dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

skeleton screen for new single page webapp

Browse Source
This commit is contained in:
rlawson 2014-08-07 14:22:20 -04:00
parent 4c1f6ecd1d
commit bef50d22b9
8 changed files with 638 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
java/org/owasp/webgoat/HammerHead.java
View File

@ -207,7 +207,8 @@ public class HammerHead extends HttpServlet {
session.setAttribute(WELCOMED, "true");
page = "/webgoat.jsp";
} else {
page = "/main.jsp";
//page = "/main.jsp";
page = "/lesson_content.jsp";
}
return page;

37
java/org/owasp/webgoat/controller/Start.java Normal file
View File

@ -0,0 +1,37 @@
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
package org.owasp.webgoat.controller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
/**
*
* @author rlawson
*/
@Controller
public class Start {
private static final String WELCOMED = "welcomed";
@RequestMapping(value = "start.mvc", method = {RequestMethod.GET, RequestMethod.POST})
public ModelAndView start(HttpServletRequest request,
@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
//@TODO put stuff here the main page needs to access
ModelAndView model = new ModelAndView();
model.setViewName("main_new");
return model;
}
}

68
java/org/owasp/webgoat/lessons/HttpBasics.java
View File

@ -1,4 +1,3 @@
package org.owasp.webgoat.lessons;
import java.util.ArrayList;
@ -11,73 +10,70 @@ import org.owasp.webgoat.session.ECSFactory;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public class HttpBasics extends LessonAdapter
{
public class HttpBasics extends LessonAdapter {
private final static String PERSON = "person";
/**
* Description of the Method
*
* @param s
* Description of the Parameter
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element createContent(WebSession s)
{
protected Element createContent(WebSession s) {
ElementContainer ec = new ElementContainer();
StringBuffer person = null;
try
{
ec.addElement(new StringElement(WebGoatI18N.get("EnterYourName")+": "));
try {
ec.addElement(new StringElement(WebGoatI18N.get("EnterYourName") + ": "));
person = new StringBuffer(s.getParser().getStringParameter(PERSON, ""));
person.reverse();
Input input = new Input(Input.TEXT, PERSON, person.toString());
Input input = new Input(Input.TEXT, PERSON, person.toString()+"RICK");
ec.addElement(input);
Element b = ECSFactory.makeButton(WebGoatI18N.get("Go!"));
ec.addElement(b);
} catch (Exception e)
{
} catch (Exception e) {
s.setMessage("Error generating " + this.getClass().getName());
e.printStackTrace();
}
if (!person.toString().equals("") && getLessonTracker(s).getNumVisits() > 3)
{
if (!person.toString().equals("") && getLessonTracker(s).getNumVisits() > 3) {
makeSuccess(s);
}
@ -89,8 +85,7 @@ public class HttpBasics extends LessonAdapter
*
* @return The hints value
*/
public List<String> getHints(WebSession s)
{
public List<String> getHints(WebSession s) {
List<String> hints = new ArrayList<String>();
hints.add("Type in your name and press 'go'");
hints.add("Turn on Show Parameters or other features");
@ -108,13 +103,11 @@ public class HttpBasics extends LessonAdapter
*/
private final static Integer DEFAULT_RANKING = new Integer(10);
protected Integer getDefaultRanking()
{
protected Integer getDefaultRanking() {
return DEFAULT_RANKING;
}
protected Category getDefaultCategory()
{
protected Category getDefaultCategory() {
return Category.GENERAL;
}
@ -123,8 +116,7 @@ public class HttpBasics extends LessonAdapter
*
* @return The title value
*/
public String getTitle()
{
public String getTitle() {
return ("Http Basics");
}
}

146
java/org/owasp/webgoat/lessons/LessonAdapter.java
View File

@ -1,4 +1,3 @@
package org.owasp.webgoat.lessons;
import java.io.BufferedReader;
@ -18,49 +17,48 @@ import org.apache.ecs.html.Table;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.util.WebGoatI18N;
/***************************************************************************************************
/**
* *************************************************************************************************
*
*
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
* This file is part of WebGoat, an Open Web Application Security Project
* utility. For details, please see http://www.owasp.org/
*
* Copyright (c) 2002 - 2007 Bruce Mayhew
*
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
* This program is free software; you can redistribute it and/or modify it under
* the terms of the GNU General Public License as published by the Free Software
* Foundation; either version 2 of the License, or (at your option) any later
* version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
* This program is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
* details.
*
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
* You should have received a copy of the GNU General Public License along with
* this program; if not, write to the Free Software Foundation, Inc., 59 Temple
* Place - Suite 330, Boston, MA 02111-1307, USA.
*
* Getting Source ==============
*
* Source for this application is maintained at code.google.com, a repository for free software
* projects.
* Source for this application is maintained at code.google.com, a repository
* for free software projects.
*
* For details, please see http://code.google.com/p/webgoat/
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @created October 28, 2003
*/
public abstract class LessonAdapter extends AbstractLesson
{
public abstract class LessonAdapter extends AbstractLesson {
/**
* Description of the Method
*
* @param s
* Description of the Parameter
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element createContent(WebSession s)
{
protected Element createContent(WebSession s) {
// Mark this lesson as completed.
makeSuccess(s);
@ -78,20 +76,16 @@ public abstract class LessonAdapter extends AbstractLesson
+ getWebgoatContext().getFeedbackAddressHTML()));
String fileName = s.getContext().getRealPath("WEB-INF/classes/New Lesson Instructions.txt");
if (fileName != null)
{
try
{
if (fileName != null) {
try {
PRE pre = new PRE();
BufferedReader in = new BufferedReader(new FileReader(fileName));
String line = null;
while ((line = in.readLine()) != null)
{
while ((line = in.readLine()) != null) {
pre.addElement(line + "\n");
}
ec.addElement(pre);
} catch (Exception e)
{
} catch (Exception e) {
e.printStackTrace();
}
}
@ -99,26 +93,24 @@ public abstract class LessonAdapter extends AbstractLesson
}
/**
* Gets the category attribute of the LessonAdapter object. The default category is "General"
* Only override this method if you wish to create a new category or if you wish this lesson to
* reside within a category other the "General"
* Gets the category attribute of the LessonAdapter object. The default
* category is "General" Only override this method if you wish to create a
* new category or if you wish this lesson to reside within a category other
* the "General"
*
* @return The category value
*/
protected Category getDefaultCategory()
{
protected Category getDefaultCategory() {
return Category.GENERAL;
}
protected boolean getDefaultHidden()
{
protected boolean getDefaultHidden() {
return false;
}
private final static Integer DEFAULT_RANKING = new Integer(1000);
protected Integer getDefaultRanking()
{
protected Integer getDefaultRanking() {
return DEFAULT_RANKING;
}
@ -127,20 +119,19 @@ public abstract class LessonAdapter extends AbstractLesson
*
* @return The hintCount value
*/
public int getHintCount(WebSession s)
{
public int getHintCount(WebSession s) {
return getHints(s).size();
}
/**
* Fill in a minor hint that will help people who basically get it, but are stuck on somthing
* silly. Hints will be returned to the user in the order they appear below. The user must click
* on the "next hint" button before the hint will be displayed.
* Fill in a minor hint that will help people who basically get it, but are
* stuck on somthing silly. Hints will be returned to the user in the order
* they appear below. The user must click on the "next hint" button before
* the hint will be displayed.
*
* @return The hint1 value
*/
protected List<String> getHints(WebSession s)
{
protected List<String> getHints(WebSession s) {
List<String> hints = new ArrayList<String>();
hints.add("There are no hints defined.");
return hints;
@ -151,50 +142,42 @@ public abstract class LessonAdapter extends AbstractLesson
*
* @return The credits value
*/
public Element getCredits()
{
public Element getCredits() {
return new StringElement();
}
/**
* Gets the instructions attribute of the LessonAdapter object. Instructions will rendered as
* html and will appear below the control area and above the actual lesson area. Instructions
* should provide the user with the general setup and goal of the lesson.
* Gets the instructions attribute of the LessonAdapter object. Instructions
* will rendered as html and will appear below the control area and above
* the actual lesson area. Instructions should provide the user with the
* general setup and goal of the lesson.
*
* @return The instructions value
*/
public String getInstructions(WebSession s)
{
public String getInstructions(WebSession s) {
StringBuffer buff = new StringBuffer();
String lang = s.getCurrrentLanguage();
try
{
try {
String fileName = s.getWebResource(getLessonPlanFileName(lang));
if (fileName != null)
{
if (fileName != null) {
BufferedReader in = new BufferedReader(new FileReader(fileName));
String line = null;
boolean startAppending = false;
while ((line = in.readLine()) != null)
{
if (line.indexOf("<!-- Start Instructions -->") != -1)
{
while ((line = in.readLine()) != null) {
if (line.indexOf("<!-- Start Instructions -->") != -1) {
startAppending = true;
continue;
}
if (line.indexOf("<!-- Stop Instructions -->") != -1)
{
if (line.indexOf("<!-- Stop Instructions -->") != -1) {
startAppending = false;
continue;
}
if (startAppending)
{
if (startAppending) {
buff.append(line + "\n");
}
}
}
} catch (Exception e)
{
} catch (Exception e) {
}
return buff.toString();
@ -202,45 +185,39 @@ public abstract class LessonAdapter extends AbstractLesson
}
/**
* Fill in a descriptive title for this lesson. The title of the lesson. This will appear above
* the control area at the top of the page. This field will be rendered as html.
* Fill in a descriptive title for this lesson. The title of the lesson.
* This will appear above the control area at the top of the page. This
* field will be rendered as html.
*
* @return The title value
*/
public String getTitle()
{
public String getTitle() {
return "Untitled Lesson " + getScreenId();
}
public String getCurrentAction(WebSession s)
{
public String getCurrentAction(WebSession s) {
return s.getLessonSession(this).getCurrentLessonScreen();
}
public void setCurrentAction(WebSession s, String lessonScreen)
{
public void setCurrentAction(WebSession s, String lessonScreen) {
s.getLessonSession(this).setCurrentLessonScreen(lessonScreen);
}
public Object getSessionAttribute(WebSession s, String key)
{
public Object getSessionAttribute(WebSession s, String key) {
return s.getRequest().getSession().getAttribute(key);
}
public void setSessionAttribute(WebSession s, String key, Object value)
{
public void setSessionAttribute(WebSession s, String key, Object value) {
s.getRequest().getSession().setAttribute(key, value);
}
/**
* Description of the Method
*
* @param s
* Description of the Parameter
* @param s Description of the Parameter
* @return Description of the Return Value
*/
protected Element makeSuccess(WebSession s)
{
protected Element makeSuccess(WebSession s) {
getLessonTracker(s).setCompleted(true);
s.setMessage(WebGoatI18N.get("LessonCompleted"));
@ -253,8 +230,7 @@ public abstract class LessonAdapter extends AbstractLesson
*
* @return The credits value
*/
protected Element getCustomCredits(String text, Element e)
{
protected Element getCustomCredits(String text, Element e) {
Table t = new Table().setCellSpacing(0).setCellPadding(0).setBorder(0).setWidth("90%").setAlign("RIGHT");
TR tr = new TR();
tr.addElement(new TD(text).setVAlign("MIDDLE").setAlign("RIGHT").setWidth("100%"));

1
java/org/owasp/webgoat/session/Screen.java
View File

@ -202,6 +202,7 @@ public abstract class Screen {
}
// TODO we could hook all forms here with javascript call to ajax forms plugin
public String getContent() {
return (content == null) ? "" : content.toString();
}

256
webapp/WEB-INF/pages/main_new.jsp Normal file
View File

@ -0,0 +1,256 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
errorPage=""%>
<%@page import="org.owasp.webgoat.session.WebSession"%>
<%
//WebSession webSession = ((WebSession) session.getAttribute("websession"));
%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>WebGoat V6.0</title>
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.min.css"/>
<style>
/*
* Base structure
*/
/* Move down content because we have a fixed navbar that is 50px tall */
body {
padding-top: 50px;
}
/*
* Global add-ons
*/
.sub-header {
padding-bottom: 10px;
border-bottom: 1px solid #eee;
}
/*
* Top navigation
* Hide default border to remove 1px line.
*/
.navbar-fixed-top {
border: 0;
}
/*
* Sidebar
*/
/* Hide for mobile, show later */
.sidebar {
display: none;
}
@media (min-width: 768px) {
.sidebar {
position: fixed;
top: 51px;
bottom: 0;
left: 0;
z-index: 1000;
display: block;
padding: 20px;
overflow-x: hidden;
overflow-y: auto; /* Scrollable contents if viewport is shorter than content. */
background-color: #f5f5f5;
border-right: 1px solid #eee;
}
}
/* Sidebar navigation */
.nav-sidebar {
margin-right: -21px; /* 20px padding + 1px border */
margin-bottom: 20px;
margin-left: -20px;
}
.nav-sidebar > li > a {
padding-right: 20px;
padding-left: 20px;
}
.nav-sidebar > .active > a,
.nav-sidebar > .active > a:hover,
.nav-sidebar > .active > a:focus {
color: #fff;
background-color: #428bca;
}
/*
* Main content
*/
.main {
padding: 20px;
}
@media (min-width: 768px) {
.main {
padding-right: 40px;
padding-left: 40px;
}
}
.main .page-header {
margin-top: 0;
}
/*
* Placeholder dashboard ideas
*/
.placeholders {
margin-bottom: 30px;
text-align: center;
}
.placeholders h4 {
margin-bottom: 0;
}
.placeholder {
margin-bottom: 20px;
}
.placeholder img {
display: inline-block;
border-radius: 50%;
}
</style>
</head>
<body>
<div class="navbar navbar-inverse navbar-fixed-top" role="navigation">
<div class="container-fluid">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="#">Webgoat 6.0</a>
</div>
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav navbar-right">
<li><a href="#">Settings</a></li>
<li><a href="#">Profile</a></li>
<li><a href="#">Help</a></li>
<li><a href="j_spring_security_logout">Logout</a></li>
</ul>
<!--
<form class="navbar-form navbar-right">
<input type="text" class="form-control" placeholder="Search...">
</form>
-->
</div>
</div>
</div>
<div class="container-fluid">
<div class="row">
<div class="col-sm-3 col-md-2 sidebar">
<ul class="nav nav-sidebar">
<li>This should be built from service</li>
<li class="active"><a href="#">General</a></li>
<li><a href="attack?Screen=4&amp;menu=100" target="lesson" class="menu-link">HTTP Basics</a></li>
<li><a href="attack?Screen=58&menu=100" class="menu-link">HTTP Splitting</a></li>
</ul>
<ul class="nav nav-sidebar">
<li><a href="">Nav item</a></li>
<li><a href="">Nav item again</a></li>
<li><a href="">One more nav</a></li>
<li><a href="">Another nav item</a></li>
<li><a href="">More navigation</a></li>
</ul>
<ul class="nav nav-sidebar">
<li><a href="">Nav item again</a></li>
<li><a href="">One more nav</a></li>
<li><a href="">Another nav item</a></li>
</ul>
</div>
<div class="col-sm-9 col-sm-offset-3 col-md-10 col-md-offset-2 main">
<h1 class="page-header">Lesson Content</h1>
<div class="" id="lesson_content">
Lesson content goes here
</div>
</div>
</div>
</div>
<!-- Bootstrap core JavaScript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js"></script>
<script src="http://malsup.github.com/jquery.form.js"></script>
<script>
$(document).ready(function() {
// bind to click events on menu links
$('.menu-link').bind('click', function(event) {
event.preventDefault();
$.get(this.href, {}, function(reply) {
$("#lesson_content").html(reply);
}, "html");
});
// make all forms ajax forms
var options = {
target: '#lesson_content', // target element(s) to be updated with server response
beforeSubmit: showRequest, // pre-submit callback, comment out after debugging
success: showResponse // post-submit callback, comment out after debugging
// other available options:
//url: url // override for form's 'action' attribute
//type: type // 'get' or 'post', override for form's 'method' attribute
//dataType: null // 'xml', 'script', or 'json' (expected server response type)
//clearForm: true // clear all form fields after successful submit
//resetForm: true // reset the form after successful submit
// $.ajax options can be used here too, for example:
//timeout: 3000
};
// pre-submit callback
function showRequest(formData, jqForm, options) {
// formData is an array; here we use $.param to convert it to a string to display it
// but the form plugin does this for you automatically when it submits the data
var queryString = $.param(formData);
// jqForm is a jQuery object encapsulating the form element. To access the
// DOM element for the form do this:
// var formElement = jqForm[0];
alert('About to submit: \n\n' + queryString);
// here we could return false to prevent the form from being submitted;
// returning anything other than false will allow the form submit to continue
return true;
}
// post-submit callback
function showResponse(responseText, statusText, xhr, $form) {
// for normal html responses, the first argument to the success callback
// is the XMLHttpRequest object's responseText property
// if the ajaxForm method was passed an Options Object with the dataType
// property set to 'xml' then the first argument to the success callback
// is the XMLHttpRequest object's responseXML property
// if the ajaxForm method was passed an Options Object with the dataType
// property set to 'json' then the first argument to the success callback
// is the json data object returned by the server
alert('status: ' + statusText + '\n\nresponseText: \n' + responseText +
'\n\nThe output div should have already been updated with the responseText.');
}
// bind form using 'ajaxForm'
$("form[name='form']").ajaxForm(options);
});
</script>
</body>
</html>

2
webapp/WEB-INF/pages/welcome.jsp
View File

@ -109,7 +109,7 @@
<tr>
<td colspan="2">
<div align="center" class="style2">
<form id="form" name="form" method="post" action="attack"><input
<form id="form" name="form" method="get" action="start.mvc"><input
type="submit" name="start" value="Start WebGoat" /></form>
</div>
</td>

58
webapp/lesson_content.jsp Normal file
View File

@ -0,0 +1,58 @@
<%@ page contentType="text/html; charset=ISO-8859-1" language="java"
import="org.owasp.webgoat.session.*, org.owasp.webgoat.lessons.Category, org.owasp.webgoat.lessons.AbstractLesson, org.owasp.webgoat.util.*, java.util.*"
errorPage="" %>
<%
Course course = ((Course) session.getAttribute("course"));
WebSession webSession = ((WebSession) session.getAttribute("websession"));
AbstractLesson currentLesson = webSession.getCurrentLesson();
%>
<!-- HTML fragment correpsonding to the lesson content -->
<%@page import="org.owasp.webgoat.lessons.RandomLessonAdapter"%>
<!--
<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
<link rel="stylesheet" href="css/lesson.css" type="text/css" />
<link rel="stylesheet" href="css/menu.css" type="text/css" />
<link rel="stylesheet" href="css/layers.css" type="text/css" />
<script language="JavaScript1.2" src="javascript/javascript.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/menu_system.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/lessonNav.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/makeWindow.js" type="text/javascript"></script>
<script language="JavaScript1.2" src="javascript/toggle.js" type="text/javascript"></script>
-->
<div id="lessonContent">
<%
AbstractLesson lesson = webSession.getCurrentLesson();
if (lesson instanceof RandomLessonAdapter) {
RandomLessonAdapter rla = (RandomLessonAdapter) lesson;
%>
<div class="info">Stage <%= rla.getLessonTracker(webSession).getStageNumber(rla.getStage(webSession)) + 1%></div>
<%
}
%>
<%=webSession.getInstructions()%></div>
<div id="message" class="info"><%=webSession.getMessage()%></div>
<%
if (currentLesson.getTemplatePage(webSession) != null) {
//System.out.println("Main.jsp - current lesson: " + currentLesson.getName() );
//System.out.println(" - template Page: " + currentLesson.getTemplatePage(webSession));
%>
<jsp:include page="<%=currentLesson.getTemplatePage(webSession)%>" />
<%
} else {
%>
<div id="lessonContent"><%=currentLesson.getContent()%></div>
<%
}
%>