diff --git a/README.MD b/README.MD
index 55cccd8dc..f992a45d8 100644
--- a/README.MD
+++ b/README.MD
@@ -175,3 +175,23 @@ show an extra set of links below the cookie overview.
To be able to see which labels are loaded through a property file, open up the developer tools avalailable from the info menu
After the reload is complete, all labels which are loaded from a property file will be __marked green__.
+
+
+## Docker support
+
+WebGoat now has Docker support you can build a container with the following commands:
+
+```Shell
+cd WebGoat
+mvn -pl webgoat-container package docker:build
+```
+
+With the following command you are able to run the Docker container on your local machine:
+
+```Shell
+docker run -p 8080:8080 -t webgoat/webgoat-container
+docker ps
+```
+
+With the last command you are able to determine ip address to connect to.
+At the moment the Docker image is not distributed to a Docker registry.
\ No newline at end of file
diff --git a/webgoat-container/pom.xml b/webgoat-container/pom.xml
index 0f22cbf4a..d37c2cba7 100644
--- a/webgoat-container/pom.xml
+++ b/webgoat-container/pom.xml
@@ -113,6 +113,22 @@
+
+ com.spotify
+ docker-maven-plugin
+ 0.4.10
+
+ webgoat/${project.artifactId}
+ src/main/docker
+
+
+ /
+ ${project.build.directory}
+ ${project.build.finalName}.war
+
+
+
+
org.apache.maven.plugins
maven-jar-plugin
@@ -182,21 +198,23 @@
org.springframework.boot
spring-boot-maven-plugin
-
-
-
- repackage
-
-
-
-
- org.thymeleaf.extra
- thymeleaf-extras-springsecurity4
-
-
-
-
-
+
+
+
+
+ org.thymeleaf.extra
+ thymeleaf-extras-springsecurity4
+
+
+ org.asciidoctor
+ asciidoctorj
+
+
+ org.jruby
+ jruby-complete
+
+
+
@@ -233,6 +251,10 @@
org.springframework.boot
spring-boot-loader
+
+ com.fasterxml.jackson.dataformat
+ jackson-dataformat-yaml
+
org.asciidoctor
asciidoctorj
@@ -318,7 +340,11 @@
guava
${guava.version}
-
+
+ com.spotify
+ docker-maven-plugin
+ 0.4.10
+
diff --git a/webgoat-container/src/main/docker/Dockerfile b/webgoat-container/src/main/docker/Dockerfile
new file mode 100644
index 000000000..d9198d7db
--- /dev/null
+++ b/webgoat-container/src/main/docker/Dockerfile
@@ -0,0 +1,5 @@
+FROM frolvlad/alpine-oraclejdk8:slim
+VOLUME /tmp
+ADD webgoat-container-7.1-SNAPSHOT.war webgoat.jar
+RUN sh -c 'touch /webgoat.jar'
+ENTRYPOINT ["java","-Djava.security.egd=file:/dev/./urandom","-jar","/webgoat.jar"]
\ No newline at end of file
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java
new file mode 100644
index 000000000..5aeb1fe39
--- /dev/null
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/LessonDescription.java
@@ -0,0 +1,55 @@
+/**
+ * ************************************************************************************************
+ * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+ * please see http://www.owasp.org/
+ *
+ * Copyright (c) 2002 - 20014 Bruce Mayhew
+ *
+ * This program is free software; you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software Foundation; either version 2 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+ * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along with this program; if
+ * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+ * 02111-1307, USA.
+ *
+ * Getting Source ==============
+ *
+ * Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+ * projects.
+ *
+ *
+ * @author WebGoat
+ * @version $Id: $Id
+ * @since May 15, 2016
+ */
+package org.owasp.webgoat.plugins;
+
+
+import java.util.List;
+
+public class LessonDescription {
+
+ private String name;
+ private String title;
+ private String category;
+ private int ranking;
+ private List hints;
+}
+
+
+/**
+ lesson:
+ name: Access Control Matrix
+ title: Using an Access Control Matrix
+ category: ACCESS_CONTROL
+ ranking: 10
+ hints:
+ - Many sites attempt to restrict access to resources by role.
+ - Developers frequently make mistakes implementing this scheme.
+ - Attempt combinations of users, roles, and resources.
+ */
\ No newline at end of file
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
index 3880d05df..82608ea22 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/Plugin.java
@@ -3,12 +3,10 @@ package org.owasp.webgoat.plugins;
import com.google.common.base.Optional;
import com.google.common.collect.Lists;
import org.owasp.webgoat.lessons.AbstractLesson;
-import org.owasp.webgoat.lessons.LessonEndpointMapping;
import org.springframework.util.StringUtils;
import java.io.File;
import java.io.IOException;
-import java.lang.annotation.Annotation;
import java.nio.file.Path;
import java.util.Arrays;
import java.util.HashMap;
@@ -36,7 +34,6 @@ public class Plugin {
private Map lessonPlansLanguageFiles = new HashMap<>();
private List pluginFiles = Lists.newArrayList();
private File lessonSourceFile;
- private List lessonEndpoints = Lists.newArrayList();
public Plugin(PluginClassLoader classLoader) {
this.classLoader = classLoader;
@@ -50,22 +47,6 @@ public class Plugin {
public void findLesson(List classes) {
for (String clazzName : classes) {
findLesson(clazzName);
- findLessonEndpoints(clazzName);
- }
- }
-
- private void findLessonEndpoints(String name) {
- String realClassName = StringUtils.trimLeadingCharacter(name, '/').replaceAll("/", ".").replaceAll(".class", "");
- try {
- Class endpointClass = classLoader.loadClass(realClassName);
- Annotation annotation = endpointClass.getAnnotation(LessonEndpointMapping.class);
- if (annotation != null ) {
- this.lessonEndpoints.add(endpointClass);
- }
-
- } catch (ClassNotFoundException e) {
- e.printStackTrace();
- //ignore
}
}
@@ -104,10 +85,6 @@ public class Plugin {
}
}
- public List getLessonEndpoints() {
- return lessonEndpoints;
- }
-
/**
* rewritePaths.
*
diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
index 6e9f854f0..1600f559a 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/plugins/PluginsLoader.java
@@ -27,8 +27,8 @@ import java.util.concurrent.CompletionService;
import java.util.concurrent.ExecutorCompletionService;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
-import java.util.jar.JarFile;
import java.util.zip.ZipEntry;
+import java.util.zip.ZipFile;
/**
* PluginsLoader class.
@@ -58,11 +58,11 @@ public class PluginsLoader {
public List loadPlugins() {
List plugins = Lists.newArrayList();
try {
- File jarFile = new File(this.getClass().getProtectionDomain().getCodeSource().getLocation().getFile());
- if (jarFile.isDirectory()) {
- extractToTempDirectoryFromExplodedDirectory(jarFile);
+ URL location = this.getClass().getProtectionDomain().getCodeSource().getLocation();
+ if (ResourceUtils.isFileURL(location)) {
+ extractToTempDirectoryFromExplodedDirectory(ResourceUtils.getFile(location));
} else {
- extractToTempDirectoryFromJarFile(jarFile);
+ extractToTempDirectoryFromJarFile(ResourceUtils.getFile(ResourceUtils.extractJarFileURL(location)));
}
List jars = listJars();
plugins = processPlugins(jars);
@@ -73,7 +73,7 @@ public class PluginsLoader {
}
private void extractToTempDirectoryFromJarFile(File jarFile) throws IOException {
- JarFile jar = new JarFile(jarFile);
+ ZipFile jar = new ZipFile(jarFile);
Enumeration entries = jar.entries();
while (entries.hasMoreElements()) {
ZipEntry zipEntry = entries.nextElement();
@@ -83,7 +83,7 @@ public class PluginsLoader {
}
}
- private void unpack(JarFile jar, ZipEntry zipEntry) throws IOException {
+ private void unpack(ZipFile jar, ZipEntry zipEntry) throws IOException {
try (InputStream inputStream = jar.getInputStream(zipEntry)) {
String name = zipEntry.getName();
if (name.lastIndexOf("/") != -1) {