WIP

webwolf/src/main/java/org/owasp/webwolf/MvcConfiguration.java

@@ -38,6 +38,4 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
             file.mkdirs();
         }
     }
-
-
 }

webwolf/src/main/java/org/owasp/webwolf/WebSecurityConfig.java

@@ -35,12 +35,14 @@ import org.owasp.webwolf.user.UserService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.crypto.password.NoOpPasswordEncoder;
 
 /**
  * Security configuration for WebGoat.
@@ -81,4 +83,15 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     public UserDetailsService userDetailsServiceBean() throws Exception {
         return userDetailsService;
     }
+
+    @Override
+    @Bean
+    protected AuthenticationManager authenticationManager() throws Exception {
+        return super.authenticationManager();
+    }
+
+    @Bean
+    public NoOpPasswordEncoder passwordEncoder() {
+        return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
+    }
 }

webwolf/src/main/java/org/owasp/webwolf/WebWolf.java

@@ -2,18 +2,15 @@ package org.owasp.webwolf;
 
 import org.owasp.webwolf.requests.WebWolfTraceRepository;
 import org.springframework.boot.SpringApplication;
-import org.springframework.boot.actuate.trace.TraceRepository;
+import org.springframework.boot.actuate.trace.http.HttpTraceRepository;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.builder.SpringApplicationBuilder;
 import org.springframework.context.annotation.Bean;
 
-import java.util.Map;
-
 @SpringBootApplication
 public class WebWolf {
 
     @Bean
-    public TraceRepository traceRepository() {
+    public HttpTraceRepository traceRepository() {
         return new WebWolfTraceRepository();
     }
 

webwolf/src/main/java/org/owasp/webwolf/requests/Requests.java

@@ -5,14 +5,13 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.actuate.trace.Trace;
+import org.springframework.boot.actuate.trace.http.HttpTrace;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.servlet.ModelAndView;
 
-import javax.servlet.http.HttpServletRequest;
-import java.util.Date;
+import java.time.Instant;
 import java.util.List;
 
 import static java.util.stream.Collectors.toList;
@@ -36,7 +35,7 @@ public class Requests {
     @AllArgsConstructor
     @Getter
     private class Tracert {
-        private final Date date;
+        private final Instant date;
         private final String path;
         private final String json;
     }
@@ -51,13 +50,13 @@ public class Requests {
         return m;
     }
 
-    private String path(Trace t) {
-        return (String) t.getInfo().getOrDefault("path", "");
+    private String path(HttpTrace t) {
+        return (String) t.getRequest().getUri().getPath();
     }
 
-    private String toJsonString(Trace t) {
+    private String toJsonString(HttpTrace t) {
         try {
-            return objectMapper.writeValueAsString(t.getInfo());
+            return objectMapper.writeValueAsString(t);
         } catch (JsonProcessingException e) {
             log.error("Unable to create json", e);
         }

webwolf/src/main/java/org/owasp/webwolf/requests/WebWolfTraceRepository.java

@@ -2,15 +2,11 @@ package org.owasp.webwolf.requests;
 
 import com.google.common.collect.EvictingQueue;
 import com.google.common.collect.Lists;
-import com.google.common.collect.Maps;
 import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.actuate.trace.Trace;
-import org.springframework.boot.actuate.trace.TraceRepository;
+import org.springframework.boot.actuate.trace.http.HttpTrace;
+import org.springframework.boot.actuate.trace.http.HttpTraceRepository;
 
-import java.util.Date;
-import java.util.HashMap;
 import java.util.List;
-import java.util.Map;
 
 /**
  * Keep track of all the incoming requests, we are only keeping track of request originating from
@@ -20,20 +16,17 @@ import java.util.Map;
  * @since 8/13/17.
  */
 @Slf4j
-public class WebWolfTraceRepository implements TraceRepository {
+public class WebWolfTraceRepository implements HttpTraceRepository {
 
-    private final EvictingQueue<Trace> traces = EvictingQueue.create(10000);
+    private final EvictingQueue<HttpTrace> traces = EvictingQueue.create(10000);
     private List<String> exclusionList = Lists.newArrayList("/WebWolf/home", "/WebWolf/mail", "/WebWolf/files", "/images/", "/login", "/favicon.ico", "/js/", "/webjars/", "/WebWolf/requests", "/css/", "/mail");
 
     @Override
-    public List<Trace> findAll() {
-        HashMap<String, Object> map = Maps.newHashMap();
-        map.put("nice", "Great you found the standard Spring Boot tracing endpoint!");
-        Trace trace = new Trace(new Date(), map);
-        return Lists.newArrayList(trace);
+    public List<HttpTrace> findAll() {
+        return List.of();
     }
 
-    public List<Trace> findAllTraces() {
+    public List<HttpTrace> findAllTraces() {
         return Lists.newArrayList(traces);
     }
 
@@ -42,10 +35,10 @@ public class WebWolfTraceRepository implements TraceRepository {
     }
 
     @Override
-    public void add(Map<String, Object> map) {
-        String path = (String) map.getOrDefault("path", "");
+    public void add(HttpTrace httpTrace) {
+        var path = httpTrace.getRequest().getUri().getPath();
         if (!isInExclusionList(path)) {
-            traces.add(new Trace(new Date(), map));
+            traces.add(httpTrace);
         }
     }
 }

webwolf/src/main/resources/application-webwolf.properties

@@ -21,7 +21,6 @@ endpoints.trace.sensitive=false
 management.trace.include=REQUEST_HEADERS,RESPONSE_HEADERS,COOKIES,ERRORS,TIME_TAKEN,PARAMETERS,QUERY_STRING
 endpoints.trace.enabled=true
 
-spring.resources.cache-period=0
 spring.thymeleaf.cache=false
 
 multipart.enabled=true