method = {RequestMethod.GET, RequestMethod.POST})
     public ModelAndView attack(Authentication authentication, HttpServletRequest request, HttpServletResponse response) {
-        sendUserLoggedInMessage(request, response, authentication);
         return new ModelAndView("redirect:" + "start.mvc" + course.getFirstLesson().getLink());
     }
-
-    private void sendUserLoggedInMessage(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
-        WebGoatUser user = (WebGoatUser) authentication.getPrincipal();
-        getWebGoatCookie(request).ifPresent(c -> {
-            jmsTemplate.convertAndSend("webgoat", new LoginEvent(user.getUsername(), c.getValue()), m -> {
-                        m.setStringProperty("type", LoginEvent.class.getSimpleName());
-                        return m;
-                    }
-            );
-        });
-    }
-
-    private Optional<Cookie> getWebGoatCookie(HttpServletRequest request) {
-        for (Cookie c : request.getCookies()) {
-            if (c.getName().equals("JSESSIONID")) {
-                return of(c);
-            }
-        }
-        return empty();
-    }
 }

webgoat-container/src/main/java/org/owasp/webgoat/JmsConfig.java

@@ -1,35 +0,0 @@
-package org.owasp.webgoat;
-
-import com.fasterxml.jackson.databind.ObjectMapper;
-import org.apache.activemq.broker.BrokerService;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.jms.support.converter.MappingJackson2MessageConverter;
-import org.springframework.jms.support.converter.MessageConverter;
-import org.springframework.jms.support.converter.MessageType;
-
-/**
- * @author nbaars
- * @since 8/20/17.
- */
-@Configuration
-public class JmsConfig {
-
-    @Bean(initMethod = "start", destroyMethod = "stop")
-    public BrokerService broker() throws Exception {
-        final BrokerService broker = new BrokerService();
-        broker.addConnector("tcp://localhost:61616");
-        broker.addConnector("vm://localhost");
-        broker.setPersistent(false);
-        return broker;
-    }
-
-    @Bean
-    public MessageConverter jacksonJmsMessageConverter(ObjectMapper objectMapper) {
-        MappingJackson2MessageConverter converter = new MappingJackson2MessageConverter();
-        converter.setTargetType(MessageType.TEXT);
-        converter.setObjectMapper(objectMapper);
-        converter.setTypeIdPropertyName("_type");
-        return converter;
-    }
-}

webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java

@@ -50,6 +50,7 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
+import org.springframework.web.client.RestTemplate;
 
 import java.io.File;
 import java.util.Arrays;
@@ -94,6 +95,11 @@ public class WebGoat extends SpringBootServletInitializer {
         return new PluginsLoader(pluginEndpointPublisher).loadPlugins();
     }
 
+    @Bean
+    public RestTemplate restTemplate() {
+        return new RestTemplate();
+    }
+
     @Bean
     public EmbeddedServletContainerFactory servletContainer() {
         TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();

webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java

@@ -31,7 +31,6 @@
 package org.owasp.webgoat;
 
 import lombok.AllArgsConstructor;
-import org.owasp.webgoat.login.LogoutHandler;
 import org.owasp.webgoat.users.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -53,7 +52,6 @@ import org.springframework.security.core.userdetails.UserDetailsService;
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
 
     private final UserService userDetailsService;
-    private final LogoutHandler logoutHandler;
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
@@ -71,8 +69,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .passwordParameter("password")
                 .permitAll();
         security.and()
-                .logout().deleteCookies("JSESSIONID").invalidateHttpSession(true)
-                .permitAll().logoutSuccessHandler(logoutHandler);
+                .logout().deleteCookies("JSESSIONID").invalidateHttpSession(true);
         security.and().csrf().disable();
 
         http.headers().cacheControl().disable();

webgoat-container/src/main/java/org/owasp/webgoat/login/LogoutHandler.java

@@ -1,47 +0,0 @@
-package org.owasp.webgoat.login;
-
-import lombok.AllArgsConstructor;
-import org.owasp.webgoat.users.WebGoatUser;
-import org.springframework.jms.core.JmsTemplate;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
-import org.springframework.stereotype.Component;
-
-import javax.servlet.ServletException;
-import javax.servlet.http.Cookie;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Optional;
-
-/**
- * @author nbaars
- * @since 8/20/17.
- */
-@AllArgsConstructor
-@Component
-public class LogoutHandler extends SimpleUrlLogoutSuccessHandler {
-
-    private JmsTemplate jmsTemplate;
-
-    @Override
-    public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
-        if (authentication != null) {
-            WebGoatUser user = (WebGoatUser) authentication.getPrincipal();
-            jmsTemplate.convertAndSend("webgoat", new LogoutEvent(user.getUsername()), m -> {
-                m.setStringProperty("type", LogoutEvent.class.getSimpleName());
-                return m;
-            });
-        }
-        super.onLogoutSuccess(httpServletRequest, httpServletResponse, authentication);
-    }
-
-    private Optional<Cookie> findSessionCookie(Cookie[] cookies) {
-        for (Cookie cookie : cookies) {
-            if ("JSESSIONID".equals(cookie.getName())) {
-                return Optional.of(cookie);
-            }
-        }
-        return Optional.empty();
-    }
-}