From bef50d22b9091fc22fe345948071b55e57ae0b26 Mon Sep 17 00:00:00 2001
From: rlawson <rlawson@rlawson-HP>
Date: Thu, 7 Aug 2014 14:22:20 -0400
Subject: [PATCH] skeleton screen for new single page webapp

---
 java/org/owasp/webgoat/HammerHead.java        |   3 +-
 java/org/owasp/webgoat/controller/Start.java  |  37 ++
 .../org/owasp/webgoat/lessons/HttpBasics.java | 188 ++++----
 .../owasp/webgoat/lessons/LessonAdapter.java  | 408 +++++++++---------
 java/org/owasp/webgoat/session/Screen.java    |   3 +-
 webapp/WEB-INF/pages/main_new.jsp             | 256 +++++++++++
 webapp/WEB-INF/pages/welcome.jsp              |   2 +-
 webapp/lesson_content.jsp                     |  58 +++
 8 files changed, 638 insertions(+), 317 deletions(-)
 create mode 100644 java/org/owasp/webgoat/controller/Start.java
 create mode 100644 webapp/WEB-INF/pages/main_new.jsp
 create mode 100644 webapp/lesson_content.jsp

diff --git a/java/org/owasp/webgoat/HammerHead.java b/java/org/owasp/webgoat/HammerHead.java
index 9bce10cc7..5a6798631 100644
--- a/java/org/owasp/webgoat/HammerHead.java
+++ b/java/org/owasp/webgoat/HammerHead.java
@@ -207,7 +207,8 @@ public class HammerHead extends HttpServlet {
             session.setAttribute(WELCOMED, "true");
             page = "/webgoat.jsp";
         } else {
-            page = "/main.jsp";
+            //page = "/main.jsp";
+            page = "/lesson_content.jsp";
         }
 
         return page;
diff --git a/java/org/owasp/webgoat/controller/Start.java b/java/org/owasp/webgoat/controller/Start.java
new file mode 100644
index 000000000..8b0f5843c
--- /dev/null
+++ b/java/org/owasp/webgoat/controller/Start.java
@@ -0,0 +1,37 @@
+/*
+ * To change this license header, choose License Headers in Project Properties.
+ * To change this template file, choose Tools | Templates
+ * and open the template in the editor.
+ */
+package org.owasp.webgoat.controller;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ *
+ * @author rlawson
+ */
+@Controller
+public class Start {
+
+    private static final String WELCOMED = "welcomed";
+
+    @RequestMapping(value = "start.mvc", method = {RequestMethod.GET, RequestMethod.POST})
+    public ModelAndView start(HttpServletRequest request,
+            @RequestParam(value = "error", required = false) String error,
+            @RequestParam(value = "logout", required = false) String logout) {
+
+        //@TODO put stuff here the main page needs to access
+        ModelAndView model = new ModelAndView();
+        model.setViewName("main_new");
+
+        return model;
+
+    }
+}
diff --git a/java/org/owasp/webgoat/lessons/HttpBasics.java b/java/org/owasp/webgoat/lessons/HttpBasics.java
index aa162aa7c..03c36484a 100644
--- a/java/org/owasp/webgoat/lessons/HttpBasics.java
+++ b/java/org/owasp/webgoat/lessons/HttpBasics.java
@@ -1,4 +1,3 @@
-
 package org.owasp.webgoat.lessons;
 
 import java.util.ArrayList;
@@ -11,120 +10,113 @@ import org.owasp.webgoat.session.ECSFactory;
 import org.owasp.webgoat.session.WebSession;
 import org.owasp.webgoat.util.WebGoatI18N;
 
-
-/***************************************************************************************************
- * 
- * 
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * 
+/**
+ * *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
  * Copyright (c) 2002 - 2007 Bruce Mayhew
- * 
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * 
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
  * Getting Source ==============
- * 
- * Source for this application is maintained at code.google.com, a repository for free software
- * projects.
- * 
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
  * For details, please see http://code.google.com/p/webgoat/
- * 
+ *
  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created October 28, 2003
  */
-public class HttpBasics extends LessonAdapter
-{
-	private final static String PERSON = "person";
+public class HttpBasics extends LessonAdapter {
 
-	/**
-	 * Description of the Method
-	 * 
-	 * @param s
-	 *            Description of the Parameter
-	 * @return Description of the Return Value
-	 */
-	protected Element createContent(WebSession s)
-	{
-		ElementContainer ec = new ElementContainer();
+    private final static String PERSON = "person";
 
-		StringBuffer person = null;
-		try
-		{
-			ec.addElement(new StringElement(WebGoatI18N.get("EnterYourName")+": "));
+    /**
+     * Description of the Method
+     *
+     * @param s Description of the Parameter
+     * @return Description of the Return Value
+     */
+    protected Element createContent(WebSession s) {
+        ElementContainer ec = new ElementContainer();
 
-			person = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
-			person.reverse();
+        StringBuffer person = null;
+        try {
+            ec.addElement(new StringElement(WebGoatI18N.get("EnterYourName") + ": "));
 
-			Input input = new Input(Input.TEXT, PERSON, person.toString());
-			ec.addElement(input);
+            person = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
+            person.reverse();
 
-			Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
-			ec.addElement(b);
-		} catch (Exception e)
-		{
-			s.setMessage("Error generating " + this.getClass().getName());
-			e.printStackTrace();
-		}
+            Input input = new Input(Input.TEXT, PERSON, person.toString()+"RICK");
+            ec.addElement(input);
 
-		if (!person.toString().equals("") && getLessonTracker(s).getNumVisits() > 3)
-		{
-			makeSuccess(s);
-		}
+            Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
+            ec.addElement(b);
+        } catch (Exception e) {
+            s.setMessage("Error generating " + this.getClass().getName());
+            e.printStackTrace();
+        }
 
-		return (ec);
-	}
+        if (!person.toString().equals("") && getLessonTracker(s).getNumVisits() > 3) {
+            makeSuccess(s);
+        }
 
-	/**
-	 * Gets the hints attribute of the HelloScreen object
-	 * 
-	 * @return The hints value
-	 */
-	public List<String> getHints(WebSession s)
-	{
-		List<String> hints = new ArrayList<String>();
-		hints.add("Type in your name and press 'go'");
-		hints.add("Turn on Show Parameters or other features");
-		hints.add("Try to intercept the request with WebScarab");
-		hints.add("Press the Show Lesson Plan button to view a lesson summary");
-		hints.add("Press the Show Solution button to view a lesson solution");
+        return (ec);
+    }
 
-		return hints;
-	}
+    /**
+     * Gets the hints attribute of the HelloScreen object
+     *
+     * @return The hints value
+     */
+    public List<String> getHints(WebSession s) {
+        List<String> hints = new ArrayList<String>();
+        hints.add("Type in your name and press 'go'");
+        hints.add("Turn on Show Parameters or other features");
+        hints.add("Try to intercept the request with WebScarab");
+        hints.add("Press the Show Lesson Plan button to view a lesson summary");
+        hints.add("Press the Show Solution button to view a lesson solution");
 
-	/**
-	 * Gets the ranking attribute of the HelloScreen object
-	 * 
-	 * @return The ranking value
-	 */
-	private final static Integer DEFAULT_RANKING = new Integer(10);
+        return hints;
+    }
 
-	protected Integer getDefaultRanking()
-	{
-		return DEFAULT_RANKING;
-	}
+    /**
+     * Gets the ranking attribute of the HelloScreen object
+     *
+     * @return The ranking value
+     */
+    private final static Integer DEFAULT_RANKING = new Integer(10);
 
-	protected Category getDefaultCategory()
-	{
-		return Category.GENERAL;
-	}
+    protected Integer getDefaultRanking() {
+        return DEFAULT_RANKING;
+    }
 
-	/**
-	 * Gets the title attribute of the HelloScreen object
-	 * 
-	 * @return The title value
-	 */
-	public String getTitle()
-	{
-		return ("Http Basics");
-	}
+    protected Category getDefaultCategory() {
+        return Category.GENERAL;
+    }
+
+    /**
+     * Gets the title attribute of the HelloScreen object
+     *
+     * @return The title value
+     */
+    public String getTitle() {
+        return ("Http Basics");
+    }
 }
diff --git a/java/org/owasp/webgoat/lessons/LessonAdapter.java b/java/org/owasp/webgoat/lessons/LessonAdapter.java
index d490e6c7b..b4e3813bb 100644
--- a/java/org/owasp/webgoat/lessons/LessonAdapter.java
+++ b/java/org/owasp/webgoat/lessons/LessonAdapter.java
@@ -1,4 +1,3 @@
-
 package org.owasp.webgoat.lessons;
 
 import java.io.BufferedReader;
@@ -18,249 +17,226 @@ import org.apache.ecs.html.Table;
 import org.owasp.webgoat.session.WebSession;
 import org.owasp.webgoat.util.WebGoatI18N;
 
-
-/***************************************************************************************************
- * 
- * 
- * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
- * please see http://www.owasp.org/
- * 
+/**
+ * *************************************************************************************************
+ *
+ *
+ * This file is part of WebGoat, an Open Web Application Security Project
+ * utility. For details, please see http://www.owasp.org/
+ *
  * Copyright (c) 2002 - 2007 Bruce Mayhew
- * 
- * This program is free software; you can redistribute it and/or modify it under the terms of the
- * GNU General Public License as published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
- * 
- * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
- * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * General Public License for more details.
- * 
- * You should have received a copy of the GNU General Public License along with this program; if
- * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
- * 02111-1307, USA.
- * 
+ *
+ * This program is free software; you can redistribute it and/or modify it under
+ * the terms of the GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the License, or (at your option) any later
+ * version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program; if not, write to the Free Software Foundation, Inc., 59 Temple
+ * Place - Suite 330, Boston, MA 02111-1307, USA.
+ *
  * Getting Source ==============
- * 
- * Source for this application is maintained at code.google.com, a repository for free software
- * projects.
- * 
+ *
+ * Source for this application is maintained at code.google.com, a repository
+ * for free software projects.
+ *
  * For details, please see http://code.google.com/p/webgoat/
- * 
+ *
  * @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
  * @created October 28, 2003
  */
-public abstract class LessonAdapter extends AbstractLesson
-{
+public abstract class LessonAdapter extends AbstractLesson {
 
-	/**
-	 * Description of the Method
-	 * 
-	 * @param s
-	 *            Description of the Parameter
-	 * @return Description of the Return Value
-	 */
-	protected Element createContent(WebSession s)
-	{
-		// Mark this lesson as completed.
-		makeSuccess(s);
+    /**
+     * Description of the Method
+     *
+     * @param s Description of the Parameter
+     * @return Description of the Return Value
+     */
+    protected Element createContent(WebSession s) {
+        // Mark this lesson as completed.
+        makeSuccess(s);
 
-		ElementContainer ec = new ElementContainer();
+        ElementContainer ec = new ElementContainer();
 
-		ec.addElement(new Center().addElement(new H3().addElement(new StringElement(
-				"Detailed Lesson Creation Instructions."))));
-		ec.addElement(new P());
-		ec
-				.addElement(new StringElement(
-						"Lesson are simple to create and very little coding is required. &nbsp;&nbsp;"
-								+ "In fact, most lessons can be created by following the easy to use instructions in the "
-								+ "<A HREF=http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents>WebGoat User Guide.</A>&nbsp;&nbsp;"
-								+ "If you would prefer, send your lesson ideas to "
-								+ getWebgoatContext().getFeedbackAddressHTML()));
+        ec.addElement(new Center().addElement(new H3().addElement(new StringElement(
+                "Detailed Lesson Creation Instructions."))));
+        ec.addElement(new P());
+        ec
+                .addElement(new StringElement(
+                                "Lesson are simple to create and very little coding is required. &nbsp;&nbsp;"
+                                + "In fact, most lessons can be created by following the easy to use instructions in the "
+                                + "<A HREF=http://www.owasp.org/index.php/WebGoat_User_and_Install_Guide_Table_of_Contents>WebGoat User Guide.</A>&nbsp;&nbsp;"
+                                + "If you would prefer, send your lesson ideas to "
+                                + getWebgoatContext().getFeedbackAddressHTML()));
 
-		String fileName = s.getContext().getRealPath("WEB-INF/classes/New Lesson Instructions.txt");
-		if (fileName != null)
-		{
-			try
-			{
-				PRE pre = new PRE();
-				BufferedReader in = new BufferedReader(new FileReader(fileName));
-				String line = null;
-				while ((line = in.readLine()) != null)
-				{
-					pre.addElement(line + "\n");
-				}
-				ec.addElement(pre);
-			} catch (Exception e)
-			{
-				e.printStackTrace();
-			}
-		}
-		return (ec);
-	}
+        String fileName = s.getContext().getRealPath("WEB-INF/classes/New Lesson Instructions.txt");
+        if (fileName != null) {
+            try {
+                PRE pre = new PRE();
+                BufferedReader in = new BufferedReader(new FileReader(fileName));
+                String line = null;
+                while ((line = in.readLine()) != null) {
+                    pre.addElement(line + "\n");
+                }
+                ec.addElement(pre);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+        return (ec);
+    }
 
-	/**
-	 * Gets the category attribute of the LessonAdapter object. The default category is "General"
-	 * Only override this method if you wish to create a new category or if you wish this lesson to
-	 * reside within a category other the "General"
-	 * 
-	 * @return The category value
-	 */
-	protected Category getDefaultCategory()
-	{
-		return Category.GENERAL;
-	}
+    /**
+     * Gets the category attribute of the LessonAdapter object. The default
+     * category is "General" Only override this method if you wish to create a
+     * new category or if you wish this lesson to reside within a category other
+     * the "General"
+     *
+     * @return The category value
+     */
+    protected Category getDefaultCategory() {
+        return Category.GENERAL;
+    }
 
-	protected boolean getDefaultHidden()
-	{
-		return false;
-	}
+    protected boolean getDefaultHidden() {
+        return false;
+    }
 
-	private final static Integer DEFAULT_RANKING = new Integer(1000);
+    private final static Integer DEFAULT_RANKING = new Integer(1000);
 
-	protected Integer getDefaultRanking()
-	{
-		return DEFAULT_RANKING;
-	}
+    protected Integer getDefaultRanking() {
+        return DEFAULT_RANKING;
+    }
 
-	/**
-	 * Gets the hintCount attribute of the LessonAdapter object
-	 * 
-	 * @return The hintCount value
-	 */
-	public int getHintCount(WebSession s)
-	{
-		return getHints(s).size();
-	}
+    /**
+     * Gets the hintCount attribute of the LessonAdapter object
+     *
+     * @return The hintCount value
+     */
+    public int getHintCount(WebSession s) {
+        return getHints(s).size();
+    }
 
-	/**
-	 * Fill in a minor hint that will help people who basically get it, but are stuck on somthing
-	 * silly. Hints will be returned to the user in the order they appear below. The user must click
-	 * on the "next hint" button before the hint will be displayed.
-	 * 
-	 * @return The hint1 value
-	 */
-	protected List<String> getHints(WebSession s)
-	{
-		List<String> hints = new ArrayList<String>();
-		hints.add("There are no hints defined.");
-		return hints;
-	}
+    /**
+     * Fill in a minor hint that will help people who basically get it, but are
+     * stuck on somthing silly. Hints will be returned to the user in the order
+     * they appear below. The user must click on the "next hint" button before
+     * the hint will be displayed.
+     *
+     * @return The hint1 value
+     */
+    protected List<String> getHints(WebSession s) {
+        List<String> hints = new ArrayList<String>();
+        hints.add("There are no hints defined.");
+        return hints;
+    }
 
-	/**
-	 * Gets the credits attribute of the AbstractLesson object
-	 * 
-	 * @return The credits value
-	 */
-	public Element getCredits()
-	{
-		return new StringElement();
-	}
+    /**
+     * Gets the credits attribute of the AbstractLesson object
+     *
+     * @return The credits value
+     */
+    public Element getCredits() {
+        return new StringElement();
+    }
 
-	/**
-	 * Gets the instructions attribute of the LessonAdapter object. Instructions will rendered as
-	 * html and will appear below the control area and above the actual lesson area. Instructions
-	 * should provide the user with the general setup and goal of the lesson.
-	 * 
-	 * @return The instructions value
-	 */
-	public String getInstructions(WebSession s)
-	{
-		StringBuffer buff = new StringBuffer();
-		String lang = s.getCurrrentLanguage();
-		try
-		{
-			String fileName = s.getWebResource(getLessonPlanFileName(lang));
-			if (fileName != null)
-			{
-				BufferedReader in = new BufferedReader(new FileReader(fileName));
-				String line = null;
-				boolean startAppending = false;
-				while ((line = in.readLine()) != null)
-				{
-					if (line.indexOf("<!-- Start Instructions -->") != -1)
-					{
-						startAppending = true;
-						continue;
-					}
-					if (line.indexOf("<!-- Stop Instructions -->") != -1)
-					{
-						startAppending = false;
-						continue;
-					}
-					if (startAppending)
-					{
-						buff.append(line + "\n");
-					}
-				}
-			}
-		} catch (Exception e)
-		{
-		}
+    /**
+     * Gets the instructions attribute of the LessonAdapter object. Instructions
+     * will rendered as html and will appear below the control area and above
+     * the actual lesson area. Instructions should provide the user with the
+     * general setup and goal of the lesson.
+     *
+     * @return The instructions value
+     */
+    public String getInstructions(WebSession s) {
+        StringBuffer buff = new StringBuffer();
+        String lang = s.getCurrrentLanguage();
+        try {
+            String fileName = s.getWebResource(getLessonPlanFileName(lang));
+            if (fileName != null) {
+                BufferedReader in = new BufferedReader(new FileReader(fileName));
+                String line = null;
+                boolean startAppending = false;
+                while ((line = in.readLine()) != null) {
+                    if (line.indexOf("<!-- Start Instructions -->") != -1) {
+                        startAppending = true;
+                        continue;
+                    }
+                    if (line.indexOf("<!-- Stop Instructions -->") != -1) {
+                        startAppending = false;
+                        continue;
+                    }
+                    if (startAppending) {
+                        buff.append(line + "\n");
+                    }
+                }
+            }
+        } catch (Exception e) {
+        }
 
-		return buff.toString();
+        return buff.toString();
 
-	}
+    }
 
-	/**
-	 * Fill in a descriptive title for this lesson. The title of the lesson. This will appear above
-	 * the control area at the top of the page. This field will be rendered as html.
-	 * 
-	 * @return The title value
-	 */
-	public String getTitle()
-	{
-		return "Untitled Lesson " + getScreenId();
-	}
+    /**
+     * Fill in a descriptive title for this lesson. The title of the lesson.
+     * This will appear above the control area at the top of the page. This
+     * field will be rendered as html.
+     *
+     * @return The title value
+     */
+    public String getTitle() {
+        return "Untitled Lesson " + getScreenId();
+    }
 
-	public String getCurrentAction(WebSession s)
-	{
-		return s.getLessonSession(this).getCurrentLessonScreen();
-	}
+    public String getCurrentAction(WebSession s) {
+        return s.getLessonSession(this).getCurrentLessonScreen();
+    }
 
-	public void setCurrentAction(WebSession s, String lessonScreen)
-	{
-		s.getLessonSession(this).setCurrentLessonScreen(lessonScreen);
-	}
+    public void setCurrentAction(WebSession s, String lessonScreen) {
+        s.getLessonSession(this).setCurrentLessonScreen(lessonScreen);
+    }
 
-	public Object getSessionAttribute(WebSession s, String key)
-	{
-		return s.getRequest().getSession().getAttribute(key);
-	}
+    public Object getSessionAttribute(WebSession s, String key) {
+        return s.getRequest().getSession().getAttribute(key);
+    }
 
-	public void setSessionAttribute(WebSession s, String key, Object value)
-	{
-		s.getRequest().getSession().setAttribute(key, value);
-	}
+    public void setSessionAttribute(WebSession s, String key, Object value) {
+        s.getRequest().getSession().setAttribute(key, value);
+    }
 
-	/**
-	 * Description of the Method
-	 * 
-	 * @param s
-	 *            Description of the Parameter
-	 * @return Description of the Return Value
-	 */
-	protected Element makeSuccess(WebSession s)
-	{
-		getLessonTracker(s).setCompleted(true);
+    /**
+     * Description of the Method
+     *
+     * @param s Description of the Parameter
+     * @return Description of the Return Value
+     */
+    protected Element makeSuccess(WebSession s) {
+        getLessonTracker(s).setCompleted(true);
 
-		s.setMessage(WebGoatI18N.get("LessonCompleted"));
+        s.setMessage(WebGoatI18N.get("LessonCompleted"));
 
-		return (null);
-	}
+        return (null);
+    }
 
-	/**
-	 * Gets the credits attribute of the AbstractLesson object
-	 * 
-	 * @return The credits value
-	 */
-	protected Element getCustomCredits(String text, Element e)
-	{
-		Table t = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("RIGHT");
-		TR tr = new TR();
-		tr.addElement(new TD(text).setVAlign("MIDDLE").setAlign("RIGHT").setWidth("100%"));
-		tr.addElement(new TD(e).setVAlign("MIDDLE").setAlign("RIGHT"));
-		t.addElement(tr);
-		return t;
-	}
+    /**
+     * Gets the credits attribute of the AbstractLesson object
+     *
+     * @return The credits value
+     */
+    protected Element getCustomCredits(String text, Element e) {
+        Table t = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("RIGHT");
+        TR tr = new TR();
+        tr.addElement(new TD(text).setVAlign("MIDDLE").setAlign("RIGHT").setWidth("100%"));
+        tr.addElement(new TD(e).setVAlign("MIDDLE").setAlign("RIGHT"));
+        t.addElement(tr);
+        return t;
+    }
 
 }
diff --git a/java/org/owasp/webgoat/session/Screen.java b/java/org/owasp/webgoat/session/Screen.java
index 66aeb227a..a9d0820c7 100644
--- a/java/org/owasp/webgoat/session/Screen.java
+++ b/java/org/owasp/webgoat/session/Screen.java
@@ -196,12 +196,13 @@ public abstract class Screen {
      */
     public void output(PrintWriter out) {
 
-		// format output -- then send to printwriter
+        // format output -- then send to printwriter
         // otherwise we're doing way too much SSL encryption work
         out.print(getContent());
 
     }
 
+    // TODO we could hook all forms here with javascript call to ajax forms plugin
     public String getContent() {
         return (content == null) ? "" : content.toString();
     }
diff --git a/webapp/WEB-INF/pages/main_new.jsp b/webapp/WEB-INF/pages/main_new.jsp
new file mode 100644
index 000000000..7a06d803c
--- /dev/null
+++ b/webapp/WEB-INF/pages/main_new.jsp
@@ -0,0 +1,256 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
+         errorPage=""%>
+<%@page import="org.owasp.webgoat.session.WebSession"%>
+<%
+    //WebSession webSession = ((WebSession) session.getAttribute("websession"));
+%>
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+    <head>
+        <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
+        <title>WebGoat V6.0</title>
+        <link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css"/>
+        <style>
+            /*
+            * Base structure
+            */
+
+            /* Move down content because we have a fixed navbar that is 50px tall */
+            body {
+                padding-top: 50px;
+            }
+
+
+            /*
+             * Global add-ons
+             */
+
+            .sub-header {
+                padding-bottom: 10px;
+                border-bottom: 1px solid #eee;
+            }
+
+            /*
+             * Top navigation
+             * Hide default border to remove 1px line.
+             */
+            .navbar-fixed-top {
+                border: 0;
+            }
+
+            /*
+             * Sidebar
+             */
+
+            /* Hide for mobile, show later */
+            .sidebar {
+                display: none;
+            }
+            @media (min-width: 768px) {
+                .sidebar {
+                    position: fixed;
+                    top: 51px;
+                    bottom: 0;
+                    left: 0;
+                    z-index: 1000;
+                    display: block;
+                    padding: 20px;
+                    overflow-x: hidden;
+                    overflow-y: auto; /* Scrollable contents if viewport is shorter than content. */
+                    background-color: #f5f5f5;
+                    border-right: 1px solid #eee;
+                }
+            }
+
+            /* Sidebar navigation */
+            .nav-sidebar {
+                margin-right: -21px; /* 20px padding + 1px border */
+                margin-bottom: 20px;
+                margin-left: -20px;
+            }
+            .nav-sidebar > li > a {
+                padding-right: 20px;
+                padding-left: 20px;
+            }
+            .nav-sidebar > .active > a,
+            .nav-sidebar > .active > a:hover,
+            .nav-sidebar > .active > a:focus {
+                color: #fff;
+                background-color: #428bca;
+            }
+
+
+            /*
+             * Main content
+             */
+
+            .main {
+                padding: 20px;
+            }
+            @media (min-width: 768px) {
+                .main {
+                    padding-right: 40px;
+                    padding-left: 40px;
+                }
+            }
+            .main .page-header {
+                margin-top: 0;
+            }
+
+
+            /*
+             * Placeholder dashboard ideas
+             */
+
+            .placeholders {
+                margin-bottom: 30px;
+                text-align: center;
+            }
+            .placeholders h4 {
+                margin-bottom: 0;
+            }
+            .placeholder {
+                margin-bottom: 20px;
+            }
+            .placeholder img {
+                display: inline-block;
+                border-radius: 50%;
+            }
+        </style>
+
+    </head>
+
+    <body>
+
+        <div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
+            <div class="container-fluid">
+                <div class="navbar-header">
+                    <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+                        <span class="sr-only">Toggle navigation</span>
+                        <span class="icon-bar"></span>
+                        <span class="icon-bar"></span>
+                        <span class="icon-bar"></span>
+                    </button>
+                    <a class="navbar-brand" href="#">Webgoat 6.0</a>
+                </div>
+                <div class="navbar-collapse collapse">
+                    <ul class="nav navbar-nav navbar-right">
+
+                        <li><a href="#">Settings</a></li>
+                        <li><a href="#">Profile</a></li>
+                        <li><a href="#">Help</a></li>
+                        <li><a href="j_spring_security_logout">Logout</a></li>
+                    </ul>
+                    <!--
+                    <form class="navbar-form navbar-right">
+                        <input type="text" class="form-control" placeholder="Search...">
+                    </form>
+                    -->
+                </div>
+            </div>
+        </div>
+
+        <div class="container-fluid">
+            <div class="row">
+                <div class="col-sm-3 col-md-2 sidebar">
+                    <ul class="nav nav-sidebar">
+                        <li>This should be built from service</li>
+                        <li class="active"><a href="#">General</a></li>
+                        <li><a href="attack?Screen=4&amp;menu=100" target="lesson" class="menu-link">HTTP Basics</a></li>
+                        <li><a href="attack?Screen=58&menu=100" class="menu-link">HTTP Splitting</a></li>
+                    </ul>
+                    <ul class="nav nav-sidebar">
+                        <li><a href="">Nav item</a></li>
+                        <li><a href="">Nav item again</a></li>
+                        <li><a href="">One more nav</a></li>
+                        <li><a href="">Another nav item</a></li>
+                        <li><a href="">More navigation</a></li>
+                    </ul>
+                    <ul class="nav nav-sidebar">
+                        <li><a href="">Nav item again</a></li>
+                        <li><a href="">One more nav</a></li>
+                        <li><a href="">Another nav item</a></li>
+                    </ul>
+                </div>
+                <div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
+                    <h1 class="page-header">Lesson Content</h1>
+
+                    <div class="" id="lesson_content">
+                        Lesson content goes here
+                    </div>
+
+
+                </div>
+            </div>
+        </div>
+
+        <!-- Bootstrap core JavaScript
+        ================================================== -->
+        <!-- Placed at the end of the document so the pages load faster -->
+        <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
+        <script src="http://malsup.github.com/jquery.form.js"></script> 
+        <script>
+            $(document).ready(function() {
+                // bind to click events on menu links
+                $('.menu-link').bind('click', function(event) {
+                    event.preventDefault();
+                    $.get(this.href, {}, function(reply) {
+                        $("#lesson_content").html(reply);
+                    }, "html");
+                });
+                // make all forms ajax forms
+                var options = {
+                    target: '#lesson_content', // target element(s) to be updated with server response                     
+                    beforeSubmit: showRequest, // pre-submit callback, comment out after debugging 
+                    success: showResponse  // post-submit callback, comment out after debugging 
+
+                            // other available options: 
+                            //url:       url         // override for form's 'action' attribute 
+                            //type:      type        // 'get' or 'post', override for form's 'method' attribute 
+                            //dataType:  null        // 'xml', 'script', or 'json' (expected server response type) 
+                            //clearForm: true        // clear all form fields after successful submit 
+                            //resetForm: true        // reset the form after successful submit 
+
+                            // $.ajax options can be used here too, for example: 
+                            //timeout:   3000 
+                };
+                // pre-submit callback 
+                function showRequest(formData, jqForm, options) {
+                    // formData is an array; here we use $.param to convert it to a string to display it 
+                    // but the form plugin does this for you automatically when it submits the data 
+                    var queryString = $.param(formData);
+
+                    // jqForm is a jQuery object encapsulating the form element.  To access the 
+                    // DOM element for the form do this: 
+                    // var formElement = jqForm[0]; 
+
+                    alert('About to submit: \n\n' + queryString);
+
+                    // here we could return false to prevent the form from being submitted; 
+                    // returning anything other than false will allow the form submit to continue 
+                    return true;
+                }
+
+                // post-submit callback 
+                function showResponse(responseText, statusText, xhr, $form) {
+                    // for normal html responses, the first argument to the success callback 
+                    // is the XMLHttpRequest object's responseText property 
+
+                    // if the ajaxForm method was passed an Options Object with the dataType 
+                    // property set to 'xml' then the first argument to the success callback 
+                    // is the XMLHttpRequest object's responseXML property 
+
+                    // if the ajaxForm method was passed an Options Object with the dataType 
+                    // property set to 'json' then the first argument to the success callback 
+                    // is the json data object returned by the server 
+
+                    alert('status: ' + statusText + '\n\nresponseText: \n' + responseText +
+                            '\n\nThe output div should have already been updated with the responseText.');
+                }
+                // bind form using 'ajaxForm' 
+                $("form[name='form']").ajaxForm(options);
+            });
+        </script>
+    </body>
+</html>
diff --git a/webapp/WEB-INF/pages/welcome.jsp b/webapp/WEB-INF/pages/welcome.jsp
index a9632dc99..9afe2118a 100644
--- a/webapp/WEB-INF/pages/welcome.jsp
+++ b/webapp/WEB-INF/pages/welcome.jsp
@@ -109,7 +109,7 @@
                         <tr>
                             <td colspan="2">
                                 <div align="center" class="style2">
-                                    <form id="form" name="form" method="post" action="attack"><input
+                                    <form id="form" name="form" method="get" action="start.mvc"><input
                                             type="submit" name="start" value="Start WebGoat" /></form>
                                 </div>
                             </td>
diff --git a/webapp/lesson_content.jsp b/webapp/lesson_content.jsp
new file mode 100644
index 000000000..5f68051c1
--- /dev/null
+++ b/webapp/lesson_content.jsp
@@ -0,0 +1,58 @@
+<%@ page contentType="text/html; charset=ISO-8859-1" language="java" 
+         import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*" 
+         errorPage=""  %>
+<%
+    Course course = ((Course) session.getAttribute("course"));
+    WebSession webSession = ((WebSession) session.getAttribute("websession"));
+    AbstractLesson currentLesson = webSession.getCurrentLesson();
+%>
+
+
+<!-- HTML fragment correpsonding to the lesson content -->
+<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
+
+<!--
+<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
+<link rel="stylesheet" href="css/lesson.css" type="text/css" />
+<link rel="stylesheet" href="css/menu.css" type="text/css" />
+<link rel="stylesheet" href="css/layers.css" type="text/css" />
+<script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
+<script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
+<script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
+<script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
+<script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
+-->
+
+
+<div id="lessonContent">
+    <%
+        AbstractLesson lesson = webSession.getCurrentLesson();
+        if (lesson instanceof RandomLessonAdapter) {
+            RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
+    %>
+    <div class="info">Stage <%= rla.getLessonTracker(webSession).getStageNumber(rla.getStage(webSession)) + 1%></div>
+    <%
+        }
+    %>
+    <%=webSession.getInstructions()%></div>
+<div id="message" class="info"><%=webSession.getMessage()%></div>
+
+<%
+    if (currentLesson.getTemplatePage(webSession) != null) {
+        //System.out.println("Main.jsp - current lesson: " + currentLesson.getName() );
+        //System.out.println("         - template Page: " + currentLesson.getTemplatePage(webSession));
+%>
+<jsp:include page="<%=currentLesson.getTemplatePage(webSession)%>" />
+<%
+} else {
+%>
+<div id="lessonContent"><%=currentLesson.getContent()%></div>
+<%
+    }
+%>
+
+
+
+
+
+