#272 Fix lesson client side filtering
- Endpoint now returns proper json and no longer uses ecs.
This commit is contained in:
Nanne Baars
parent
5dc1fc8655
commit
6b9e9db4aa
@ -4,12 +4,11 @@ package org.owasp.webgoat.plugin;
|
|||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import org.apache.ecs.html.TD;
|
import com.google.common.collect.Lists;
|
||||||
import org.apache.ecs.html.TR;
|
import com.google.common.collect.Maps;
|
||||||
import org.apache.ecs.html.Table;
|
|
||||||
import org.owasp.webgoat.lessons.Endpoint;
|
import org.owasp.webgoat.lessons.Endpoint;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
import org.w3c.dom.Node;
|
import org.w3c.dom.Node;
|
||||||
import org.w3c.dom.NodeList;
|
import org.w3c.dom.NodeList;
|
||||||
import org.xml.sax.InputSource;
|
import org.xml.sax.InputSource;
|
||||||
@ -24,11 +23,14 @@ import javax.xml.xpath.XPathFactory;
|
|||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.io.FileInputStream;
|
import java.io.FileInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
public class Salaries extends Endpoint {
|
public class Salaries extends Endpoint {
|
||||||
|
|
||||||
@RequestMapping(method = RequestMethod.GET)
|
@RequestMapping(produces = {"application/json"})
|
||||||
public void invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
@ResponseBody
|
||||||
|
public List<Map<String, Object>> invoke(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
|
||||||
String userId = req.getParameter("userId");
|
String userId = req.getParameter("userId");
|
||||||
NodeList nodes = null;
|
NodeList nodes = null;
|
||||||
File d = new File(getPluginDirectory(), "ClientSideFiltering/html/employees.xml");
|
File d = new File(getPluginDirectory(), "ClientSideFiltering/html/employees.xml");
|
||||||
@ -52,49 +54,18 @@ public class Salaries extends Endpoint {
|
|||||||
} catch (XPathExpressionException e) {
|
} catch (XPathExpressionException e) {
|
||||||
e.printStackTrace();
|
e.printStackTrace();
|
||||||
}
|
}
|
||||||
int nodesLength = nodes.getLength();
|
|
||||||
|
|
||||||
|
|
||||||
TR tr;
|
|
||||||
|
|
||||||
int COLUMNS = 5;
|
int COLUMNS = 5;
|
||||||
|
List json = Lists.newArrayList();
|
||||||
Table t2 = null;
|
java.util.Map<String, Object> employeeJson = Maps.newHashMap();
|
||||||
if (nodesLength > 0) {
|
for (int i = 0; i < nodes.getLength(); i++) {
|
||||||
t2 = new Table().setCellSpacing(0).setCellPadding(0)
|
if (i != 0 && i % COLUMNS == 0) {
|
||||||
.setBorder(1).setWidth("90%").setAlign("center");
|
employeeJson = Maps.newHashMap();
|
||||||
tr = new TR();
|
json.add(employeeJson);
|
||||||
tr.addElement(new TD().addElement("UserID"));
|
}
|
||||||
tr.addElement(new TD().addElement("First Name"));
|
|
||||||
tr.addElement(new TD().addElement("Last Name"));
|
|
||||||
tr.addElement(new TD().addElement("SSN"));
|
|
||||||
tr.addElement(new TD().addElement("Salary"));
|
|
||||||
t2.addElement(tr);
|
|
||||||
}
|
|
||||||
|
|
||||||
tr = new TR();
|
|
||||||
|
|
||||||
for (int i = 0; i < nodesLength; i++) {
|
|
||||||
Node node = nodes.item(i);
|
Node node = nodes.item(i);
|
||||||
|
employeeJson.put(node.getNodeName(), node.getTextContent());
|
||||||
if (i % COLUMNS == 0) {
|
|
||||||
tr = new TR();
|
|
||||||
tr.setID(node.getTextContent());
|
|
||||||
//tr.setStyle("display: none");
|
|
||||||
}
|
|
||||||
|
|
||||||
tr.addElement(new TD().addElement(node.getTextContent()));
|
|
||||||
|
|
||||||
if (i % COLUMNS == (COLUMNS - 1)) {
|
|
||||||
t2.addElement(tr);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (t2 != null) {
|
|
||||||
resp.getWriter().println(t2.toString());
|
|
||||||
} else {
|
|
||||||
resp.getWriter().println("No Results");
|
|
||||||
}
|
}
|
||||||
|
return json;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<Employees>
|
<Employees>
|
||||||
<Employee >
|
<Employee>
|
||||||
<UserID>101</UserID>
|
<UserID>101</UserID>
|
||||||
<FirstName>Larry</FirstName>
|
<FirstName>Larry</FirstName>
|
||||||
<LastName>Stooge</LastName>
|
<LastName>Stooge</LastName>
|
||||||
@ -19,7 +19,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>102</UserID>
|
<UserID>102</UserID>
|
||||||
@ -37,8 +37,8 @@
|
|||||||
<DisciplinaryExplanation>Hit Curly over head</DisciplinaryExplanation>
|
<DisciplinaryExplanation>Hit Curly over head</DisciplinaryExplanation>
|
||||||
<DisciplinaryDate>101013</DisciplinaryDate>
|
<DisciplinaryDate>101013</DisciplinaryDate>
|
||||||
<Managers>
|
<Managers>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>103</UserID>
|
<UserID>103</UserID>
|
||||||
@ -59,7 +59,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>104</UserID>
|
<UserID>104</UserID>
|
||||||
@ -81,7 +81,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>105</UserID>
|
<UserID>105</UserID>
|
||||||
@ -103,7 +103,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>106</UserID>
|
<UserID>106</UserID>
|
||||||
@ -124,7 +124,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>107</UserID>
|
<UserID>107</UserID>
|
||||||
@ -145,7 +145,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>108</UserID>
|
<UserID>108</UserID>
|
||||||
@ -167,7 +167,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>109</UserID>
|
<UserID>109</UserID>
|
||||||
@ -189,7 +189,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>110</UserID>
|
<UserID>110</UserID>
|
||||||
@ -211,7 +211,7 @@
|
|||||||
<Manager>102</Manager>
|
<Manager>102</Manager>
|
||||||
<Manager>111</Manager>
|
<Manager>111</Manager>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>111</UserID>
|
<UserID>111</UserID>
|
||||||
@ -230,7 +230,7 @@
|
|||||||
<DisciplinaryDate>112005</DisciplinaryDate>
|
<DisciplinaryDate>112005</DisciplinaryDate>
|
||||||
<Managers>
|
<Managers>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
<Employee>
|
<Employee>
|
||||||
<UserID>112</UserID>
|
<UserID>112</UserID>
|
||||||
@ -246,9 +246,9 @@
|
|||||||
<Limit>300</Limit>
|
<Limit>300</Limit>
|
||||||
<Comments></Comments>
|
<Comments></Comments>
|
||||||
<DisciplinaryExplanation></DisciplinaryExplanation>
|
<DisciplinaryExplanation></DisciplinaryExplanation>
|
||||||
<DisciplinaryDate>112005</DisciplinaryDate>
|
<DisciplinaryDate>112005</DisciplinaryDate>
|
||||||
<Managers>
|
<Managers>
|
||||||
<Manager>112</Manager>
|
<Manager>112</Manager>
|
||||||
</Managers>
|
</Managers>
|
||||||
</Employee>
|
</Employee>
|
||||||
</Employees>
|
</Employees>
|
||||||
|
|||||||
@ -15,8 +15,27 @@ function fetchUserData() {
|
|||||||
|
|
||||||
function ajaxFunction(userId) {
|
function ajaxFunction(userId) {
|
||||||
$.get("clientSideFiltering/salaries?userId=" + userId, function (result, status) {
|
$.get("clientSideFiltering/salaries?userId=" + userId, function (result, status) {
|
||||||
|
var html = "<table border = '1' width = '90%' align = 'center'";
|
||||||
|
html = html + '<tr>';
|
||||||
|
html = html + '<td>UserID</td>';
|
||||||
|
html = html + '<td>First Name</td>';
|
||||||
|
html = html + '<td>Last Name</td>';
|
||||||
|
html = html + '<td>SSN</td>';
|
||||||
|
html = html + '<td>Salary</td>';
|
||||||
|
|
||||||
|
for (var i = 0; i < result.length; i++) {
|
||||||
|
html = html + '<tr id = "' + result[i].UserID + '"</tr>';
|
||||||
|
html = html + '<td>' + result[i].UserID + '</td>';
|
||||||
|
html = html + '<td>' + result[i].FirstName + '</td>';
|
||||||
|
html = html + '<td>' + result[i].LastName + '</td>';
|
||||||
|
html = html + '<td>' + result[i].SSN + '</td>';
|
||||||
|
html = html + '<td>' + result[i].Salary + '</td>';
|
||||||
|
html = html + '</tr>';
|
||||||
|
}
|
||||||
|
html = html + '</tr></table>';
|
||||||
|
|
||||||
var newdiv = document.createElement("div");
|
var newdiv = document.createElement("div");
|
||||||
newdiv.innerHTML = result;
|
newdiv.innerHTML = html;
|
||||||
var container = document.getElementById("hiddenEmployeeRecords");
|
var container = document.getElementById("hiddenEmployeeRecords");
|
||||||
container.appendChild(newdiv);
|
container.appendChild(newdiv);
|
||||||
});
|
});
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user