Allow WebGoat to create per-user databases
This creates the infrastructure to allow WebGoat to create per-user databases, so that any modifications made by one user do not affect other users. Some lessons may have made provision for this internally (e.g. CrossSiteScripting lesson), but this simplifies things generally. This also switches the default database from Access on windows, and Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory" configuration. We may get performance problems from having too many instances of the database in memory at once at sites that have 10's of users banging on a central WebGoat. Only time will tell. git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
rogan.dawes
@ -6,6 +6,9 @@ import java.sql.DriverManager;
|
||||
import java.sql.ResultSet;
|
||||
import java.sql.ResultSetMetaData;
|
||||
import java.sql.SQLException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.ecs.MultiPartElement;
|
||||
import org.apache.ecs.html.B;
|
||||
import org.apache.ecs.html.TD;
|
||||
@ -46,23 +49,50 @@ import org.apache.ecs.html.Table;
|
||||
public class DatabaseUtilities
|
||||
{
|
||||
|
||||
/**
|
||||
* Description of the Method
|
||||
*
|
||||
* @param s Description of the Parameter
|
||||
*
|
||||
* @return Description of the Return Value
|
||||
*
|
||||
* @exception ClassNotFoundException Description of the Exception
|
||||
* @exception SQLException Description of the Exception
|
||||
*/
|
||||
public static Connection makeConnection(WebSession s)
|
||||
throws ClassNotFoundException, SQLException
|
||||
{
|
||||
return makeConnection(s.getWebgoatContext());
|
||||
}
|
||||
|
||||
public static Connection makeConnection(WebgoatContext context)
|
||||
private static Map<String, Connection> connections = new HashMap<String, Connection>();
|
||||
private static Map<String, Boolean> dbBuilt = new HashMap<String, Boolean>();
|
||||
|
||||
public static Connection getConnection(WebSession s)
|
||||
throws ClassNotFoundException, SQLException
|
||||
{
|
||||
return getConnection(s.getUserName(), s.getWebgoatContext());
|
||||
}
|
||||
|
||||
public static Connection getConnection(String user, WebgoatContext context)
|
||||
throws ClassNotFoundException, SQLException
|
||||
{
|
||||
Connection conn = connections.get(user);
|
||||
if (conn != null && !conn.isClosed())
|
||||
return conn;
|
||||
conn = makeConnection(user, context);
|
||||
connections.put(user, conn);
|
||||
|
||||
if (dbBuilt.get(user) == null) {
|
||||
new CreateDB().makeDB(conn);
|
||||
dbBuilt.put(user, Boolean.TRUE);
|
||||
}
|
||||
|
||||
return conn;
|
||||
}
|
||||
|
||||
public static void returnConnection(String user)
|
||||
{
|
||||
try
|
||||
{
|
||||
Connection connection = connections.get(user);
|
||||
if (connection == null || connection.isClosed())
|
||||
return;
|
||||
|
||||
if (connection.getMetaData().getDatabaseProductName().toLowerCase().contains("oracle"))
|
||||
connection.close();
|
||||
}
|
||||
catch (SQLException sqle)
|
||||
{
|
||||
sqle.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
public static Connection makeConnection(String user, WebgoatContext context)
|
||||
throws ClassNotFoundException, SQLException
|
||||
{
|
||||
Class.forName(context.getDatabaseDriver());
|
||||
@ -71,9 +101,9 @@ public class DatabaseUtilities
|
||||
String conn = context.getDatabaseConnectionString();
|
||||
if (password == null || password.equals("")) {
|
||||
return (DriverManager.getConnection(conn));
|
||||
} else {
|
||||
String user = context.getDatabaseUser();
|
||||
return DriverManager.getConnection(conn, user, password);
|
||||
} else {
|
||||
String userPrefix = context.getDatabaseUser();
|
||||
return DriverManager.getConnection(conn, userPrefix + "_" + user, password);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@ -156,8 +156,6 @@ public class WebSession
|
||||
|
||||
private int previousScreen = ERROR;
|
||||
|
||||
private static Connection connection = null;
|
||||
|
||||
private int hintNum = -1;
|
||||
|
||||
private boolean isAdmin = false;
|
||||
@ -217,22 +215,13 @@ public class WebSession
|
||||
public static synchronized Connection getConnection(WebSession s)
|
||||
throws SQLException, ClassNotFoundException
|
||||
{
|
||||
if ( connection == null || connection.isClosed() )
|
||||
{
|
||||
connection = DatabaseUtilities.makeConnection( s );
|
||||
}
|
||||
|
||||
return connection;
|
||||
return DatabaseUtilities.getConnection(s);
|
||||
}
|
||||
|
||||
public static synchronized void closeConnection() throws SQLException
|
||||
{
|
||||
if (connection != null && !connection.isClosed()) {
|
||||
connection.close();
|
||||
connection = null;
|
||||
}
|
||||
public static void returnConnection(WebSession s) {
|
||||
DatabaseUtilities.returnConnection(s.getUserName());
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Description of the Method
|
||||
*
|
||||
|
||||
@ -1,7 +1,5 @@
|
||||
package org.owasp.webgoat.session;
|
||||
|
||||
import java.sql.Connection;
|
||||
|
||||
import javax.servlet.http.HttpServlet;
|
||||
|
||||
public class WebgoatContext {
|
||||
@ -32,8 +30,6 @@ public class WebgoatContext {
|
||||
|
||||
public final static String DEBUG = "debug";
|
||||
|
||||
private static boolean databaseBuilt = false;
|
||||
|
||||
private String databaseConnectionString;
|
||||
|
||||
private String realConnectionString = null;
|
||||
@ -84,18 +80,6 @@ public class WebgoatContext {
|
||||
isDebug = "true".equals( servlet.getInitParameter( DEBUG ) );
|
||||
servletName = servlet.getServletName();
|
||||
|
||||
// FIXME: need to solve concurrency problem here -- make tables for this user
|
||||
if ( !databaseBuilt ) {
|
||||
try {
|
||||
Connection conn = DatabaseUtilities.makeConnection(this);
|
||||
new CreateDB().makeDB(conn);
|
||||
conn.close();
|
||||
databaseBuilt = true;
|
||||
} catch (Exception e) {
|
||||
e.printStackTrace();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
Reference in New Issue
Block a user