Initial commit of new spring-MVC/spring security/tiles-based functionality
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@484 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
phillip.seay@gmail.com
@ -561,6 +561,20 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
|
||||
// Solutions are html files
|
||||
return src;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* <p>Returns the default "path" portion of a lesson's URL.</p>
|
||||
*
|
||||
* <p>Legacy webgoat lesson links are of the form "attack?Screen=Xmenu=Ystage=Z".
|
||||
* This method returns the path portion of the url, i.e., "attack" in the string above.</p>
|
||||
*
|
||||
* <p>Newer, Spring-Controller-based classes will override this method
|
||||
* to return "*.do"-styled paths.</p>
|
||||
*/
|
||||
protected String getPath() {
|
||||
return "attack";
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the link that can be used to request this screen.
|
||||
@ -571,7 +585,8 @@ public abstract class AbstractLesson extends Screen implements Comparable<Object
|
||||
{
|
||||
StringBuffer link = new StringBuffer();
|
||||
|
||||
link.append("attack?");
|
||||
// mvc update:
|
||||
link.append(getPath()).append("?");
|
||||
link.append(WebSession.SCREEN);
|
||||
link.append("=");
|
||||
link.append(getScreenId());
|
||||
|
||||
@ -0,0 +1,107 @@
|
||||
package org.owasp.webgoat.lessons;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.owasp.webgoat.lessons.model.HttpBasicsModel;
|
||||
import org.owasp.webgoat.session.WebSession;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.ui.ModelMap;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* Handles the "HTTP Basics" lesson. Contains all
|
||||
* mapping methods for that lesson as well as all helper methods
|
||||
* used by those mappers.
|
||||
* </p>
|
||||
*
|
||||
*/
|
||||
@Controller
|
||||
public class HttpBasicsController extends LessonAdapter {
|
||||
|
||||
protected static Logger logger = Logger.getLogger("controller");
|
||||
|
||||
// [url] path used by this lesson
|
||||
private final String PAGE_PATH = "httpBasics.do";
|
||||
|
||||
// The (apache) tile used by this lesson, as specified in tiles-definitions.xml
|
||||
private String TILE_NAME = "http-basics";
|
||||
|
||||
// ID attribute associated with the JSP's form.
|
||||
private String FORM_NAME = "command";
|
||||
|
||||
|
||||
/**
|
||||
* @see {@link org.owasp.webgoat.lessons.AbstractLesson#getPath()}
|
||||
* @see {@link org.owasp.webgoat.lessons.AbstractLesson#getLink()}
|
||||
*/
|
||||
protected String getPath() {
|
||||
return PAGE_PATH;
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles GET requests for this lesson.
|
||||
* @return
|
||||
*/
|
||||
@RequestMapping(value = PAGE_PATH, method = RequestMethod.GET)
|
||||
public ModelAndView displayPage() {
|
||||
return new ModelAndView(TILE_NAME, FORM_NAME, new HttpBasicsModel());
|
||||
}
|
||||
|
||||
/**
|
||||
* Handles POST requests for this lesson. Takes the user's name and displays
|
||||
* a reversed copy of it.
|
||||
*
|
||||
* @param httpBasicsModel
|
||||
* @param model
|
||||
* @return
|
||||
*/
|
||||
@RequestMapping(value = PAGE_PATH, method = RequestMethod.POST)
|
||||
public ModelAndView processSubmit(
|
||||
@ModelAttribute("")HttpBasicsModel httpBasicsModel, ModelMap model) {
|
||||
|
||||
StringBuffer personName = new StringBuffer(httpBasicsModel.getPersonName());
|
||||
httpBasicsModel.setPersonName(personName.reverse().toString());
|
||||
|
||||
return new ModelAndView(TILE_NAME, FORM_NAME, httpBasicsModel);
|
||||
}
|
||||
|
||||
|
||||
public Category getCategory()
|
||||
{
|
||||
return Category.GENERAL;
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the hints attribute of the HelloScreen object
|
||||
*
|
||||
* @return The hints value
|
||||
*/
|
||||
public List<String> getHints(WebSession s)
|
||||
{
|
||||
List<String> hints = new ArrayList<String>();
|
||||
hints.add("Type in your name and press 'go'");
|
||||
hints.add("Turn on Show Parameters or other features");
|
||||
hints.add("Try to intercept the request with WebScarab");
|
||||
hints.add("Press the Show Lesson Plan button to view a lesson summary");
|
||||
hints.add("Press the Show Solution button to view a lesson solution");
|
||||
|
||||
return hints;
|
||||
}
|
||||
|
||||
protected String getInstructions()
|
||||
{
|
||||
return null;
|
||||
}
|
||||
|
||||
public String getTitle()
|
||||
{
|
||||
// TODO: GET RID OF THE "(Spring MVC)" BELOW LATER!!!!"
|
||||
return "HTTP Basics (Spring MVC)";
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,21 @@
|
||||
package org.owasp.webgoat.lessons.model;
|
||||
|
||||
/**
|
||||
* Model component for the Http Basics lesson. Using a model
|
||||
* for that simple lesson is architectural overkill. We do it anyway
|
||||
* for illustrative purposes - to demonstrate the pattern that we will
|
||||
* use for more complex lessons.
|
||||
*
|
||||
*/
|
||||
public class HttpBasicsModel {
|
||||
|
||||
private String personName;
|
||||
|
||||
public String getPersonName() {
|
||||
return personName;
|
||||
}
|
||||
|
||||
public void setPersonName(String personName) {
|
||||
this.personName = personName;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user