From 63398aaf6dd3dd4ea7b51e4bfbd2b7e6bf72e381 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Sun, 15 May 2016 10:38:22 +0200
Subject: [PATCH] Thymeleaf works with AsciiDoc

---
 webgoat-container/pom.xml                     |   5 +
 .../webgoat/AsciiDoctorTemplateResolver.java  | 108 ++++++++++++++++++
 .../owasp/webgoat/LessonTemplateResolver.java |  37 +++++-
 .../org/owasp/webgoat/MvcConfiguration.java   |  52 ++++++++-
 .../main/java/org/owasp/webgoat/WebGoat.java  |  32 +++++-
 .../org/owasp/webgoat/WebSecurityConfig.java  |  33 ++++++
 .../application/WebGoatServletListener.java   |  63 ----------
 .../owasp/webgoat/controller/StartLesson.java |  50 +++++---
 .../org/owasp/webgoat/controller/Welcome.java |  33 +++++-
 .../owasp/webgoat/lessons/LessonAdapter.java  |  47 ++++----
 .../lessons/LessonEndpointMapping.java        |  21 ++--
 .../src/main/resources/application.properties |   3 +-
 .../resources/templates/lesson_content.html   |  16 ++-
 13 files changed, 375 insertions(+), 125 deletions(-)
 create mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
 delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java

diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
index 24f8b7e6b..0f22cbf4a 100644
--- a/webgoat-container/pom.xml
+++ b/webgoat-container/pom.xml
@@ -233,6 +233,11 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-loader</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.asciidoctor</groupId>
+            <artifactId>asciidoctorj</artifactId>
+            <version>1.5.4</version>
+        </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>jstl</artifactId>
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
new file mode 100644
index 000000000..1a2a8c38c
--- /dev/null
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/AsciiDoctorTemplateResolver.java
@@ -0,0 +1,108 @@
+
+/**
+ *************************************************************************************************
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ *
+ * @author WebGoat
+ * @since  December 12, 2015
+ * @version $Id: $Id
+ */
+package org.owasp.webgoat;
+
+import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
+import org.asciidoctor.Asciidoctor;
+import org.thymeleaf.TemplateProcessingParameters;
+import org.thymeleaf.resourceresolver.IResourceResolver;
+import org.thymeleaf.templateresolver.TemplateResolver;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.Optional;
+
+import static org.asciidoctor.Asciidoctor.Factory.create;
+
+/**
+ * Thymeleaf resolver for AsciiDoc used in the lesson, can be used as follows inside a lesson file:
+ *
+ * <code>
+ *   <div th:replace="doc:AccessControlMatrix_plan.adoc"></div>
+ * </code>
+ */
+public class AsciiDoctorTemplateResolver extends TemplateResolver {
+
+    private static final Asciidoctor asciidoctor = create();
+    private static final String PREFIX = "doc:";
+    private final File pluginTargetDirectory;
+
+    public AsciiDoctorTemplateResolver(File pluginTargetDirectory) {
+        this.pluginTargetDirectory = pluginTargetDirectory;
+        setResourceResolver(new AdocResourceResolver());
+        setResolvablePatterns(Sets.newHashSet(PREFIX + "*"));
+    }
+
+    @Override
+    protected String computeResourceName(TemplateProcessingParameters params) {
+        String templateName = params.getTemplateName();
+        return templateName.substring(PREFIX.length());
+    }
+
+    private class AdocResourceResolver implements IResourceResolver {
+
+        @Override
+        public InputStream getResourceAsStream(TemplateProcessingParameters params, String resourceName) {
+            try {
+                Optional<Path> adocFile = find(pluginTargetDirectory.toPath(), resourceName);
+                if (adocFile.isPresent()) {
+                    try (FileReader reader = new FileReader(adocFile.get().toFile())) {
+                        StringWriter writer = new StringWriter();
+                        asciidoctor.convert(reader, writer, Maps.newHashMap());
+                        return new ByteArrayInputStream(writer.getBuffer().toString().getBytes());
+                    }
+                }
+                return new ByteArrayInputStream(new byte[0]);
+            } catch (IOException e) {
+                //no html yet
+                return new ByteArrayInputStream(new byte[0]);
+            }
+        }
+
+        private Optional<Path> find(Path path, String resourceName) throws IOException {
+            return Files.walk(path)
+                    .filter(Files::isRegularFile)
+                    .filter(p -> p.toString().endsWith(resourceName)).findFirst();
+        }
+
+        @Override
+        public String getName() {
+            return "adocResourceResolver";
+        }
+    }
+}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java b/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java
index 22e7cc3c4..dd23861fc 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/LessonTemplateResolver.java
@@ -1,3 +1,33 @@
+/**
+ *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ *
+ * @author WebGoat
+ * @since October 28, 2003
+ * @version $Id: $Id
+ */
 package org.owasp.webgoat;
 
 import com.google.common.collect.Sets;
@@ -12,11 +42,16 @@ import java.io.IOException;
 import java.io.InputStream;
 
 /**
+ * Dynamically resolve a lesson. In the html file this can be invoked as:
  *
+ * <code>
+ *    <div th:case="true" th:replace="lesson:__${lesson.class.simpleName}__"></div>
+ * </code>
+ *
+ * Thymeleaf will invoke this resolver based on the prefix and this implementqtion will resolve the html in the plugins directory
  */
 public class LessonTemplateResolver extends TemplateResolver {
 
-
     private final static String PREFIX = "lesson:";
     private final File pluginTargetDirectory;
 
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
index 8b573d165..98e8d0b28 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
@@ -1,3 +1,33 @@
+/**
+ *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ *
+ * @author WebGoat
+ * @since October 28, 2003
+ * @version $Id: $Id
+ */
 package org.owasp.webgoat;
 
 import com.google.common.collect.Sets;
@@ -20,7 +50,7 @@ import org.thymeleaf.templateresolver.TemplateResolver;
 import java.io.File;
 
 /**
- *
+ * Configuration for Spring MVC
  */
 @Configuration
 public class MvcConfiguration extends WebMvcConfigurerAdapter {
@@ -50,15 +80,26 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
     public LessonTemplateResolver lessonTemplateResolver() {
         LessonTemplateResolver resolver = new LessonTemplateResolver(pluginTargetDirectory);
         resolver.setOrder(2);
+        resolver.setCacheable(false);
         return resolver;
     }
 
     @Bean
-    public SpringTemplateEngine thymeleafTemplateEngine(TemplateResolver springThymeleafTemplateResolver, LessonTemplateResolver lessonTemplateResolver) {
+    public AsciiDoctorTemplateResolver asciiDoctorTemplateResolver() {
+        AsciiDoctorTemplateResolver resolver = new AsciiDoctorTemplateResolver(pluginTargetDirectory);
+        resolver.setCacheable(true);
+        resolver.setOrder(3);
+        return resolver;
+    }
+
+    @Bean
+    public SpringTemplateEngine thymeleafTemplateEngine(TemplateResolver springThymeleafTemplateResolver,
+                                                        LessonTemplateResolver lessonTemplateResolver,
+                                                        AsciiDoctorTemplateResolver asciiDoctorTemplateResolver) {
         SpringTemplateEngine engine = new SpringTemplateEngine();
         engine.addDialect(new SpringSecurityDialect());
         engine.setTemplateResolvers(
-                Sets.newHashSet(springThymeleafTemplateResolver, lessonTemplateResolver));
+                Sets.newHashSet(springThymeleafTemplateResolver, lessonTemplateResolver, asciiDoctorTemplateResolver));
         return engine;
     }
 
@@ -68,6 +109,11 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter {
         return new ServletRegistrationBean(hammerHead, "/attack/*");
     }
 
+    /**
+     * This way we expose the plugins target directory as a resource within the web application.
+     *
+     * @param registry
+     */
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
         registry.addResourceHandler("/plugin_lessons/**").addResourceLocations("file:///" + pluginTargetDirectory.toString() + "/");
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
index acc7484b2..009f36180 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
@@ -1,3 +1,33 @@
+/**
+ *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ *
+ * @author WebGoat
+ * @since October 28, 2003
+ * @version $Id: $Id
+ */
 package org.owasp.webgoat;
 
 import org.owasp.webgoat.plugins.PluginClassLoader;
@@ -53,7 +83,7 @@ public class WebGoat extends SpringBootServletInitializer {
 
     @Bean
     @Scope(value = "session", proxyMode = ScopedProxyMode.TARGET_CLASS)
-    public WebSession webSession(Course course, WebgoatContext webgoatContext, ServletContext context, ApplicationContext applicationContext ) {
+    public WebSession webSession(Course course, WebgoatContext webgoatContext, ServletContext context) {
         return new WebSession(course, webgoatContext, context);
     }
 
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
index eab88881c..bd1e5a5f8 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java
@@ -1,3 +1,33 @@
+
+/**
+ *************************************************************************************************
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ *
+ * @author WebGoat
+ * @since  December 12, 2015
+ * @version $Id: $Id
+ */
 package org.owasp.webgoat;
 
 import org.springframework.beans.factory.annotation.Autowired;
@@ -10,6 +40,9 @@ import org.springframework.security.config.annotation.web.configuration.WebSecur
 import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
 import org.springframework.security.core.userdetails.UserDetailsService;
 
+/**
+ * Security configuration for WebGoat.
+ */
 @Configuration
 @EnableWebSecurity
 public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java b/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java
deleted file mode 100644
index a3a1682ae..000000000
--- a/webgoat-container/src/main/java/org/owasp/webgoat/application/WebGoatServletListener.java
+++ /dev/null
@@ -1,63 +0,0 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
- */
-package org.owasp.webgoat.application;
-
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.ServletContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
-import java.sql.Driver;
-import java.sql.DriverManager;
-import java.sql.SQLException;
-import java.util.Enumeration;
-
-/**
- * Web application lifecycle listener.
- *
- * @author rlawson
- * @version $Id: $Id
- */
-public class WebGoatServletListener implements ServletContextListener {
-
-    private static final Logger logger = LoggerFactory.getLogger(WebGoatServletListener.class);
-
-    /** {@inheritDoc} */
-    @Override
-    public void contextInitialized(ServletContextEvent sce) {
-        ServletContext context = sce.getServletContext();
-        context.log("WebGoat is starting");
-    }
-
-    /** {@inheritDoc} */
-    @Override
-    public void contextDestroyed(ServletContextEvent sce) {
-        ServletContext context = sce.getServletContext();
-        context.log("WebGoat is stopping");
-
-        // Unregister JDBC drivers in this context's ClassLoader:
-        // Get the webapp's ClassLoader
-        ClassLoader cl = Thread.currentThread().getContextClassLoader();
-        // Loop through all drivers
-        Enumeration<Driver> drivers = DriverManager.getDrivers();
-        while (drivers.hasMoreElements()) {
-            java.sql.Driver driver = drivers.nextElement();
-            if (driver.getClass().getClassLoader() == cl) {
-                // This driver was registered by the webapp's ClassLoader, so deregister it:
-                try {
-                    context.log("Unregister JDBC driver {}");
-                    DriverManager.deregisterDriver(driver);
-                } catch (SQLException ex) {
-                    context.log("Error unregistering JDBC driver {}");
-                }
-            } else {
-                // driver was not registered by the webapp's ClassLoader and may be in use elsewhere
-                context.log("Not unregistering JDBC driver {} as it does not belong to this webapp's ClassLoader");
-            }
-        }
-    }
-}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java b/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
index ec6d8b91e..1256d50f5 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
@@ -1,36 +1,51 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
+/**
+ *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ *
+ * @author WebGoat
+ * @since October 28, 2003
+ * @version $Id: $Id
  */
 package org.owasp.webgoat.controller;
 
 import org.owasp.webgoat.lessons.RandomLessonAdapter;
 import org.owasp.webgoat.session.WebSession;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.servlet.ModelAndView;
 
-import javax.servlet.ServletContext;
 import javax.servlet.http.HttpServletRequest;
 
-/**
- * <p>Start class.</p>
- *
- * @author rlawson
- * @version $Id: $Id
- */
+
 @Controller
 public class StartLesson {
 
-    final Logger logger = LoggerFactory.getLogger(StartLesson.class);
+    //simple filter can be removed after ECS removal
+    private static final String refactored = "ClientSideFiltering AccessControlMatrix";
 
-    @Autowired
-    private ServletContext servletContext;
 
     /**
      * <p>start.</p>
@@ -48,6 +63,7 @@ public class StartLesson {
         model.addObject("lesson", ws.getCurrentLesson());
         model.addObject("message", ws.getMessage());
         model.addObject("instructions", ws.getInstructions());
+        model.addObject("migrated", refactored.contains(ws.getCurrentLesson().getClass().getSimpleName())); //remove after ECS removal otherwise you will see the lesson twice
         model.setViewName("lesson_content");
         return model;
     }
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java b/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java
index b1ab03f8a..546b1f992 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/controller/Welcome.java
@@ -1,7 +1,32 @@
-/*
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
+/**
+ *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ *
+ * @author WebGoat
+ * @since October 28, 2003
+ * @version $Id: $Id
  */
 package org.owasp.webgoat.controller;
 
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
index cf64c520b..15d83cc09 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonAdapter.java
@@ -1,26 +1,3 @@
-package org.owasp.webgoat.lessons;
-
-import com.google.common.base.Joiner;
-import org.apache.commons.io.IOUtils;
-import org.apache.ecs.Element;
-import org.apache.ecs.ElementContainer;
-import org.apache.ecs.StringElement;
-import org.apache.ecs.html.Center;
-import org.apache.ecs.html.H3;
-import org.apache.ecs.html.P;
-import org.apache.ecs.html.PRE;
-import org.apache.ecs.html.TD;
-import org.apache.ecs.html.TR;
-import org.apache.ecs.html.Table;
-import org.owasp.webgoat.session.WebSession;
-
-import java.io.BufferedReader;
-import java.io.FileReader;
-import java.io.IOException;
-import java.io.InputStream;
-import java.util.ArrayList;
-import java.util.List;
-
 /**
  *************************************************************************************************
  *
@@ -51,6 +28,30 @@ import java.util.List;
  * @since October 28, 2003
  * @version $Id: $Id
  */
+package org.owasp.webgoat.lessons;
+
+import com.google.common.base.Joiner;
+import org.apache.commons.io.IOUtils;
+import org.apache.ecs.Element;
+import org.apache.ecs.ElementContainer;
+import org.apache.ecs.StringElement;
+import org.apache.ecs.html.Center;
+import org.apache.ecs.html.H3;
+import org.apache.ecs.html.P;
+import org.apache.ecs.html.PRE;
+import org.apache.ecs.html.TD;
+import org.apache.ecs.html.TR;
+import org.apache.ecs.html.Table;
+import org.owasp.webgoat.session.WebSession;
+
+import java.io.BufferedReader;
+import java.io.FileReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+
+
 public abstract class LessonAdapter extends AbstractLesson {
 
     /**
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpointMapping.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpointMapping.java
index 4c44e2f00..a328f992d 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpointMapping.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/LessonEndpointMapping.java
@@ -1,11 +1,3 @@
-package org.owasp.webgoat.lessons;
-
-import org.springframework.stereotype.Component;
-
-import java.lang.annotation.ElementType;
-import java.lang.annotation.Retention;
-import java.lang.annotation.RetentionPolicy;
-import java.lang.annotation.Target;
 
 /**
  *************************************************************************************************
@@ -36,6 +28,19 @@ import java.lang.annotation.Target;
  * @since  December 12, 2015
  * @version $Id: $Id
  */
+package org.owasp.webgoat.lessons;
+
+import org.springframework.stereotype.Component;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * Annotation as a marker annotation. During the startup we scan the plugins for classes which use this annotation.
+ * @see LessonEndpoint for more information.
+ */
 @Component
 @Target(ElementType.TYPE)
 @Retention(RetentionPolicy.RUNTIME)
diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties
index 0e9cfec70..bbe09b1dd 100644
--- a/webgoat-container/src/main/resources/application.properties
+++ b/webgoat-container/src/main/resources/application.properties
@@ -4,8 +4,7 @@ server.contextPath=/WebGoat
 server.port=8080
 
 
-logging.level.org.springframework=DEBUG
-logging.level.org.hibernate=ERROR
+logging.level.org.springframework=WARN
 spring.thymeleaf.cache=false
 security.enable-csrf=false
 
diff --git a/webgoat-container/src/main/resources/templates/lesson_content.html b/webgoat-container/src/main/resources/templates/lesson_content.html
index fbcb9692e..1753ca92f 100644
--- a/webgoat-container/src/main/resources/templates/lesson_content.html
+++ b/webgoat-container/src/main/resources/templates/lesson_content.html
@@ -3,10 +3,20 @@
 
 
 <!-- Model is setup in the class StartLesson -->
-<div id="lessonInstructions" th:utext="${instructions}"></div>
+<div th:switch="${migrated}">
+    <div th:case="false" id="lessonInstructions" th:utext="${instructions}"></div>
+    <div th:case="true" id="lessonInstructions"></div>
+</div>
+
 <div id="message" class="info" th:utext="${message}"></div>
 <br/>
-<div th:utext="${lesson.content}"></div>
-<div th:replace="lesson:__${lesson.class.simpleName}__"></div>  <!-- __lesson__ makes Thymeleaf dynamic and calling the Thymeleaf resolver -->
+
+
+<div th:switch="${migrated}">
+    <div th:case="false" th:utext="${lesson.content}"></div>
+    <div th:case="true" th:replace="lesson:__${lesson.class.simpleName}__"></div>
+</div>
+
 </html>
 
+