dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add logging and cleanup for course loading

Browse Source 
detect is session is setup correctly when hitting start.mvcand if not redirect to login
This commit is contained in:
lawson89
2014-08-22 11:41:12 -04:00
parent 9b453edde5
commit 5b2a849322
2 changed files with 63 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
java/org/owasp/webgoat/controller/Start.java
View File

@ -6,6 +6,11 @@
package org.owasp.webgoat.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.WebSession;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@ -19,6 +24,8 @@ import org.springframework.web.servlet.ModelAndView;
@Controller
public class Start {
final Logger logger = LoggerFactory.getLogger(Start.class);
private static final String WELCOMED = "welcomed";
@RequestMapping(value = "start.mvc", method = {RequestMethod.GET, RequestMethod.POST})
@ -26,11 +33,29 @@ public class Start {
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
//@TODO put stuff here the main page needs to access
ModelAndView model = new ModelAndView();
// make sure session is set up correctly
// if not redirect user to login
if (checkWebSession(request.getSession()) == false) {
model.setViewName("redirect:/login.mvc");
return model;
}
// if everything ok then go to webgoat UI
model.setViewName("main_new");
return model;
}
public boolean checkWebSession(HttpSession session) {
Object o = session.getAttribute(WebSession.SESSION);
if (o == null) {
logger.error("No valid WebSession object found, has session timed out? [" + session.getId() + "]");
return false;
}
if (!(o instanceof WebSession)) {
logger.error("Invalid WebSession object found, this is probably a bug! [" + o.getClass() + " | " + session.getId() + "]");
return false;
}
return true;
}
}