WEB-25 - Content for About Page

WEB-24 - Unauthenticated access should redirect to login page

Author: lawson89

src/main/webapp/WEB-INF/pages/about.jsp

@@ -1,124 +1,92 @@
 <%@ page contentType="text/html; charset=ISO-8859-1" language="java"
          errorPage=""%>
 
-<!-- Latest compiled and minified CSS -->
-<link rel="stylesheet" href="plugins/bootstrap/css/bootstrap.min.css"/>
-<link rel="stylesheet" href="css/webgoat.css" type="text/css" />
+<!-- This modal content is included into the main_new.jsp -->
 
-<div class="modal-header">
-    <button type="button" class="close" data-dismiss="modal"><span aria-hidden="true">&times;</span><span class="sr-only">Close</span></button>
-    <h1 class="modal-title" id="myModalLabel">About WebGoat</h1>
-</div>
-<div class="modal-body">
-    <p>Thank you for using WebGoat! This program is a demonstration of common web application flaws.
-        The exercises are intended to provide hands on experience with
-        application penetration testing techniques. </p>
-    <p>The WebGoat project is led
-        by Bruce Mayhew. Please send all comments to Bruce at [TODO, session was blowing up here for some reason].</p>
-
-    <div id="team">
-        <table border="0" align="center" class="lessonText">
-            <tr>
-                <td width="50%">
-                    <div align="center"><a href="http://www.owasp.org"><img
-                                border="0" src="images/logos/owasp.jpg" alt="OWASP Foundation"
-                                longdesc="http://www.owasp.org" /></a></div>
-                </td>
-                <td width="50%">
-                    <div align="center"><a href="http://www.aspectsecurity.com"><img
-                                border="0" src="images/logos/aspect.jpg" alt="Aspect Security"
-                                longdesc="http://www.aspectsecurity.com" /></a></div>
-                </td>
-            </tr>
-            <tr>
-                <td colspan="2">
-                    <div align="center"><span class="style1">
-                            WebGoat Authors </span></div>
-                </td>
-            </tr>
-            <tr>
-                <td colspan="2">
-                    <div align="center"><span class="style2">
-                            Bruce Mayhew </span></div>
-                </td>
-            </tr>
-            <tr>
-                <td colspan="2">
-                    <div align="center"><span class="style2">
-                            Jeff Williams </span></div>
-                </td>
-            </tr>
-            <tr>
-                <td width="50%">
-                    <div align="center"><span class="style1"><br />
-                            WebGoat Design Team </span></div>
-                </td>
-                <td width="50%">
-                    <div align="center"><span class="style1"><br />
-                            V5.4 Lesson Contributers </span></div>
-                </td>
-            </tr>
-            <tr>
-                <td valign="top">
-                    <div align="center" class="style2">David Anderson</div>
-                    <div align="center" class="style2">Laurence Casey (Graphics)</div>
-                    <div align="center" class="style2">Rogan Dawes</div>
-                    <div align="center" class="style2">Bruce Mayhew</div>
-                </td>
-                <td valign="top">
-                    <div align="center" class="style2">Sherif Koussa</div>
-                    <div align="center" class="style2">Yiannis Pavlosoglou</div>
-                    <div align="center" class="style2"></div>
-
-                </td>
-            </tr>
-            <tr>
-                <td height="25" valign="bottom">
-                    <div align="center"><span class="style1">Special Thanks
-                            for V5.4</span></div>
-                </td>
-                <td height="25" valign="bottom">
-                    <div align="center"><span class="style1">Documentation
-                            Contributers</span></div>
-                </td>
-            </tr>
-            <tr>
-                <td>
-                    <div align="center" class="style2">Brian Ciomei (Multitude of bug fixes)</div>
-                    <div align="center" class="style2">To all who have sent comments</div>
-
-                </td>
-                <td>
-                    <div align="center" class="style2">
-                        <a href="http://www.zionsecurity.com/" target="_blank">Erwin Geirnaert</a></div>
-                    <div align="center" class="style2">
-                        <a href="http://yehg.org/" target="_blank">Aung Khant</a></div>
-                    <div align="center" class="style2">
-                        <a href="http://www.softwaresecured.com" target="blank">Sherif Koussa</a>
-                    </div>
-                </td>
-            </tr>
-            <tr>
-                <td>
-                    <div align="center" class="style2">&nbsp;</div>
-                </td>
-            </tr>
-        </table>
+<div class="modal-content">
+    <div class="modal-header">
+        <button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
+        <h3 class="modal-title" id="myModalLabel">About WebGoat</h3>
+    </div>
+    <div class="modal-body modal-scroll">
+        <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Aenean quis posuere sapien, at ornare neque. Curabitur commodo efficitur ante, at finibus ex faucibus ut. Vivamus id diam blandit, convallis justo sed, vehicula sem. Cras a semper ex. Etiam dignissim tempus metus, sit amet blandit arcu pulvinar ac. Mauris dignissim rutrum ante sit amet posuere. Proin mollis sapien augue, at tempor metus iaculis eu. Class aptent taciti sociosqu ad litora torquent per conubia nostra, per inceptos himenaeos. Cras elementum finibus tincidunt.</p>
+        <p>Version</p>
+        <p>OWASP Reference - probably text and image</p>
+        <div class="row">
+            <div class="col-md-6">
+                <p>WebGoat Authors
+                <ul>
+                    <li>name...</li>
+                    <li>name...</li>
+                    <li>name...</li>
+                </ul>
+                </p>
+            </div>
+            <div class="col-md-6">
+                <p>WebGoat Design Team
+                <ul>
+                    <li>name...</li>
+                    <li>name...</li>
+                    <li>name...</li>
+                </ul>
+                </p>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-md-6">
+                <p>Active Contributors
+                <ul>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                </ul>
+                </p>
+            </div>
+            <div class="col-md-6">
+                <p>Past Contributors
+                <ul>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                    <li>name... (Role)</li>
+                </ul>
+                </p>
+            </div>
+        </div>
+    </div>
+    <div class="modal-footer">
+        <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
     </div>
-    <div align="center" class="style2">&nbsp;</div>
-    <div align="center" class="style2">&nbsp;</div>
-    <div align="center" class="style2">&nbsp;</div>
-    <div id="warning">WARNING<br />
-        While running this program, your machine is extremely vulnerable to
-        attack if you are not running on localhost. If you are NOT running on localhost (default configuration), You should disconnect from the network while using this program.
-        <br />
-        <br />
-        This program is for educational purposes only. Use of these techniques
-        without permission could lead to job termination, financial liability,
-        and/or criminal penalties.</div>
-</div>
-<div class="modal-footer">
-    <button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
 </div>
-
-

src/main/webapp/WEB-INF/pages/main_new.jsp

@@ -350,10 +350,11 @@
                                             }
 
         </script>
-        <!-- Modal -->
+        <!-- About WebGoat Modal -->
         <div class="modal fade" id="aboutModal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
             <div class="modal-dialog modal-lg">
                 <div class="modal-content">
+                    <jsp:include page="../pages/about.jsp"/> 
                 </div>
             </div>
         </div>

src/main/webapp/WEB-INF/spring-security.xml

@@ -21,6 +21,7 @@
     <http use-expressions="true">  
         <intercept-url pattern="/login.mvc" access="permitAll" />
         <intercept-url pattern="/logout.mvc" access="permitAll" />   
+        <intercept-url pattern="/index.jsp" access="permitAll" />          
         <intercept-url pattern="/servlet/AdminServlet/**" access="hasAnyRole('ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />
         <intercept-url pattern="/JavaSource/**" access="hasRole('ROLE_SERVER_ADMIN')" />          	
         <intercept-url pattern="/**" access="hasAnyRole('ROLE_WEBGOAT_USER','ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />

src/main/webapp/WEB-INF/web.xml

@@ -323,7 +323,7 @@
     </mime-mapping>
 
     <welcome-file-list>
-        <welcome-file>login.mvc</welcome-file>
+        <welcome-file>index.jsp</welcome-file>
     </welcome-file-list>
 
 </web-app>

src/main/webapp/css/main.css

@@ -714,6 +714,17 @@ fieldset[disabled] .btn-warning.active {
   color: #fff;
   border: none;
 }
+
+/* ==========================================================================
+  Modal
+   ========================================================================== */
+.modal-footer .btn + .btn {
+  margin-bottom: 5px;
+}
+.modal .modal-body.modal-scroll {
+  max-height: 350px;
+  overflow-y: auto;
+}
 /* ==========================================================================
    Media Queries
    ========================================================================== */
@@ -774,7 +785,7 @@ fieldset[disabled] .btn-warning.active {
 
 #topLinks {
   float:right;
-  margin-right:5px;s
+  margin-right:5px;
   margin-top:3px;
 }
 

src/main/webapp/css/webgoat.css

@@ -1,3 +1,4 @@
+/*
 body{ 
 	min-width: 800px;
 	font-family: Arial,sans-serif;
@@ -49,7 +50,7 @@ h5{
 	font-size: 100%;
 	color: #334d55;
 }
-
+*/
 ul{
 	list-style-type: square;
 }

src/main/webapp/index.jsp

@@ -0,0 +1,3 @@
+<%@ page session="false" %>
+<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<c:redirect url="/login.mvc"/>

src/main/webapp/js/goatControllers.js

@@ -151,7 +151,7 @@ goat.controller('goatLesson', function($scope, $http, $modal, $log, $templateCac
 
     $scope.showAbout = function() {
         $('#aboutModal').modal({
-            remote: 'about.mvc'
+            //remote: 'about.mvc'
         });
     };