logging, formatting

2014-06-03 15:41:50 -04:00 · 2014-06-03 15:41:50 -04:00 · a0d4a02f0a
commit a0d4a02f0a
parent 10be6757af
6 changed files with 1800 additions and 2015 deletions
--- a/java/org/owasp/webgoat/HammerHead.java
+++ b/java/org/owasp/webgoat/HammerHead.java
@ -64,7 +64,6 @@ public class HammerHead extends HttpServlet {
    final Logger logger = LoggerFactory.getLogger(HammerHead.class);
    private static final String WELCOMED = "welcomed";
    /**
@ -121,10 +120,9 @@ public class HammerHead extends HttpServlet {
        WebSession mySession = null;
        try {
-            // System.out.println( "HH Entering doPost: " );
+            logger.debug("Entering doPost");
-            // System.out.println( " - HH request " + request);
+            logger.debug("request: " + request);
-            // System.out.println( " - HH principle: " +
+            logger.debug("principle: " + request.getUserPrincipal());
            // request.getUserPrincipal() );
            // setCacheHeaders(response, 0);
            ServletContext context = getServletContext();
@ -132,6 +130,7 @@ public class HammerHead extends HttpServlet {
            // call makeScreen() and writeScreen()
            mySession = updateSession(request, response, context);
            if (response.isCommitted()) {
                logger.debug("Response already committed, exiting");
                return;
            }
@ -142,7 +141,8 @@ public class HammerHead extends HttpServlet {
            // where the lesson "knows" what has happened. To track it at a
            // latter point would
            // require the lesson to have memory.
-            screen = makeScreen(mySession); // This calls the lesson's
+            screen = makeScreen(mySession);
            // This calls the lesson's
            // handleRequest()
            if (response.isCommitted()) {
                return;
@ -178,21 +178,20 @@ public class HammerHead extends HttpServlet {
            request.setAttribute("client.browser", clientBrowser);
            request.getSession().setAttribute("websession", mySession);
            request.getSession().setAttribute("course", mySession.getCourse());
-
+            String viewPage = getViewPage(mySession);
-            request.getRequestDispatcher(getViewPage(mySession)).forward(request, response);
+            logger.debug("Forwarding to view: " + viewPage);
            request.getRequestDispatcher(viewPage).forward(request, response);
        } catch (Throwable t) {
-            t.printStackTrace();
+            logger.error("Error handling request", t);
            log("ERROR: " + t);
            screen = new ErrorScreen(mySession, t);
        } finally {
            try {
                this.writeScreen(mySession, screen, response);
            } catch (Throwable thr) {
-                thr.printStackTrace();
+                logger.error("Could not write error screen", thr);
                log(request, "Could not write error screen: " + thr.getMessage());
            }
            WebSession.returnConnection(mySession);
-            // System.out.println( "HH Leaving doPost: " );
+            logger.debug("Leaving doPost: ");
        }
    }
@ -240,6 +239,7 @@ public class HammerHead extends HttpServlet {
     */
    @Override
    public void init() throws ServletException {
        logger.info("Initializing main webgoat servlet");
        httpDateFormat = new SimpleDateFormat("EEE, dd MMM yyyyy HH:mm:ss z", Locale.US);
        httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        propertiesPath = getServletContext().getRealPath("./WEB-INF/webgoat.properties");
--- a/java/org/owasp/webgoat/lessons/Category.java
+++ b/java/org/owasp/webgoat/lessons/Category.java
@ -1,43 +1,43 @@
 package org.owasp.webgoat.lessons;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
-
+/**
-/***************************************************************************************************
+ * *************************************************************************************************
 *
 *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * This file is part of WebGoat, an Open Web Application Security Project
- * please see http://www.owasp.org/
+ * utility. For details, please see http://www.owasp.org/
 *
 * Copyright (c) 2002 - 2007 Bruce Mayhew
 *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * This program is free software; you can redistribute it and/or modify it under
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * the terms of the GNU General Public License as published by the Free Software
- * License, or (at your option) any later version.
+ * Foundation; either version 2 of the License, or (at your option) any later
 * version.
 *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * This program is distributed in the hope that it will be useful, but WITHOUT
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * General Public License for more details.
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
- * You should have received a copy of the GNU General Public License along with this program; if
+ * You should have received a copy of the GNU General Public License along with
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * 02111-1307, USA.
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * Getting Source ==============
 *
- * Source for this application is maintained at code.google.com, a repository for free software
+ * Source for this application is maintained at code.google.com, a repository
- * projects.
+ * for free software projects.
 *
 * For details, please see http://code.google.com/p/webgoat/
 *
 * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created October 28, 2003
 */
-public class Category implements Comparable
+public class Category implements Comparable {
 {
    public final static Category INTRODUCTION = new Category("Introduction", new Integer(5));
@ -87,8 +87,7 @@ public class Category implements Comparable
    private Integer ranking;
-	static
+    static {
 	{
        categories.add(INTRODUCTION);
        categories.add(PARAMETER_TAMPERING);
        categories.add(ACCESS_CONTROL);
@ -112,62 +111,56 @@ public class Category implements Comparable
        categories.add(CHALLENGE);
    }
-	public static synchronized void addCategory(Category c)
+    public static synchronized void addCategory(Category c) {
 	{
        categories.add(c);
    }
-	public static synchronized Category getCategory(String name)
+    public static synchronized Category getCategory(String name) {
 	{
        Iterator<Category> it = categories.iterator();
-		while (it.hasNext())
+        while (it.hasNext()) {
 		{
            Category c = it.next();
-			if (c.getName().equals(name)) return c;
+            if (c.getName().equals(name)) {
                return c;
            }
        }
        return null;
    }
-	public Category(String category, Integer ranking)
+    public Category(String category, Integer ranking) {
 	{
        this.category = category;
        this.ranking = ranking;
    }
-	public int compareTo(Object obj)
+    @Override
-	{
+    public int compareTo(Object obj) {
        int value = 1;
-		if (obj instanceof Category)
+        if (obj instanceof Category) {
 		{
            value = this.getRanking().compareTo(((Category) obj).getRanking());
        }
        return value;
    }
-	public Integer getRanking()
+    public Integer getRanking() {
 	{
        return ranking;
    }
-	public Integer setRanking(Integer ranking)
+    public Integer setRanking(Integer ranking) {
 	{
        return this.ranking = ranking;
    }
-	public String getName()
+    public String getName() {
 	{
        return category;
    }
-	public boolean equals(Object obj)
+    @Override
-	{
+    public boolean equals(Object obj) {
        return (obj instanceof Category) && getName().equals(((Category) obj).getName());
    }
-	public String toString()
+    @Override
-	{
+    public String toString() {
        return getName();
    }
 }
--- a/java/org/owasp/webgoat/session/Course.java
+++ b/java/org/owasp/webgoat/session/Course.java
@ -1,10 +1,8 @@
 package org.owasp.webgoat.session;
 import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
@ -16,40 +14,40 @@ import org.owasp.webgoat.HammerHead;
 import org.owasp.webgoat.lessons.AbstractLesson;
 import org.owasp.webgoat.lessons.Category;
-
+/**
-
+ * *************************************************************************************************
 /***************************************************************************************************
 *
 *
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * This file is part of WebGoat, an Open Web Application Security Project
- * please see http://www.owasp.org/
+ * utility. For details, please see http://www.owasp.org/
 *
 * Copyright (c) 2002 - 2007 Bruce Mayhew
 *
- * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * This program is free software; you can redistribute it and/or modify it under
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * the terms of the GNU General Public License as published by the Free Software
- * License, or (at your option) any later version.
+ * Foundation; either version 2 of the License, or (at your option) any later
 * version.
 *
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * This program is distributed in the hope that it will be useful, but WITHOUT
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * General Public License for more details.
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
 * details.
 *
- * You should have received a copy of the GNU General Public License along with this program; if
+ * You should have received a copy of the GNU General Public License along with
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
- * 02111-1307, USA.
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
 *
 * Getting Source ==============
 *
- * Source for this application is maintained at code.google.com, a repository for free software
+ * Source for this application is maintained at code.google.com, a repository
- * projects.
+ * for free software projects.
 *
 * For details, please see http://code.google.com/p/webgoat/
 *
 * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
 * @created October 28, 2003
 */
-public class Course
+public class Course {
 {
    private List<AbstractLesson> lessons = new LinkedList<AbstractLesson>();
@ -61,22 +59,15 @@ public class Course
    private WebgoatContext webgoatContext;
-	
+    public Course() {
-	public Course()
+        try {
 	{
 		try
 		{
            properties = new WebgoatProperties(PROPERTIES_FILENAME);
-		} catch (IOException e)
+        } catch (IOException e) {
 		{
            System.out.println("Error loading WebGoat properties");
            e.printStackTrace();
        }
    }
    /**
     * Take an absolute file and return the filename.
     *
@ -85,17 +76,14 @@ public class Course
     * @param s
     * @return the file name
     */
-	private static String getFileName(String s)
+    private static String getFileName(String s) {
 	{
        String fileName = new File(s).getName();
-		if (fileName.indexOf("/") != -1)
+        if (fileName.indexOf("/") != -1) {
 		{
            fileName = fileName.substring(fileName.lastIndexOf("/"), fileName.length());
        }
-		if (fileName.indexOf(".") != -1)
+        if (fileName.indexOf(".") != -1) {
 		{
            fileName = fileName.substring(0, fileName.indexOf("."));
        }
@ -110,8 +98,7 @@ public class Course
     * @param className
     * @return
     */
-	private static String getSourceFile(String className)
+    private static String getSourceFile(String className) {
 	{
        StringBuffer sb = new StringBuffer();
        sb.append(className.replace(".", "/"));
@ -123,33 +110,29 @@ public class Course
    /**
     * Takes a file name and builds the class file name
     *
-	 * @param fileName
+     * @param fileName Description of the Parameter
-	 *            Description of the Parameter
+     * @param path Description of the Parameter
 	 * @param path
 	 *            Description of the Parameter
     * @return Description of the Return Value
     */
-	private static String getClassFile(String fileName, String path)
+    private static String getClassFile(String fileName, String path) {
 	{
        String ext = ".class";
        fileName = fileName.trim();
        /**
-		 * We do not handle directories.
+         * We do not handle directories. We do not handle files with different
-		 * We do not handle files with different extensions
+         * extensions
         */
-		if (fileName.endsWith("/") || !fileName.endsWith(ext)) { return null; }
+        if (fileName.endsWith("/") || !fileName.endsWith(ext)) {
            return null;
        }
        // if the file is in /WEB-INF/classes strip the dir info off
        int index = fileName.indexOf("/WEB-INF/classes/");
-		if (index != -1)
+        if (index != -1) {
 		{
            fileName = fileName.substring(index + "/WEB-INF/classes/".length(), fileName.length() - ext.length());
            fileName = fileName.replace('/', '.');
            fileName = fileName.replace('\\', '.');
-		}
+        } else {
 		else
 		{
            // Strip off the leading path info
            fileName = fileName.substring(path.length(), fileName.length() - ext.length());
        }
@ -162,17 +145,14 @@ public class Course
     *
     * @return The categories value
     */
-	public List getCategories()
+    public List getCategories() {
 	{
        List<Category> categories = new ArrayList<Category>();
        Iterator iter = lessons.iterator();
-		while (iter.hasNext())
+        while (iter.hasNext()) {
 		{
            AbstractLesson lesson = (AbstractLesson) iter.next();
-			if (!categories.contains(lesson.getCategory()))
+            if (!categories.contains(lesson.getCategory())) {
 			{
                categories.add(lesson.getCategory());
            }
        }
@ -187,8 +167,7 @@ public class Course
     *
     * @return The firstLesson value
     */
-	public AbstractLesson getFirstLesson()
+    public AbstractLesson getFirstLesson() {
 	{
        List<String> roles = new ArrayList<String>();
        roles.add(AbstractLesson.USER_ROLE);
 		// Category 0 is the admin function. We want the first real category
@ -199,41 +178,36 @@ public class Course
    /**
     * Gets the lesson attribute of the Course object
     *
-	 * @param lessonId
+     * @param lessonId Description of the Parameter
-	 *            Description of the Parameter
+     * @param role Description of the Parameter
 	 * @param role
 	 *            Description of the Parameter
     * @return The lesson value
     */
-	public AbstractLesson getLesson(WebSession s, int lessonId, List<String> roles)
+    public AbstractLesson getLesson(WebSession s, int lessonId, List<String> roles) {
-	{
+        if (s.isHackedAdmin()) {
 		if (s.isHackedAdmin())
 		{
            roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
        }
        // System.out.println("getLesson() with roles: " + roles);
        Iterator<AbstractLesson> iter = lessons.iterator();
-		while (iter.hasNext())
+        while (iter.hasNext()) {
 		{
            AbstractLesson lesson = iter.next();
            // System.out.println("getLesson() at role: " + lesson.getRole());
-			if (lesson.getScreenId() == lessonId && roles.contains(lesson.getRole())) { return lesson; }
+            if (lesson.getScreenId() == lessonId && roles.contains(lesson.getRole())) {
                return lesson;
            }
        }
        return null;
    }
-	public AbstractLesson getLesson(WebSession s, int lessonId, String role)
+    public AbstractLesson getLesson(WebSession s, int lessonId, String role) {
 	{
        List<String> roles = new Vector<String>();
        roles.add(role);
        return getLesson(s, lessonId, roles);
    }
-	public List getLessons(WebSession s, String role)
+    public List getLessons(WebSession s, String role) {
 	{
        List<String> roles = new Vector<String>();
        roles.add(role);
        return getLessons(s, roles);
@ -242,21 +216,17 @@ public class Course
    /**
     * Gets the lessons attribute of the Course object
     *
-	 * @param role
+     * @param role Description of the Parameter
 	 *            Description of the Parameter
     * @return The lessons value
     */
-	public List<AbstractLesson> getLessons(WebSession s, List<String> roles)
+    public List<AbstractLesson> getLessons(WebSession s, List<String> roles) {
-	{
+        if (s.isHackedAdmin()) {
 		if (s.isHackedAdmin())
 		{
            roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
        }
        List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
        Iterator categoryIter = getCategories().iterator();
-		while (categoryIter.hasNext())
+        while (categoryIter.hasNext()) {
 		{
            lessonList.addAll(getLessons(s, (Category) categoryIter.next(), roles));
        }
        return lessonList;
@ -265,23 +235,18 @@ public class Course
    /**
     * Gets the lessons attribute of the Course object
     *
-	 * @param category
+     * @param category Description of the Parameter
-	 *            Description of the Parameter
+     * @param role Description of the Parameter
 	 * @param role
 	 *            Description of the Parameter
     * @return The lessons value
     */
-	private List<AbstractLesson> getLessons(Category category, List roles)
+    private List<AbstractLesson> getLessons(Category category, List roles) {
 	{
        List<AbstractLesson> lessonList = new ArrayList<AbstractLesson>();
        Iterator iter = lessons.iterator();
-		while (iter.hasNext())
+        while (iter.hasNext()) {
 		{
            AbstractLesson lesson = (AbstractLesson) iter.next();
-			if (lesson.getCategory().equals(category) && roles.contains(lesson.getRole()))
+            if (lesson.getCategory().equals(category) && roles.contains(lesson.getRole())) {
 			{
                lessonList.add(lesson);
            }
        }
@ -291,17 +256,14 @@ public class Course
        return lessonList;
    }
-	public List getLessons(WebSession s, Category category, String role)
+    public List getLessons(WebSession s, Category category, String role) {
 	{
        List<String> roles = new Vector<String>();
        roles.add(role);
        return getLessons(s, category, roles);
    }
-	public List<AbstractLesson> getLessons(WebSession s, Category category, List<String> roles)
+    public List<AbstractLesson> getLessons(WebSession s, Category category, List<String> roles) {
-	{
+        if (s.isHackedAdmin()) {
 		if (s.isHackedAdmin())
 		{
            roles.add(AbstractLesson.HACKED_ADMIN_ROLE);
        }
        return getLessons(category, roles);
@ -313,21 +275,16 @@ public class Course
     * @param context
     * @param path
     */
-	private void loadFiles(ServletContext context, String path)
+    private void loadFiles(ServletContext context, String path) {
 	{
        Set resourcePaths = context.getResourcePaths(path);
        Iterator itr = resourcePaths.iterator();
-		while (itr.hasNext())
+        while (itr.hasNext()) {
 		{
            String file = (String) itr.next();
-			if (file.length() != 1 && file.endsWith("/"))
+            if (file.length() != 1 && file.endsWith("/")) {
 			{
                loadFiles(context, file);
-			}
+            } else {
 			else
 			{
                files.add(file);
            }
        }
@ -338,36 +295,29 @@ public class Course
     *
     * @param path
     */
-	private void loadLessons(String path)
+    private void loadLessons(String path) {
 	{
        Iterator itr = files.iterator();
-		while (itr.hasNext())
+        while (itr.hasNext()) {
 		{
            String file = (String) itr.next();
            String className = getClassFile(file, path);
-			if (className != null && !className.endsWith("_i"))
+            if (className != null && !className.endsWith("_i")) {
-			{
+                try {
 				try
 				{
                    Class c = Class.forName(className);
                    Object o = c.newInstance();
-					if (o instanceof AbstractLesson)
+                    if (o instanceof AbstractLesson) {
 					{
                        AbstractLesson lesson = (AbstractLesson) o;
                        lesson.setWebgoatContext(webgoatContext);
                        lesson.update(properties);
-						if (lesson.getHidden() == false)
+                        if (lesson.getHidden() == false) {
 						{
                            lessons.add(lesson);
                        }
                    }
-				} catch (Exception e)
+                } catch (Exception e) {
 				{
                    // System.out.println("Warning: " + e.getMessage());
                }
            }
@ -379,40 +329,34 @@ public class Course
        int p2 = absoluteFile.indexOf("/", p1 + 1);
        String langStr = absoluteFile.substring(p1 + 1, p2);
        return new String(langStr);
    }
    /**
     * For each lesson, set the source file and lesson file
     */
-	private void loadResources()
+    private void loadResources() {
 	{
        Iterator lessonItr = lessons.iterator();
-		while (lessonItr.hasNext())
+        while (lessonItr.hasNext()) {
 		{
            AbstractLesson lesson = (AbstractLesson) lessonItr.next();
            String className = lesson.getClass().getName();
            String classFile = getSourceFile(className);
            Iterator fileItr = files.iterator();
-			while (fileItr.hasNext())
+            while (fileItr.hasNext()) {
 			{
                String absoluteFile = (String) fileItr.next();
                String fileName = getFileName(absoluteFile);
                // System.out.println("Course: looking at file: " + absoluteFile);
-				if (absoluteFile.endsWith(classFile))
+                if (absoluteFile.endsWith(classFile)) {
 				{
                    // System.out.println("Set source file for " + classFile);
                    lesson.setSourceFileName(absoluteFile);
                }
                if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html")
-						&& className.endsWith(fileName))
+                        && className.endsWith(fileName)) {
 				{
 					// System.out.println("DEBUG: setting lesson plan file " + absoluteFile + " for
                    // lesson " +
                    // lesson.getClass().getName());
@ -422,8 +366,7 @@ public class Course
                    this.webgoatContext.getWebgoatI18N().loadLanguage(language);
                }
                if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
-						&& className.endsWith(fileName))
+                        && className.endsWith(fileName)) {
 				{
 					// System.out.println("DEBUG: setting lesson solution file " + absoluteFile + "
                    // for lesson " +
                    // lesson.getClass().getName());
@ -437,13 +380,10 @@ public class Course
    /**
     * Description of the Method
     *
-	 * @param path
+     * @param path Description of the Parameter
-	 *            Description of the Parameter
+     * @param context Description of the Parameter
 	 * @param context
 	 *            Description of the Parameter
     */
-	public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path)
+    public void loadCourses(WebgoatContext webgoatContext, ServletContext context, String path) {
 	{
        this.webgoatContext = webgoatContext;
        loadFiles(context, path);
        loadLessons(path);
--- a/java/org/owasp/webgoat/session/WebSession.java
+++ b/java/org/owasp/webgoat/session/WebSession.java
--- a/java/org/owasp/webgoat/session/WebgoatContext.java
+++ b/java/org/owasp/webgoat/session/WebgoatContext.java
@ -1,14 +1,14 @@
 package org.owasp.webgoat.session;
 import java.util.Iterator;
 import javax.servlet.http.HttpServlet;
 import org.owasp.webgoat.util.WebGoatI18N;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 public class WebgoatContext {
-public class WebgoatContext
+    final Logger logger = LoggerFactory.getLogger(WebgoatContext.class);
 {
    public final static String DATABASE_CONNECTION_STRING = "DatabaseConnectionString";
@ -84,8 +84,7 @@ public class WebgoatContext
    private WebGoatI18N webgoati18n = null;
-	public WebgoatContext(HttpServlet servlet)
+    public WebgoatContext(HttpServlet servlet) {
 	{
        this.servlet = servlet;
        databaseConnectionString = getParameter(servlet, DATABASE_CONNECTION_STRING);
        databaseDriver = getParameter(servlet, DATABASE_DRIVER);
@ -114,31 +113,30 @@ public class WebgoatContext
    }
-	private String getParameter(HttpServlet servlet, String key)
+    private String getParameter(HttpServlet servlet, String key) {
 	{
        String value = System.getenv().get(key);
-		if (value == null) value = servlet.getInitParameter(key);
+        if (value == null) {
            value = servlet.getInitParameter(key);
        }
        return value;
    }
    /**
-	 * returns the connection string with the real path to the database directory inserted at the
+     * returns the connection string with the real path to the database
-	 * word PATH
+     * directory inserted at the word PATH
     *
     * @return The databaseConnectionString value
     */
-	public String getDatabaseConnectionString()
+    public String getDatabaseConnectionString() {
-	{
+        if (realConnectionString == null) {
-		if (realConnectionString == null) try
+            try {
 		{
                String path = servlet.getServletContext().getRealPath("/database").replace('\\', '/');
                System.out.println("PATH: " + path);
                realConnectionString = databaseConnectionString.replaceAll("PATH", path);
                System.out.println("Database Connection String: " + realConnectionString);
-		} catch (Exception e)
+            } catch (Exception e) {
-		{
+                logger.error("Couldn't open database: check web.xml database parameters", e);
-			System.out.println("Couldn't open database: check web.xml database parameters");
+            }
 			e.printStackTrace();
        }
        return realConnectionString;
    }
@ -148,8 +146,7 @@ public class WebgoatContext
     *
     * @return The databaseDriver value
     */
-	public String getDatabaseDriver()
+    public String getDatabaseDriver() {
 	{
        return (databaseDriver);
    }
@ -158,8 +155,7 @@ public class WebgoatContext
     *
     * @return The databaseUser value
     */
-	public String getDatabaseUser()
+    public String getDatabaseUser() {
 	{
        return (databaseUser);
    }
@ -168,68 +164,55 @@ public class WebgoatContext
     *
     * @return The databasePassword value
     */
-	public String getDatabasePassword()
+    public String getDatabasePassword() {
 	{
        return (databasePassword);
    }
-	public boolean isDefuseOSCommands()
+    public boolean isDefuseOSCommands() {
 	{
        return defuseOSCommands;
    }
-	public boolean isEnterprise()
+    public boolean isEnterprise() {
 	{
        return enterprise;
    }
-	public boolean isCodingExercises()
+    public boolean isCodingExercises() {
 	{
        return codingExercises;
    }
-	public String getFeedbackAddress()
+    public String getFeedbackAddress() {
 	{
        return feedbackAddress;
    }
-	public String getFeedbackAddressHTML()
+    public String getFeedbackAddressHTML() {
 	{
        return feedbackAddressHTML;
    }
-	public boolean isDebug()
+    public boolean isDebug() {
 	{
        return isDebug;
    }
-	public String getServletName()
+    public String getServletName() {
 	{
        return servletName;
    }
-	public boolean isShowCookies()
+    public boolean isShowCookies() {
 	{
        return showCookies;
    }
-	public boolean isShowParams()
+    public boolean isShowParams() {
 	{
        return showParams;
    }
-	public boolean isShowRequest()
+    public boolean isShowRequest() {
 	{
        return showRequest;
    }
-	public boolean isShowSource()
+    public boolean isShowSource() {
 	{
        return showSource;
    }
-	public boolean isShowSolution()
+    public boolean isShowSolution() {
 	{
        return showSolution;
    }
--- a/resources/log4j.properties
+++ b/resources/log4j.properties
@ -1,4 +1,4 @@
-log4j.rootLogger=INFO, MAIN_LOG, ERROR_LOG
+log4j.rootLogger=DEBUG, MAIN_LOG, ERROR_LOG
 # MAIN - everything gets logged here
 log4j.appender.MAIN_LOG=org.apache.log4j.RollingFileAppender
@ -9,6 +9,9 @@ log4j.appender.MAIN_LOG.MaxFileSize=10MB
 log4j.appender.MAIN_LOG.MaxBackupIndex=5
 log4j.appender.MAIN_LOG.append=true
 # a little less spring output
 log4j.category.org.springframework = INFO 
 # ERROR
 log4j.appender.ERROR_LOG=org.apache.log4j.RollingFileAppender
 log4j.appender.ERROR_LOG.File=${catalina.home}/logs/webgoat_error.log