From a8ea4a16e651243b409691956d3d1ce9fd4d4e8c Mon Sep 17 00:00:00 2001 From: Nanne Baars Date: Sat, 9 Apr 2016 13:36:06 +0200 Subject: [PATCH] Images from solutions are loading again --- webgoat-container/pom.xml | 4 +- .../org/owasp/webgoat/MvcConfiguration.java | 18 ++++ .../org/owasp/webgoat/WebSecurityConfig.java | 2 +- .../org/owasp/webgoat/controller/Login.java | 42 ---------- .../org/owasp/webgoat/controller/Logout.java | 54 ------------ .../owasp/webgoat/lessons/AbstractLesson.java | 83 ++++++++++--------- .../lessons/model/HttpBasicsModel.java | 59 ------------- .../webgoat/lessons/model/SourceListing.java | 37 --------- .../webgoat/service/ApplicationService.java | 61 -------------- .../owasp/webgoat/session/WebgoatContext.java | 24 +++--- .../main/resources/plugin_lessons/ReadMe.txt | 1 + .../resources/templates/lesson_content.html | 2 +- 12 files changed, 79 insertions(+), 308 deletions(-) delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/controller/Login.java delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/controller/Logout.java delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/lessons/model/HttpBasicsModel.java delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/lessons/model/SourceListing.java delete mode 100644 webgoat-container/src/main/java/org/owasp/webgoat/service/ApplicationService.java create mode 100644 webgoat-container/src/main/resources/plugin_lessons/ReadMe.txt diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml index 5a116a5e5..c3d211fce 100644 --- a/webgoat-container/pom.xml +++ b/webgoat-container/pom.xml @@ -110,8 +110,8 @@ maven-compiler-plugin ${maven-compiler-plugin.version} - 1.7 - 1.7 + 1.8 + 1.8 ISO-8859-1 diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java index 9655918c3..1075e6c3d 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java @@ -5,9 +5,15 @@ import org.owasp.webgoat.session.WebgoatContext; import org.springframework.boot.context.embedded.ServletRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; +import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.ViewControllerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; +import java.io.File; +import java.io.IOException; + /** * */ @@ -25,6 +31,18 @@ public class MvcConfiguration extends WebMvcConfigurerAdapter { return new ServletRegistrationBean(hammerHead, "/attack/*"); } + @Override + public void addResourceHandlers(ResourceHandlerRegistry registry) { + Resource resource = new ClassPathResource("/plugin_lessons/plugin_lessons_marker.txt"); + try { + File pluginsDir = resource.getFile().getParentFile(); + registry.addResourceHandler("/plugin_lessons/**").addResourceLocations("file:///" + pluginsDir.toString() + "/"); + } catch (IOException e) { + e.printStackTrace(); + } + + } + @Bean public HammerHead hammerHead(WebgoatContext context) { return new HammerHead(context); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java index 097a9e08d..8ec0fbe01 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/WebSecurityConfig.java @@ -17,7 +17,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { protected void configure(HttpSecurity http) throws Exception { ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry security = http .authorizeRequests() - .antMatchers("/css/**", "/images/**", "/js/**", "fonts/**", "/plugins/**").permitAll() + .antMatchers("/css/**", "/images/**", "/js/**", "fonts/**", "/plugins/**", "plugin_lessons/**").permitAll() .antMatchers("/servlet/AdminServlet/**").hasAnyRole("WEBGOAT_ADMIN", "SERVER_ADMIN") // .antMatchers("/JavaSource/**").hasRole("SERVER_ADMIN") // .anyRequest().hasAnyRole("WEBGOAT_USER", "WEBGOAT_ADMIN", "SERVER_ADMIN"); diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Login.java b/webgoat-container/src/main/java/org/owasp/webgoat/controller/Login.java deleted file mode 100644 index 2372cceb5..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Login.java +++ /dev/null @@ -1,42 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ -package org.owasp.webgoat.controller; - -/** - *

Login class.

- * - * @author rlawson - * @version $Id: $Id - */ -//@Controller -public class Login { - -// /** -// *

login.

-// * -// * @param error a {@link java.lang.String} object. -// * @param logout a {@link java.lang.String} object. -// * @return a {@link org.springframework.web.servlet.ModelAndView} object. -// */ -// @RequestMapping(path = "login.mvc", method = RequestMethod.GET) -// public ModelAndView login( -// @RequestParam(value = "error", required = false) String error, -// @RequestParam(value = "logout", required = false) String logout) { -// -// ModelAndView model = new ModelAndView(); -// if (error != null) { -// model.addObject("error", "Invalid username and password!"); -// } -// -// if (logout != null) { -// model.addObject("msg", "You've been logged out successfully."); -// } -// model.setViewName("login"); -// -// return model; -// -// } -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Logout.java b/webgoat-container/src/main/java/org/owasp/webgoat/controller/Logout.java deleted file mode 100644 index 0ef685d5f..000000000 --- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/Logout.java +++ /dev/null @@ -1,54 +0,0 @@ -/* - * To change this license header, choose License Headers in Project Properties. - * To change this template file, choose Tools | Templates - * and open the template in the editor. - */ -package org.owasp.webgoat.controller; - -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.servlet.ModelAndView; - -/** - *

Logout class.

- * - * @author rlawson - * @version $Id: $Id - */ -@Controller -public class Logout { - - final Logger logger = LoggerFactory.getLogger(Logout.class); - - /** - *

logout.

- * - * @param error a {@link java.lang.String} object. - * @param logout a {@link java.lang.String} object. - * @return a {@link org.springframework.web.servlet.ModelAndView} object. - */ - @RequestMapping(path = "logout.mvc", method = RequestMethod.GET) - public ModelAndView logout( - @RequestParam(value = "error", required = false) String error, - @RequestParam(value = "logout", required = false) String logout) { - - logger.info("Logging user out"); - - ModelAndView model = new ModelAndView(); - if (error != null) { - model.addObject("error", "Invalid username and password!"); - } - - if (logout != null) { - model.addObject("msg", "You've been logged out successfully."); - } - model.setViewName("logout"); - - return model; - - } -} diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java index 19945918f..9910a2315 100644 --- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java +++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/AbstractLesson.java @@ -10,10 +10,10 @@ import org.apache.ecs.html.Html; import org.apache.ecs.html.IMG; import org.apache.ecs.html.PRE; import org.apache.ecs.html.Title; -import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.ParameterNotFoundException; import org.owasp.webgoat.session.Screen; import org.owasp.webgoat.session.WebSession; +import org.owasp.webgoat.session.WebgoatContext; import org.owasp.webgoat.session.WebgoatProperties; import org.owasp.webgoat.util.BeanProvider; import org.owasp.webgoat.util.LabelManager; @@ -36,34 +36,34 @@ import java.util.List; import java.util.Map; /** - ************************************************************************************************* - * - * + * ************************************************************************************************ + *

+ *

* This file is part of WebGoat, an Open Web Application Security Project utility. For details, * please see http://www.owasp.org/ - * + *

* Copyright (c) 2002 - 20014 Bruce Mayhew - * + *

* This program is free software; you can redistribute it and/or modify it under the terms of the * GNU General Public License as published by the Free Software Foundation; either version 2 of the * License, or (at your option) any later version. - * + *

* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. - * + *

* You should have received a copy of the GNU General Public License along with this program; if * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA * 02111-1307, USA. - * + *

* Getting Source ============== - * + *

* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software * projects. * * @author Bruce Mayhew WebGoat - * @since October 28, 2003 * @version $Id: $Id + * @since October 28, 2003 */ public abstract class AbstractLesson extends Screen implements Comparable { @@ -74,7 +74,9 @@ public abstract class AbstractLesson extends Screen implements ComparableCHALLENGE_ROLE="challenge" */ + /** + * Constant CHALLENGE_ROLE="challenge" + */ public final static String CHALLENGE_ROLE = "challenge"; /** @@ -185,7 +187,7 @@ public abstract class AbstractLesson extends Screen implements Comparable * Description of the Method */ public int compareTo(Object obj) { @@ -194,7 +196,7 @@ public abstract class AbstractLesson extends Screen implements Comparable * Description of the Method */ public boolean equals(Object obj) { @@ -368,6 +370,7 @@ public abstract class AbstractLesson extends Screen implements ComparablegetHintsPublic.

* @@ -383,9 +386,9 @@ public abstract class AbstractLesson extends Screen implements ComparableReturns the default "path" portion of a lesson's URL.

- * - * + *

+ *

* Legacy webgoat lesson links are of the form * "attack?Screen=Xmenu=Ystage=Z". This method returns the path portion of * the url, i.e., "attack" in the string above. - * + *

* Newer, Spring-Controller-based classes will override this method to * return "*.do"-styled paths. * @@ -630,7 +635,7 @@ public abstract class AbstractLesson extends Screen implements Comparable * Rendering the link in the browser may result in Javascript sending * additional requests to perform necessary actions or to obtain data * relevant to the lesson or the element of the lesson selected by the @@ -645,13 +650,13 @@ public abstract class AbstractLesson extends Screen implements Comparable * Unlike getLink() this method does not require rendering the output of * the request to the link in order to execute the servlet's method with * conventional HTTP query parameters. @@ -662,8 +667,8 @@ public abstract class AbstractLesson extends Screen implements Comparable
-
+