diff --git a/docker-compose.yml b/docker-compose.yml
index 6062d3379..9b0769407 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,34 +1,15 @@
version: '2.0'
services:
- mongo:
- image: mongo:latest
- expose:
- - "27017"
- volumes:
- - './mongo-data:/data/db'
webgoat:
build: webgoat-server/
command: "sh /home/webgoat/start.sh"
ports:
- "8080:8080"
- depends_on:
- [mongo, activemq]
- environment:
- WG_MONGO_PORT: 27017
- WG_MONGO_HOST: mongo
- WG_MQ_HOST: activemq
- WG_MQ_PORT: 61616
- WG_INTERNAL_MONGO: "false"
webwolf:
build: webwolf/
command: "sh /home/webwolf/start.sh"
depends_on:
- webgoat
ports:
- - "8081:8081"
- environment:
- WG_MONGO_PORT: 27017
- WG_MONGO_HOST: mongo
- WG_MQ_HOST: activemq
- WG_MQ_PORT: 61616
\ No newline at end of file
+ - "8081:8081"
\ No newline at end of file
diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
index 7dc333c30..d9682cb57 100644
--- a/webgoat-container/pom.xml
+++ b/webgoat-container/pom.xml
@@ -36,16 +36,6 @@
-
-
-
- de.flapdoodle.embed
- de.flapdoodle.embed.mongo
- 2.0.0
-
-
-
-
@@ -127,7 +117,7 @@
org.springframework.boot
- spring-boot-starter-data-mongodb
+ spring-boot-starter-data-jpa
org.apache.commons
@@ -202,12 +192,6 @@
${junit.version}
jar
-
- com.github.fakemongo
- fongo
- 2.1.0
- test
-
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java b/webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java
index d0667fd9f..2048dbbd7 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/CleanupLocalProgressFiles.java
@@ -23,11 +23,5 @@ public class CleanupLocalProgressFiles {
@PostConstruct
public void clean() {
- File dir = new File(webgoatHome);
- //do it safe, check whether the subdir mongodb is available as subdirectory
- File[] mongoDir = dir.listFiles(f -> f.isDirectory() && f.getName().contains("mongodb"));
- if (mongoDir != null && mongoDir.length == 1) {
- FileSystemUtils.deleteRecursively(dir);
- }
}
}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
index bbd993c77..41758c742 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/lessons/Assignment.java
@@ -2,6 +2,10 @@ package org.owasp.webgoat.lessons;
import lombok.*;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.OneToMany;
+import javax.persistence.Transient;
import java.util.List;
/**
@@ -38,11 +42,14 @@ import java.util.List;
@NoArgsConstructor
@Getter
@EqualsAndHashCode
+@Entity
public class Assignment {
@NonNull
+ @Id
private String name;
@NonNull
private String path;
+ @Transient
private List hints;
}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
index bff30316e..d8a7d4a75 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/LessonTracker.java
@@ -7,6 +7,7 @@ import lombok.Getter;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Assignment;
+import javax.persistence.*;
import java.util.List;
import java.util.Map;
import java.util.Optional;
@@ -44,16 +45,20 @@ import java.util.stream.Collectors;
* @version $Id: $Id
* @since October 29, 2003
*/
+@Entity
public class LessonTracker {
@Getter
+ @Id
private String lessonName;
+ @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
private final Set solvedAssignments = Sets.newHashSet();
+ @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
private final List allAssignments = Lists.newArrayList();
@Getter
private int numberOfAttempts = 0;
- protected LessonTracker() {
- //Mongo
+ private LessonTracker() {
+ //JPA
}
public LessonTracker(AbstractLesson lesson) {
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java
index b836d5bfa..920109876 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserRepository.java
@@ -1,6 +1,6 @@
package org.owasp.webgoat.users;
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
import java.util.List;
@@ -8,7 +8,7 @@ import java.util.List;
* @author nbaars
* @since 3/19/17.
*/
-public interface UserRepository extends MongoRepository {
+public interface UserRepository extends JpaRepository {
WebGoatUser findByUsername(String username);
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
index c139d2571..645b46258 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTracker.java
@@ -5,8 +5,8 @@ import com.google.common.collect.Lists;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.lessons.Assignment;
-import org.springframework.data.annotation.Id;
+import javax.persistence.*;
import java.util.List;
import java.util.Map;
import java.util.Optional;
@@ -44,12 +44,16 @@ import java.util.stream.Collectors;
* @since October 29, 2003
*/
@Slf4j
+@Entity
public class UserTracker {
@Id
- private final String user;
+ private String user;
+ @OneToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
private List lessonTrackers = Lists.newArrayList();
+ private UserTracker() {}
+
public UserTracker(final String user) {
this.user = user;
}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java
index f915154cb..a322f9d8a 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserTrackerRepository.java
@@ -1,12 +1,12 @@
package org.owasp.webgoat.users;
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
/**
* @author nbaars
* @since 4/30/17.
*/
-public interface UserTrackerRepository extends MongoRepository {
+public interface UserTrackerRepository extends JpaRepository {
}
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java
index b6e9fc776..23fcae34d 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/WebGoatUser.java
@@ -1,13 +1,14 @@
package org.owasp.webgoat.users;
import lombok.Getter;
-import org.springframework.data.annotation.Id;
-import org.springframework.data.annotation.Transient;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Transient;
import java.util.Collection;
import java.util.Collections;
@@ -16,6 +17,7 @@ import java.util.Collections;
* @since 3/19/17.
*/
@Getter
+@Entity
public class WebGoatUser implements UserDetails {
public static final String ROLE_USER = "WEBGOAT_USER";
diff --git a/webgoat-container/src/main/resources/application.properties b/webgoat-container/src/main/resources/application.properties
index a92f16480..83de9b5d7 100644
--- a/webgoat-container/src/main/resources/application.properties
+++ b/webgoat-container/src/main/resources/application.properties
@@ -4,6 +4,9 @@ server.session.timeout=600
server.contextPath=/WebGoat
server.port=8080
+spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webgoat
+spring.jpa.hibernate.ddl-auto=update
+
logging.level.org.springframework=WARN
logging.level.org.springframework.boot.devtools=WARN
@@ -28,7 +31,6 @@ webgoat.feedback.address.html=webgoat@owasp.org
webgoat.database.driver=org.hsqldb.jdbcDriver
webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
webgoat.default.language=en
-webgoat.embedded.mongo=${WG_INTERNAL_MONGO:true}
webwolf.host=${WEBWOLF_HOST:localhost}
webwolf.port=${WEBWOLF_PORT:8081}
@@ -39,10 +41,5 @@ webwolf.url.mail=http://${webwolf.host}:${webwolf.port}/mail
spring.jackson.serialization.indent_output=true
spring.jackson.serialization.write-dates-as-timestamps=false
-spring.data.mongodb.host=${WG_MONGO_HOST:localhost}
-spring.data.mongodb.port=${WG_MONGO_PORT:27017}
-spring.data.mongodb.database=webgoat
-spring.mongodb.embedded.storage.databaseDir=${webgoat.user.directory}/mongodb/
-
#For static file refresh ... and faster dev :D
spring.devtools.restart.additional-paths=webgoat-container/src/main/resources/static/js,webgoat-container/src/main/resources/static/css
diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/plugins/TestConfig.java b/webgoat-container/src/test/java/org/owasp/webgoat/plugins/TestConfig.java
deleted file mode 100644
index 5946104b4..000000000
--- a/webgoat-container/src/test/java/org/owasp/webgoat/plugins/TestConfig.java
+++ /dev/null
@@ -1,23 +0,0 @@
-package org.owasp.webgoat.plugins;
-
-import com.github.fakemongo.Fongo;
-import com.mongodb.MongoClient;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.data.mongodb.config.AbstractMongoConfiguration;
-
-/**
- * Using Fongo for embedded in memory MongoDB testing
- */
-@Configuration
-public class TestConfig extends AbstractMongoConfiguration {
-
- @Override
- protected String getDatabaseName() {
- return "test";
- }
-
- @Override
- public MongoClient mongo() throws Exception {
- return new Fongo(getDatabaseName()).getMongo();
- }
-}
\ No newline at end of file
diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserRepositoryTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserRepositoryTest.java
new file mode 100644
index 000000000..67b4d9bcf
--- /dev/null
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserRepositoryTest.java
@@ -0,0 +1,29 @@
+package org.owasp.webgoat.users;
+
+import org.assertj.core.api.Assertions;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@DataJpaTest
+@RunWith(SpringRunner.class)
+public class UserRepositoryTest {
+
+ @Autowired
+ private UserRepository userRepository;
+
+ @Test
+ public void userShouldBeSaved() {
+ WebGoatUser user = new WebGoatUser("test", "password");
+ userRepository.saveAndFlush(user);
+
+ user = userRepository.findByUsername("test");
+
+ Assertions.assertThat(user.getUsername()).isEqualTo("test");
+ Assertions.assertThat(user.getPassword()).isEqualTo("password");
+ }
+
+
+}
\ No newline at end of file
diff --git a/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java
new file mode 100644
index 000000000..5c8092c13
--- /dev/null
+++ b/webgoat-container/src/test/java/org/owasp/webgoat/users/UserTrackerRepositoryTest.java
@@ -0,0 +1,101 @@
+package org.owasp.webgoat.users;
+
+import org.assertj.core.api.Assertions;
+import org.assertj.core.util.Lists;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.owasp.webgoat.lessons.Assignment;
+import org.owasp.webgoat.lessons.Category;
+import org.owasp.webgoat.lessons.NewLesson;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.test.context.junit4.SpringRunner;
+
+import java.util.List;
+
+@DataJpaTest
+@RunWith(SpringRunner.class)
+public class UserTrackerRepositoryTest {
+
+ private class TestLesson extends NewLesson {
+
+ @Override
+ public Category getDefaultCategory() {
+ return Category.AJAX_SECURITY;
+ }
+
+ @Override
+ public List getHints() {
+ return Lists.newArrayList();
+ }
+
+ @Override
+ public Integer getDefaultRanking() {
+ return 12;
+ }
+
+ @Override
+ public String getTitle() {
+ return "test";
+ }
+
+ @Override
+ public String getId() {
+ return "test";
+ }
+
+ @Override
+ public List getAssignments() {
+ Assignment assignment = new Assignment("test", "test", Lists.newArrayList());
+ return Lists.newArrayList(assignment);
+ }
+ }
+
+ @Autowired
+ private UserTrackerRepository userTrackerRepository;
+
+
+ @Test
+ public void saveUserTracker() {
+ UserTracker userTracker = new UserTracker("test");
+ LessonTracker lessonTracker = userTracker.getLessonTracker(new TestLesson());
+
+ userTrackerRepository.save(userTracker);
+
+ userTracker = userTrackerRepository.findOne("test");
+ Assertions.assertThat(userTracker.getLessonTracker("test")).isNotNull();
+ }
+
+ @Test
+ public void solvedAssignmentsShouldBeSaved() {
+ UserTracker userTracker = new UserTracker("test");
+ TestLesson lesson = new TestLesson();
+ userTracker.getLessonTracker(lesson);
+ userTracker.assignmentFailed(lesson);
+ userTracker.assignmentFailed(lesson);
+ userTracker.assignmentSolved(lesson, "test");
+
+ userTrackerRepository.saveAndFlush(userTracker);
+
+ userTracker = userTrackerRepository.findOne("test");
+ Assertions.assertThat(userTracker.numberOfAssignmentsSolved()).isEqualTo(1);
+ }
+
+ @Test
+ public void saveAndLoadShouldHaveCorrectNumberOfAttemtps() {
+ UserTracker userTracker = new UserTracker("test");
+ TestLesson lesson = new TestLesson();
+ userTracker.getLessonTracker(lesson);
+ userTracker.assignmentFailed(lesson);
+ userTracker.assignmentFailed(lesson);
+ userTrackerRepository.saveAndFlush(userTracker);
+
+ userTracker = userTrackerRepository.findOne("test");
+ userTracker.assignmentFailed(lesson);
+ userTracker.assignmentFailed(lesson);
+ userTrackerRepository.saveAndFlush(userTracker);
+
+ Assertions.assertThat(userTracker.getLessonTracker(lesson).getNumberOfAttempts()).isEqualTo(4);
+ }
+
+}
\ No newline at end of file
diff --git a/webgoat-container/src/test/resources/application-test.properties b/webgoat-container/src/test/resources/application-test.properties
index 3100e029a..a4e152215 100644
--- a/webgoat-container/src/test/resources/application-test.properties
+++ b/webgoat-container/src/test/resources/application-test.properties
@@ -1 +1,4 @@
-webgoat.user.directory=${java.io.tmpdir}
\ No newline at end of file
+webgoat.user.directory=${java.io.tmpdir}
+
+spring.datasource.url=jdbc:hsqldb:mem:test
+spring.jpa.hibernate.ddl-auto=create-drop
\ No newline at end of file
diff --git a/webgoat-lessons/pom.xml b/webgoat-lessons/pom.xml
index f1bfae148..5711263d3 100644
--- a/webgoat-lessons/pom.xml
+++ b/webgoat-lessons/pom.xml
@@ -43,34 +43,13 @@
${project.version}
provided
jar
-
-
-
- de.flapdoodle.embed
- de.flapdoodle.embed.mongo
-
-
-
-
-
-
-
org.owasp.webgoat
webgoat-container
${project.version}
tests
test
-
-
-
- de.flapdoodle.embed
- de.flapdoodle.embed.mongo
-
-
junit
@@ -96,12 +75,6 @@
4.1.3.RELEASE
test
-
- com.github.fakemongo
- fongo
- 2.1.0
- test
-
org.owasp.encoder
encoder
diff --git a/webgoat-server/Dockerfile b/webgoat-server/Dockerfile
index 96899b491..2f1b6f0fd 100644
--- a/webgoat-server/Dockerfile
+++ b/webgoat-server/Dockerfile
@@ -10,7 +10,5 @@ COPY start.sh /home/webgoat/start.sh
RUN chmod +x /home/webgoat/start.sh
USER webgoat
-RUN mkdir -p /home/webgoat/.embedmongo/linux
-RUN curl -o /home/webgoat/.embedmongo/linux/mongodb-linux-x86_64-3.2.2.tgz https://fastdl.mongodb.org/linux/mongodb-linux-x86_64-3.2.2.tgz
RUN cd /home/webgoat/; mkdir -p .webgoat
COPY target/webgoat-server-${webgoat_version}.jar /home/webgoat/webgoat.jar
diff --git a/webgoat-server/pom.xml b/webgoat-server/pom.xml
index c15069cff..6bec68abb 100644
--- a/webgoat-server/pom.xml
+++ b/webgoat-server/pom.xml
@@ -90,11 +90,6 @@
test
true
-
- de.flapdoodle.embed
- de.flapdoodle.embed.mongo
- 2.0.0
-
org.owasp.webgoat
webgoat-container
diff --git a/webgoat-server/src/main/java/org/owasp/webgoat/ExternalMongoConfiguration.java b/webgoat-server/src/main/java/org/owasp/webgoat/ExternalMongoConfiguration.java
deleted file mode 100644
index 64e36baa5..000000000
--- a/webgoat-server/src/main/java/org/owasp/webgoat/ExternalMongoConfiguration.java
+++ /dev/null
@@ -1,40 +0,0 @@
-package org.owasp.webgoat;
-
-import com.mongodb.MongoClient;
-import com.mongodb.MongoClientOptions;
-import de.flapdoodle.embed.mongo.MongodExecutable;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.autoconfigure.mongo.MongoProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.core.env.Environment;
-import org.springframework.data.mongodb.MongoDbFactory;
-import org.springframework.data.mongodb.core.SimpleMongoDbFactory;
-
-import java.io.IOException;
-
-/**
- * If we run
- */
-@Configuration
-@ConditionalOnProperty(value = "webgoat.embedded.mongo", havingValue = "false")
-public class ExternalMongoConfiguration {
-
- @Autowired
- private MongoProperties properties;
-
- @Autowired(required = false)
- private MongoClientOptions options;
-
- @Bean
- public MongodExecutable mongodExecutable() throws IOException {
- return null;
- }
-
- @Bean
- public MongoDbFactory mongoDbFactory(Environment env) throws Exception {
- MongoClient client = properties.createMongoClient(this.options, env);
- return new SimpleMongoDbFactory(client, properties.getDatabase());
- }
-}
diff --git a/webgoat.env b/webgoat.env
deleted file mode 100644
index 2f03f02e6..000000000
--- a/webgoat.env
+++ /dev/null
@@ -1,4 +0,0 @@
-WG_MONGO_PORT=27017
-WG_MONGO_HOST=mongo
-WG_MQ_HOST=activemq
-WG_MQ_PORT=61616
\ No newline at end of file