dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix thinko. Each LAB nees to use its own local LessonActions when defined

Browse Source 
Each lesson simply overrides registerActions(classname) to do the necessary.
Also delete Actions which already exist in the base class package


git-svn-id: http://webgoat.googlecode.com/svn/trunk@154 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes 2007-07-10 11:57:24 +00:00
parent ac43a1c3cb
commit a71b6af562
7 changed files with 45 additions and 745 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/GoatHillsFinancial/GoatHillsFinancial.java
View File

@ -123,25 +123,28 @@ public class GoatHillsFinancial extends LessonAdapter
public GoatHillsFinancial()
{
String myClassName = parseClassName(this.getClass().getName());
registerAction(new ListStaff(this, myClassName, LISTSTAFF_ACTION));
registerAction(new SearchStaff(this, myClassName, SEARCHSTAFF_ACTION));
registerAction(new ViewProfile(this, myClassName, VIEWPROFILE_ACTION));
registerAction(new EditProfile(this, myClassName, EDITPROFILE_ACTION));
registerAction(new EditProfile(this, myClassName, CREATEPROFILE_ACTION));
// These actions are special in that they chain to other actions.
registerAction(new Login(this, myClassName, LOGIN_ACTION,
getAction(LISTSTAFF_ACTION)));
registerAction(new Logout(this, myClassName, LOGOUT_ACTION,
getAction(LOGIN_ACTION)));
registerAction(new FindProfile(this, myClassName, FINDPROFILE_ACTION,
getAction(VIEWPROFILE_ACTION)));
registerAction(new UpdateProfile(this, myClassName,
UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
registerAction(new DeleteProfile(this, myClassName,
DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
registerActions(myClassName);
}
protected void registerActions(String className) {
registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
// These actions are special in that they chain to other actions.
registerAction(new Login(this, className, LOGIN_ACTION,
getAction(LISTSTAFF_ACTION)));
registerAction(new Logout(this, className, LOGOUT_ACTION,
getAction(LOGIN_ACTION)));
registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
getAction(VIEWPROFILE_ACTION)));
registerAction(new UpdateProfile(this, className,
UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
registerAction(new DeleteProfile(this, className,
DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
}
protected final String parseClassName(String fqcn)
{

193
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/FindProfile.java
View File

@ -1,193 +0,0 @@
package org.owasp.webgoat.lessons.RoleBasedAccessControl;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.DefaultLessonAction;
import org.owasp.webgoat.lessons.LessonAction;
import org.owasp.webgoat.session.Employee;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class FindProfile extends DefaultLessonAction
{
private LessonAction chainedAction;
public FindProfile(AbstractLesson lesson, String lessonName,
String actionName, LessonAction chainedAction)
{
super(lesson, lessonName, actionName);
this.chainedAction = chainedAction;
}
public void handleRequest(WebSession s) throws ParameterNotFoundException,
UnauthenticatedException, UnauthorizedException,
ValidationException
{
if (isAuthenticated(s))
{
int userId = getIntSessionAttribute(s, getLessonName() + "."
+ RoleBasedAccessControl.USER_ID);
String pattern = s.getParser().getRawParameter(
RoleBasedAccessControl.SEARCHNAME);
findEmployeeProfile(s, userId, pattern);
// Execute the chained Action if the employee was found.
if (foundEmployee(s))
{
try
{
chainedAction.handleRequest(s);
}
catch (UnauthenticatedException ue1)
{
System.out.println("Internal server error");
ue1.printStackTrace();
}
catch (UnauthorizedException ue2)
{
System.out.println("Internal server error");
ue2.printStackTrace();
}
}
}
else
throw new UnauthenticatedException();
}
public String getNextPage(WebSession s)
{
String page = RoleBasedAccessControl.SEARCHSTAFF_ACTION;
if (foundEmployee(s))
page = RoleBasedAccessControl.VIEWPROFILE_ACTION;
return page;
}
private boolean foundEmployee(WebSession s)
{
boolean found = false;
try
{
int id = getIntRequestAttribute(s, getLessonName() + "."
+ RoleBasedAccessControl.EMPLOYEE_ID);
found = true;
}
catch (ParameterNotFoundException e)
{}
return found;
}
public Employee findEmployeeProfile(WebSession s, int userId, String pattern)
throws UnauthorizedException
{
Employee profile = null;
// Clear any residual employee id's in the session now.
removeSessionAttribute(s, getLessonName() + "."
+ RoleBasedAccessControl.EMPLOYEE_ID);
// Query the database for the profile data of the given employee
try
{
String query = "SELECT * FROM employee WHERE first_name like ? OR last_name = ?";
try
{
PreparedStatement answer_statement = WebSession
.getConnection(s).prepareStatement(query,
ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
answer_statement.setString(1, "%" + pattern + "%");
answer_statement.setString(2, "%" + pattern + "%");
ResultSet answer_results = answer_statement.executeQuery();
// Just use the first hit.
if (answer_results.next())
{
int id = answer_results.getInt("userid");
// Note: Do NOT get the password field.
profile = new Employee(id, answer_results
.getString("first_name"), answer_results
.getString("last_name"), answer_results
.getString("ssn"), answer_results
.getString("title"), answer_results
.getString("phone"), answer_results
.getString("address1"), answer_results
.getString("address2"), answer_results
.getInt("manager"), answer_results
.getString("start_date"), answer_results
.getInt("salary"), answer_results.getString("ccn"),
answer_results.getInt("ccn_limit"), answer_results
.getString("disciplined_date"),
answer_results.getString("disciplined_notes"),
answer_results.getString("personal_description"));
/* System.out.println("Retrieved employee from db: " +
profile.getFirstName() + " " + profile.getLastName() +
" (" + profile.getId() + ")");
*/
setRequestAttribute(s, getLessonName() + "."
+ RoleBasedAccessControl.EMPLOYEE_ID, Integer
.toString(id));
}
}
catch (SQLException sqle)
{
s.setMessage("Error finding employee profile");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error finding employee profile");
e.printStackTrace();
}
return profile;
}
}

175
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/ListStaff.java
View File

@ -1,175 +0,0 @@
package org.owasp.webgoat.lessons.RoleBasedAccessControl;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.List;
import java.util.Vector;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.DefaultLessonAction;
import org.owasp.webgoat.session.EmployeeStub;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class ListStaff extends DefaultLessonAction
{
public ListStaff(AbstractLesson lesson, String lessonName, String actionName)
{
super(lesson, lessonName, actionName);
}
public void handleRequest(WebSession s) throws ParameterNotFoundException,
UnauthenticatedException, UnauthorizedException
{
getLesson().setCurrentAction(s, getActionName());
if (isAuthenticated(s))
{
int userId = getIntSessionAttribute(s, getLessonName() + "."
+ RoleBasedAccessControl.USER_ID);
List employees = getAllEmployees(s, userId);
setSessionAttribute(s, getLessonName() + "."
+ RoleBasedAccessControl.STAFF_ATTRIBUTE_KEY, employees);
}
else
throw new UnauthenticatedException();
}
public String getNextPage(WebSession s)
{
return RoleBasedAccessControl.LISTSTAFF_ACTION;
}
public List getAllEmployees(WebSession s, int userId)
throws UnauthorizedException
{
// Query the database for all employees "owned" by the given employee
List employees = new Vector();
try
{
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+ "(SELECT employee_id FROM ownership WHERE employer_id = "
+ userId + ")";
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
//System.out.println("Retrieving employee stub for role " + role);
EmployeeStub stub = new EmployeeStub(employeeId, firstName,
lastName, role);
employees.add(stub);
}
}
catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error getting employees");
e.printStackTrace();
}
return employees;
}
public List getAllEmployees_BACKUP(WebSession s, int userId)
throws UnauthorizedException
{
// Query the database for all employees "owned" by the given employee
List employees = new Vector();
try
{
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles WHERE employee.userid=roles.userid and employee.userid in "
+ "(SELECT employee_id FROM ownership WHERE employer_id = "
+ userId + ")";
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
//System.out.println("Retrieving employee stub for role " + role);
EmployeeStub stub = new EmployeeStub(employeeId, firstName,
lastName, role);
employees.add(stub);
}
}
catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error getting employees");
e.printStackTrace();
}
return employees;
}
}

222
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/Login.java
View File

@ -1,222 +0,0 @@
package org.owasp.webgoat.lessons.RoleBasedAccessControl;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.List;
import java.util.Vector;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.DefaultLessonAction;
import org.owasp.webgoat.lessons.LessonAction;
import org.owasp.webgoat.session.EmployeeStub;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class Login extends DefaultLessonAction
{
private LessonAction chainedAction;
public Login(AbstractLesson lesson, String lessonName, String actionName,
LessonAction chainedAction)
{
super(lesson, lessonName, actionName);
this.chainedAction = chainedAction;
}
public void handleRequest(WebSession s) throws ParameterNotFoundException,
ValidationException
{
//System.out.println("Login.handleRequest()");
getLesson().setCurrentAction(s, getActionName());
List employees = getAllEmployees(s);
setSessionAttribute(s, getLessonName() + "."
+ RoleBasedAccessControl.STAFF_ATTRIBUTE_KEY, employees);
int employeeId = -1;
try
{
employeeId = s.getParser().getIntParameter(
RoleBasedAccessControl.EMPLOYEE_ID);
String password = s.getParser().getStringParameter(
RoleBasedAccessControl.PASSWORD);
// Attempt authentication
if (login(s, employeeId, password))
{
// Execute the chained Action if authentication succeeded.
try
{
chainedAction.handleRequest(s);
}
catch (UnauthenticatedException ue1)
{
System.out.println("Internal server error");
ue1.printStackTrace();
}
catch (UnauthorizedException ue2)
{
System.out.println("Internal server error");
ue2.printStackTrace();
}
}
else
s.setMessage("Login failed");
}
catch (ParameterNotFoundException pnfe)
{
// No credentials offered, so we log them out
setSessionAttribute(s, getLessonName() + ".isAuthenticated",
Boolean.FALSE);
}
}
/**
* After this.handleRequest() is called, when the View asks for the current JSP to load,
* it will get one initialized by this call.
*/
public String getNextPage(WebSession s)
{
String nextPage = RoleBasedAccessControl.LOGIN_ACTION;
if (isAuthenticated(s))
nextPage = chainedAction.getNextPage(s);
return nextPage;
}
public boolean requiresAuthentication()
{
return false;
}
public boolean login(WebSession s, int userId, String password)
{
//System.out.println("Logging in to lesson");
boolean authenticated = false;
try
{
String query = "SELECT * FROM employee WHERE userid = " + userId
+ " and password = '" + password + "'";
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
if (answer_results.first())
{
setSessionAttribute(s,
getLessonName() + ".isAuthenticated", Boolean.TRUE);
setSessionAttribute(s, getLessonName() + "."
+ RoleBasedAccessControl.USER_ID, Integer
.toString(userId));
authenticated = true;
}
}
catch (SQLException sqle)
{
s.setMessage("Error logging in");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error logging in");
e.printStackTrace();
}
//System.out.println("Lesson login result: " + authenticated);
return authenticated;
}
public List getAllEmployees(WebSession s)
{
List employees = new Vector();
// Query the database for all roles the given employee belongs to
// Query the database for all employees "owned" by these roles
try
{
String query = "SELECT employee.userid,first_name,last_name,role FROM employee,roles "
+ "where employee.userid=roles.userid";
try
{
Statement answer_statement = WebSession.getConnection(s)
.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE,
ResultSet.CONCUR_READ_ONLY);
ResultSet answer_results = answer_statement.executeQuery(query);
answer_results.beforeFirst();
while (answer_results.next())
{
int employeeId = answer_results.getInt("userid");
String firstName = answer_results.getString("first_name");
String lastName = answer_results.getString("last_name");
String role = answer_results.getString("role");
EmployeeStub stub = new EmployeeStub(employeeId, firstName,
lastName, role);
employees.add(stub);
}
}
catch (SQLException sqle)
{
s.setMessage("Error getting employees");
sqle.printStackTrace();
}
}
catch (Exception e)
{
s.setMessage("Error getting employees");
e.printStackTrace();
}
return employees;
}
}

87
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/Logout.java
View File

@ -1,87 +0,0 @@
package org.owasp.webgoat.lessons.RoleBasedAccessControl;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.DefaultLessonAction;
import org.owasp.webgoat.lessons.LessonAction;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
import org.owasp.webgoat.session.ValidationException;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class Logout extends DefaultLessonAction
{
private LessonAction chainedAction;
public Logout(AbstractLesson lesson, String lessonName, String actionName,
LessonAction chainedAction)
{
super(lesson, lessonName, actionName);
this.chainedAction = chainedAction;
}
public void handleRequest(WebSession s) throws ParameterNotFoundException,
ValidationException
{
//System.out.println("Logging out");
setSessionAttribute(s, getLessonName() + ".isAuthenticated",
Boolean.FALSE);
// FIXME: Maybe we should forward to Login.
try
{
chainedAction.handleRequest(s);
}
catch (UnauthenticatedException ue1)
{
System.out.println("Internal server error");
ue1.printStackTrace();
}
catch (UnauthorizedException ue2)
{
System.out.println("Internal server error");
ue2.printStackTrace();
}
}
public String getNextPage(WebSession s)
{
return chainedAction.getNextPage(s);
}
}

25
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/RoleBasedAccessControl.java
View File

@ -7,7 +7,12 @@ import org.apache.ecs.ElementContainer;
import org.owasp.webgoat.lessons.Category;
import org.owasp.webgoat.lessons.DefaultLessonAction;
import org.owasp.webgoat.lessons.LessonAction;
import org.owasp.webgoat.lessons.GoatHillsFinancial.FindProfile;
import org.owasp.webgoat.lessons.GoatHillsFinancial.GoatHillsFinancial;
import org.owasp.webgoat.lessons.GoatHillsFinancial.ListStaff;
import org.owasp.webgoat.lessons.GoatHillsFinancial.Login;
import org.owasp.webgoat.lessons.GoatHillsFinancial.Logout;
import org.owasp.webgoat.lessons.GoatHillsFinancial.SearchStaff;
import org.owasp.webgoat.session.ParameterNotFoundException;
import org.owasp.webgoat.session.UnauthenticatedException;
import org.owasp.webgoat.session.UnauthorizedException;
@ -47,6 +52,26 @@ public class RoleBasedAccessControl extends GoatHillsFinancial
{
private final static Integer DEFAULT_RANKING = new Integer(125);
protected void registerActions(String className) {
registerAction(new ListStaff(this, className, LISTSTAFF_ACTION));
registerAction(new SearchStaff(this, className, SEARCHSTAFF_ACTION));
registerAction(new ViewProfile(this, className, VIEWPROFILE_ACTION));
registerAction(new EditProfile(this, className, EDITPROFILE_ACTION));
registerAction(new EditProfile(this, className, CREATEPROFILE_ACTION));
// These actions are special in that they chain to other actions.
registerAction(new Login(this, className, LOGIN_ACTION,
getAction(LISTSTAFF_ACTION)));
registerAction(new Logout(this, className, LOGOUT_ACTION,
getAction(LOGIN_ACTION)));
registerAction(new FindProfile(this, className, FINDPROFILE_ACTION,
getAction(VIEWPROFILE_ACTION)));
registerAction(new UpdateProfile(this, className,
UPDATEPROFILE_ACTION, getAction(VIEWPROFILE_ACTION)));
registerAction(new DeleteProfile(this, className,
DELETEPROFILE_ACTION, getAction(LISTSTAFF_ACTION)));
}
/**
* Gets the category attribute of the CommandInjection object
*

51
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/RoleBasedAccessControl/SearchStaff.java
View File

@ -1,51 +0,0 @@
package org.owasp.webgoat.lessons.RoleBasedAccessControl;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.DefaultLessonAction;
import org.owasp.webgoat.session.WebSession;
/*******************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*/
public class SearchStaff extends DefaultLessonAction
{
public SearchStaff(AbstractLesson lesson, String lessonName,
String actionName)
{
super(lesson, lessonName, actionName);
}
public String getNextPage(WebSession s)
{
return RoleBasedAccessControl.SEARCHSTAFF_ACTION;
}
}