From c350e8677282c94ac2f78cb4427c025aa70d34d2 Mon Sep 17 00:00:00 2001
From: Nanne Baars <nbaars@xebia.com>
Date: Wed, 29 Jun 2016 12:08:13 +0200
Subject: [PATCH] YML config should override lesson class

---
 .../main/java/org/owasp/webgoat/controller/StartLesson.java  | 5 ++---
 .../src/main/java/org/owasp/webgoat/plugins/Plugin.java      | 5 ++---
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java b/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
index 6a0e72569..2a5ed9bae 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/controller/StartLesson.java
@@ -80,7 +80,7 @@ public class StartLesson {
     public ModelAndView lessonPage(HttpServletRequest request) {
         // I will set here the thymeleaf fragment location based on the resource requested.
         ModelAndView model = new ModelAndView();
-        SecurityContext context = SecurityContextHolder.getContext();
+        SecurityContext context = SecurityContextHolder.getContext(); //TODO this should work with the security roles of Spring
         GrantedAuthority authority = context.getAuthentication().getAuthorities().iterator().next();
         String path = request.getServletPath(); // we now got /a/b/c/AccessControlMatrix.lesson
         String lessonName = path.substring(path.lastIndexOf('/') + 1, path.indexOf(".lesson"));
@@ -88,8 +88,7 @@ public class StartLesson {
         List<AbstractLesson> lessons = ws.getCourse()
                 .getLessons(ws, AbstractLesson.USER_ROLE);//TODO this should work with the security roles of Spring
         Optional<AbstractLesson> lesson = lessons.stream()
-                .filter(l -> l instanceof YmlBasedLesson)
-                .filter(l -> ((YmlBasedLesson) l).getHtml().equals(lessonName))
+                .filter(l -> l.getHtml().equals(lessonName))
                 .findFirst();
         model.setViewName("lesson_content");
         model.addObject("lesson", lesson.get());
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
index f1074c72b..3a4f55b05 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
@@ -68,9 +68,7 @@ public class Plugin {
         }
 
         //New code all lessons should work as below
-        if (this.lesson == null) {
-            readYmlLessonConfiguration();
-        }
+        readYmlLessonConfiguration();
     }
 
     private void readYmlLessonConfiguration() {
@@ -87,6 +85,7 @@ public class Plugin {
                 final String title = (String) lessonYml.get("title");
                 final String html = (String) lessonYml.get("html");
                 this.ymlBasedLesson = new YmlBasedLesson(category, hints, title, html);
+                this.lesson = null;
             } catch (IOException e) {
                 throw new PluginLoadingFailure("Unable to read yml file", e);
             }