Skip to content

Commit

Permalink
Clean up and introduced Spring Dev tools to automatically reload clas…
Browse files Browse the repository at this point in the history 
…ses.
  • Loading branch information
@nbaars
nbaars committed Oct 30, 2016
1 parent b8992bd commit 89a717b
Show file tree
Hide file tree
Showing 17 changed files with 164 additions and 292 deletions.
9 changes: 9 additions & 0 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,6 +289,15 @@
</profile>
</profiles>

<dependencies>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.16.10</version>
<scope>provided</scope>
</dependency>
</dependencies>

<build>
<plugins>
<plugin>
Expand Down
44 changes: 12 additions & 32 deletions webgoat-container/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,30 +214,27 @@
<artifactId>jruby-complete</artifactId>
</dependency>
</requiresUnpack>
<fork>true</fork>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>springloaded</artifactId>
<version>1.2.0.RELEASE</version>
</dependency>
</dependencies>
<!--<dependencies>-->
<!--<dependency>-->
<!--<groupId>org.springframework</groupId>-->
<!--<artifactId>springloaded</artifactId>-->
<!--<version>1.2.5.RELEASE</version>-->
<!--</dependency>-->
<!--</dependencies>-->
</plugin>
</plugins>
</build>

<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand All @@ -246,26 +243,9 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-configuration-processor</artifactId>
<optional>true</optional>
</dependency>
<!--<dependency>-->
<!--<groupId>org.springframework.boot</groupId>-->
<!--<artifactId>spring-boot-devtools</artifactId>-->
<!--<optional>true</optional>-->
<!--</dependency>-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-loader</artifactId>
</dependency>

<dependency>
<groupId>com.fasterxml.jackson.dataformat</groupId>
<artifactId>jackson-dataformat-yaml</artifactId>
Expand Down
2 changes: 1 addition & 1 deletion webgoat-container/src/main/java/org/owasp/webgoat/MvcConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
import org.owasp.webgoat.session.WebSession;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.embedded.ServletRegistrationBean;
import org.springframework.boot.web.servlet.ServletRegistrationBean;
import org.springframework.context.ApplicationContext;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
Expand Down
28 changes: 6 additions & 22 deletions webgoat-container/src/main/java/org/owasp/webgoat/WebGoat.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,27 +32,22 @@

import org.owasp.webgoat.plugins.Plugin;
import org.owasp.webgoat.plugins.PluginClassLoader;
import org.owasp.webgoat.plugins.PluginEndpointPublisher;
import org.owasp.webgoat.plugins.PluginsLoader;
import org.owasp.webgoat.session.Course;
import org.owasp.webgoat.session.UserTracker;
import org.owasp.webgoat.session.WebSession;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.WebgoatProperties;
import org.springframework.beans.factory.annotation.Autowire;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.beans.factory.support.DefaultListableBeanFactory;
import org.springframework.beans.factory.support.RootBeanDefinition;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.boot.context.web.SpringBootServletInitializer;
import org.springframework.context.ApplicationContext;
import org.springframework.boot.web.support.SpringBootServletInitializer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.PropertySource;
import org.springframework.context.annotation.Scope;
import org.springframework.context.annotation.ScopedProxyMode;
import org.springframework.context.support.AbstractApplicationContext;

import javax.servlet.ServletContext;
import java.io.File;
Expand All @@ -79,7 +74,7 @@ public File pluginTargetDirectory() {
}

@Bean
public PluginClassLoader pluginClassLoader() {
public PluginClassLoader pluginClassLoader(@Qualifier("pluginTargetDirectory") File pluginTargetDirectory) {
return new PluginClassLoader(PluginClassLoader.class.getClassLoader());
}

Expand All @@ -96,25 +91,14 @@ public WebSession webSession(Course course, WebgoatContext webgoatContext, Servl

@Bean
public Course course(PluginsLoader pluginsLoader, WebgoatContext webgoatContext, ServletContext context, WebgoatProperties webgoatProperties,
ApplicationContext applicationContext) {
PluginEndpointPublisher pluginEndpointPublisher) {
Course course = new Course(webgoatProperties);
course.loadCourses(webgoatContext, context, "/");
List<Plugin> plugins = pluginsLoader.loadPlugins();
course.loadLessonFromPlugin(plugins);
plugins.forEach(p -> publishEndpointsWithSpring(p, (AbstractApplicationContext)applicationContext));
return course;
}
plugins.forEach(p -> pluginEndpointPublisher.publish(p));

private void publishEndpointsWithSpring(Plugin plugin, AbstractApplicationContext applicationContext) {
plugin.getLessonEndpoints().forEach(e -> {
try {
BeanDefinition beanDefinition = new RootBeanDefinition(e, Autowire.BY_TYPE.value(), true);
DefaultListableBeanFactory beanFactory = (DefaultListableBeanFactory) applicationContext.getBeanFactory();
beanFactory.registerBeanDefinition(beanDefinition.getBeanClassName(), beanDefinition);
} catch (Exception ex) {
logger.warn("Failed to register " + e.getSimpleName() + " as endpoint with Spring, skipping...");
}
});
return course;
}

@Bean
Expand Down
105 changes: 51 additions & 54 deletions webgoat-container/src/main/java/org/owasp/webgoat/plugins/LegacyLoader.java
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,9 @@
package org.owasp.webgoat.plugins;

import org.owasp.webgoat.session.WebgoatContext;
import lombok.extern.slf4j.Slf4j;
import org.owasp.webgoat.lessons.AbstractLesson;
import org.owasp.webgoat.session.WebgoatContext;
import org.owasp.webgoat.session.WebgoatProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.SimpleBeanDefinitionRegistry;
import org.springframework.context.annotation.ClassPathBeanDefinitionScanner;
Expand All @@ -21,39 +20,38 @@
import java.util.Set;

/**
*************************************************************************************************
*
*
* ************************************************************************************************
* <p>
* <p>
* This file is part of WebGoat, an Open Web Application Security Project utility. For details,
* please see http://www.owasp.org/
*
* <p>
* Copyright (c) 2002 - 20014 Bruce Mayhew
*
* <p>
* This program is free software; you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* <p>
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
* even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* <p>
* You should have received a copy of the GNU General Public License along with this program; if
* not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
* 02111-1307, USA.
*
* <p>
* Getting Source ==============
*
* <p>
* Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
* projects.
*
* @author Bruce Mayhew <a href="http://code.google.com/p/webgoat">WebGoat</a>
* @since October 28, 2003
* @version $Id: $Id
* @since October 28, 2003
*/
@Slf4j
public class LegacyLoader {

final Logger logger = LoggerFactory.getLogger(LegacyLoader.class);

private final List<String> files = new LinkedList<String>();

/**
Expand All @@ -64,7 +62,7 @@ public LegacyLoader() {

/**
* Take an absolute file and return the filename.
*
* <p>
* Ex. /etc/password becomes password
*
* @param s
Expand All @@ -86,7 +84,7 @@ private static String getFileName(String s) {

/**
* Take a class name and return the equivalent file name
*
* <p>
* Ex. org.owasp.webgoat becomes org/owasp/webgoat.java
*
* @param className
Expand Down Expand Up @@ -121,8 +119,8 @@ private static String getClassFile(String fileName, String path) {
}

// skip over plugins and/or extracted plugins
if ( fileName.indexOf("lessons/plugin") >= 0 || fileName.indexOf("plugin_extracted") >= 0) {
return null;
if (fileName.indexOf("lessons/plugin") >= 0 || fileName.indexOf("plugin_extracted") >= 0) {
return null;
}

// if the file is in /WEB-INF/classes strip the dir info off
Expand All @@ -140,20 +138,19 @@ private static String getClassFile(String fileName, String path) {
}



/**
* Load all of the filenames into a temporary cache
*
* @param context a {@link javax.servlet.ServletContext} object.
* @param path a {@link java.lang.String} object.
* @param path a {@link java.lang.String} object.
*/
public void loadFiles(ServletContext context, String path) {
logger.debug("Loading files into cache, path: " + path);
log.debug("Loading files into cache, path: " + path);
Resource resource = new ClassPathResource("/");
//resource.get
Set resourcePaths = null;
if (resourcePaths == null) {
logger.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
log.error("Unable to load file cache for courses, this is probably a bug or configuration issue");
return;
}
Iterator itr = resourcePaths.iterator();
Expand All @@ -165,20 +162,20 @@ public void loadFiles(ServletContext context, String path) {
loadFiles(context, file);
} else {
files.add(file);
}
}
}
}

/**
* Instantiate all the lesson objects into a cache
*
* @param path a {@link java.lang.String} object.
* @param context a {@link javax.servlet.ServletContext} object.
* @param path a {@link java.lang.String} object.
* @param context a {@link javax.servlet.ServletContext} object.
* @param webgoatContext a {@link org.owasp.webgoat.session.WebgoatContext} object.
* @param properties a {@link org.owasp.webgoat.session.WebgoatProperties} object.
* @param properties a {@link org.owasp.webgoat.session.WebgoatProperties} object.
* @return a {@link java.util.List} object.
*/
public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties ) {
public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletContext context, String path, WebgoatProperties properties) {
BeanDefinitionRegistry bdr = new SimpleBeanDefinitionRegistry();
ClassPathBeanDefinitionScanner s = new ClassPathBeanDefinitionScanner(bdr);

Expand All @@ -193,28 +190,28 @@ public List<AbstractLesson> loadLessons(WebgoatContext webgoatContext, ServletCo
for (String file : beanDefinitionNames) {
String className = bdr.getBeanDefinition(file).getBeanClassName();

try {
Class c = Class.forName(className);
Object o = c.newInstance();
try {
Class c = Class.forName(className);
Object o = c.newInstance();

if (o instanceof AbstractLesson) {
AbstractLesson lesson = (AbstractLesson) o;
lesson.setWebgoatContext(webgoatContext);
if (o instanceof AbstractLesson) {
AbstractLesson lesson = (AbstractLesson) o;
lesson.setWebgoatContext(webgoatContext);

lesson.update(properties);
lesson.update(properties);

if (lesson.getHidden() == false) {
lessons.add(lesson);
}
if (lesson.getHidden() == false) {
lessons.add(lesson);
}
} catch (Exception e) {
// Bruce says:
// I don't think we want to log the exception here. We could
// be potentially showing a lot of exceptions that don't matter.
// We would only care if the lesson extended AbstractLesson and we
// can't tell that because it threw the exception. Catch 22
// logger.error("Error in loadLessons: ", e);
}
} catch (Exception e) {
// Bruce says:
// I don't think we want to log the exception here. We could
// be potentially showing a lot of exceptions that don't matter.
// We would only care if the lesson extended AbstractLesson and we
// can't tell that because it threw the exception. Catch 22
// logger.error("Error in loadLessons: ", e);
}
}
loadResources(lessons);
return lessons;
Expand All @@ -233,36 +230,36 @@ private String getLanguageFromFileName(String first, String absoluteFile) {
*
* @param lessons a {@link java.util.List} object.
*/
public void loadResources(List<AbstractLesson> lessons ) {
public void loadResources(List<AbstractLesson> lessons) {
for (AbstractLesson lesson : lessons) {
logger.info("Loading resources for lesson -> " + lesson.getName());
log.info("Loading resources for lesson -> " + lesson.getName());
String className = lesson.getClass().getName();
String classFile = getSourceFile(className);
logger.info("Lesson classname: " + className);
logger.info("Lesson java file: " + classFile);
log.info("Lesson classname: " + className);
log.info("Lesson java file: " + classFile);

for (String absoluteFile : files) {
String fileName = getFileName(absoluteFile);
//logger.debug("Course: looking at file: " + absoluteFile);

if (absoluteFile.endsWith(classFile)) {
logger.info("Set source file for " + classFile);
log.info("Set source file for " + classFile);
lesson.setSourceFileName(absoluteFile);
}

if (absoluteFile.startsWith("/lesson_plans") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) {
logger.info("setting lesson plan file " + absoluteFile + " for lesson "
log.info("setting lesson plan file " + absoluteFile + " for lesson "
+ lesson.getClass().getName());
logger.info("fileName: " + fileName + " == className: " + className);
log.info("fileName: " + fileName + " == className: " + className);
String language = getLanguageFromFileName("/lesson_plans", absoluteFile);
lesson.setLessonPlanFileName(language, absoluteFile);
}
if (absoluteFile.startsWith("/lesson_solutions") && absoluteFile.endsWith(".html")
&& className.endsWith(fileName)) {
logger.info("setting lesson solution file " + absoluteFile + " for lesson "
log.info("setting lesson solution file " + absoluteFile + " for lesson "
+ lesson.getClass().getName());
logger.info("fileName: " + fileName + " == className: " + className);
log.info("fileName: " + fileName + " == className: " + className);
lesson.setLessonSolutionFileName(absoluteFile);
}
}
Expand Down
Loading

0 comments on commit 89a717b

Please sign in to comment.