From eb18b67160b0a30ff397959342d5b817b6b176dd Mon Sep 17 00:00:00 2001
From: Dave <dave.cowden@gmail.com>
Date: Sat, 23 Aug 2014 13:23:58 -0400
Subject: [PATCH] modified instructions for new self-exec jar file. removed old
 ant build file

---
 README.txt | 185 ++++++++-------------------------
 build.xml  | 292 -----------------------------------------------------
 2 files changed, 42 insertions(+), 435 deletions(-)
 delete mode 100644 build.xml

diff --git a/README.txt b/README.txt
index 9a8f9fa7a..443b635ba 100644
--- a/README.txt
+++ b/README.txt
@@ -1,6 +1,6 @@
 **********
-**********          WebGoat 5.4
-**********          April/27/2012
+**********          WebGoat 6.0
+**********          August 23, 2014
 **********
 **
 **  Home Page:    http://code.google.com/p/webgoat
@@ -36,27 +36,43 @@ doing security research will not work as that is the first thing
 that all hackers claim.
 
 You can find more information about WebGoat at:
-http://code.google.com/p/webgoat
-
+https://github.com/WebGoat/
 
 ----------------------------------------------------------------------------------------
-Prerequisites for Developers (Skip to Option 3 for unzip and click to run configruation) 
+Easy Run Instructions ( For non-developers )
 ----------------------------------------------------------------------------------------
+Follow these instructions if you simply wish to run WebGoat
 
-These tools must be installed independent of the webgoat download.
-- Java 1.6
-    Java can ne downloaded at http://java.sun.com/javase/downloads/index.jsp
-	You only need to download and install the "Java SE Development Kit (JDK)"
-- Maven > 2.0.9
-	Maven can be downloaded at: http://maven.apache.org/
-	In Ubuntu it can be installed with:
-	> apt-get install maven2
-- WebGoat source code
-    WebGoat source code can be downloaded at: 
-          http://code.google.com/p/webgoat/source/checkout
-    Use an svn client (ex: Tortoise svn) to checkout the code in the trunk.
-    
+    Prerequisites:  Java VM >= 1.6 installed ( JDK 1.7 recommended)
+    Download the executable jar file to any location of your choice from:
+        http://github.com/path/to/download/WebGoat-6.0-exec-war.jar
 
+    Run it using java:
+        java -jar WebGoat-6.0-exec-war.jar
+
+    Then navigate in your browser to:
+    http://localhost:8080/WebGoat
+
+    If you would like to change the port or other options, use:
+    java -jar WebGoat-6.0-exec-war.jar --help
+
+----------------------------------------------------------------------------------------
+For Developers 
+----------------------------------------------------------------------------------------
+Follow These instructions if you wish to run Webgoat and modify the source code as well.
+
+    Prerequisites:
+        * Java >= 1.6 ( JDK 1.7 recommended )
+        * Maven > 2.0.9
+        *Your favorite IDE, with Maven awareness: Netbeans/IntelliJ/Eclipse with m2e installed
+        * Git, or Git support in your IDE
+        
+        WebGoat source code
+            WebGoat source code can be downloaded at: 
+                  https://github.com/WebGoat/WebGoat
+
+        If you are setting up an IDE, Netbeans 8.0 contains the Maven and Git support you need:
+            https://netbeans.org/downloads/
 	
 ---------------------------------
 Building the project (Developers)
@@ -65,132 +81,15 @@ Building the project (Developers)
 Using a command shell/window:
 
 > cd webgoat
-> mvn compile
+> mvn clean package
 
-copy it to the local repository
-> mvn install
+After opening the project in Netbeans or Eclipse, you can easily run the project using maven:
 
-delete artifacts from previous build:
-> mvn clean
+> mvn tomcat:run-war
 
+Maven will run the project in an embedded tomcat.
 
------------------------------------------------
-Building the Eclipse project files (Developers)
------------------------------------------------
-
-> mvn eclipse:clean
-> mvn eclipse:eclipse
-
-Afterward the project can be imported within Eclipse:
-File -> Import -> General -> Existing Projects into Workspace
-and select the webgoat directory as the "root directory." A webgoat should appear in the Projects section of your dialogue window.
-
-Don't forget to declare a classpath variable named M2_REPO, pointing to ~/.m2/repository, otherwise many links to existing jars will be broken.
-This folder is located in your username root folder, the same folder where "my documents" and "my pictures" are located.
-You can declare new variables in Eclipse in Windows -> Preferences... and selecting Java -> Build Path -> Classpath Variables
-
-
--------------------------------------------------------------------
-Option 1: (Developers) Run the project on Tomcat within Eclipse
--------------------------------------------------------------------
-
-Install a local Tomcat server (We use Tomcat 7)
-1. Download and unzip Apache Tomcat from http://tomcat.apache.org. 
-2. Adapt the conf/tomcat-users.xml file of your Tomcat server:
-<?xml version="1.0" encoding="UTF-8"?>
-    <tomcat-users>
-      <role rolename="webgoat_basic"/>
-      <role rolename="webgoat_admin"/>
-      <role rolename="webgoat_user"/>
-      <role rolename="tomcat"/>
-      <user password="webgoat" roles="webgoat_admin" username="webgoat"/>
-      <user password="basic" roles="webgoat_user,webgoat_basic" username="basic"/>
-      <user password="tomcat" roles="tomcat" username="tomcat"/>
-      <user password="guest" roles="webgoat_user" username="guest"/>
-    </tomcat-users>
-3. Open Eclipse (WTP version) -> File -> New -> Other -> Server -> Apache
-4. Choose your Tomcat version
--> Click next "browse" to your tomcat install.
--> Make sure the "JRE" dropdown is pointing to your jdk. If it isn't listed, press
-"Installed JREs" and add it.
--> Click next and add "webgoat" to the list of configured applications
--> Finish
-
-
-3. Right Click on the webgoat project within eclipse -> Run As -> Run on server 
-
-Point your browser to http://localhost:8080/webgoat/attack
-** Note - When running in eclipse, the default url will be lowercase "webgoat"
-
-
------------------------------------------------------------
-Option 2: (Developers) Run the project on Tomcat with Maven
------------------------------------------------------------
-
-1. mvn tomcat:run-war
-2. http://localhost:8080/WebGoat/attack
-
-
-------------------------------------------------------------------
-Option 3: Run from the WebGoat 5.X Standard distribution (Windows)
-------------------------------------------------------------------
-
-1. Download the WebGoat-5.X-OWASP_Standard_Win32.zip file from:
-        - http://code.google.com/p/webgoat/downloads/list
-2. Unzip the file
-3. Double click webgoat.bat
-4. Browse to http://localhost/WebGoat/attack
-
-** Note: if you receive a bind address error use:
-
-3. Double click webgoat8080.bat
-4. Browse to http://localhost:8080/WebGoat/attack
-
-
-------------------------------------------------------------------
-Option 4: Run from the WebGoat 5.X Standard distribution (Ubuntu)
-------------------------------------------------------------------
-
-1. Download the WebGoat-5.X-OWASP_Standard_Ubuntu32.zip file from:
-        - http://code.google.com/p/webgoat/downloads/list
-2. Unzip the file
-3. run sudu ./webgoat.sh start80
-4. Browse to http://localhost/WebGoat/attack
-
-** Note: if you receive a bind address or privilege error:
-
-3. run ./webgoat.sh start8080
-4. Browse to http://localhost:8080/WebGoat/attack
-
-shutdown the server with:
-./webgoat.sh stop
-
-------------------------------------------------------------------
-Option 5: Using the  WebgGoat-5.X.war
-------------------------------------------------------------------
-
-Windows:
-
-1. Download and install Java 1.6 and Tomcat 7 if needed
-2. Download the WebgGoat-5.X.war and README-5.X file from:
-    - http://code.google.com/p/webgoat/downloads/list
-3. Rename WebgGoat-5.X.war to WebgGoat.war
-4. Copy WebGoat.war to <tomcat>/webapps/WebGoat.war
-5. Modify the <tomcat>/conf/tomcat-users.xml to add in WebGoat users and roles
-    - see the FAQ for directions 
-6. Start the tomcat server (default is usually port 8080)
-7. Browse to http://localhost:8080/WebGoat/attack
-
-Ubuntu:
-
-1. Install Java 1.6 and Tomcat 7 if needed
-    - Install java using: sudo apt-get install openjdk-7-jre
-    - Download Tomcat 7 from http://tomcat.apache.org/download-70.cgi (core tar.gz)
-2. Download the WebgGoat-5.X.war and README-5.X file from:
-    - http://code.google.com/p/webgoat/downloads/list
-3. Rename WebgGoat-5.X.war to WebgGoat.war
-4. Copy WebGoat.war to <tomcat>/webapps/WebGoat.war
-5. Modify the <tomcat>/conf/tomcat-users.xml to add in WebGoat users and roles
-    - see the FAQ for directions 
-6. Start the tomcat server (default is usually port 8080)
-7. Browse to http://localhost:8080/WebGoat/attack
\ No newline at end of file
+the package phase also builds an executable jar file. You can run it using:
+cd target
+java -jar WebGoat-6.0-exec-war.jar
+http://localhost:8080/WebGoat
diff --git a/build.xml b/build.xml
deleted file mode 100644
index 278dfbb5c..000000000
--- a/build.xml
+++ /dev/null
@@ -1,292 +0,0 @@
-<!-- A "project" describes a set of targets that may be requested
-     when Ant is executed.  The "default" attribute defines the
-     target which is executed if no specific target is requested,
-     and the "basedir" attribute defines the current working directory
-     from which Ant executes the requested task.  This is normally
-     set to the current working directory.
--->
-
-<project name="WebGoat" xmlns:artifact="antlib:org.apache.maven.artifact.ant" default="Build_ALL_OWASP_Releases" basedir=".">
-
-<!-- ===================== Property Definitions =========================== -->
-
-<!--
-  Each of the following properties are used in the build script.
-  Values for these properties are set by the first place they are
-  defined, from the following list:
-
-  * Definitions on the "ant" command line (ant -Dfoo=bar compile).
-  * Definitions from a "build.properties" file in the top level
-    source directory of this application.
-  * Definitions from a "build.properties" file in the developer's
-    home directory.
-  * Default definitions in this build.xml file.
-  You will note below that property values can be composed based on the
-  contents of previously defined properties.  This is a powerful technique
-  that helps you minimize the number of changes required when your development
-  environment is modified.  Note that property composition is allowed within
-  "build.properties" files as well as in the "build.xml" script.
--->
-
-  <property file="build.properties"/>
-  <property file="${user.home}/build.properties"/>
-
-<!-- ==================== File and Directory Names ======================== -->
-
-<!--
-  These properties generally define file and directory names (or paths) that
-  affect where the build process stores its outputs.
-
-  build.home           The directory into which the "prepare" and
-                       "compile" targets will generate their output.
-                       Defaults to "build".
-
-  catalina.home        The directory in which you have installed
-                       a binary distribution of Tomcat 4.  This will
-                       be used by the "deploy" target.
-
-  dist.home            The name of the base directory in which
-                       distribution files are created.
-                       Defaults to "dist".
-
-  install.home         The absolute path of the directory into which
-			     the installer will copy its files.  The Eclipse
-			     project is bound to this path.
--->
-
-  	<property name="app.home"    		   value="${basedir}"/>
-  	<property name="app.name"    		   value="WebGoat"/>	<!-- MUST BE CONSISTENT WITH src/main/build.xml! -->
-  	<property name="app.version"    		   value="5.4"/>		<!-- MUST BE CONSISTENT WITH src/main/build.xml! -->
-  	<property name="dist.home"     		   value="${app.home}/dist"/>
-  	<property name="dist.owasp"     		   value="${app.home}/owasp_distributions"/>
-  	<property name="install.home"     	   value="WebGoat-${app.version}"/>
-  	<property name="maven.war"     	   value="${basedir}/target/WebGoat-6.0-SNAPSHOT.war"/> <!-- UPDATE THIS! -->
-	<property name="maven.target"     	   value="${basedir}/target/WebGoat-6.0-SNAPSHOT"/> <!-- UPDATE THIS! -->
-	<property name="maven.home"     	   value="C:/Program Files (x86)/apache/apache-maven-3.0.3"/> <!-- UPDATE THIS! -->
-	 <property name="java32.home"     	   value="C:/Program Files (x86)/Java/jre7"/> <!-- UPDATE THIS! -->
-	 <property name="java32.ubuntu.home"     	   value="C:/RTC/WebGoat/ubuntu_openjava_6_32"/> <!-- UPDATE THIS! -->
-	 <property name="java64.home"     	   value="C:/Program Files/Java/jdk1.6.0_26"/> <!-- UPDATE THIS! -->
-	 <property name="tomcat32.home"     	   value="C:/RTC/WebGoat/apache-tomcat-7.0.27-x86/"/> <!-- UPDATE THIS! -->
-	 <property name="tomcat64.home"     	   value="C:/RTC/WebGoat/apache-tomcat-7.0.27"/> <!-- UPDATE THIS! -->
-	 <property name="tomcat32.ubuntu.home"     	   value="C:/RTC/WebGoat/ubuntu_tomcat_7_32"/> <!-- UPDATE THIS! -->
-
-	
-<!-- ==================== Clean Target ==================================== -->
-
-<!--
-  The "clean" target deletes any previous "build" and "dist" directory,
-  so that you can be ensured the application can be built from scratch.
--->
-
-  <target name="cleanwin32"
-   description="Delete old build and dist directories">
- 	<delete dir="${dist.home}"/>
-	<delete dir="${tomcat32.home}/logs"/>
-	<delete dir="${tomcat32.home}/work/Catalina/localhost"/>
- 	<delete dir="${tomcat32.home}/webapps/${app.name}"/>
-	<delete file="${tomcat32.home}/webapps/${app.name}.war"/>
-	<delete dir="${tomcat32.home}/server/webapps/${app.name}"/>
-    <mkdir dir="${dist.home}"/>
- 	<mkdir dir="${tomcat32.home}/logs"/>
- </target>
-	  <target name="cleanwin64"
-	   description="Delete old build and dist directories">
-	 	<delete dir="${dist.home}"/>
-		<delete dir="${tomcat64.home}/logs"/>
-		<delete dir="${tomcat64.home}/work/Catalina/localhost"/>
-	 	<delete dir="${tomcat64.home}/webapps/${app.name}"/>
-		<delete file="${tomcat64.home}/webapps/${app.name}.war"/>
-		<delete dir="${tomcat64.home}/server/webapps/${app.name}"/>
-	    <mkdir dir="${dist.home}"/>
-	 	<mkdir dir="${tomcat64.home}/logs"/>
-	 </target>
-	  <target name="cleanubuntu32"
-	   description="Delete old build and dist directories">
-	 	<delete dir="${dist.home}"/>
-		<delete dir="${tomcat32.ubuntu.home}/logs"/>
-		<delete dir="${tomcat32.ubuntu.home}/work/Catalina/localhost"/>
-	 	<delete dir="${tomcat32.ubuntu.home}/webapps/${app.name}"/>
-		<delete file="${tomcat32.ubuntu.home}/webapps/${app.name}.war"/>
-		<delete dir="${tomcat32.ubuntu.home}/server/webapps/${app.name}"/>
-	    <mkdir dir="${dist.home}"/>
-	 	<mkdir dir="${tomcat32.ubuntu.home}/logs"/>
-	 </target>
-
-  <target name="clean_dist"
-   description="Delete old build, dist directories and zips">
- 	<delete dir="${dist.home}"/>
- 	<delete dir="${dist.owasp}"/>
- 	<mkdir dir="${dist.home}"/>
- 	<mkdir dir="${dist.owasp}"/>
-  </target>
-
-
-<!-- ==================== Dist Target ===================================== -->
-
-<!--
-  The "dist" target creates a binary distribution of your application
-  in a directory structure ready to be archived in a tar.gz or zip file.
-  Note that this target depends on two others:
-
-  * "compile" so that the entire web application (including external
-    dependencies) will have been assembled
--->
-
-	  <target name="DeployWarWin32" 
-	   	description="Copy existing war to Tomcat - Does not rebuild">
-
-	    <!-- Install war to Tomcat -->
-	    <delete dir="${tomcat32.home}/webapps/${app.name}"/>
-	    <delete file="${tomcat32.home}/webapps/${app.name}.war"/>
-	    <copy file="${maven.war}" tofile="${tomcat32.home}/webapps/${app.name}.war"/>
-		 
-	  </target> 
-	  <target name="DeployWarWin64" 
-	   	description="Copy existing war to Tomcat - Does not rebuild">
-
-	    <!-- Install war to Tomcat -->
-	    <delete dir="${tomcat64.home}/webapps/${app.name}"/>
-	    <delete file="${tomcat64.home}/webapps/${app.name}.war"/>
-	    <copy file="${maven.war}" tofile="${tomcat64.home}/webapps/${app.name}.war"/>
-		 
-	  </target> 
-	  <target name="DeployWarUbuntu32" 
-	   	description="Copy existing war to Tomcat - Does not rebuild">
-
-	    <!-- Install war to Tomcat -->
-	    <delete dir="${tomcat32.ubuntu.home}/webapps/${app.name}"/>
-	    <delete file="${tomcat32.ubuntu.home}/webapps/${app.name}.war"/>
-	    <copy file="${maven.war}" tofile="${tomcat32.ubuntu.home}/webapps/${app.name}.war"/>
-		 
-	  </target> 
-	
-
-	<!-- Build J2EE Lab Environment release -->
-	<target name="Build_DeveloperLab_Release_FIXME" depends="cleanwin32"
-			description="Builds J2EE Developer Course release">
-
-		<!-- Build the WebGoat WAR with the desired properties file -->
-		<ant dir="${app.home}" inheritAll="false">
-			<target name="WebGoatPropertiesOWASP"/>
-			<target name="BuildWar"/>
-		</ant>
-
-		<antcall target="DeployWar"> </antcall> 
-
-		<!-- Build the CD image -->
-		<zip destfile="${dist.home}/${ant.project.name}-DeveloperLab-${app.version}.zip">
-			<zipfileset dir="." prefix="${install.home}"
-				includes="eclipse/, java/, project/, FirefoxPortable/, Paros/, tomcat/, webscarab/, 
-				          Read*.txt, HOW*.txt, eclipse.bat, webgoat.bat, webgoat_8080.bat, webscarab.bat,
-						  Eclipse-Workspace.zip"
-				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
-		</zip>
-	</target> 	
-	
-	<target name="Build_Class_Release_FIXME" depends="cleanwin32"
-			description="Builds WebGoat Course release">
-
-		<!-- Build the WebGoat WAR with the desired properties file -->
-		<ant dir="${app.home}" inheritAll="false">
-			<target name="WebGoatPropertiesOWASP"/>
-			<target name="BuildWar"/>
-		</ant>
-
-		<antcall target="DeployWar"> </antcall> 
-
-		<!-- Build the CD image -->
-		<zip destfile="${dist.home}/${ant.project.name}-Class-${app.version}.zip">
-			<zipfileset dir="." prefix="${install.home}"
-				includes="java/, tomcat/, FirefoxPortable/, Paros/, webscarab/, webgoat.bat, webgoat_8080.bat, webscarab.bat"
-				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
-		</zip>
-	</target> 	
-
-	<!-- Build OWASP Developer Lab Environment release -->
-	<target name="Build_OWASP_DeveloperLab_release_FIXME" depends="cleanwin32"
-			description="Builds OWASP Developer release">
-		<!-- Build the WebGoat WAR with the desired properties file -->
-		<ant dir="${app.home}" inheritAll="false">
-			<target name="WebGoatPropertiesOWASP"/>
-			<target name="BuildWar"/>
-		</ant>
-		<antcall target="DeployWar"> </antcall> 
-		<!-- Build the CD image -->
-		<zip destfile="${dist.home}/${ant.project.name}-OWASP_Developer-${app.version}.zip">
-			<zipfileset dir="." prefix="${install.home}"
-				includes="eclipse/, java/, project/, tomcat/, 
-				          read*.txt, HOW*.txt, eclipse.bat, webgoat.bat, webgoat_8080.bat,
-						  Eclipse-Workspace.zip"
-				excludes="project/.*, project/.settings/**, project/dist/**, project/owasp_distributions/**, project/bin/**, project/build/**"/>
-		</zip>
-	</target> 	
-
-	<target name="Build_OWASP_Standard_Release_win32" depends="cleanwin32"
-			description="Builds WebGoat OWASP win32 release">
-		<antcall target="DeployWarWin32"> </antcall> 
-		<!-- Build the CD image -->
-		<zip destfile="${dist.home}/${ant.project.name}-${app.version}-OWASP_Standard_Win32.zip">
-			<zipfileset dir="." prefix="${install.home}"
-				includes=", READ*.txt, webgoat.*, webgoat_8080.*"
-				excludes=".*, .settings/**,dist/**, owasp_distributions/**, bin/**, build/**"/>
-			<zipfileset dir="${java32.home}" prefix="${install.home}/java"/>
-			<zipfileset dir="${tomcat32.home}" prefix="${install.home}/tomcat"/>
-		</zip>
-	</target> 	
-	
-	<target name="Build_OWASP_Standard_Release_win64" depends="cleanwin64"
-			description="Builds WebGoat OWASP win64 release">
-		<antcall target="DeployWarWin64"> </antcall> 
-		<!-- Build the CD image -->
-		<zip destfile="${dist.home}/${ant.project.name}-${app.version}-OWASP_Standard_Win64.zip">
-			<zipfileset dir="." prefix="${install.home}"
-				includes=", READ*.txt, webgoat.*, webgoat_8080.*"
-				excludes=".*, .settings/**,dist/**, owasp_distributions/**, bin/**, build/**"/>
-			<zipfileset dir="${java64.home}" prefix="${install.home}/java"/>
-			<zipfileset dir="${tomcat64.home}" prefix="${install.home}/tomcat"/>
-		</zip>
-	</target> 	
-
-	<target name="Build_OWASP_Standard_Release_ubuntu32" depends="cleanubuntu32"
-			description="Builds WebGoat OWASP ubuntu release">
-		<antcall target="DeployWarUbuntu32"> </antcall> 
-		<!-- Build the CD image -->
-		<zip destfile="${dist.home}/${ant.project.name}-${app.version}-OWASP_Standard_Ubuntu32.zip">
-			<zipfileset dir="." prefix="${install.home}"
-				includes=", READ*.txt, webgoat.*, webgoat_8080.*"
-				excludes=".*, .settings/**,dist/**, owasp_distributions/**, bin/**, build/**"/>
-			<zipfileset dir="${java32.ubuntu.home}" prefix="${install.home}/java"/>
-			<zipfileset dir="${tomcat32.ubuntu.home}" prefix="${install.home}/tomcat"/>
-		</zip>
-	</target> 	
-
-	<!--Build all OWASP release -->
-	<target name="Build_ALL_OWASP_Releases" depends="clean_dist"
-		   description="Creates all binary distributions for OWASP">
-		<copy file="${basedir}/readme.txt" tofile="${dist.owasp}/readme.txt"/>
-		<antcall target="Build_OWASP_Standard_Release_win32"> </antcall>
-		<copydir dest="${dist.owasp}" src="${dist.home}"/>
-		<antcall target="Build_OWASP_Standard_Release_win64"> </antcall> 
-		<copydir dest="${dist.owasp}" src="${dist.home}"/>
-		<antcall target="Build_OWASP_Standard_Release_ubuntu32"> </antcall> 
-		<copydir dest="${dist.owasp}" src="${dist.home}"/>
-	</target> 
-
-	
-<!-- ==================== Prepare Target ================================== -->
-
-<!--
-  The "prepare" target is used to create the "build" destination directory,
-  and copy the static contents of your web application to it.  If you need
-  to copy static files from external dependencies, you can customize the
-  contents of this task.
-
-  Normally, this task is executed indirectly when needed.
--->
-
-	<target name="prepare">
-	</target>
-	
-</project>
-
-