Refactored files to Maven standard Layout

Added plugin to produce executable jar. Now it is easy to run webgoat on all platforms.

src/main/java/org/owasp/webgoat/controller/Login.java

@@ -0,0 +1,39 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.controller;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class Login {
+
+    @RequestMapping(value = "login.mvc", method = RequestMethod.GET)
+    public ModelAndView login(
+            @RequestParam(value = "error", required = false) String error,
+            @RequestParam(value = "logout", required = false) String logout) {
+
+        ModelAndView model = new ModelAndView();
+        if (error != null) {
+            model.addObject("error", "Invalid username and password!");
+        }
+
+        if (logout != null) {
+            model.addObject("msg", "You've been logged out successfully.");
+        }
+        model.setViewName("login");
+
+        return model;
+
+    }
+}

src/main/java/org/owasp/webgoat/controller/Logout.java

@@ -0,0 +1,45 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.controller;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class Logout {
+
+    final Logger logger = LoggerFactory.getLogger(Logout.class);
+
+    @RequestMapping(value = "logout.mvc", method = RequestMethod.GET)
+    public ModelAndView logout(
+            @RequestParam(value = "error", required = false) String error,
+            @RequestParam(value = "logout", required = false) String logout) {
+        
+        logger.info("Logging user out");
+
+        ModelAndView model = new ModelAndView();
+        if (error != null) {
+            model.addObject("error", "Invalid username and password!");
+        }
+
+        if (logout != null) {
+            model.addObject("msg", "You've been logged out successfully.");
+        }
+        model.setViewName("logout");
+
+        return model;
+
+    }
+}

src/main/java/org/owasp/webgoat/controller/Start.java

@@ -0,0 +1,61 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.controller;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.owasp.webgoat.session.Course;
+import org.owasp.webgoat.session.WebSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class Start {
+
+    final Logger logger = LoggerFactory.getLogger(Start.class);
+
+    private static final String WELCOMED = "welcomed";
+
+    @RequestMapping(value = "start.mvc", method = {RequestMethod.GET, RequestMethod.POST})
+    public ModelAndView start(HttpServletRequest request,
+            @RequestParam(value = "error", required = false) String error,
+            @RequestParam(value = "logout", required = false) String logout) {
+
+        ModelAndView model = new ModelAndView();
+        // make sure session is set up correctly
+        // if not redirect user to login
+        if (checkWebSession(request.getSession()) == false) {
+            model.setViewName("redirect:/login.mvc");
+            return model;
+        }
+
+        // if everything ok then go to webgoat UI
+        model.setViewName("main_new");
+        return model;
+    }
+
+    public boolean checkWebSession(HttpSession session) {
+        Object o = session.getAttribute(WebSession.SESSION);
+        if (o == null) {
+            logger.error("No valid WebSession object found, has session timed out? [" + session.getId() + "]");
+            return false;
+        }
+        if (!(o instanceof WebSession)) {
+            logger.error("Invalid WebSession object found, this is probably a bug! [" + o.getClass() + " | " + session.getId() + "]");
+            return false;
+        }
+        return true;
+    }
+}

src/main/java/org/owasp/webgoat/controller/Welcome.java

@@ -0,0 +1,49 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.controller;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class Welcome {
+    
+    final Logger logger = LoggerFactory.getLogger(Welcome.class);
+    private static final String WELCOMED = "welcomed";
+    
+    @RequestMapping(value = "welcome.mvc", method = RequestMethod.GET)
+    public ModelAndView welcome(HttpServletRequest request,
+            @RequestParam(value = "error", required = false) String error,
+            @RequestParam(value = "logout", required = false) String logout) {
+
+        // set the welcome attribute
+        // this is so the attack servlet does not also 
+        // send them to the welcome page
+        HttpSession session = request.getSession();
+        if (session.getAttribute(WELCOMED) == null) {
+            session.setAttribute(WELCOMED, "true");
+        }
+        
+        //go ahead and send them to webgoat (skip the welcome page)
+        ModelAndView model = new ModelAndView();
+        //model.setViewName("welcome");
+        //model.setViewName("main_new");
+        model.setViewName("forward:/attack?start=true");
+        return model;
+    }
+    
+}