Oracle requires us to close our connections after each
request (or else implement a connection pool), otherwise
we will end up running out of available connections.
While the mechanism for doing this was added in a previous
change, actually using it correctly was omitted somehow.
Fix that now.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@233 4033779f-a91e-0410-96ef-6bf7bf53c507
Previously we would just get a connection to the same database, regardless
of the user specified in the connect string. Trying to create
HSQLDB users did not seem to work. Non-ADMIN users don't have
CREATE TABLE privileges, it seems, and I couldn't find docs that
describe how to GRANT CREATE TABLE privileges. Go figure.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@192 4033779f-a91e-0410-96ef-6bf7bf53c507
This creates the infrastructure to allow WebGoat to create per-user
databases, so that any modifications made by one user do not affect
other users. Some lessons may have made provision for this internally
(e.g. CrossSiteScripting lesson), but this simplifies things generally.
This also switches the default database from Access on windows, and
Enhydra on Unix/other platforms to using HSQLDB, in an "in-memory"
configuration. We may get performance problems from having too many
instances of the database in memory at once at sites that have 10's
of users banging on a central WebGoat. Only time will tell.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@190 4033779f-a91e-0410-96ef-6bf7bf53c507
Rather than constructing URL's manually all the time, rather
make use of existing mechanisms to create the URL, and use
it consistently.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@184 4033779f-a91e-0410-96ef-6bf7bf53c507
Initially, this is only available when in debug mode
i.e. add &debug=true to the URL or set the flag in web.xml
git-svn-id: http://webgoat.googlecode.com/svn/trunk@146 4033779f-a91e-0410-96ef-6bf7bf53c507
Now webgoatContext should effectively be a singleton, shared across
all WebSession instances. WebSession now initialises from WebgoatContext.
WebSession methods that refer to static "site wide" properties are deeted
and references to them updated to point to WebgoatContext
git-svn-id: http://webgoat.googlecode.com/svn/trunk@141 4033779f-a91e-0410-96ef-6bf7bf53c507
Remove the hack to support Web services lessons that do not have a WebSession
Now that they have their own reference to WebgoatContext, they do not need one
git-svn-id: http://webgoat.googlecode.com/svn/trunk@140 4033779f-a91e-0410-96ef-6bf7bf53c507
Shared fields like the database connection details will be
stored in a new class WebgoatContext.
For the moment, we create this object anew each time, but
we will eventually create it once, and pass it to the
constructor of WebSession, to provide initial values for
each user.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@137 4033779f-a91e-0410-96ef-6bf7bf53c507
Modified License text and format to reflect GPL license.
Reformatted most of the code.
git-svn-id: http://webgoat.googlecode.com/svn/trunk@60 4033779f-a91e-0410-96ef-6bf7bf53c507
