├── README.md
├── build.xml
├── build
└── web
│ ├── META-INF
│ ├── MANIFEST.MF
│ └── context.xml
│ ├── WEB-INF
│ ├── applicationContext.xml
│ ├── classes
│ │ └── org
│ │ │ └── cysecurity
│ │ │ └── springdemo
│ │ │ ├── AdminController.class
│ │ │ ├── ErrorController.class
│ │ │ └── HelloController.class
│ ├── dispatcher-servlet.xml
│ ├── glassfish-web.xml
│ ├── jsp
│ │ ├── Admin.jsp
│ │ ├── Error.jsp
│ │ └── HelloWorld.jsp
│ ├── lib
│ │ ├── commons-logging-1.2.jar
│ │ ├── spring-aop-3.0.5.RELEASE.jar
│ │ ├── spring-asm-3.0.5.RELEASE.jar
│ │ ├── spring-beans-3.0.5.RELEASE.jar
│ │ ├── spring-context-3.0.5.RELEASE.jar
│ │ ├── spring-core-3.0.5.RELEASE.jar
│ │ ├── spring-expression-3.0.5.RELEASE.jar
│ │ ├── spring-security-taglibs-3.0.5.RELEASE.jar
│ │ ├── spring-web-3.0.5.RELEASE.jar
│ │ └── spring-webmvc-3.0.5.RELEASE.jar
│ ├── messages.properties
│ ├── messages_en.properties
│ └── web.xml
│ └── redirect.jsp
├── nbproject
├── ant-deploy.xml
├── build-impl.xml
├── genfiles.properties
├── private
│ ├── private.properties
│ ├── private.xml
│ └── retriever
│ │ └── catalog.xml
├── project.properties
└── project.xml
├── src
├── conf
│ └── MANIFEST.MF
└── java
│ └── org
│ └── cysecurity
│ └── springdemo
│ ├── AdminController.java
│ ├── ErrorController.java
│ └── HelloController.java
└── web
├── META-INF
└── context.xml
├── WEB-INF
├── applicationContext.xml
├── dispatcher-servlet.xml
├── glassfish-web.xml
├── jsp
│ ├── Admin.jsp
│ ├── Error.jsp
│ └── HelloWorld.jsp
├── messages.properties
├── messages_en.properties
└── web.xml
└── redirect.jsp
/README.md:
--------------------------------------------------------------------------------
1 | # VulnerableSpring
2 | Vulnerable Java based Web Application
3 |
4 | This is part of Java Vulnerable Lab :
5 | https://github.com/CSPF-Founder/JavaVulnerableLab/
6 |
--------------------------------------------------------------------------------
/build.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 | Builds, tests, and runs the project VulnerableSpring.
12 |
13 |
71 |
72 |
--------------------------------------------------------------------------------
/build/web/META-INF/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 |
3 |
--------------------------------------------------------------------------------
/build/web/META-INF/context.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/build/web/WEB-INF/applicationContext.xml:
--------------------------------------------------------------------------------
1 |
2 |
10 |
11 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/build/web/WEB-INF/classes/org/cysecurity/springdemo/AdminController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/classes/org/cysecurity/springdemo/AdminController.class
--------------------------------------------------------------------------------
/build/web/WEB-INF/classes/org/cysecurity/springdemo/ErrorController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/classes/org/cysecurity/springdemo/ErrorController.class
--------------------------------------------------------------------------------
/build/web/WEB-INF/classes/org/cysecurity/springdemo/HelloController.class:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/classes/org/cysecurity/springdemo/HelloController.class
--------------------------------------------------------------------------------
/build/web/WEB-INF/dispatcher-servlet.xml:
--------------------------------------------------------------------------------
1 |
2 |
10 |
11 |
13 |
14 |
15 |
16 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
33 |
34 |
35 |
36 | indexController
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
54 |
55 |
58 |
61 |
62 |
63 |
--------------------------------------------------------------------------------
/build/web/WEB-INF/glassfish-web.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | Keep a copy of the generated servlet class' java code.
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/build/web/WEB-INF/jsp/Admin.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Document : admin
3 | Created on : 28 Dec, 2014, 7:51:18 PM
4 | Author : breakthesec
5 | --%>
6 | <%
7 | if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin"))
8 | {
9 | %>
10 | <%@page contentType="text/html" pageEncoding="UTF-8"%>
11 |
12 |
13 |
14 |
15 | JSP Page
16 |
17 |
18 | Welcome to Admin Panel
19 |
20 |
21 | <%
22 |
23 | } else
24 | {
25 | response.sendRedirect("error.htm?msg=error.c403");
26 | }
27 | %>
--------------------------------------------------------------------------------
/build/web/WEB-INF/jsp/Error.jsp:
--------------------------------------------------------------------------------
1 | <%@ page contentType="text/html;charset=UTF-8" %>
2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
3 |
4 |
5 | Error Page :
6 |
7 | <%
8 |
9 | out.print("
");
10 | out.print("Hello "+session.getAttribute("privilege"));
11 |
12 | %>
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/build/web/WEB-INF/jsp/HelloWorld.jsp:
--------------------------------------------------------------------------------
1 | <%@ page contentType="text/html;charset=UTF-8" %>
2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
3 |
4 |
5 | Spring Demo
6 | <%
7 | if(session.getAttribute("privilege")==null)
8 | {
9 | session.setAttribute("privilege","user");
10 | }
11 | %>
12 | Go to Admin Panel
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/commons-logging-1.2.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/commons-logging-1.2.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-aop-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-aop-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-asm-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-asm-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-beans-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-beans-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-context-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-context-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-core-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-core-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-expression-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-expression-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-security-taglibs-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-security-taglibs-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-web-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-web-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/lib/spring-webmvc-3.0.5.RELEASE.jar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-webmvc-3.0.5.RELEASE.jar
--------------------------------------------------------------------------------
/build/web/WEB-INF/messages.properties:
--------------------------------------------------------------------------------
1 | welcome.springmvc=Welcome to Spring Demo Page
2 | error.c403=You are not allowed to Access this page
--------------------------------------------------------------------------------
/build/web/WEB-INF/messages_en.properties:
--------------------------------------------------------------------------------
1 | welcome.springmvc=Welcome to Spring Demo Page
2 | error.c403=You are not allowed to Access this page
--------------------------------------------------------------------------------
/build/web/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | contextConfigLocation
5 | /WEB-INF/applicationContext.xml
6 |
7 |
8 | org.springframework.web.context.ContextLoaderListener
9 |
10 |
11 | dispatcher
12 | org.springframework.web.servlet.DispatcherServlet
13 | 2
14 |
15 |
16 | dispatcher
17 | *.htm
18 |
19 |
20 |
21 | 30
22 |
23 |
24 |
25 | redirect.jsp
26 |
27 |
28 |
--------------------------------------------------------------------------------
/build/web/redirect.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Views should be stored under the WEB-INF folder so that
3 | they are not accessible except through controller process.
4 |
5 | This JSP is here to provide a redirect to the dispatcher
6 | servlet but should be the only JSP outside of WEB-INF.
7 | --%>
8 | <%@page contentType="text/html" pageEncoding="UTF-8"%>
9 | <%
10 | response.sendRedirect("helloworld.htm");
11 | %>
12 |
--------------------------------------------------------------------------------
/nbproject/ant-deploy.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
32 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
102 |
103 |
104 |
105 |
106 |
107 |
109 |
110 |
111 |
112 |
--------------------------------------------------------------------------------
/nbproject/build-impl.xml:
--------------------------------------------------------------------------------
1 |
2 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
163 |
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
176 |
177 |
178 |
179 |
180 |
181 |
182 |
183 |
184 |
185 |
186 |
187 |
188 |
189 |
190 |
191 |
192 |
193 |
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
218 |
219 |
220 |
221 |
222 |
223 |
224 |
225 |
226 |
227 |
228 |
229 |
230 |
231 |
232 |
233 |
234 |
235 |
236 |
237 | Must set src.dir
238 | Must set test.src.dir
239 | Must set build.dir
240 | Must set build.web.dir
241 | Must set build.generated.dir
242 | Must set dist.dir
243 | Must set build.classes.dir
244 | Must set dist.javadoc.dir
245 | Must set build.test.classes.dir
246 | Must set build.test.results.dir
247 | Must set build.classes.excludes
248 | Must set dist.war
249 |
250 |
251 |
252 |
253 |
254 |
255 |
256 |
257 |
258 | The Java EE server classpath is not correctly set up - server home directory is missing.
259 | Either open the project in the IDE and assign the server or setup the server classpath manually.
260 | For example like this:
261 | ant -Dj2ee.server.home=<app_server_installation_directory>
262 |
263 |
264 | The Java EE server classpath is not correctly set up. Your active server type is ${j2ee.server.type}.
265 | Either open the project in the IDE and assign the server or setup the server classpath manually.
266 | For example like this:
267 | ant -Duser.properties.file=<path_to_property_file> (where you put the property "j2ee.platform.classpath" in a .properties file)
268 | or ant -Dj2ee.platform.classpath=<server_classpath> (where no properties file is used)
269 |
270 |
271 |
272 |
273 |
274 |
275 |
276 |
277 |
278 |
279 |
280 |
281 |
282 |
283 |
284 |
285 |
286 |
287 |
288 |
289 |
290 |
291 |
292 |
293 |
294 |
295 |
296 |
297 |
298 |
299 |
300 |
301 |
302 |
303 |
304 |
305 |
306 |
307 |
308 |
309 |
310 |
311 |
312 |
313 |
314 |
315 |
316 |
317 |
318 |
319 |
320 |
321 |
322 |
323 |
324 |
325 |
326 |
327 |
328 |
329 |
330 |
331 |
332 |
333 |
334 |
335 |
336 |
337 |
338 |
339 |
340 |
341 |
342 |
343 |
344 |
345 |
346 |
347 |
348 |
349 |
350 |
351 |
352 |
353 |
354 |
355 |
356 |
357 |
358 |
359 |
360 |
361 |
362 |
363 |
364 |
365 | Must set javac.includes
366 |
367 |
368 |
369 |
370 |
371 |
372 |
373 |
374 |
375 |
376 |
377 |
378 |
379 |
380 |
381 |
382 |
383 |
384 |
385 |
386 |
387 |
388 |
389 |
390 |
391 |
392 |
393 |
394 |
395 |
396 |
397 |
398 |
399 |
400 |
401 |
402 |
403 |
404 |
405 |
406 |
407 |
408 |
409 |
410 |
411 |
412 |
413 |
414 |
415 |
416 |
417 |
418 |
419 |
420 |
421 |
422 |
423 |
424 |
425 |
426 |
427 |
428 |
429 |
430 |
431 |
432 |
433 |
434 |
435 |
436 |
437 |
438 |
439 |
440 |
441 |
442 |
443 |
444 |
445 |
446 |
447 |
448 |
449 |
450 |
451 |
452 |
453 |
454 |
455 |
456 |
457 |
458 |
459 |
460 |
461 |
462 |
463 |
464 |
465 |
466 |
467 |
468 |
469 |
470 |
471 |
472 |
473 |
474 |
475 |
476 |
477 |
478 |
479 |
480 |
481 |
482 |
483 |
484 |
485 |
486 |
487 |
488 |
489 |
490 |
491 |
492 | No tests executed.
493 |
494 |
495 |
496 |
497 |
498 |
499 |
500 |
501 |
502 |
503 |
504 |
505 |
506 |
507 |
508 |
509 |
510 |
511 |
512 |
513 |
514 |
515 |
516 |
517 |
518 |
519 |
520 |
521 |
522 |
523 |
524 |
525 |
526 |
527 |
528 |
529 |
530 |
531 |
532 |
533 |
534 |
535 |
536 |
537 |
538 |
539 |
540 |
541 |
542 |
543 |
544 |
545 |
546 |
547 |
548 |
549 |
550 |
551 |
552 |
553 |
554 |
555 |
556 |
557 |
558 |
559 |
560 |
561 |
562 |
563 |
564 |
565 |
566 |
567 |
568 |
569 |
570 |
571 |
572 |
573 |
574 |
575 |
576 |
577 |
578 |
579 |
580 |
581 |
582 |
583 |
584 |
585 |
586 |
587 |
588 |
589 |
590 |
591 |
592 |
593 |
594 |
595 |
596 |
597 |
598 |
599 |
600 |
601 |
602 |
603 |
604 |
605 |
606 |
607 |
608 |
609 |
610 |
611 |
612 |
613 |
614 |
615 |
616 |
617 |
618 |
619 |
620 |
621 |
622 |
623 |
624 |
625 |
626 |
627 |
628 |
629 |
630 |
631 |
632 |
633 |
634 |
635 |
636 |
637 |
638 |
639 |
640 |
641 |
642 |
643 |
644 |
645 |
646 |
647 |
648 |
649 |
650 |
651 |
652 |
653 |
654 |
655 |
656 |
657 |
658 |
659 |
660 |
661 |
662 |
663 |
664 |
665 |
666 |
667 |
668 |
669 |
670 |
671 |
672 |
673 |
674 |
675 |
676 |
677 |
678 |
679 |
680 |
681 |
682 |
683 |
684 |
685 |
686 |
687 |
688 |
689 |
690 |
691 |
692 |
693 |
694 |
695 |
696 |
697 |
698 |
699 |
700 |
701 |
702 |
703 |
704 |
705 |
706 |
707 |
708 |
709 |
710 |
711 |
712 |
713 |
714 |
715 |
716 |
717 |
718 |
719 |
720 |
721 |
722 |
723 |
724 |
725 |
726 |
727 |
728 |
729 |
730 |
731 |
732 |
733 |
734 |
735 |
736 |
737 |
738 |
739 |
740 |
741 |
742 |
743 |
744 |
745 |
746 |
747 |
748 |
749 |
750 |
751 |
752 |
753 |
754 |
755 |
756 |
757 |
758 |
759 |
760 |
761 |
762 |
763 |
764 |
765 |
766 |
767 |
768 |
769 |
770 |
771 |
772 |
773 |
774 |
775 |
776 |
777 |
778 |
779 |
780 |
781 |
782 |
783 |
784 |
785 |
786 |
787 |
788 |
789 |
790 |
791 |
792 |
793 |
794 |
795 |
796 |
797 |
798 | The libs.CopyLibs.classpath property is not set up.
799 | This property must point to
800 | org-netbeans-modules-java-j2seproject-copylibstask.jar file which is part
801 | of NetBeans IDE installation and is usually located at
802 | <netbeans_installation>/java<version>/ant/extra folder.
803 | Either open the project in the IDE and make sure CopyLibs library
804 | exists or setup the property manually. For example like this:
805 | ant -Dlibs.CopyLibs.classpath=a/path/to/org-netbeans-modules-java-j2seproject-copylibstask.jar
806 |
807 |
808 |
809 |
810 |
811 |
812 |
813 |
814 |
815 |
816 |
817 |
818 |
819 |
820 |
821 |
822 |
823 |
824 |
825 |
826 |
827 |
828 |
829 |
830 |
831 |
832 |
835 |
836 |
837 |
838 |
839 |
840 |
841 |
842 |
843 |
844 |
845 | Must set JVM to use for profiling in profiler.info.jvm
846 | Must set profiler agent JVM arguments in profiler.info.jvmargs.agent
847 |
848 |
851 |
852 |
855 |
856 |
857 |
858 |
859 |
860 |
861 |
862 |
863 |
864 |
865 |
866 |
867 |
868 |
869 |
870 |
871 |
872 |
873 |
874 |
875 |
876 |
877 |
878 |
879 |
880 |
881 |
882 |
883 |
884 |
885 |
886 |
887 |
888 |
889 |
890 |
891 |
892 |
893 |
894 |
895 |
896 |
897 |
898 |
899 |
900 |
901 | Must select some files in the IDE or set javac.includes
902 |
903 |
904 |
905 |
906 |
907 |
908 |
909 |
910 |
911 |
912 |
913 |
914 |
915 |
916 |
917 |
918 |
919 |
920 |
921 |
922 |
923 |
924 |
925 |
926 |
927 |
928 |
929 |
930 |
931 |
932 |
933 |
934 | Must select some files in the IDE or set javac.jsp.includes
935 |
936 |
937 |
938 |
939 |
940 |
941 |
942 |
943 |
944 |
945 |
946 |
947 |
948 |
949 |
950 |
951 |
952 |
953 |
954 |
955 |
956 |
957 |
958 |
959 |
960 | Must select a file in the IDE or set jsp.includes
961 |
962 |
963 |
966 |
967 |
968 |
969 |
970 |
971 |
972 |
973 |
974 |
975 |
976 |
977 |
978 |
979 |
980 |
981 |
982 |
983 |
984 |
985 |
986 |
987 |
988 |
989 |
990 |
991 |
992 |
993 |
994 |
995 |
996 |
997 |
998 |
999 |
1000 |
1001 |
1002 |
1003 |
1004 |
1005 |
1006 |
1007 |
1008 |
1009 |
1010 |
1011 |
1012 |
1013 |
1014 |
1015 |
1016 |
1017 |
1018 |
1019 |
1020 |
1021 |
1022 |
1023 |
1024 |
1025 |
1026 |
1027 |
1028 |
1029 |
1030 |
1031 |
1032 |
1033 |
1034 |
1035 |
1036 |
1037 |
1038 |
1039 |
1040 |
1041 |
1044 |
1045 |
1046 |
1047 |
1048 |
1049 |
1050 |
1051 |
1052 |
1053 |
1054 |
1055 |
1056 |
1057 |
1058 |
1059 |
1060 |
1061 |
1062 |
1063 |
1064 |
1065 |
1066 |
1067 |
1068 |
1069 |
1070 |
1071 |
1072 |
1073 |
1074 |
1075 |
1076 |
1077 |
1078 |
1079 |
1080 |
1081 |
1082 |
1083 |
1084 |
1085 |
1086 |
1087 |
1088 |
1089 |
1090 |
1091 |
1092 |
1093 |
1094 |
1095 |
1096 |
1097 |
1098 |
1099 |
1100 |
1101 |
1102 |
1103 |
1104 |
1105 |
1106 |
1107 |
1108 |
1109 |
1110 |
1111 |
1112 |
1113 |
1114 |
1115 |
1116 |
1117 |
1118 |
1119 |
1120 |
1121 |
1122 |
1123 |
1124 |
1125 |
1126 |
1127 |
1128 |
1129 |
1130 |
1131 |
1132 |
1133 |
1134 |
1135 |
1136 |
1137 |
1138 |
1139 |
1140 |
1141 |
1142 |
1143 |
1144 |
1145 |
1146 |
1147 |
1148 | Browser not found, cannot launch the deployed application. Try to set the BROWSER environment variable.
1149 |
1150 |
1151 | Launching ${browse.url}
1152 |
1153 |
1154 |
1155 |
1156 |
1157 | Must select one file in the IDE or set run.class
1158 |
1159 |
1160 |
1161 | Must select one file in the IDE or set run.class
1162 |
1163 |
1164 |
1165 |
1166 |
1167 |
1170 |
1171 |
1172 |
1173 |
1174 |
1175 |
1176 |
1177 |
1178 |
1179 |
1180 |
1181 |
1182 |
1183 |
1184 |
1185 |
1186 |
1187 |
1188 |
1189 |
1190 |
1191 |
1192 |
1193 |
1194 |
1195 |
1196 |
1197 |
1198 |
1199 |
1200 |
1201 | Must select one file in the IDE or set debug.class
1202 |
1203 |
1204 |
1205 |
1206 |
1207 |
1208 |
1209 |
1210 |
1211 |
1212 |
1213 | Must select one file in the IDE or set debug.class
1214 |
1215 |
1216 |
1217 |
1218 | Must set fix.includes
1219 |
1220 |
1221 |
1222 |
1223 |
1224 |
1225 |
1230 |
1233 |
1234 |
1235 |
1236 |
1237 |
1238 |
1239 |
1240 |
1241 |
1242 |
1243 |
1244 |
1245 |
1246 |
1247 |
1248 |
1249 |
1250 |
1251 |
1252 |
1253 |
1254 |
1255 | This target only works when run from inside the NetBeans IDE.
1256 |
1257 |
1258 |
1259 |
1260 |
1261 |
1262 |
1263 |
1264 |
1265 |
1266 |
1267 |
1268 |
1269 |
1270 |
1271 |
1272 |
1273 |
1274 |
1275 |
1276 |
1277 |
1278 |
1279 |
1280 |
1281 |
1282 |
1283 |
1284 |
1285 |
1286 |
1287 |
1288 |
1289 |
1290 |
1291 |
1292 |
1293 |
1294 |
1295 |
1296 |
1297 |
1298 |
1299 |
1300 |
1301 |
1302 |
1303 |
1304 |
1305 |
1306 |
1309 |
1310 |
1311 |
1312 |
1313 |
1314 |
1315 |
1316 |
1317 |
1318 |
1319 |
1320 |
1321 |
1322 |
1323 |
1324 |
1325 |
1326 |
1327 |
1328 |
1329 |
1330 |
1331 |
1332 |
1333 |
1334 |
1335 |
1339 |
1340 |
1341 |
1342 |
1343 |
1344 |
1345 |
1346 |
1347 |
1348 |
1349 |
1350 |
1351 |
1352 |
1353 |
1354 |
1355 |
1356 |
1357 |
1358 |
1359 |
1360 |
1361 |
1362 |
1363 | Must select some files in the IDE or set javac.includes
1364 |
1365 |
1366 |
1367 |
1368 |
1369 |
1370 |
1371 |
1372 |
1373 |
1374 |
1378 |
1379 |
1380 |
1381 |
1382 |
1383 |
1384 |
1385 | Some tests failed; see details above.
1386 |
1387 |
1388 |
1389 |
1390 |
1391 |
1392 |
1393 |
1394 | Must select some files in the IDE or set test.includes
1395 |
1396 |
1397 |
1398 | Some tests failed; see details above.
1399 |
1400 |
1401 |
1402 | Must select some files in the IDE or set test.class
1403 | Must select some method in the IDE or set test.method
1404 |
1405 |
1406 |
1407 | Some tests failed; see details above.
1408 |
1409 |
1410 |
1414 |
1415 | Must select one file in the IDE or set test.class
1416 |
1417 |
1418 |
1419 | Must select one file in the IDE or set test.class
1420 | Must select some method in the IDE or set test.method
1421 |
1422 |
1423 |
1424 |
1425 |
1426 |
1427 |
1428 |
1429 |
1430 |
1431 |
1432 |
1436 |
1437 |
1438 |
1439 |
1440 |
1441 |
1442 |
1443 |
1444 |
1445 |
1446 |
1447 |
1448 |
1449 |
1450 |
1451 |
1452 |
1453 |
1454 |
1455 |
1456 |
1457 |
1458 |
1459 |
1460 |
1461 |
1462 |
1463 |
--------------------------------------------------------------------------------
/nbproject/genfiles.properties:
--------------------------------------------------------------------------------
1 | build.xml.data.CRC32=1978b2e4
2 | build.xml.script.CRC32=0cdce8e3
3 | build.xml.stylesheet.CRC32=651128d4@1.67.1.1
4 | # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml.
5 | # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you.
6 | nbproject/build-impl.xml.data.CRC32=1978b2e4
7 | nbproject/build-impl.xml.script.CRC32=222aa4d3
8 | nbproject/build-impl.xml.stylesheet.CRC32=99ea4b56@1.67.1.1
9 |
--------------------------------------------------------------------------------
/nbproject/private/private.properties:
--------------------------------------------------------------------------------
1 | deploy.ant.properties.file=/home/breakthesec/.netbeans/8.0/config/GlassFishEE6/Properties/gfv32054444240.properties
2 | j2ee.platform.is.jsr109=true
3 | j2ee.server.domain=/home/breakthesec/glassfish-4.0/glassfish/domains/domain1
4 | j2ee.server.home=/home/breakthesec/glassfish-4.0/glassfish
5 | j2ee.server.instance=[/home/breakthesec/glassfish-4.0/glassfish:/home/breakthesec/glassfish-4.0/glassfish/domains/domain1]deployer:gfv3ee6:localhost:4848
6 | j2ee.server.middleware=/home/breakthesec/glassfish-4.0
7 | javac.debug=true
8 | javadoc.preview=true
9 | selected.browser=default
10 | user.properties.file=/home/breakthesec/.netbeans/8.0/build.properties
11 |
--------------------------------------------------------------------------------
/nbproject/private/private.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | file:/home/breakthesec/NetBeansProjects/VulnerableSpring/src/java/org/cysecurity/springdemo/AdminController.java
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/nbproject/private/retriever/catalog.xml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/nbproject/private/retriever/catalog.xml
--------------------------------------------------------------------------------
/nbproject/project.properties:
--------------------------------------------------------------------------------
1 | annotation.processing.enabled=true
2 | annotation.processing.enabled.in.editor=true
3 | annotation.processing.processors.list=
4 | annotation.processing.run.all.processors=true
5 | annotation.processing.source.output=${build.generated.sources.dir}/ap-source-output
6 | auxiliary.org-netbeans-modules-web-clientproject-api.js_2e_libs_2e_folder=js/libs
7 | build.classes.dir=${build.web.dir}/WEB-INF/classes
8 | build.classes.excludes=**/*.java,**/*.form
9 | build.dir=build
10 | build.generated.dir=${build.dir}/generated
11 | build.generated.sources.dir=${build.dir}/generated-sources
12 | build.test.classes.dir=${build.dir}/test/classes
13 | build.test.results.dir=${build.dir}/test/results
14 | build.web.dir=${build.dir}/web
15 | build.web.excludes=${build.classes.excludes}
16 | client.urlPart=
17 | compile.jsps=false
18 | conf.dir=${source.root}/conf
19 | debug.classpath=${build.classes.dir}:${javac.classpath}
20 | debug.test.classpath=\
21 | ${run.test.classpath}
22 | display.browser=true
23 | dist.dir=dist
24 | dist.ear.war=${dist.dir}/${war.ear.name}
25 | dist.javadoc.dir=${dist.dir}/javadoc
26 | dist.war=${dist.dir}/${war.name}
27 | endorsed.classpath=
28 | excludes=
29 | file.reference.commons-logging-1.2.jar=/media/breakthesec/Extra/GuestFolder/jar libs/commons-logging-1.2.jar
30 | file.reference.spring-aop-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-aop-3.0.5.RELEASE.jar
31 | file.reference.spring-asm-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-asm-3.0.5.RELEASE.jar
32 | file.reference.spring-beans-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-beans-3.0.5.RELEASE.jar
33 | file.reference.spring-context-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-context-3.0.5.RELEASE.jar
34 | file.reference.spring-core-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-core-3.0.5.RELEASE.jar
35 | file.reference.spring-expression-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-expression-3.0.5.RELEASE.jar
36 | file.reference.spring-security-taglibs-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-security-taglibs-3.0.5.RELEASE.jar
37 | file.reference.spring-web-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-web-3.0.5.RELEASE.jar
38 | file.reference.spring-webmvc-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-webmvc-3.0.5.RELEASE.jar
39 | includes=**
40 | j2ee.compile.on.save=true
41 | j2ee.copy.static.files.on.save=true
42 | j2ee.deploy.on.save=true
43 | j2ee.platform=1.5
44 | j2ee.platform.classpath=${j2ee.server.middleware}/mq/lib/jaxm-api.jar:${j2ee.server.home}/modules/endorsed/jaxb-api-osgi.jar:${j2ee.server.home}/modules/endorsed/javax.annotation-api.jar:${j2ee.server.home}/modules/endorsed/webservices-api-osgi.jar:${j2ee.server.home}/modules/javax.servlet.jsp-api.jar:${j2ee.server.home}/modules/javax.interceptor-api.jar:${j2ee.server.home}/modules/javax.persistence.jar:${j2ee.server.home}/modules/javax.enterprise.concurrent-api.jar:${j2ee.server.home}/modules/javax.transaction-api.jar:${j2ee.server.home}/modules/webservices-osgi.jar:${j2ee.server.home}/modules/javax.inject.jar:${j2ee.server.home}/modules/weld-osgi-bundle.jar:${j2ee.server.home}/modules/javax.mail.jar:${j2ee.server.home}/modules/jaxb-osgi.jar:${j2ee.server.home}/modules/javax.json.jar:${j2ee.server.home}/modules/javax.enterprise.concurrent.jar:${j2ee.server.home}/modules/javax.servlet-api.jar:${j2ee.server.home}/modules/javax.xml.rpc-api.jar:${j2ee.server.home}/modules/javax.websocket-api.jar:${j2ee.server.home}/modules/javax.enterprise.deploy-api.jar:${j2ee.server.home}/modules/javax.servlet.jsp.jar:${j2ee.server.home}/modules/javax.servlet.jsp.jstl.jar:${j2ee.server.home}/modules/javax.security.auth.message-api.jar:${j2ee.server.home}/modules/javax.servlet.jsp.jstl-api.jar:${j2ee.server.home}/modules/javax.resource-api.jar:${j2ee.server.home}/modules/javax.ejb-api.jar:${j2ee.server.home}/modules/javax.management.j2ee-api.jar:${j2ee.server.home}/modules/javax.ws.rs-api.jar:${j2ee.server.home}/modules/bean-validator.jar:${j2ee.server.home}/modules/javax.jms-api.jar:${j2ee.server.home}/modules/javax.security.jacc-api.jar:${j2ee.server.home}/modules/javax.batch-api.jar:${j2ee.server.home}/modules/javax.xml.registry-api.jar:${j2ee.server.home}/modules/javax.el.jar:${j2ee.server.home}/modules/javax.faces.jar
45 | j2ee.platform.embeddableejb.classpath=${j2ee.server.home}/lib/embedded/glassfish-embedded-static-shell.jar
46 | j2ee.platform.wscompile.classpath=${j2ee.server.home}/modules/webservices-osgi.jar
47 | j2ee.platform.wsgen.classpath=${j2ee.server.home}/modules/webservices-osgi.jar:${j2ee.server.home}/modules/endorsed/webservices-api-osgi.jar:${j2ee.server.home}/modules/jaxb-osgi.jar:${j2ee.server.home}/modules/endorsed/jaxb-api-osgi.jar
48 | j2ee.platform.wsimport.classpath=${j2ee.server.home}/modules/webservices-osgi.jar:${j2ee.server.home}/modules/endorsed/webservices-api-osgi.jar:${j2ee.server.home}/modules/jaxb-osgi.jar:${j2ee.server.home}/modules/endorsed/jaxb-api-osgi.jar
49 | j2ee.platform.wsit.classpath=
50 | j2ee.server.type=gfv3ee6
51 | jar.compress=false
52 | javac.classpath=\
53 | ${file.reference.spring-webmvc-3.0.5.RELEASE.jar}:\
54 | ${file.reference.spring-security-taglibs-3.0.5.RELEASE.jar}:\
55 | ${file.reference.spring-web-3.0.5.RELEASE.jar}:\
56 | ${file.reference.spring-aop-3.0.5.RELEASE.jar}:\
57 | ${file.reference.spring-asm-3.0.5.RELEASE.jar}:\
58 | ${file.reference.spring-beans-3.0.5.RELEASE.jar}:\
59 | ${file.reference.spring-context-3.0.5.RELEASE.jar}:\
60 | ${file.reference.spring-core-3.0.5.RELEASE.jar}:\
61 | ${file.reference.spring-expression-3.0.5.RELEASE.jar}:\
62 | ${file.reference.commons-logging-1.2.jar}
63 | # Space-separated list of extra javac options
64 | javac.compilerargs=
65 | javac.debug=true
66 | javac.deprecation=false
67 | javac.processorpath=\
68 | ${javac.classpath}
69 | javac.source=1.5
70 | javac.target=1.5
71 | javac.test.classpath=\
72 | ${javac.classpath}:\
73 | ${build.classes.dir}:\
74 | ${libs.junit.classpath}:\
75 | ${libs.junit_4.classpath}
76 | javac.test.processorpath=${javac.test.classpath}
77 | javadoc.additionalparam=
78 | javadoc.author=false
79 | javadoc.encoding=${source.encoding}
80 | javadoc.noindex=false
81 | javadoc.nonavbar=false
82 | javadoc.notree=false
83 | javadoc.preview=true
84 | javadoc.private=false
85 | javadoc.splitindex=true
86 | javadoc.use=true
87 | javadoc.version=false
88 | javadoc.windowtitle=
89 | jspcompilation.classpath=${jspc.classpath}:${javac.classpath}
90 | lib.dir=${web.docbase.dir}/WEB-INF/lib
91 | persistence.xml.dir=${conf.dir}
92 | platform.active=default_platform
93 | resource.dir=setup
94 | run.test.classpath=\
95 | ${javac.test.classpath}:\
96 | ${build.test.classes.dir}
97 | # Space-separated list of JVM arguments used when running a class with a main method or a unit test
98 | # (you may also define separate properties like run-sys-prop.name=value instead of -Dname=value):
99 | runmain.jvmargs=
100 | source.encoding=UTF-8
101 | source.root=src
102 | src.dir=${source.root}/java
103 | test.src.dir=test
104 | war.content.additional=
105 | war.ear.name=VulnerableSpring.war
106 | war.name=VulnerableSpring.war
107 | web.docbase.dir=web
108 | webinf.dir=web/WEB-INF
109 |
--------------------------------------------------------------------------------
/nbproject/project.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 | org.netbeans.modules.web.project
4 |
5 |
6 | VulnerableSpring
7 | 1.6.5
8 |
9 |
10 | ${file.reference.spring-webmvc-3.0.5.RELEASE.jar}
11 | WEB-INF/lib
12 |
13 |
14 | ${file.reference.spring-security-taglibs-3.0.5.RELEASE.jar}
15 | WEB-INF/lib
16 |
17 |
18 | ${file.reference.spring-web-3.0.5.RELEASE.jar}
19 | WEB-INF/lib
20 |
21 |
22 | ${file.reference.spring-aop-3.0.5.RELEASE.jar}
23 | WEB-INF/lib
24 |
25 |
26 | ${file.reference.spring-asm-3.0.5.RELEASE.jar}
27 | WEB-INF/lib
28 |
29 |
30 | ${file.reference.spring-beans-3.0.5.RELEASE.jar}
31 | WEB-INF/lib
32 |
33 |
34 | ${file.reference.spring-context-3.0.5.RELEASE.jar}
35 | WEB-INF/lib
36 |
37 |
38 | ${file.reference.spring-core-3.0.5.RELEASE.jar}
39 | WEB-INF/lib
40 |
41 |
42 | ${file.reference.spring-expression-3.0.5.RELEASE.jar}
43 | WEB-INF/lib
44 |
45 |
46 | ${file.reference.commons-logging-1.2.jar}
47 | WEB-INF/lib
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 | web/WEB-INF/applicationContext.xml
61 | web/WEB-INF/dispatcher-servlet.xml
62 |
63 |
64 |
65 | web/WEB-INF/applicationContext.xml
66 | web/WEB-INF/dispatcher-servlet.xml
67 |
68 |
69 |
70 |
71 |
72 |
--------------------------------------------------------------------------------
/src/conf/MANIFEST.MF:
--------------------------------------------------------------------------------
1 | Manifest-Version: 1.0
2 |
3 |
--------------------------------------------------------------------------------
/src/java/org/cysecurity/springdemo/AdminController.java:
--------------------------------------------------------------------------------
1 |
2 | package org.cysecurity.springdemo;
3 |
4 | import javax.servlet.http.HttpServletRequest;
5 | import javax.servlet.http.HttpServletResponse;
6 | import org.springframework.web.servlet.ModelAndView;
7 | import org.springframework.web.servlet.mvc.AbstractController;
8 |
9 | public class AdminController extends AbstractController{
10 | protected ModelAndView handleRequestInternal(HttpServletRequest request,
11 | HttpServletResponse response) throws Exception {
12 |
13 | ModelAndView model = new ModelAndView("Admin");
14 | return model;
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/src/java/org/cysecurity/springdemo/ErrorController.java:
--------------------------------------------------------------------------------
1 |
2 | package org.cysecurity.springdemo;
3 |
4 | import javax.servlet.http.HttpServletRequest;
5 | import javax.servlet.http.HttpServletResponse;
6 | import org.springframework.web.servlet.ModelAndView;
7 | import org.springframework.web.servlet.mvc.AbstractController;
8 |
9 | public class ErrorController extends AbstractController{
10 | protected ModelAndView handleRequestInternal(HttpServletRequest request,
11 | HttpServletResponse response) throws Exception {
12 |
13 | ModelAndView model = new ModelAndView("Error");
14 | return model;
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/src/java/org/cysecurity/springdemo/HelloController.java:
--------------------------------------------------------------------------------
1 | /*
2 | * To change this template, choose Tools | Templates
3 | * and open the template in the editor.
4 | */
5 |
6 | package org.cysecurity.springdemo;
7 | import javax.servlet.http.HttpServletRequest;
8 | import javax.servlet.http.HttpServletResponse;
9 | import org.springframework.web.servlet.ModelAndView;
10 | import org.springframework.web.servlet.mvc.AbstractController;
11 |
12 |
13 | public class HelloController extends AbstractController{
14 | protected ModelAndView handleRequestInternal(HttpServletRequest request,
15 | HttpServletResponse response) throws Exception {
16 |
17 | ModelAndView model = new ModelAndView("HelloWorld");
18 | return model;
19 | }
20 | }
21 |
--------------------------------------------------------------------------------
/web/META-INF/context.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
--------------------------------------------------------------------------------
/web/WEB-INF/applicationContext.xml:
--------------------------------------------------------------------------------
1 |
2 |
10 |
11 |
21 |
22 |
23 |
24 |
25 |
--------------------------------------------------------------------------------
/web/WEB-INF/dispatcher-servlet.xml:
--------------------------------------------------------------------------------
1 |
2 |
10 |
11 |
13 |
14 |
15 |
16 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
33 |
34 |
35 |
36 | indexController
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
54 |
55 |
58 |
61 |
62 |
63 |
--------------------------------------------------------------------------------
/web/WEB-INF/glassfish-web.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 | Keep a copy of the generated servlet class' java code.
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/web/WEB-INF/jsp/Admin.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Document : admin
3 | Created on : 28 Dec, 2014, 7:51:18 PM
4 | Author : breakthesec
5 | --%>
6 | <%
7 | if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin"))
8 | {
9 | %>
10 | <%@page contentType="text/html" pageEncoding="UTF-8"%>
11 |
12 |
13 |
14 |
15 | JSP Page
16 |
17 |
18 | Welcome to Admin Panel
19 |
20 |
21 | <%
22 |
23 | } else
24 | {
25 | response.sendRedirect("error.htm?msg=error.c403");
26 | }
27 | %>
--------------------------------------------------------------------------------
/web/WEB-INF/jsp/Error.jsp:
--------------------------------------------------------------------------------
1 | <%@ page contentType="text/html;charset=UTF-8" %>
2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
3 |
4 |
5 | Error Page :
6 |
7 | <%
8 |
9 | out.print("
");
10 | out.print("Hello "+session.getAttribute("privilege"));
11 |
12 | %>
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
--------------------------------------------------------------------------------
/web/WEB-INF/jsp/HelloWorld.jsp:
--------------------------------------------------------------------------------
1 | <%@ page contentType="text/html;charset=UTF-8" %>
2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
3 |
4 |
5 | Spring Demo
6 | <%
7 | if(session.getAttribute("privilege")==null)
8 | {
9 | session.setAttribute("privilege","user");
10 | }
11 | %>
12 | Go to Admin Panel
13 |
14 |
15 |
16 |
--------------------------------------------------------------------------------
/web/WEB-INF/messages.properties:
--------------------------------------------------------------------------------
1 | welcome.springmvc=Welcome to Spring Demo Page
2 | error.c403=You are not allowed to Access this page
--------------------------------------------------------------------------------
/web/WEB-INF/messages_en.properties:
--------------------------------------------------------------------------------
1 | welcome.springmvc=Welcome to Spring Demo Page
2 | error.c403=You are not allowed to Access this page
--------------------------------------------------------------------------------
/web/WEB-INF/web.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | contextConfigLocation
5 | /WEB-INF/applicationContext.xml
6 |
7 |
8 | org.springframework.web.context.ContextLoaderListener
9 |
10 |
11 | dispatcher
12 | org.springframework.web.servlet.DispatcherServlet
13 | 2
14 |
15 |
16 | dispatcher
17 | *.htm
18 |
19 |
20 |
21 | 30
22 |
23 |
24 |
25 | redirect.jsp
26 |
27 |
28 |
--------------------------------------------------------------------------------
/web/redirect.jsp:
--------------------------------------------------------------------------------
1 | <%--
2 | Views should be stored under the WEB-INF folder so that
3 | they are not accessible except through controller process.
4 |
5 | This JSP is here to provide a redirect to the dispatcher
6 | servlet but should be the only JSP outside of WEB-INF.
7 | --%>
8 | <%@page contentType="text/html" pageEncoding="UTF-8"%>
9 | <%
10 | response.sendRedirect("helloworld.htm");
11 | %>
12 |
--------------------------------------------------------------------------------