Travis now builds Docker and create a Github release.

Removed ActiveMQ between WebGoat and WebWolf they now act as standalone applications

webwolf/Dockerfile

@@ -0,0 +1,8 @@
+FROM openjdk:8-jre-slim
+
+RUN useradd --home-dir /home/webwolf --create-home -U webwolf
+
+USER webwolf
+RUN cd /home/webwolf/
+COPY target/webwolf-8.0-SNAPSHOT.jar /home/webwolf/webwolf.jar
+COPY start.sh /home/webwolf/start.sh

webwolf/README.md

@@ -16,14 +16,14 @@ At the moment WebWolf offers support for:
 - Serving files
 - Logging of incoming requests (cookies etc)
 
-## Running
+# Run instructions
 
-### Docker
+## 1. Run using Docker
 
 If you use the Docker image of WebGoat this application will automatically be available. Use the following 
 URL: http://localhost:8081/WebWolf
 
-### Standalone
+## 2. Standalone
 
 ```Shell
 cd WebGoat

webwolf/pom.xml

@@ -10,11 +10,6 @@
     </parent>
 
     <dependencies>
-        <dependency>
-            <groupId>org.owasp.webgoat</groupId>
-            <artifactId>webgoat-commons</artifactId>
-            <version>${project.version}</version>
-        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.datatype</groupId>
             <artifactId>jackson-datatype-jsr310</artifactId>
@@ -62,14 +57,6 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-mongodb</artifactId>
         </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-jms</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-activemq</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-devtools</artifactId>

webwolf/src/main/java/org/owasp/webwolf/WebWolf.java

@@ -1,6 +1,5 @@
 package org.owasp.webwolf;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
 import org.owasp.webwolf.requests.WebWolfTraceRepository;
 import org.owasp.webwolf.user.UserRepository;
@@ -8,18 +7,9 @@ import org.owasp.webwolf.user.WebGoatUserToCookieRepository;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.actuate.trace.TraceRepository;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.autoconfigure.jms.DefaultJmsListenerContainerFactoryConfigurer;
 import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.boot.web.support.SpringBootServletInitializer;
 import org.springframework.context.annotation.Bean;
-import org.springframework.jms.config.DefaultJmsListenerContainerFactory;
-import org.springframework.jms.config.JmsListenerContainerFactory;
-import org.springframework.jms.support.converter.MappingJackson2MessageConverter;
-import org.springframework.jms.support.converter.MessageConverter;
-import org.springframework.jms.support.converter.MessageType;
-
-import javax.jms.ConnectionFactory;
-
 
 @SpringBootApplication
 @Slf4j
@@ -35,25 +25,6 @@ public class WebWolf extends SpringBootServletInitializer {
         return application.sources(WebWolf.class);
     }
 
-    @Bean
-    public JmsListenerContainerFactory<?> jmsFactory(ConnectionFactory connectionFactory,
-                                                     DefaultJmsListenerContainerFactoryConfigurer configurer) {
-        DefaultJmsListenerContainerFactory factory = new DefaultJmsListenerContainerFactory();
-        // This provides all boot's default to this factory, including the message converter
-        configurer.configure(factory, connectionFactory);
-        // You could still override some of Boot's default if necessary.
-        return factory;
-    }
-
-    @Bean
-    public MessageConverter jacksonJmsMessageConverter(ObjectMapper objectMapper) {
-        MappingJackson2MessageConverter converter = new MappingJackson2MessageConverter();
-        converter.setTargetType(MessageType.TEXT);
-        converter.setTypeIdPropertyName("_type");
-        converter.setObjectMapper(objectMapper);
-        return converter;
-    }
-
     public static void main(String[] args) throws Exception {
         SpringApplication.run(WebWolf.class, args);
     }

webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java

@@ -1,7 +1,9 @@
 package org.owasp.webwolf.mailbox;
 
+import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
+import lombok.NoArgsConstructor;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.mongodb.core.index.Indexed;
 import org.springframework.data.mongodb.core.mapping.Document;
@@ -17,6 +19,8 @@ import java.time.format.DateTimeFormatter;
 @Builder
 @Data
 @Document
+@NoArgsConstructor
+@AllArgsConstructor
 public class Email implements Serializable {
 
     @Id
@@ -32,6 +36,10 @@ public class Email implements Serializable {
         return "-" + this.contents.substring(0, 50);
     }
 
+    public LocalDateTime getTimestamp() {
+        return time;
+    }
+
     public String getTime() {
         return DateTimeFormatter.ofPattern("h:mm a").format(time);
     }

webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxController.java

@@ -1,10 +1,12 @@
 package org.owasp.webwolf.mailbox;
 
 import lombok.AllArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.owasp.webwolf.user.UserRepository;
 import org.owasp.webwolf.user.WebGoatUser;
+import org.springframework.http.HttpStatus;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.web.bind.annotation.GetMapping;
-import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.ModelAndView;
 
 import java.util.List;
@@ -15,8 +17,10 @@ import java.util.List;
  */
 @RestController
 @AllArgsConstructor
+@Slf4j
 public class MailboxController {
 
+    private final UserRepository userRepository;
     private final MailboxRepository mailboxRepository;
 
     @GetMapping(value = "/WebWolf/mail")
@@ -32,4 +36,14 @@ public class MailboxController {
         return modelAndView;
     }
 
+    @PostMapping(value = "/mail")
+    @ResponseStatus(HttpStatus.CREATED)
+    public void sendEmail(@RequestBody Email email) {
+        if (userRepository.findByUsername(email.getRecipient()) != null) {
+            mailboxRepository.save(email);
+        } else {
+            log.trace("Mail received for unknown user: {}", email.getRecipient());
+        }
+    }
+
 }

webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxListener.java

@@ -1,37 +0,0 @@
-package org.owasp.webwolf.mailbox;
-
-import lombok.AllArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.owasp.webgoat.mail.IncomingMailEvent;
-import org.owasp.webwolf.user.UserRepository;
-import org.springframework.jms.annotation.JmsListener;
-import org.springframework.stereotype.Component;
-
-/**
- * @author nbaars
- * @since 8/20/17.
- */
-@Component
-@AllArgsConstructor
-@Slf4j
-public class MailboxListener {
-
-    private final MailboxRepository repository;
-    private final UserRepository userRepository;
-
-    @JmsListener(destination = "mailbox", containerFactory = "jmsFactory")
-    public void incomingMail(IncomingMailEvent event) {
-        if (userRepository.findByUsername(event.getRecipient()) != null) {
-            Email email = Email.builder()
-                    .contents(event.getContents())
-                    .sender(event.getSender())
-                    .time(event.getTime())
-                    .recipient(event.getRecipient())
-                    .title(event.getTitle()).build();
-            repository.save(email);
-        } else {
-            log.trace("Mail received for unknown user: {}", event.getRecipient());
-        }
-
-    }
-}

webwolf/src/main/java/org/owasp/webwolf/user/LoginListener.java

@@ -1,33 +0,0 @@
-package org.owasp.webwolf.user;
-
-import lombok.AllArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.owasp.webgoat.login.LoginEvent;
-import org.owasp.webgoat.login.LogoutEvent;
-import org.springframework.jms.annotation.JmsListener;
-import org.springframework.stereotype.Component;
-
-/**
- * @author nbaars
- * @since 8/20/17.
- */
-@Component
-@Slf4j
-@AllArgsConstructor
-public class LoginListener {
-    
-    private final WebGoatUserToCookieRepository repository;
-
-    @JmsListener(destination = "webgoat", containerFactory = "jmsFactory", selector = "type = 'LoginEvent'")
-    public void loginEvent(LoginEvent loginEvent) {
-        log.trace("Login event occurred for user: '{}'", loginEvent.getUser());
-        repository.save(new WebGoatUserCookie(loginEvent.getUser(), loginEvent.getCookie()));
-    }
-
-    @JmsListener(destination = "webgoat", containerFactory = "jmsFactory", selector = "type = 'LogoutEvent'")
-    public void logoutEvent(LogoutEvent logoutEvent) {
-        repository.delete(logoutEvent.getUser());
-
-    }
-
-}

webwolf/src/main/resources/application.properties

@@ -28,13 +28,14 @@ multipart.max-request-size=1Mb
 webwolf.fileserver.location=${java.io.tmpdir}/webwolf-fileserver
 
 
-spring.data.mongodb.port=27017
+spring.data.mongodb.host=${WG_MONGO_HOST:localhost}
+spring.data.mongodb.port=${WG_MONGO_PORT:27017}
 spring.data.mongodb.database=webgoat
 
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
 
-spring.activemq.broker-url=tcp://localhost:61616
+spring.activemq.broker-url=tcp://${WG_MQ_HOST:localhost}:${WG_MQ_PORT:61616}
 spring.activemq.in-memory=true
 
 #For static file refresh ... and faster dev :D

webwolf/start.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+java -jar -Djava.security.egd=file:/dev/./urandom /home/webwolf/webwolf.jar