From 4a19ddf40a5792821ce4692c75aff3fe7ad1c96c Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Fri, 13 May 2016 14:45:53 +0200 Subject: [PATCH] Endpoints provided by lessons now work --- webgoat-container/pom.xml | 4 + .../src/main/java/org/owasp/webgoat/Info.java | 19 ----- .../owasp/webgoat/LessonEndpointProvider.java | 64 +++++++++++++++ .../owasp/webgoat/LessonTemplateResolver.java | 60 +++++++++++++++ .../org/owasp/webgoat/MvcConfiguration.java | 33 ++++++++ .../main/java/org/owasp/webgoat/WebGoat.java | 15 +++- .../application/WebGoatServletListener.java | 26 ------- .../owasp/webgoat/lessons/LessonEndpoint.java | 77 +++++++++++++++++++ ...apping.java => LessonEndpointMapping.java} | 13 ++-- .../org/owasp/webgoat/plugins/Plugin.java | 25 +++++- .../webgoat/plugins/PluginFileUtils.java | 14 ---- .../owasp/webgoat/plugins/PluginsLoader.java | 4 +- .../src/main/resources/application.properties | 8 +- .../resources/templates/lesson_content.html | 3 + 14 files changed, 287 insertions(+), 78 deletions(-) delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/Info.java create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/LessonEndpointProvider.java create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpoint.java rename webgoat-container/src/main/java/org/owasp/webgoat/lessons/{LessonServletMapping.java => LessonEndpointMapping.java} (86%) diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml index 6546faf64..24f8b7e6b 100644 --- a/webgoat-container/pom.xml +++ b/webgoat-container/pom.xml @@ -210,6 +210,10 @@ org.springframework.boot spring-boot-starter + + org.springframework.boot + spring-boot-starter-actuator + org.apache.tomcat.embed tomcat-embed-jasper diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/Info.java b/webgoat-container/src/main/java/org/owasp/webgoat/Info.java deleted file mode 100644 index 01a7e6aa0..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/Info.java +++ /dev/null @@ -1,19 +0,0 @@ -package org.owasp.webgoat; - -import org.springframework.context.annotation.Bean; -import org.springframework.context.annotation.Configuration; - -@Configuration -public class Info { - - public static class Information { - - - } - - @Bean(name = "information") - public Information information() { - return null; - } - -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/LessonEndpointProvider.java b/webgoat-container/src/main/java/org/owasp/webgoat/LessonEndpointProvider.java new file mode 100644 index 000000000..b449c52cf --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/LessonEndpointProvider.java @@ -0,0 +1,64 @@ +package org.owasp.webgoat; + +import org.owasp.webgoat.lessons.LessonEndpointMapping; +import org.owasp.webgoat.plugins.PluginsLoader; +import org.springframework.beans.factory.BeanFactory; +import org.springframework.beans.factory.ListableBeanFactory; +import org.springframework.beans.factory.config.ConfigurableBeanFactory; +import org.springframework.beans.factory.support.DefaultListableBeanFactory; +import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint; +import org.springframework.context.ApplicationContext; +import org.springframework.context.annotation.AnnotationConfigApplicationContext; +import org.springframework.context.annotation.ClassPathBeanDefinitionScanner; +import org.springframework.core.type.filter.AnnotationTypeFilter; + +import java.util.Map; + +/** + * Each lesson can define an endpoint which can support the lesson. So for example if you create a lesson which uses JavaScript and + * needs to call out to the server to fetch data you can define an endpoint in that lesson. WebGoat will pick up this endpoint and + * Spring will publish it. + *

+ * Find all the defined endpoints in the lessons and register those endpoints in the Spring context so later on the + * Actuator will pick them up and expose them as real endpoints. + *

+ * We use the Actuator here so we don't have to do all the hard work ourselves (endpoint strategy pattern etc) so in a + * lesson you can just define a subclass of LessonEndpoint which this class will publish as an endpoint. So we can + * dynamically load endpoints from our plugins. + */ +public class LessonEndpointProvider { + + private final String pluginBasePackage; + private final ApplicationContext parentContext; + private ListableBeanFactory context; + private DefaultListableBeanFactory providedBeans; + private BeanFactory beanFactory; + + + public LessonEndpointProvider(String pluginBasePackage, ApplicationContext parentContext, BeanFactory beanFactory) { + this.pluginBasePackage = pluginBasePackage; + this.parentContext = parentContext; + this.providedBeans = new DefaultListableBeanFactory(this.parentContext.getParentBeanFactory()); + this.beanFactory = beanFactory; + } + + public void registerEndpoints() { + if (context == null) { + AnnotationConfigApplicationContext context = new AnnotationConfigApplicationContext(); + context.setParent(parentContext); + context.setClassLoader(PluginsLoader.classLoader); + + ClassPathBeanDefinitionScanner scanner = new ClassPathBeanDefinitionScanner(context, false); + scanner.addIncludeFilter(new AnnotationTypeFilter(LessonEndpointMapping.class)); + scanner.scan(pluginBasePackage); + context.refresh(); + + Map beansOfType = context.getBeansOfType(MvcEndpoint.class); + ConfigurableBeanFactory configurableBeanFactory = (ConfigurableBeanFactory) beanFactory; + beansOfType.forEach((k, v) -> { + configurableBeanFactory.registerSingleton(k, v); + }); + this.context = context; + } + } +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java b/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java new file mode 100644 index 000000000..a00cc25e0 --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java @@ -0,0 +1,60 @@ +package org.owasp.webgoat; + +import com.google.common.collect.Sets; +import com.google.common.io.Files; +import org.owasp.webgoat.session.WebSession; +import org.thymeleaf.TemplateProcessingParameters; +import org.thymeleaf.resourceresolver.IResourceResolver; +import org.thymeleaf.templateresolver.TemplateResolver; + +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.IOException; +import java.io.InputStream; + +/** + * + */ +public class LessonTemplateResolver extends TemplateResolver { + + + private final static String PREFIX = "lesson:"; + private final File pluginTargetDirectory; + private final WebSession webSession; + + + public LessonTemplateResolver(File pluginTargetDirectory, WebSession webSession) { + this.pluginTargetDirectory = pluginTargetDirectory; + this.webSession = webSession; + setResourceResolver(new LessonResourceResolver()); + setResolvablePatterns(Sets.newHashSet(PREFIX + "*")); + } + + @Override + protected String computeResourceName(TemplateProcessingParameters params) { + String templateName = params.getTemplateName(); + return templateName.substring(PREFIX.length()); + } + + private class LessonResourceResolver implements IResourceResolver { + + @Override + public InputStream getResourceAsStream(TemplateProcessingParameters params, String resourceName) { + String lessonName = webSession.getCurrentLesson().getClass().getSimpleName(); + File lesson = new File(pluginTargetDirectory, "/plugin/" + lessonName + "/html/" + lessonName + ".html"); + if (lesson != null) { + try { + return new ByteArrayInputStream(Files.toByteArray(lesson)); + } catch (IOException e) { + e.printStackTrace(); + } + } + return null; + } + + @Override + public String getName() { + return "lessonResourceResolver"; + } + } +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java index 208e900ba..f3277a745 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java @@ -1,15 +1,21 @@ package org.owasp.webgoat; +import com.google.common.collect.Sets; import org.owasp.webgoat.session.LabelDebugger; import org.owasp.webgoat.session.WebSession; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.context.embedded.ServletRegistrationBean; +import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; +import org.thymeleaf.extras.springsecurity4.dialect.SpringSecurityDialect; +import org.thymeleaf.spring4.SpringTemplateEngine; +import org.thymeleaf.spring4.templateresolver.SpringResourceTemplateResolver; +import org.thymeleaf.templateresolver.TemplateResolver; import java.io.File; @@ -30,6 +36,33 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter { registry.addViewController("/start.mvc").setViewName("main_new"); } + @Bean + public TemplateResolver springThymeleafTemplateResolver(ApplicationContext applicationContext) { + SpringResourceTemplateResolver resolver = new SpringResourceTemplateResolver(); + resolver.setPrefix("classpath:/templates/"); + resolver.setSuffix(".html"); + resolver.setOrder(1); + resolver.setApplicationContext(applicationContext); + return resolver; + } + + @Bean + public LessonTemplateResolver lessonTemplateResolver(WebSession webSession) { + LessonTemplateResolver resolver = new LessonTemplateResolver(pluginTargetDirectory, webSession); + resolver.setOrder(2); + return resolver; + } + + @Bean + public SpringTemplateEngine thymeleafTemplateEngine(TemplateResolver springThymeleafTemplateResolver, LessonTemplateResolver lessonTemplateResolver) { + SpringTemplateEngine engine = new SpringTemplateEngine(); + engine.addDialect(new SpringSecurityDialect()); + engine.setTemplateResolvers( + Sets.newHashSet(springThymeleafTemplateResolver, lessonTemplateResolver)); + return engine; + } + + @Bean public ServletRegistrationBean servletRegistrationBean(HammerHead hammerHead) { return new ServletRegistrationBean(hammerHead, "/attack/*"); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java index 615cc4122..8fd0a9704 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java @@ -5,11 +5,13 @@ import org.owasp.webgoat.session.Course; import org.owasp.webgoat.session.WebSession; import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatProperties; +import org.springframework.beans.factory.BeanFactory; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; import org.springframework.boot.context.web.SpringBootServletInitializer; +import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.PropertySource; import org.springframework.context.annotation.Scope; @@ -40,22 +42,27 @@ public class WebGoat extends SpringBootServletInitializer { @Bean public PluginsLoader pluginsLoader(@Qualifier("pluginTargetDirectory") File pluginTargetDirectory) { - System.out.println("Plugin target directory: " + pluginTargetDirectory.toString()); return new PluginsLoader(pluginTargetDirectory); } @Bean @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS) - public WebSession webSession(Course course, WebgoatContext webgoatContext, ServletContext context) { + public WebSession webSession(Course course, WebgoatContext webgoatContext, ServletContext context, ApplicationContext applicationContext ) { return new WebSession(course, webgoatContext, context); } @Bean - public Course course(PluginsLoader pluginsLoader, WebgoatContext webgoatContext, ServletContext context, - WebgoatProperties webgoatProperties) { + public LessonEndpointProvider lessonEndpointProvider(ApplicationContext applicationContext, BeanFactory factory) { + LessonEndpointProvider lessonEndpointProvider = new LessonEndpointProvider("org.owasp.webgoat", applicationContext, factory); + return lessonEndpointProvider; + } + + @Bean + public Course course(PluginsLoader pluginsLoader, WebgoatContext webgoatContext, ServletContext context, WebgoatProperties webgoatProperties, LessonEndpointProvider endpointProvider) { Course course = new Course(webgoatProperties); course.loadCourses(webgoatContext, context, "/"); course.loadLessonFromPlugin(pluginsLoader.loadPlugins()); + endpointProvider.registerEndpoints(); return course; } } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java b/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java index 2e202c812..a3a1682ae 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java @@ -5,22 +5,16 @@ */ package org.owasp.webgoat.application; -import org.owasp.webgoat.lessons.LessonServletMapping; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.config.BeanDefinition; -import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider; -import org.springframework.core.type.filter.AnnotationTypeFilter; import javax.servlet.ServletContext; import javax.servlet.ServletContextEvent; import javax.servlet.ServletContextListener; -import javax.servlet.ServletRegistration; import java.sql.Driver; import java.sql.DriverManager; import java.sql.SQLException; import java.util.Enumeration; -import java.util.Set; /** * Web application lifecycle listener. @@ -37,26 +31,6 @@ public class WebGoatServletListener implements ServletContextListener { public void contextInitialized(ServletContextEvent sce) { ServletContext context = sce.getServletContext(); context.log("WebGoat is starting"); - context.log("Adding extra mappings for lessions"); - loadServlets(sce); - } - - private void loadServlets(ServletContextEvent sce) { - final ServletContext servletContext = sce.getServletContext(); - ClassPathScanningCandidateComponentProvider provider = new ClassPathScanningCandidateComponentProvider( - false); - provider.addIncludeFilter(new AnnotationTypeFilter(LessonServletMapping.class)); - Set candidateComponents = provider.findCandidateComponents("org.owasp.webgoat"); - try { - for (BeanDefinition beanDefinition : candidateComponents) { - Class controllerClass = Class.forName(beanDefinition.getBeanClassName()); - LessonServletMapping pathAnnotation = (LessonServletMapping) controllerClass.getAnnotation(LessonServletMapping.class); - final ServletRegistration.Dynamic dynamic = servletContext.addServlet(controllerClass.getSimpleName(), controllerClass); - dynamic.addMapping(pathAnnotation.path()); - } - } catch (Exception e) { - logger.error("Error", e); - } } /** {@inheritDoc} */ diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpoint.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpoint.java new file mode 100644 index 000000000..71a63a9eb --- /dev/null +++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpoint.java @@ -0,0 +1,77 @@ +/** + * ************************************************************************************************ + * This file is part of WebGoat, an Open Web Application Security Project utility. For details, + * please see http://www.owasp.org/ + *

+ * Copyright (c) 2002 - 20014 Bruce Mayhew + *

+ * This program is free software; you can redistribute it and/or modify it under the terms of the + * GNU General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + *

+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + *

+ * You should have received a copy of the GNU General Public License along with this program; if + * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA + * 02111-1307, USA. + *

+ * Getting Source ============== + *

+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software + * projects. + *

+ */ +package org.owasp.webgoat.lessons; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.boot.actuate.endpoint.Endpoint; +import org.springframework.boot.actuate.endpoint.mvc.MvcEndpoint; + +import java.io.File; + +/** + * Each lesson can define an endpoint which can support the lesson. So for example if you create a lesson which uses JavaScript and + * needs to call out to the server to fetch data you can define an endpoint in that lesson. WebGoat will pick up this endpoint and + * Spring will publish it. + *

+ * Extend this class and implement the met + *

+ * Note: each subclass should declare this annotation otherwise the WebGoat framework cannot find your endpoint. + */ +@LessonEndpointMapping +public abstract class LessonEndpoint implements MvcEndpoint { + + @Autowired + @Qualifier("pluginTargetDirectory") + private File pluginDirectory; + + /** + * The directory of the plugin directory in which the lessons resides, so if you want to access the lesson 'ClientSideFiltering' you will + * need to: + * + * + * File lessonDirectory = new File(getPluginDirectory(), "ClientSideFiltering"); + * + * + * The directory structure of the lesson is exactly the same as the directory structure in the plugins project. + * + * @return the top level + */ + protected File getPluginDirectory() { + return new File(this.pluginDirectory, "plugin"); + } + + @Override + public final boolean isSensitive() { + return false; + } + + @Override + public final Class getEndpointType() { + return null; + } + +} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonServletMapping.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpointMapping.java similarity index 86% rename from webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonServletMapping.java rename to webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpointMapping.java index 9cc6737d8..4c44e2f00 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonServletMapping.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpointMapping.java @@ -1,7 +1,11 @@ package org.owasp.webgoat.lessons; +import org.springframework.stereotype.Component; + +import java.lang.annotation.ElementType; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; /** ************************************************************************************************* @@ -28,14 +32,13 @@ import java.lang.annotation.RetentionPolicy; * projects. *

* - * @author Nanne Baars + * @author WebGoat * @since December 12, 2015 * @version $Id: $Id */ +@Component +@Target(ElementType.TYPE) @Retention(RetentionPolicy.RUNTIME) -public @interface LessonServletMapping { - - String path(); -} +public @interface LessonEndpointMapping { } diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java index 8455c8118..5338c87a3 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java @@ -3,10 +3,12 @@ package org.owasp.webgoat.plugins; import com.google.common.base.Optional; import com.google.common.collect.Lists; import org.owasp.webgoat.lessons.AbstractLesson; +import org.owasp.webgoat.lessons.LessonEndpointMapping; import org.springframework.util.StringUtils; import java.io.File; import java.io.IOException; +import java.lang.annotation.Annotation; import java.nio.file.Path; import java.util.Arrays; import java.util.HashMap; @@ -27,13 +29,14 @@ public class Plugin { private static final String NAME_LESSON_SOLUTION_DIRECTORY = "lessonSolutions"; private static final String NAME_LESSON_PLANS_DIRECTORY = "lessonPlans"; - private final PluginClassLoader classLoader; + public static PluginClassLoader classLoader; private Class lesson; private Map solutionLanguageFiles = new HashMap<>(); private Map lessonPlansLanguageFiles = new HashMap<>(); private List pluginFiles = Lists.newArrayList(); private File lessonSourceFile; + private List lessonEndpoints = Lists.newArrayList(); public Plugin(PluginClassLoader classLoader) { this.classLoader = classLoader; @@ -47,6 +50,22 @@ public class Plugin { public void findLesson(List classes) { for (String clazzName : classes) { findLesson(clazzName); + findLessonEndpoints(clazzName); + } + } + + private void findLessonEndpoints(String name) { + String realClassName = StringUtils.trimLeadingCharacter(name, '/').replaceAll("/", ".").replaceAll(".class", ""); + try { + Class endpointClass = classLoader.loadClass(realClassName); + Annotation annotation = endpointClass.getAnnotation(LessonEndpointMapping.class); + if (annotation != null ) { + this.lessonEndpoints.add(endpointClass); + } + + } catch (ClassNotFoundException e) { + e.printStackTrace(); + //ignore } } @@ -85,6 +104,10 @@ public class Plugin { } } + public List getLessonEndpoints() { + return lessonEndpoints; + } + /** *

rewritePaths.

* diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java index 1b9cef313..6e214092f 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java @@ -64,20 +64,6 @@ public class PluginFileUtils { return hasParentDirectoryWithName(p.getParent(), s); } - /** - *

createDirsIfNotExists.

- * - * @param p a {@link java.nio.file.Path} object. - * @return a {@link java.nio.file.Path} object. - * @throws java.io.IOException if any. - */ - public static Path createDirsIfNotExists(Path p) throws IOException { - if (Files.notExists(p)) { - Files.createDirectories(p); - } - return p; - } - /** *

replaceInFiles.

* diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java index e1f24f4c2..38c0771c4 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java @@ -44,6 +44,8 @@ public class PluginsLoader { private static final int BUFFER_SIZE = 32 * 1024; private final Logger logger = LoggerFactory.getLogger(this.getClass()); private final File pluginTargetDirectory; + public static PluginClassLoader classLoader = new PluginClassLoader(PluginClassLoader.class.getClassLoader()); + @Autowired public PluginsLoader(File pluginTargetDirectory) { @@ -153,8 +155,6 @@ public class PluginsLoader { private List> extractJars(List jars) { List> extractorCallables = Lists.newArrayList(); - ClassLoader parentClassLoader = PluginClassLoader.class.getClassLoader(); - final PluginClassLoader classLoader = new PluginClassLoader(parentClassLoader); for (final URL jar : jars) { classLoader.addURL(jar); diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties index ccaf6228b..0e9cfec70 100644 --- a/webgoat-container/src/main/resources/application.properties +++ b/webgoat-container/src/main/resources/application.properties @@ -1,16 +1,10 @@ -#spring.mvc.view.prefix=/WEB-INF/jsp/ -#spring.mvc.view.suffix=.jsp -#server.servlet-path=/* -#server.jsp-servlet.class-name=org.apache.jasper.servlet.JspServlet -#server.jsp-servlet.registered=true - server.error.include-stacktrace=always server.session.timeout=600 server.contextPath=/WebGoat server.port=8080 -logging.level.org.springframework=INFO +logging.level.org.springframework=DEBUG logging.level.org.hibernate=ERROR spring.thymeleaf.cache=false security.enable-csrf=false diff --git a/webgoat-container/src/main/resources/templates/lesson_content.html b/webgoat-container/src/main/resources/templates/lesson_content.html index a5c4a770e..f377191dd 100644 --- a/webgoat-container/src/main/resources/templates/lesson_content.html +++ b/webgoat-container/src/main/resources/templates/lesson_content.html @@ -1,9 +1,12 @@ + +

+