- This patch fixes Forced Browsing lesson by removing any custom coding for WebSession and HammerHead.java

git-svn-id: http://webgoat.googlecode.com/svn/trunk@34 4033779f-a91e-0410-96ef-6bf7bf53c507
2006-12-04 04:35:04 +00:00
parent 51d40b7b22
commit 80a2add2d7
4 changed files with 53 additions and 32 deletions
--- a/webgoat/main/project/WebContent/WEB-INF/web.xml
+++ b/webgoat/main/project/WebContent/WEB-INF/web.xml
@ -124,7 +124,7 @@

      <init-param>
            <param-name>DefuseOSCommands</param-name>
-            <param-value>true</param-value>
+            <param-value>false</param-value>
      </init-param>
      
      <init-param>
@ -174,7 +174,15 @@
      </description>
      <servlet-class>org.owasp.webgoat.LessonSource</servlet-class>
    </servlet>
-
+	<servlet>
+		<servlet-name>validate</servlet-name>
+		<servlet-class>org.owasp.webgoat.servlets.ValidateServlet</servlet-class>
+	</servlet>
+	<servlet>
+	     <servlet-name>config</servlet-name>
+	     <jsp-file>/lessons/ConfManagement/config.jsp</jsp-file>
+	</servlet>
+	
    <!-- Define mappings that are used by the servlet container to
         translate a particular request URI (context-relative) to a
         particular servlet.  The examples below correspond to the
@ -226,11 +234,16 @@
      <servlet-name>WebGoat</servlet-name>
      <url-pattern>/attack</url-pattern>
    </servlet-mapping>
+
+	<servlet-mapping>
+	     <servlet-name>config</servlet-name>
+	     <url-pattern>/config</url-pattern>
+	</servlet-mapping>
    
-    <servlet-mapping>
-      <servlet-name>WebGoat</servlet-name>
-      <url-pattern>/config</url-pattern>    
-    </servlet-mapping>
+	<servlet-mapping>
+	     <servlet-name>validate</servlet-name>
+	     <url-pattern>/validate</url-pattern>
+	</servlet-mapping>

    <servlet-mapping>
      <servlet-name>LessonSource</servlet-name>