chore: fix startup message (#1687)

Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.
2023-12-04 07:59:29 +01:00 · 2023-12-04 07:59:29 +01:00 · c7c2a61f65
commit c7c2a61f65
parent b7f657ad2c
4 changed files with 24 additions and 68 deletions
--- a/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java
+++ b/src/main/java/org/owasp/webgoat/container/DatabaseConfiguration.java
@ -6,7 +6,6 @@ import javax.sql.DataSource;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.flywaydb.core.Flyway;
-import org.owasp.webgoat.container.lessons.LessonScanner;
 import org.owasp.webgoat.container.service.RestartLessonService;
 import org.springframework.boot.autoconfigure.jdbc.DataSourceProperties;
 import org.springframework.context.annotation.Bean;
@ -20,7 +19,6 @@ import org.springframework.jdbc.datasource.DriverManagerDataSource;
 public class DatabaseConfiguration {

  private final DataSourceProperties properties;
-  private final LessonScanner lessonScanner;

  @Bean
  @Primary
--- a/src/main/java/org/owasp/webgoat/server/StartWebGoat.java
+++ b/src/main/java/org/owasp/webgoat/server/StartWebGoat.java
@ -25,24 +25,36 @@

 package org.owasp.webgoat.server;

+import lombok.extern.slf4j.Slf4j;
 import org.owasp.webgoat.container.WebGoat;
 import org.owasp.webgoat.webwolf.WebWolf;
 import org.springframework.boot.Banner;
 import org.springframework.boot.WebApplicationType;
 import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.context.ApplicationContext;

+@Slf4j
 public class StartWebGoat {

  public static void main(String[] args) {
-    new SpringApplicationBuilder()
-        .parent(ParentConfig.class)
-        .web(WebApplicationType.NONE)
-        .bannerMode(Banner.Mode.OFF)
-        .child(WebGoat.class)
-        .web(WebApplicationType.SERVLET)
-        .sibling(WebWolf.class)
-        .bannerMode(Banner.Mode.OFF)
-        .web(WebApplicationType.SERVLET)
-        .run(args);
+    var parentBuilder =
+        new SpringApplicationBuilder()
+            .parent(ParentConfig.class)
+            .web(WebApplicationType.NONE)
+            .bannerMode(Banner.Mode.OFF);
+    parentBuilder.child(WebWolf.class).web(WebApplicationType.SERVLET).run(args);
+    ApplicationContext webGoatContext =
+        parentBuilder.child(WebGoat.class).web(WebApplicationType.SERVLET).run(args);
+
+    printStartUpMessage(webGoatContext);
+  }
+
+  private static void printStartUpMessage(ApplicationContext webGoatContext) {
+    var url = webGoatContext.getEnvironment().getProperty("webgoat.url");
+    var sslEnabled =
+        webGoatContext.getEnvironment().getProperty("server.ssl.enabled", Boolean.class);
+    log.warn(
+        "Please browse to " + "{} to start using WebGoat...",
+        sslEnabled ? url.replace("http", "https") : url);
  }
 }
--- a/src/main/java/org/owasp/webgoat/server/StartupMessage.java
+++ b/src/main/java/org/owasp/webgoat/server/StartupMessage.java
@ -1,55 +0,0 @@
-package org.owasp.webgoat.server;
-
-import lombok.NoArgsConstructor;
-import lombok.extern.slf4j.Slf4j;
-import org.springframework.boot.context.event.ApplicationReadyEvent;
-import org.springframework.context.event.ContextStoppedEvent;
-import org.springframework.context.event.EventListener;
-import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
-
-@Component
-@Slf4j
-@NoArgsConstructor
-public class StartupMessage {
-
-  private String port;
-  private String address;
-  private String contextPath;
-
-  private String applicationName;
-
-  private static boolean useSSL =
-      Boolean.valueOf(System.getenv().getOrDefault("WEBGOAT_SSLENABLED", "true"));
-
-  @EventListener
-  void onStartup(ApplicationReadyEvent event) {
-
-    port = event.getApplicationContext().getEnvironment().getProperty("server.port");
-    address = event.getApplicationContext().getEnvironment().getProperty("server.address");
-    contextPath =
-        event.getApplicationContext().getEnvironment().getProperty("server.servlet.context-path");
-    applicationName =
-        event.getApplicationContext().getEnvironment().getProperty("spring.application.name");
-    if (StringUtils.hasText(applicationName)) {
-      if (applicationName.equals("WebGoat")) {
-        log.warn(
-            "Please browse to "
-                + (useSSL ? "https://" : "http://")
-                + "{}:{}{} to start using WebGoat...",
-            event.getApplicationContext().getEnvironment().getProperty("webgoat.host"),
-            port,
-            contextPath);
-      } else {
-        log.warn(
-            "Please browse to http://{}:{}{} to start using WebWolf...",
-            event.getApplicationContext().getEnvironment().getProperty("webwolf.host"),
-            port,
-            contextPath);
-      }
-    }
-  }
-
-  @EventListener
-  void onShutdown(ContextStoppedEvent event) {}
-}
--- a/src/main/resources/application-webgoat.properties
+++ b/src/main/resources/application-webgoat.properties
@ -3,7 +3,7 @@ server.error.path=/error.html
 server.servlet.context-path=${WEBGOAT_CONTEXT:/WebGoat}
 server.servlet.session.persistent=false
 server.port=${WEBGOAT_PORT:8080}
-server.address=0.0.0.0
+server.address=${WEBGOAT_HOST:127.0.0.1}
 webgoat.host=${WEBGOAT_HOST:127.0.0.1}
 webgoat.port=${WEBGOAT_PORT:8080}
 webgoat.context=${WEBGOAT_CONTEXT:/WebGoat}
@ -43,6 +43,7 @@ webgoat.feedback.address=webgoat@owasp.org
 webgoat.feedback.address.html=<A HREF=mailto:webgoat@owasp.org>webgoat@owasp.org</A>
 webgoat.database.connection.string=jdbc:hsqldb:mem:{USER}
 webgoat.default.language=en
+webgoat.url=http://${server.address}:${server.port}${server.servlet.context-path}

 webwolf.host=${WEBWOLF_HOST:127.0.0.1}
 webwolf.port=${WEBWOLF_PORT:9090}