org.owasp.webgoat.lessons

Class AbstractLesson

java.lang.Object

org.owasp.webgoat.session.Screen

org.owasp.webgoat.lessons.AbstractLesson

All Implemented Interfaces:

Comparable<Object>

Direct Known Subclasses:

LessonAdapter

public abstract class AbstractLesson
extends Screen
implements Comparable<Object>

************************************************************************************************

This file is part of WebGoat, an Open Web Application Security Project utility. For details, please see http://www.owasp.org/

Copyright (c) 2002 - 20014 Bruce Mayhew

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

Getting Source ==============

Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software projects.

Since:

October 28, 2003

Version:

$Id: $Id

Author:

Bruce Mayhew WebGoat

Field Summary

Fields

Modifier and Type	Field and Description
static String	ADMIN_ROLE Description of the Field
static String	CHALLENGE_ROLE Constant CHALLENGE_ROLE="challenge"
static String	HACKED_ADMIN_ROLE Description of the Field
static String	USER_ROLE Description of the Field

Fields inherited from class org.owasp.webgoat.session.Screen

MAIN_SIZE

Constructor Summary

Constructors

Constructor and Description
AbstractLesson() Constructor for the Lesson object

Method Summary

Modifier and Type	Method and Description
int	compareTo(Object obj)
boolean	equals(Object obj)
List<String>	getAvailableLanguages() Getter for the field availableLanguages.
Category	getCategory() Gets the category attribute of the Lesson object
abstract String	getCurrentAction(WebSession s) getCurrentAction.
protected abstract Category	getDefaultCategory() getDefaultCategory.
protected abstract boolean	getDefaultHidden() getDefaultHidden.
String	getDefaultLanguage() Getter for the field defaultLanguage.
protected abstract Integer	getDefaultRanking() getDefaultRanking.
static String	getFileMethod(BufferedReader reader, String methodName, boolean numbers) Gets the fileMethod attribute of the Lesson class
static String	getFileText(BufferedReader reader, boolean numbers) Gets the fileText attribute of the Screen class
String	getFormAction() getFormAction.
boolean	getHidden() Gets the hidden value of the Lesson Object
String	getHint(WebSession s, int hintNumber) Fill in a minor hint that will help people who basically get it, but are stuck on somthing silly.
int	getHintCount(WebSession s) Gets the hintCount attribute of the Lesson object
protected abstract List<String>	getHints(WebSession s) getHints.
List<String>	getHintsPublic(WebSession s) getHintsPublic.
String	getHtml_DELETE_ME(WebSession s) getHtml_DELETE_ME.
abstract String	getInstructions(WebSession s) Gets the instructions attribute of the AbstractLesson object
protected LabelManager	getLabelManager() Getter for the field labelManager.
String	getLessonName() Gets the lessonPlan attribute of the Lesson object
String	getLessonPlan(WebSession s) Gets the content of lessonPlanURL
String	getLessonPlanFileName(String lang) Getter for the field lessonPlanFileName.
String	getLessonSolutionFileName() Getter for the field lessonSolutionFileName.
String	getLink() Get the link that can be used to request this screen.
String	getName() getName.
String	getPage(WebSession s) Get the link to the jsp page used to render this screen.
protected String	getPath() Returns the default "path" portion of a lesson's URL.
Integer	getRanking() Gets the ranking attribute of the Lesson object
String	getRawSource(WebSession s) getRawSource.
String	getRole() Gets the role attribute of the AbstractLesson object
int	getScreenId() Gets the uniqueID attribute of the AbstractLesson object
String	getServletLink() Get the link to the target servlet.
String	getSolution(WebSession s) getSolution.
String	getSource(WebSession s) getSource.
String	getSourceFileName() Getter for the field sourceFileName.
abstract String	getSubmitMethod() getSubmitMethod
String	getTemplatePage(WebSession s) Get the link to the jsp template page used to render this screen.
abstract String	getTitle() Gets the title attribute of the HelloScreen object
int	getUserId(WebSession s) getUserId.
String	getUserName(WebSession s) getUserName.
WebgoatContext	getWebgoatContext() Getter for the field webgoatContext.
void	handleRequest(WebSession s) Description of the Method
boolean	isAuthorized(WebSession s, int employeeId, String functionId) Override this method to implement accesss control in a lesson.
boolean	isAuthorized(WebSession s, String role, String functionId) Override this method to implement accesss control in a lesson.
boolean	isCompleted(WebSession s) isCompleted.
boolean	isEnterprise() Will this screen be included in an enterprise edition.
static String	makeWindowScript(String windowName) Description of the Method
static String	readFromFile(BufferedReader reader, boolean numbers) Reads text from a file into an ElementContainer.
static org.apache.ecs.Element	readFromURL(String url) Simply reads a url into an Element for display.
static org.apache.ecs.Element	readMethodFromFile(BufferedReader reader, String methodName, boolean numbers) Description of the Method
abstract void	restartLesson() Initiates lesson restart functionality
abstract void	setCurrentAction(WebSession s, String lessonScreen) setCurrentAction.
void	setHidden(boolean hidden) Setter for the field hidden.
void	setLessonPlanFileName(String lang, String lessonPlanFileName) Setter for the field lessonPlanFileName.
void	setLessonSolutionFileName(String lessonSolutionFileName) Setter for the field lessonSolutionFileName.
void	setRanking(Integer ranking) Setter for the field ranking.
void	setSourceFileName(String sourceFileName) Setter for the field sourceFileName.
void	setWebgoatContext(WebgoatContext webgoatContext) Setter for the field webgoatContext.
String	toString() Description of the Method
void	update(WebgoatProperties properties) update.

Methods inherited from class org.owasp.webgoat.session.Screen

convertMetachars, convertMetacharsJavaCode, createContent, createLessonTracker, createLessonTracker, getContent, getContentLength, getLessonTracker, getLessonTracker, getLessonTracker, getSponsor, getSponsorLogoResource, makeLogo, makeMessages, output, pad, setContent

Methods inherited from class java.lang.Object

clone, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

ADMIN_ROLE

public static final String ADMIN_ROLE

Description of the Field

See Also:

Constant Field Values

CHALLENGE_ROLE

public static final String CHALLENGE_ROLE

Constant CHALLENGE_ROLE="challenge"

See Also:

Constant Field Values

HACKED_ADMIN_ROLE

public static final String HACKED_ADMIN_ROLE

Description of the Field

See Also:

Constant Field Values

USER_ROLE

public static final String USER_ROLE

Description of the Field

See Also:

Constant Field Values

Constructor Detail

AbstractLesson

public AbstractLesson()

Constructor for the Lesson object

Method Detail

getName

public String getName()

getName.

Returns:

a String object.

setRanking

public void setRanking(Integer ranking)

Setter for the field ranking.

Parameters:

ranking - a Integer object.

setHidden

public void setHidden(boolean hidden)

Setter for the field hidden.

Parameters:

hidden - a boolean.

update

public void update(WebgoatProperties properties)

update.

Parameters:

properties - a WebgoatProperties object.

isCompleted

public boolean isCompleted(WebSession s)

isCompleted.

Parameters:

s - a WebSession object.

Returns:

a boolean.

compareTo

public int compareTo(Object obj)

Description of the Method

Specified by:

compareTo in interface Comparable<Object>

equals

public boolean equals(Object obj)

Description of the Method

Overrides:

equals in class Object

getCategory

public Category getCategory()

Gets the category attribute of the Lesson object

Returns:

The category value

getDefaultRanking

protected abstract Integer getDefaultRanking()

getDefaultRanking.

Returns:

a Integer object.

getDefaultCategory

protected abstract Category getDefaultCategory()

getDefaultCategory.

Returns:

a Category object.

getDefaultHidden

protected abstract boolean getDefaultHidden()

getDefaultHidden.

Returns:

a boolean.

getSubmitMethod

public abstract String getSubmitMethod()

getSubmitMethod

Returns:

a String object.

getFileMethod

public static String getFileMethod(BufferedReader reader,
                                   String methodName,
                                   boolean numbers)

Gets the fileMethod attribute of the Lesson class

Parameters:

reader - Description of the Parameter

methodName - Description of the Parameter

numbers - Description of the Parameter

Returns:

The fileMethod value

readFromFile

public static String readFromFile(BufferedReader reader,
                                  boolean numbers)

Reads text from a file into an ElementContainer. Each line in the file is represented in the ElementContainer by a StringElement. Each StringElement is appended with a new-line character.

Parameters:

reader - Description of the Parameter

numbers - Description of the Parameter

Returns:

Description of the Return Value

getFileText

public static String getFileText(BufferedReader reader,
                                 boolean numbers)

Gets the fileText attribute of the Screen class

Parameters:

reader - Description of the Parameter

numbers - Description of the Parameter

Returns:

The fileText value

isEnterprise

public boolean isEnterprise()

Will this screen be included in an enterprise edition.

Returns:

The ranking value

getHintCount

public int getHintCount(WebSession s)

Gets the hintCount attribute of the Lesson object

Parameters:

s - The user's WebSession

Returns:

The hintCount value

getHints

protected abstract List<String> getHints(WebSession s)

getHints.

Parameters:

s - a WebSession object.

Returns:

a List object.

getHintsPublic

public List<String> getHintsPublic(WebSession s)

getHintsPublic.

Parameters:

s - a WebSession object.

Returns:

a List object.

getHint

public String getHint(WebSession s,
                      int hintNumber)

Fill in a minor hint that will help people who basically get it, but are stuck on somthing silly.

Parameters:

s - The users WebSession

hintNumber - a int.

Returns:

The hint1 value

getInstructions

public abstract String getInstructions(WebSession s)

Gets the instructions attribute of the AbstractLesson object

Parameters:

s - a WebSession object.

Returns:

The instructions value

getLessonName

public String getLessonName()

Gets the lessonPlan attribute of the Lesson object

Returns:

The lessonPlan value

getTitle

public abstract String getTitle()

Gets the title attribute of the HelloScreen object

Specified by:

getTitle in class Screen

Returns:

The title value

getLessonPlan

public String getLessonPlan(WebSession s)

Gets the content of lessonPlanURL

Parameters:

s - The user's WebSession

Returns:

The HTML content of the current lesson plan

getRanking

public Integer getRanking()

Gets the ranking attribute of the Lesson object

Returns:

The ranking value

getHidden

public boolean getHidden()

Gets the hidden value of the Lesson Object

Returns:

The hidden value

getRole

public String getRole()

Gets the role attribute of the AbstractLesson object

Specified by:

getRole in class Screen

Returns:

The role value

getScreenId

public int getScreenId()

Gets the uniqueID attribute of the AbstractLesson object

Returns:

The uniqueID value

getHtml_DELETE_ME

public String getHtml_DELETE_ME(WebSession s)

getHtml_DELETE_ME.

Parameters:

s - a WebSession object.

Returns:

a String object.

getSource

public String getSource(WebSession s)

getSource.

Parameters:

s - a WebSession object.

Returns:

a String object.

getRawSource

public String getRawSource(WebSession s)

getRawSource.

Parameters:

s - a WebSession object.

Returns:

a String object.

getSolution

public String getSolution(WebSession s)

getSolution.

Parameters:

s - a WebSession object.

Returns:

a String object.

getPath

protected String getPath()

Returns the default "path" portion of a lesson's URL.

Legacy webgoat lesson links are of the form "attack?Screen=Xmenu=Ystage=Z". This method returns the path portion of the url, i.e., "attack" in the string above.

Newer, Spring-Controller-based classes will override this method to return "*.do"-styled paths.

Returns:

a String object.

getLink

public String getLink()

Get the link that can be used to request this screen.

Rendering the link in the browser may result in Javascript sending additional requests to perform necessary actions or to obtain data relevant to the lesson or the element of the lesson selected by the user. Thanks to using the hash mark "#" and Javascript handling the clicks, the user will experience less waiting as the pages do not have to reload entirely.

Returns:

a String object.

getServletLink

public String getServletLink()

Get the link to the target servlet.

Unlike getLink() this method does not require rendering the output of the request to the link in order to execute the servlet's method with conventional HTTP query parameters.

Returns:

a String object.

getPage

public String getPage(WebSession s)

Get the link to the jsp page used to render this screen.

Parameters:

s - a WebSession object.

Returns:

a String object.

getTemplatePage

public String getTemplatePage(WebSession s)

Get the link to the jsp template page used to render this screen.

Parameters:

s - a WebSession object.

Returns:

a String object.

getCurrentAction

public abstract String getCurrentAction(WebSession s)

getCurrentAction.

Parameters:

s - a WebSession object.

Returns:

a String object.

restartLesson

public abstract void restartLesson()

Initiates lesson restart functionality

setCurrentAction

public abstract void setCurrentAction(WebSession s,
                                      String lessonScreen)

setCurrentAction.

Parameters:

s - a WebSession object.

lessonScreen - a String object.

isAuthorized

public boolean isAuthorized(WebSession s,
                            int employeeId,
                            String functionId)

Override this method to implement accesss control in a lesson.

Parameters:

s - a WebSession object.

functionId - a String object.

employeeId - a int.

Returns:

a boolean.

isAuthorized

public boolean isAuthorized(WebSession s,
                            String role,
                            String functionId)

Override this method to implement accesss control in a lesson.

Parameters:

s - a WebSession object.

functionId - a String object.

role - a String object.

Returns:

a boolean.

getUserId

public int getUserId(WebSession s)
              throws ParameterNotFoundException

getUserId.

Parameters:

s - a WebSession object.

Returns:

a int.

Throws:

ParameterNotFoundException - if any.

getUserName

public String getUserName(WebSession s)
                   throws ParameterNotFoundException

getUserName.

Parameters:

s - a WebSession object.

Returns:

a String object.

Throws:

ParameterNotFoundException - if any.

makeWindowScript

public static String makeWindowScript(String windowName)

Description of the Method

Parameters:

windowName - Description of the Parameter

Returns:

Description of the Return Value

readFromURL

public static org.apache.ecs.Element readFromURL(String url)

Simply reads a url into an Element for display. CAUTION: you might want to tinker with any non-https links (href)

Parameters:

url - Description of the Parameter

Returns:

Description of the Return Value

readMethodFromFile

public static org.apache.ecs.Element readMethodFromFile(BufferedReader reader,
                                                        String methodName,
                                                        boolean numbers)

Description of the Method

Parameters:

reader - Description of the Parameter

numbers - Description of the Parameter

methodName - Description of the Parameter

Returns:

Description of the Return Value

handleRequest

public void handleRequest(WebSession s)

Description of the Method

Parameters:

s - Description of the Parameter

getFormAction

public String getFormAction()

getFormAction.

Returns:

a String object.

toString

public String toString()

Description of the Method

Overrides:

toString in class Object

Returns:

Description of the Return Value

getDefaultLanguage

public String getDefaultLanguage()

Getter for the field defaultLanguage.

Returns:

a String object.

getLessonPlanFileName

public String getLessonPlanFileName(String lang)

Getter for the field lessonPlanFileName.

Parameters:

lang - a String object.

Returns:

a String object.

setLessonPlanFileName

public void setLessonPlanFileName(String lang,
                                  String lessonPlanFileName)

Setter for the field lessonPlanFileName.

Parameters:

lang - a String object.

lessonPlanFileName - a String object.

getAvailableLanguages

public List<String> getAvailableLanguages()

Getter for the field availableLanguages.

Returns:

a List object.

getLessonSolutionFileName

public String getLessonSolutionFileName()

Getter for the field lessonSolutionFileName.

Returns:

a String object.

setLessonSolutionFileName

public void setLessonSolutionFileName(String lessonSolutionFileName)

Setter for the field lessonSolutionFileName.

Parameters:

lessonSolutionFileName - a String object.

getSourceFileName

public String getSourceFileName()

Getter for the field sourceFileName.

Returns:

a String object.

setSourceFileName

public void setSourceFileName(String sourceFileName)

Setter for the field sourceFileName.

Parameters:

sourceFileName - a String object.

getWebgoatContext

public WebgoatContext getWebgoatContext()

Getter for the field webgoatContext.

Returns:

a WebgoatContext object.

setWebgoatContext

public void setWebgoatContext(WebgoatContext webgoatContext)

Setter for the field webgoatContext.

Parameters:

webgoatContext - a WebgoatContext object.

getLabelManager

protected LabelManager getLabelManager()

Getter for the field labelManager.

Returns:

a LabelManager object.