Clean up and introduced Spring Dev tools to automatically reload classes.

pom.xml

@@ -289,6 +289,15 @@
         </profile>
     </profiles>
 
+    <dependencies>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.16.10</version>
+            <scope>provided</scope>
+        </dependency>
+    </dependencies>
+
     <build>
         <plugins>
             <plugin>

webgoat-container/pom.xml

@@ -214,30 +214,27 @@
                             <artifactId>jruby-complete</artifactId>
                         </dependency>
                     </requiresUnpack>
+                    <fork>true</fork>
                 </configuration>
-            </plugin>
+                <!--<dependencies>-->
-            <plugin>
+                    <!--<dependency>-->
-                <groupId>org.springframework.boot</groupId>
+                        <!--<groupId>org.springframework</groupId>-->
-                <artifactId>spring-boot-maven-plugin</artifactId>
+                        <!--<artifactId>springloaded</artifactId>-->
-                <dependencies>
+                        <!--<version>1.2.5.RELEASE</version>-->
-                    <dependency>
+                    <!--</dependency>-->
-                        <groupId>org.springframework</groupId>
+                <!--</dependencies>-->
-                        <artifactId>springloaded</artifactId>
-                        <version>1.2.0.RELEASE</version>
-                    </dependency>
-                </dependencies>
             </plugin>
         </plugins>
     </build>
 
     <dependencies>
         <dependency>
-            <groupId>org.springframework.boot</groupId>
+            <groupId>org.projectlombok</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
+            <artifactId>lombok</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter</artifactId>
+            <artifactId>spring-boot-starter-web</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -246,26 +243,9 @@
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-devtools</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>org.apache.tomcat.embed</groupId>
-            <artifactId>tomcat-embed-jasper</artifactId>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-configuration-processor</artifactId>
             <optional>true</optional>
         </dependency>
-        <!--<dependency>-->
+
-        <!--<groupId>org.springframework.boot</groupId>-->
-        <!--<artifactId>spring-boot-devtools</artifactId>-->
-        <!--<optional>true</optional>-->
-        <!--</dependency>-->
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-loader</artifactId>
-        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.dataformat</groupId>
             <artifactId>jackson-dataformat-yaml</artifactId>

webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java

@@ -35,7 +35,7 @@ import org.owasp.webgoat.session.LabelDebugger;
 import org.owasp.webgoat.session.WebSession;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.boot.context.embedded.ServletRegistrationBean;
+import org.springframework.boot.web.servlet.ServletRegistrationBean;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java

@@ -32,27 +32,22 @@ package org.owasp.webgoat;
 
 import org.owasp.webgoat.plugins.Plugin;
 import org.owasp.webgoat.plugins.PluginClassLoader;
+import org.owasp.webgoat.plugins.PluginEndpointPublisher;
 import org.owasp.webgoat.plugins.PluginsLoader;
 import org.owasp.webgoat.session.Course;
 import org.owasp.webgoat.session.UserTracker;
 import org.owasp.webgoat.session.WebSession;
 import org.owasp.webgoat.session.WebgoatContext;
 import org.owasp.webgoat.session.WebgoatProperties;
-import org.springframework.beans.factory.annotation.Autowire;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.beans.factory.config.BeanDefinition;
-import org.springframework.beans.factory.support.DefaultListableBeanFactory;
-import org.springframework.beans.factory.support.RootBeanDefinition;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.context.web.SpringBootServletInitializer;
+import org.springframework.boot.web.support.SpringBootServletInitializer;
-import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.PropertySource;
 import org.springframework.context.annotation.Scope;
 import org.springframework.context.annotation.ScopedProxyMode;
-import org.springframework.context.support.AbstractApplicationContext;
 
 import javax.servlet.ServletContext;
 import java.io.File;
@@ -79,7 +74,7 @@ public class WebGoat extends SpringBootServletInitializer {
     }
 
     @Bean
-    public PluginClassLoader pluginClassLoader() {
+    public PluginClassLoader pluginClassLoader(@Qualifier("pluginTargetDirectory") File pluginTargetDirectory) {
         return new PluginClassLoader(PluginClassLoader.class.getClassLoader());
     }
 
@@ -96,25 +91,14 @@ public class WebGoat extends SpringBootServletInitializer {
 
     @Bean
     public Course course(PluginsLoader pluginsLoader, WebgoatContext webgoatContext, ServletContext context, WebgoatProperties webgoatProperties,
-                         ApplicationContext applicationContext) {
+                         PluginEndpointPublisher pluginEndpointPublisher) {
         Course course = new Course(webgoatProperties);
         course.loadCourses(webgoatContext, context, "/");
         List<Plugin> plugins = pluginsLoader.loadPlugins();
         course.loadLessonFromPlugin(plugins);
-        plugins.forEach(p -> publishEndpointsWithSpring(p, (AbstractApplicationContext)applicationContext));
+        plugins.forEach(p -> pluginEndpointPublisher.publish(p));
-        return course;
-    }
 
-    private void publishEndpointsWithSpring(Plugin plugin, AbstractApplicationContext applicationContext) {
+        return course;
-        plugin.getLessonEndpoints().forEach(e -> {
-            try {
-                BeanDefinition beanDefinition = new RootBeanDefinition(e, Autowire.BY_TYPE.value(), true);
-                DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) applicationContext.getBeanFactory();
-                beanFactory.registerBeanDefinition(beanDefinition.getBeanClassName(), beanDefinition);
-            } catch (Exception ex) {
-                logger.warn("Failed to register " + e.getSimpleName() + " as endpoint with Spring, skipping...");
-            }
-        });
     }
 
     @Bean

webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java

@@ -1,10 +1,9 @@
 package org.owasp.webgoat.plugins;
 
-import org.owasp.webgoat.session.WebgoatContext;
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.lessons.AbstractLesson;
+import org.owasp.webgoat.session.WebgoatContext;
 import org.owasp.webgoat.session.WebgoatProperties;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.support.BeanDefinitionRegistry;
 import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry;
 import org.springframework.context.annotation.ClassPathBeanDefinitionScanner;
@@ -21,39 +20,38 @@ import java.util.List;
 import java.util.Set;
 
 /**
- *************************************************************************************************
+ * ************************************************************************************************
- *
+ * <p>
- *
+ * <p>
  * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
  * please see http://www.owasp.org/
- *
+ * <p>
  * Copyright (c) 2002 - 20014 Bruce Mayhew
- *
+ * <p>
  * This program is free software; you can redistribute it and/or modify it under the terms of the
  * GNU General Public License as published by the Free Software Foundation; either version 2 of the
  * License, or (at your option) any later version.
- *
+ * <p>
  * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
  * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  * General Public License for more details.
- *
+ * <p>
  * You should have received a copy of the GNU General Public License along with this program; if
  * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
  * 02111-1307, USA.
- *
+ * <p>
  * Getting Source ==============
- *
+ * <p>
  * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
  * projects.
  *
  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
- * @since October 28, 2003
  * @version $Id: $Id
+ * @since October 28, 2003
  */
+@Slf4j
 public class LegacyLoader {
 
-    final Logger logger = LoggerFactory.getLogger(LegacyLoader.class);
-
     private final List<String> files = new LinkedList<String>();
 
     /**
@@ -64,7 +62,7 @@ public class LegacyLoader {
 
     /**
      * Take an absolute file and return the filename.
-     *
+     * <p>
      * Ex. /etc/password becomes password
      *
      * @param s
@@ -86,7 +84,7 @@ public class LegacyLoader {
 
     /**
      * Take a class name and return the equivalent file name
-     *
+     * <p>
      * Ex. org.owasp.webgoat becomes org/owasp/webgoat.java
      *
      * @param className
@@ -121,8 +119,8 @@ public class LegacyLoader {
         }
 
         // skip over plugins and/or extracted plugins
-        if ( fileName.indexOf("lessons/plugin") >= 0  ||  fileName.indexOf("plugin_extracted") >= 0) {
+        if (fileName.indexOf("lessons/plugin") >= 0 || fileName.indexOf("plugin_extracted") >= 0) {
-        	return null;
+            return null;
         }
 
         // if the file is in /WEB-INF/classes strip the dir info off
@@ -140,20 +138,19 @@ public class LegacyLoader {
     }
 
 
- 
     /**
      * Load all of the filenames into a temporary cache
      *
      * @param context a {@link javax.servlet.ServletContext} object.
-     * @param path a {@link java.lang.String} object.
+     * @param path    a {@link java.lang.String} object.
      */
     public void loadFiles(ServletContext context, String path) {
-        logger.debug("Loading files into cache, path: " + path);
+        log.debug("Loading files into cache, path: " + path);
         Resource resource = new ClassPathResource("/");
         //resource.get
         Set resourcePaths = null;
         if (resourcePaths == null) {
-            logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
+            log.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
             return;
         }
         Iterator itr = resourcePaths.iterator();
@@ -165,20 +162,20 @@ public class LegacyLoader {
                 loadFiles(context, file);
             } else {
                 files.add(file);
-           }
+            }
         }
     }
 
     /**
      * Instantiate all the lesson objects into a cache
      *
-     * @param path a {@link java.lang.String} object.
+     * @param path           a {@link java.lang.String} object.
-     * @param context a {@link javax.servlet.ServletContext} object.
+     * @param context        a {@link javax.servlet.ServletContext} object.
      * @param webgoatContext a {@link org.owasp.webgoat.session.WebgoatContext} object.
-     * @param properties a {@link org.owasp.webgoat.session.WebgoatProperties} object.
+     * @param properties     a {@link org.owasp.webgoat.session.WebgoatProperties} object.
      * @return a {@link java.util.List} object.
      */
-    public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties ) {
+    public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties) {
         BeanDefinitionRegistry bdr = new SimpleBeanDefinitionRegistry();
         ClassPathBeanDefinitionScanner s = new ClassPathBeanDefinitionScanner(bdr);
 
@@ -193,28 +190,28 @@ public class LegacyLoader {
         for (String file : beanDefinitionNames) {
             String className = bdr.getBeanDefinition(file).getBeanClassName();
 
-                try {
+            try {
-                	Class c = Class.forName(className);
+                Class c = Class.forName(className);
-                    Object o = c.newInstance();
+                Object o = c.newInstance();
 
-                    if (o instanceof AbstractLesson) {
+                if (o instanceof AbstractLesson) {
-                        AbstractLesson lesson = (AbstractLesson) o;
+                    AbstractLesson lesson = (AbstractLesson) o;
-                        lesson.setWebgoatContext(webgoatContext);
+                    lesson.setWebgoatContext(webgoatContext);
 
-                        lesson.update(properties);
+                    lesson.update(properties);
 
-                        if (lesson.getHidden() == false) {
+                    if (lesson.getHidden() == false) {
-                            lessons.add(lesson);
+                        lessons.add(lesson);
-                        }
                     }
-                } catch (Exception e) {
-                	// Bruce says:
-                	// I don't think we want to log the exception here. We could
-                	// be potentially showing a lot of exceptions that don't matter.
-                	// We would only care if the lesson extended AbstractLesson and we 
-                	// can't tell that because it threw the exception.  Catch 22
-                   // logger.error("Error in loadLessons: ", e);
                 }
+            } catch (Exception e) {
+                // Bruce says:
+                // I don't think we want to log the exception here. We could
+                // be potentially showing a lot of exceptions that don't matter.
+                // We would only care if the lesson extended AbstractLesson and we
+                // can't tell that because it threw the exception.  Catch 22
+                // logger.error("Error in loadLessons: ", e);
+            }
         }
         loadResources(lessons);
         return lessons;
@@ -233,36 +230,36 @@ public class LegacyLoader {
      *
      * @param lessons a {@link java.util.List} object.
      */
-    public void loadResources(List<AbstractLesson> lessons ) {
+    public void loadResources(List<AbstractLesson> lessons) {
         for (AbstractLesson lesson : lessons) {
-            logger.info("Loading resources for lesson -> " + lesson.getName());
+            log.info("Loading resources for lesson -> " + lesson.getName());
             String className = lesson.getClass().getName();
             String classFile = getSourceFile(className);
-            logger.info("Lesson classname: " + className);
+            log.info("Lesson classname: " + className);
-            logger.info("Lesson java file: " + classFile);
+            log.info("Lesson java file: " + classFile);
 
             for (String absoluteFile : files) {
                 String fileName = getFileName(absoluteFile);
                 //logger.debug("Course: looking at file: " + absoluteFile);
 
                 if (absoluteFile.endsWith(classFile)) {
-                    logger.info("Set source file for " + classFile);
+                    log.info("Set source file for " + classFile);
                     lesson.setSourceFileName(absoluteFile);
                 }
 
                 if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html")
                         && className.endsWith(fileName)) {
-                    logger.info("setting lesson plan file " + absoluteFile + " for lesson "
+                    log.info("setting lesson plan file " + absoluteFile + " for lesson "
                             + lesson.getClass().getName());
-                    logger.info("fileName: " + fileName + " == className: " + className);
+                    log.info("fileName: " + fileName + " == className: " + className);
                     String language = getLanguageFromFileName("/lesson_plans", absoluteFile);
                     lesson.setLessonPlanFileName(language, absoluteFile);
                 }
                 if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
                         && className.endsWith(fileName)) {
-                    logger.info("setting lesson solution file " + absoluteFile + " for lesson "
+                    log.info("setting lesson solution file " + absoluteFile + " for lesson "
                             + lesson.getClass().getName());
-                    logger.info("fileName: " + fileName + " == className: " + className);
+                    log.info("fileName: " + fileName + " == className: " + className);
                     lesson.setLessonSolutionFileName(absoluteFile);
                 }
             }

webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonConfiguration.java

@@ -1,36 +0,0 @@
-package org.owasp.webgoat.plugins;
-
-/**
- * ************************************************************************************************
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- * <p>
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * <p>
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * <p>
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * <p>
- * Getting Source ==============
- * <p>
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- * <p>
- *
- * @author WebGoat
- * @version $Id: $Id
- * @since June 28, 2016
- */
-public class LessonConfiguration {
-
-    private String title;
-
-}

webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java

@@ -1,55 +0,0 @@
-/**
- * ************************************************************************************************
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * <p>
- * Copyright (c) 2002 - 20014 Bruce Mayhew
- * <p>
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * <p>
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * <p>
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * <p>
- * Getting Source ==============
- * <p>
- * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
- * projects.
- * <p>
- *
- * @author WebGoat
- * @version $Id: $Id
- * @since May 15, 2016
- */
-package org.owasp.webgoat.plugins;
-
-
-import java.util.List;
-
-public class LessonDescription {
-
-    private String name;
-    private String title;
-    private String category;
-    private int ranking;
-    private List<String> hints;
-}
-
-
-/**
- lesson:
- name: Access Control Matrix
- title: Using an Access Control Matrix
- category: ACCESS_CONTROL
- ranking: 10
- hints:
- - Many sites attempt to restrict access to resources by role.
- - Developers frequently make mistakes implementing this scheme.
- - Attempt combinations of users, roles, and resources.
- */

webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginEndpointPublisher.java

@@ -0,0 +1,62 @@
+package org.owasp.webgoat.plugins;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowire;
+import org.springframework.beans.factory.config.BeanDefinition;
+import org.springframework.beans.factory.support.DefaultListableBeanFactory;
+import org.springframework.beans.factory.support.RootBeanDefinition;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.support.AbstractApplicationContext;
+import org.springframework.stereotype.Component;
+
+/**
+ * ************************************************************************************************
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ * <p>
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ * <p>
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ * <p>
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ * <p>
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ * <p>
+ * Getting Source ==============
+ * <p>
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ * <p>
+ *
+ * @author nbaars
+ * @version $Id: $Id
+ * @since October 16, 2016
+ */
+@Component
+@Slf4j
+public class PluginEndpointPublisher {
+
+    private AbstractApplicationContext applicationContext;
+
+    public PluginEndpointPublisher(ApplicationContext applicationContext) {
+        this.applicationContext = (AbstractApplicationContext) applicationContext;
+    }
+
+    public void publish(Plugin plugin) {
+        plugin.getLessonEndpoints().forEach(e -> {
+            try {
+                BeanDefinition beanDefinition = new RootBeanDefinition(e, Autowire.BY_TYPE.value(), true);
+                DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) applicationContext.getBeanFactory();
+                beanFactory.registerBeanDefinition(beanDefinition.getBeanClassName(), beanDefinition);
+            } catch (Exception ex) {
+                log.error("Failed to register " + e.getSimpleName() + " as endpoint with Spring, skipping...");
+            }
+        });
+    }
+}

webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginExtractor.java

@@ -42,7 +42,7 @@ public class PluginExtractor {
             while (entries.hasMoreElements()) {
                 final ZipEntry zipEntry = entries.nextElement();
                 if (shouldProcessFile(zipEntry)) {
-                    boolean processed = processClassFile(zipEntry);
+                    boolean processed = processClassFile(zipFile, zipEntry, targetDirectory);
 
                     if (!processed) {
                         processed = processPropertyFile(zipFile, zipEntry, targetDirectory);
@@ -77,9 +77,11 @@ public class PluginExtractor {
         return false;
     }
 
-    private boolean processClassFile(ZipEntry zipEntry) {
+    private boolean processClassFile(ZipFile zipFile, ZipEntry zipEntry, File targetDirectory) throws IOException {
         if (zipEntry.getName().endsWith(".class")) {
             classes.add(zipEntry.getName());
+            final File targetFile = new File(targetDirectory, zipEntry.getName());
+            copyFile(zipFile, zipEntry, targetFile, false);
             return true;
         }
         return false;

webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginFileUtils.java

@@ -2,6 +2,7 @@ package org.owasp.webgoat.plugins;
 
 
 import com.google.common.base.Preconditions;
+import lombok.experimental.UtilityClass;
 import org.apache.commons.io.IOUtils;
 
 import java.io.File;
@@ -18,6 +19,7 @@ import java.util.Collection;
  * @version $Id: $Id
  * @author dm
  */
+@UtilityClass
 public class PluginFileUtils {
 
     /**

webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java

@@ -1,10 +1,9 @@
 package org.owasp.webgoat.plugins;
 
 import com.google.common.collect.Lists;
+import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.io.FileUtils;
 import org.owasp.webgoat.util.LabelProvider;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.ResourceUtils;
 
@@ -36,11 +35,11 @@ import java.util.zip.ZipFile;
  * @author dm
  * @version $Id: $Id
  */
+@Slf4j
 public class PluginsLoader {
 
     private static final String WEBGOAT_PLUGIN_EXTENSION = "jar";
     private static final int BUFFER_SIZE = 32 * 1024;
-    private final Logger logger = LoggerFactory.getLogger(this.getClass());
     private final File pluginTargetDirectory;
     private final PluginClassLoader classLoader;
 
@@ -67,7 +66,7 @@ public class PluginsLoader {
             List<URL> jars = listJars();
             plugins = processPlugins(jars);
         } catch (Exception e) {
-            logger.error("Loading plugins failed", e);
+            log.error("Loading plugins failed", e);
         }
         return plugins;
     }

webgoat-container/src/main/java/org/owasp/webgoat/session/WebSession.java

@@ -1,5 +1,6 @@
 package org.owasp.webgoat.session;
 
+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Category;
 import org.owasp.webgoat.lessons.RandomLessonAdapter;
@@ -7,8 +8,6 @@ import org.owasp.webgoat.lessons.SequentialLessonAdapter;
 import org.owasp.webgoat.lessons.model.RequestParameter;
 import org.owasp.webgoat.util.BeanProvider;
 import org.owasp.webgoat.util.LabelManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import javax.servlet.ServletContext;
@@ -60,14 +59,13 @@ import java.util.Vector;
  * @since October 28, 2003
  * @version $Id: $Id
  */
+@Slf4j
 public class WebSession {
 
     /**
      * @TODO_NB Spring can take inject this bean bound to a specific scope no longer necessary to bound it to a HTTP session
      */
 
-    final Logger logger = LoggerFactory.getLogger(WebSession.class);
-
     /**
      * Description of the Field
      */
@@ -1047,7 +1045,7 @@ public class WebSession {
                 rla.setStage(this, null);
             }
         } catch (ParameterNotFoundException pnfe) {
-            logger.warn("ParameterNotFoundException when updating stage for RandomLessonAdapter: " + pnfe.getMessage() + " " + pnfe.getCause());
+            log.warn("ParameterNotFoundException when updating stage for RandomLessonAdapter: " + pnfe.getMessage() + " " + pnfe.getCause());
         }
     }
 
@@ -1109,7 +1107,7 @@ public class WebSession {
                 }
             }
         } catch (Exception e) {
-            logger.warn("Exception when updating properties in updateScreenProperties: " + e.getMessage() + " " + e.getCause());
+            log.warn("Exception when updating properties in updateScreenProperties: " + e.getMessage() + " " + e.getCause());
         }
     }
 
@@ -1154,7 +1152,7 @@ public class WebSession {
         }
         // store parameters
         Map<String, String[]> parmMap = request.getParameterMap();
-        logger.info("PARM MAP: " + parmMap);
+        log.info("PARM MAP: " + parmMap);
         if (parmMap == null) {
             this.parmsOnLastRequest = new ArrayList<RequestParameter>();
         } else {

webgoat-container/src/main/resources/application.properties

@@ -6,10 +6,15 @@ server.port=8080
 
 logging.level.org.springframework=WARN
 logging.level.org.springframework.boot.devtools=DEBUG
+logging.level.org.owasp=DEBUG
+
 spring.thymeleaf.cache=false
 spring.thymeleaf.content-type=text/html
 security.enable-csrf=false
 
+spring.devtools.restart.enabled=true
+
+
 
 webgoat.build.version=@project.version@
 webgoat.build.number=@build.number@
@@ -24,6 +29,4 @@ webgoat.database.connection.string=jdbc:hsqldb:mem:test
 webgoat.default.language=en
 
 
-spring.devtools.restart.pollInterval=4000
+
-spring.devtools.livereload.enabled=true
-spring.devtools.restart.enabled=true

webgoat-container/src/main/resources/log4j.properties

@@ -1,48 +0,0 @@
-log4j.rootLogger=DEBUG, MAIN_LOG,CONSOLE
-#log4j.rootLogger=DEBUG, MAIN_LOG, ERROR_LOG
-
-# MAIN - everything gets logged here
-log4j.appender.MAIN_LOG=org.apache.log4j.RollingFileAppender
-log4j.appender.MAIN_LOG.File=${catalina.home}/logs/webgoat_main.log
-log4j.appender.MAIN_LOG.layout=org.apache.log4j.PatternLayout
-log4j.appender.MAIN_LOG.layout.ConversionPattern=%d [%t] %-5p %c %x - %m%n 
-log4j.appender.MAIN_LOG.MaxFileSize=10MB
-log4j.appender.MAIN_LOG.MaxBackupIndex=5
-log4j.appender.MAIN_LOG.append=true
-
-log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.Target=System.out
-log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONSOLE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p - %m%n
-
-
-# a little less spring output
-log4j.category.org.springframework = INFO
-log4j.category.org.apache=INFO
-
-log4j.appender.default.out=org.apache.log4j.ConsoleAppender
-log4j.appender.default.out.threeshold=DEBUG
-log4j.appender.default.out.layout=org.apache.log4j.PatternLayout
-log4j.appender.default.out.layout.ConversionPattern=%-5p %c: %m%n
-
-# ERROR
-log4j.appender.ERROR_LOG=org.apache.log4j.RollingFileAppender
-log4j.appender.ERROR_LOG.File=${catalina.home}/logs/webgoat_error.log
-log4j.appender.ERROR_LOG.layout=org.apache.log4j.PatternLayout
-log4j.appender.ERROR_LOG.layout.ConversionPattern=%d [%t] %-5p %x - %m%n 
-log4j.appender.ERROR_LOG.MaxFileSize=10MB
-log4j.appender.ERROR_LOG.MaxBackupIndex=2
-log4j.appender.ERROR_LOG.append=true
-log4j.appender.ERROR_LOG.Threshold=ERROR
-
-# PERFORMANCE
-log4j.logger.PERF_LOG=DEBUG, PERF_LOG
-log4j.appender.PERF_LOG=org.apache.log4j.RollingFileAppender
-log4j.appender.PERF_LOG.File=${catalina.home}/logs/webgoat_perf.log
-log4j.appender.PERF_LOG.layout=org.apache.log4j.PatternLayout
-log4j.appender.PERF_LOG.layout.ConversionPattern=%m%n 
-log4j.appender.PERF_LOG.MaxFileSize=10MB
-log4j.appender.PERF_LOG.MaxBackupIndex=2
-log4j.appender.PERF_LOG.append=true
-log4j.additivity.PERF_LOG = false
-

webgoat-container/src/test/java/org/owasp/webgoat/util/LabelProviderTest.java

@@ -2,9 +2,7 @@ package org.owasp.webgoat.util;
 
 import org.hamcrest.CoreMatchers;
 import org.junit.Test;
-import org.springframework.core.io.ClassPathResource;
 
-import java.io.IOException;
 import java.util.Locale;
 
 import static org.junit.Assert.assertThat;
@@ -18,15 +16,4 @@ public class LabelProviderTest  {
                 "Congratulations. You have successfully completed this lesson."));
     }
 
-    @Test
-    public void loadingPluginLabels() throws IOException {
-        LabelProvider labelProvider = new LabelProvider();
-        labelProvider.updatePluginResources(new ClassPathResource("log4j.properties").getFile().toPath());
-        assertThat(labelProvider.get(Locale.ENGLISH, "LessonCompleted"), CoreMatchers.equalTo(
-                "Congratulations. You have successfully completed this lesson."));
-        assertThat(labelProvider.get(Locale.ENGLISH, "log4j.appender.CONSOLE.Target"), CoreMatchers.equalTo(
-                "System.out"));
-    }
-
-
 }

webgoat-container/src/test/resources/log4j.properties

@@ -1,7 +0,0 @@
-log4j.rootLogger=DEBUG, CONSOLE
-
-log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
-log4j.appender.CONSOLE.Target=System.out
-log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
-log4j.appender.CONSOLE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p - %m%n
-

webgoat-lessons/pom.xml

@@ -44,7 +44,7 @@
                 <artifactId>maven-dependency-plugin</artifactId>
                 <executions>
                     <execution>
-                        <id>copy-artifact</id>
+                        <id>copy-artifact-src</id>
                         <phase>package</phase>
                         <goals>
                             <goal>copy</goal>
@@ -62,14 +62,9 @@
                             <outputDirectory>../../webgoat-container/src/main/resources/plugin_lessons</outputDirectory>
                         </configuration>
                     </execution>
-                </executions>
+                    <!-- Below is for development this will be picked up automatically by Spring and it will restart the container -->
-            </plugin>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-dependency-plugin</artifactId>
-                <executions>
                     <execution>
-                        <id>copy-artifact</id>
+                        <id>copy-artifact-target</id>
                         <phase>package</phase>
                         <goals>
                             <goal>copy</goal>