When a call directly hits a file it is now show up in the requests overview. This helps the user whether an attack from WebGoat actually requested the uploaded file.
Closes: gh-1551
Since we use two application context, the event listener would print out the last one with the WebWolf context. As WebWolf is part of WebGoat we should not refer to it anymore during startup as users should always go to WebGoat first.
* fix:update state of software supply chain links
* fix:fix second link
* fix:links formatting
---------
Co-authored-by: maurycupitt <maury@cupitt.com>
* organizing environment variables
* Update application-webgoat.properties
* Update pom.xml
* test without ssl
* fix docker base image and default env entries
* seperate server.address from webgoat.host and webwolf.host
* change base image and enable endpoint logging for docker as well
* change README
* change README
* make integration test able to verify against alternative host names
* use dynamic ports and remove system println
* better check on host and port for password reset and make context roots more flexible
* spotless applied
* removed hardcoded /WebGoat from js
* removed hardcoded /WebGoat from js
* fix spotless
* fix scoreboard
* upgrade WebWolf bootstrap version and icons and templates - part 1
* fixed more bootstrap 5 style issues and context path issues
* organized WebSecurityConfig based on latest conventions and added basic support for oauth (more work needed)
* spotless applied
* added mock bean
* requires updates to properties - commented for now
* requires updates to properties - commented for now
* oauth secrets through env values
* user creation after oauth login
* integration test against non default context paths
* adjusted StartupMessage
* add global model element username
* conditionally show login oauth links
* fixed WebWolf login
---------
Co-authored-by: René Zubcevic <rene@Mac-mini-van-Rene.local>
One can solve this lesson by using `alg:none` instead of using the refresh token flow. Instead of adding a check to force using the refresh token we opt for giving the user extra feedback.
