Change spring stuff to mvc extension instead of do

show splash screen after login
2014-08-06 09:28:57 -04:00
parent ba9b60a99c
commit abd594beae
11 changed files with 197 additions and 14 deletions
--- a/java/org/owasp/webgoat/HammerHead.java
+++ b/java/org/owasp/webgoat/HammerHead.java
@ -390,7 +390,8 @@ public class HammerHead extends HttpServlet {
            // System.out.println( "HH Creating new WebSession: " );
            session = new WebSession(webgoatContext, context);
            // Ensure splash screen shows on any restart
-            hs.removeAttribute(WELCOMED);
+            // rlawson - removed this since we show splash screen at login now
+            //hs.removeAttribute(WELCOMED);
            hs.setAttribute(WebSession.SESSION, session);
            // reset timeout
            hs.setMaxInactiveInterval(sessionTimeoutSeconds);
--- a/java/org/owasp/webgoat/controller/Login.java
+++ b/java/org/owasp/webgoat/controller/Login.java
@ -18,7 +18,7 @@ import org.springframework.web.servlet.ModelAndView;
@Controller
 public class Login {

-    @RequestMapping(value = "login.do", method = RequestMethod.GET)
+    @RequestMapping(value = "login.mvc", method = RequestMethod.GET)
    public ModelAndView login(
            @RequestParam(value = "error", required = false) String error,
            @RequestParam(value = "logout", required = false) String logout) {
--- a/java/org/owasp/webgoat/controller/Logout.java
+++ b/java/org/owasp/webgoat/controller/Logout.java
@ -22,7 +22,7 @@ public class Logout {

    final Logger logger = LoggerFactory.getLogger(Logout.class);

-    @RequestMapping(value = "logout.do", method = RequestMethod.GET)
+    @RequestMapping(value = "logout.mvc", method = RequestMethod.GET)
    public ModelAndView logout(
            @RequestParam(value = "error", required = false) String error,
            @RequestParam(value = "logout", required = false) String logout) {
--- a/java/org/owasp/webgoat/controller/Welcome.java
+++ b/java/org/owasp/webgoat/controller/Welcome.java
@ -0,0 +1,44 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.controller;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class Welcome {
+
+    private static final String WELCOMED = "welcomed";
+
+    @RequestMapping(value = "welcome.mvc", method = RequestMethod.GET)
+    public ModelAndView welcome(HttpServletRequest request,
+            @RequestParam(value = "error", required = false) String error,
+            @RequestParam(value = "logout", required = false) String logout) {
+
+        // set the welcome attribute
+        // this is so the attack servlet does not also 
+        // send them to the welcome page
+        HttpSession session = request.getSession();
+        if (session.getAttribute(WELCOMED) == null) {
+            session.setAttribute(WELCOMED, "true");
+        }
+        //@TODO put stuff here the welcome page needs to access
+        ModelAndView model = new ModelAndView();
+        model.setViewName("welcome");
+
+        return model;
+
+    }
+}
--- a/java/org/owasp/webgoat/service/DummyService.java
+++ b/java/org/owasp/webgoat/service/DummyService.java
@ -18,7 +18,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
@Controller
 public class DummyService extends BaseService{

-    @RequestMapping(value = "/first.do", produces = "application/json")
+    @RequestMapping(value = "/first.mvc", produces = "application/json")
    public @ResponseBody
    List<String> firstNames() {
        List<String> test = new ArrayList<String>();
--- a/java/org/owasp/webgoat/service/HintService.java
+++ b/java/org/owasp/webgoat/service/HintService.java
@ -28,7 +28,7 @@ public class HintService extends BaseService {
     * @param session
     * @return
     */
-    @RequestMapping(value = "/hint.do", produces = "application/json")
+    @RequestMapping(value = "/hint.mvc", produces = "application/json")
    public @ResponseBody
    List<Hint> showHint(HttpSession session) {
        List<Hint> listHints = new ArrayList<Hint>();
--- a/java/org/owasp/webgoat/service/LessonMenuService.java
+++ b/java/org/owasp/webgoat/service/LessonMenuService.java
@ -32,7 +32,7 @@ public class LessonMenuService extends BaseService {
     * @param session
     * @return
     */
-    @RequestMapping(value = "/lessonmenu.do", produces = "application/json")
+    @RequestMapping(value = "/lessonmenu.mvc", produces = "application/json")
    public @ResponseBody
    List<LessonMenuItem> showLeftNav(HttpSession session) {
        //TODO - need Links, rank, title