├── README.md ├── build.xml ├── build └── web │ ├── META-INF │ ├── MANIFEST.MF │ └── context.xml │ ├── WEB-INF │ ├── applicationContext.xml │ ├── classes │ │ └── org │ │ │ └── cysecurity │ │ │ └── springdemo │ │ │ ├── AdminController.class │ │ │ ├── ErrorController.class │ │ │ └── HelloController.class │ ├── dispatcher-servlet.xml │ ├── glassfish-web.xml │ ├── jsp │ │ ├── Admin.jsp │ │ ├── Error.jsp │ │ └── HelloWorld.jsp │ ├── lib │ │ ├── commons-logging-1.2.jar │ │ ├── spring-aop-3.0.5.RELEASE.jar │ │ ├── spring-asm-3.0.5.RELEASE.jar │ │ ├── spring-beans-3.0.5.RELEASE.jar │ │ ├── spring-context-3.0.5.RELEASE.jar │ │ ├── spring-core-3.0.5.RELEASE.jar │ │ ├── spring-expression-3.0.5.RELEASE.jar │ │ ├── spring-security-taglibs-3.0.5.RELEASE.jar │ │ ├── spring-web-3.0.5.RELEASE.jar │ │ └── spring-webmvc-3.0.5.RELEASE.jar │ ├── messages.properties │ ├── messages_en.properties │ └── web.xml │ └── redirect.jsp ├── nbproject ├── ant-deploy.xml ├── build-impl.xml ├── genfiles.properties ├── private │ ├── private.properties │ ├── private.xml │ └── retriever │ │ └── catalog.xml ├── project.properties └── project.xml ├── src ├── conf │ └── MANIFEST.MF └── java │ └── org │ └── cysecurity │ └── springdemo │ ├── AdminController.java │ ├── ErrorController.java │ └── HelloController.java └── web ├── META-INF └── context.xml ├── WEB-INF ├── applicationContext.xml ├── dispatcher-servlet.xml ├── glassfish-web.xml ├── jsp │ ├── Admin.jsp │ ├── Error.jsp │ └── HelloWorld.jsp ├── messages.properties ├── messages_en.properties └── web.xml └── redirect.jsp /README.md: -------------------------------------------------------------------------------- 1 | # VulnerableSpring 2 | Vulnerable Java based Web Application 3 | 4 | This is part of Java Vulnerable Lab : 5 | https://github.com/CSPF-Founder/JavaVulnerableLab/ 6 | -------------------------------------------------------------------------------- /build.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | Builds, tests, and runs the project VulnerableSpring. 12 | 13 | 71 | 72 | -------------------------------------------------------------------------------- /build/web/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | 3 | -------------------------------------------------------------------------------- /build/web/META-INF/context.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /build/web/WEB-INF/applicationContext.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 11 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /build/web/WEB-INF/classes/org/cysecurity/springdemo/AdminController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/classes/org/cysecurity/springdemo/AdminController.class -------------------------------------------------------------------------------- /build/web/WEB-INF/classes/org/cysecurity/springdemo/ErrorController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/classes/org/cysecurity/springdemo/ErrorController.class -------------------------------------------------------------------------------- /build/web/WEB-INF/classes/org/cysecurity/springdemo/HelloController.class: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/classes/org/cysecurity/springdemo/HelloController.class -------------------------------------------------------------------------------- /build/web/WEB-INF/dispatcher-servlet.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 11 | 13 | 14 | 15 | 16 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 33 | 34 | 35 | 36 | indexController 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 54 | 55 | 58 | 61 | 62 | 63 | -------------------------------------------------------------------------------- /build/web/WEB-INF/glassfish-web.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Keep a copy of the generated servlet class' java code. 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /build/web/WEB-INF/jsp/Admin.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | Document : admin 3 | Created on : 28 Dec, 2014, 7:51:18 PM 4 | Author : breakthesec 5 | --%> 6 | <% 7 | if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin")) 8 | { 9 | %> 10 | <%@page contentType="text/html" pageEncoding="UTF-8"%> 11 | 12 | 13 | 14 | 15 | JSP Page 16 | 17 | 18 |

Welcome to Admin Panel

19 | 20 | 21 | <% 22 | 23 | } else 24 | { 25 | response.sendRedirect("error.htm?msg=error.c403"); 26 | } 27 | %> -------------------------------------------------------------------------------- /build/web/WEB-INF/jsp/Error.jsp: -------------------------------------------------------------------------------- 1 | <%@ page contentType="text/html;charset=UTF-8" %> 2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> 3 | 4 | 5 |

Error Page :

6 | 7 | <% 8 | 9 | out.print("
"); 10 | out.print("Hello "+session.getAttribute("privilege")); 11 | 12 | %> 13 | 14 |

15 | 16 |

17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /build/web/WEB-INF/jsp/HelloWorld.jsp: -------------------------------------------------------------------------------- 1 | <%@ page contentType="text/html;charset=UTF-8" %> 2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> 3 | 4 | 5 |

Spring Demo

6 | <% 7 | if(session.getAttribute("privilege")==null) 8 | { 9 | session.setAttribute("privilege","user"); 10 | } 11 | %> 12 | Go to Admin Panel 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/commons-logging-1.2.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/commons-logging-1.2.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-aop-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-aop-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-asm-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-asm-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-beans-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-beans-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-context-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-context-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-core-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-core-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-expression-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-expression-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-security-taglibs-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-security-taglibs-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-web-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-web-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/lib/spring-webmvc-3.0.5.RELEASE.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/build/web/WEB-INF/lib/spring-webmvc-3.0.5.RELEASE.jar -------------------------------------------------------------------------------- /build/web/WEB-INF/messages.properties: -------------------------------------------------------------------------------- 1 | welcome.springmvc=Welcome to Spring Demo Page 2 | error.c403=You are not allowed to Access this page -------------------------------------------------------------------------------- /build/web/WEB-INF/messages_en.properties: -------------------------------------------------------------------------------- 1 | welcome.springmvc=Welcome to Spring Demo Page 2 | error.c403=You are not allowed to Access this page -------------------------------------------------------------------------------- /build/web/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | contextConfigLocation 5 | /WEB-INF/applicationContext.xml 6 | 7 | 8 | org.springframework.web.context.ContextLoaderListener 9 | 10 | 11 | dispatcher 12 | org.springframework.web.servlet.DispatcherServlet 13 | 2 14 | 15 | 16 | dispatcher 17 | *.htm 18 | 19 | 20 | 21 | 30 22 | 23 | 24 | 25 | redirect.jsp 26 | 27 | 28 | -------------------------------------------------------------------------------- /build/web/redirect.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | Views should be stored under the WEB-INF folder so that 3 | they are not accessible except through controller process. 4 | 5 | This JSP is here to provide a redirect to the dispatcher 6 | servlet but should be the only JSP outside of WEB-INF. 7 | --%> 8 | <%@page contentType="text/html" pageEncoding="UTF-8"%> 9 | <% 10 | response.sendRedirect("helloworld.htm"); 11 | %> 12 | -------------------------------------------------------------------------------- /nbproject/ant-deploy.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 102 | 103 | 104 | 105 | 106 | 107 | 109 | 110 | 111 | 112 | -------------------------------------------------------------------------------- /nbproject/build-impl.xml: -------------------------------------------------------------------------------- 1 | 2 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | 179 | 180 | 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | 189 | 190 | 191 | 192 | 193 | 194 | 195 | 196 | 197 | 198 | 199 | 200 | 201 | 202 | 203 | 204 | 205 | 206 | 207 | 208 | 209 | 210 | 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | 219 | 220 | 221 | 222 | 223 | 224 | 225 | 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | Must set src.dir 238 | Must set test.src.dir 239 | Must set build.dir 240 | Must set build.web.dir 241 | Must set build.generated.dir 242 | Must set dist.dir 243 | Must set build.classes.dir 244 | Must set dist.javadoc.dir 245 | Must set build.test.classes.dir 246 | Must set build.test.results.dir 247 | Must set build.classes.excludes 248 | Must set dist.war 249 | 250 | 251 | 252 | 253 | 254 | 255 | 256 | 257 | 258 | The Java EE server classpath is not correctly set up - server home directory is missing. 259 | Either open the project in the IDE and assign the server or setup the server classpath manually. 260 | For example like this: 261 | ant -Dj2ee.server.home=<app_server_installation_directory> 262 | 263 | 264 | The Java EE server classpath is not correctly set up. Your active server type is ${j2ee.server.type}. 265 | Either open the project in the IDE and assign the server or setup the server classpath manually. 266 | For example like this: 267 | ant -Duser.properties.file=<path_to_property_file> (where you put the property "j2ee.platform.classpath" in a .properties file) 268 | or ant -Dj2ee.platform.classpath=<server_classpath> (where no properties file is used) 269 | 270 | 271 | 272 | 273 | 274 | 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | 283 | 284 | 285 | 286 | 287 | 288 | 289 | 290 | 291 | 292 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | 300 | 301 | 302 | 303 | 304 | 305 | 306 | 307 | 308 | 309 | 310 | 311 | 312 | 313 | 314 | 315 | 316 | 317 | 318 | 319 | 320 | 321 | 322 | 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | 335 | 336 | 337 | 338 | 339 | 340 | 341 | 342 | 343 | 344 | 345 | 346 | 347 | 348 | 349 | 350 | 351 | 352 | 353 | 354 | 355 | 356 | 357 | 358 | 359 | 360 | 361 | 362 | 363 | 364 | 365 | Must set javac.includes 366 | 367 | 368 | 369 | 370 | 371 | 372 | 373 | 374 | 375 | 376 | 377 | 378 | 379 | 380 | 381 | 382 | 383 | 384 | 385 | 386 | 387 | 388 | 389 | 390 | 391 | 392 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | 400 | 401 | 402 | 403 | 404 | 405 | 406 | 407 | 408 | 409 | 410 | 411 | 412 | 413 | 414 | 415 | 416 | 417 | 418 | 419 | 420 | 421 | 422 | 423 | 424 | 425 | 426 | 427 | 428 | 429 | 430 | 431 | 432 | 433 | 434 | 435 | 436 | 437 | 438 | 439 | 440 | 441 | 442 | 443 | 444 | 445 | 446 | 447 | 448 | 449 | 450 | 451 | 452 | 453 | 454 | 455 | 456 | 457 | 458 | 459 | 460 | 461 | 462 | 463 | 464 | 465 | 466 | 467 | 468 | 469 | 470 | 471 | 472 | 473 | 474 | 475 | 476 | 477 | 478 | 479 | 480 | 481 | 482 | 483 | 484 | 485 | 486 | 487 | 488 | 489 | 490 | 491 | 492 | No tests executed. 493 | 494 | 495 | 496 | 497 | 498 | 499 | 500 | 501 | 502 | 503 | 504 | 505 | 506 | 507 | 508 | 509 | 510 | 511 | 512 | 513 | 514 | 515 | 516 | 517 | 518 | 519 | 520 | 521 | 522 | 523 | 524 | 525 | 526 | 527 | 528 | 529 | 530 | 531 | 532 | 533 | 534 | 535 | 536 | 537 | 538 | 539 | 540 | 541 | 542 | 543 | 544 | 545 | 546 | 547 | 548 | 549 | 550 | 551 | 552 | 553 | 554 | 555 | 556 | 557 | 558 | 559 | 560 | 561 | 562 | 563 | 564 | 565 | 566 | 567 | 568 | 569 | 570 | 571 | 572 | 573 | 574 | 575 | 576 | 577 | 578 | 579 | 580 | 581 | 582 | 583 | 584 | 585 | 586 | 587 | 588 | 589 | 590 | 591 | 592 | 593 | 594 | 595 | 596 | 597 | 598 | 599 | 600 | 601 | 602 | 603 | 604 | 605 | 606 | 607 | 608 | 609 | 610 | 611 | 612 | 613 | 614 | 615 | 616 | 617 | 618 | 619 | 620 | 621 | 622 | 623 | 624 | 625 | 626 | 627 | 628 | 629 | 630 | 631 | 632 | 633 | 634 | 635 | 636 | 637 | 638 | 639 | 640 | 641 | 642 | 643 | 644 | 645 | 646 | 647 | 648 | 649 | 650 | 651 | 652 | 653 | 654 | 655 | 656 | 657 | 658 | 659 | 660 | 661 | 662 | 663 | 664 | 665 | 666 | 667 | 668 | 669 | 670 | 671 | 672 | 673 | 674 | 675 | 676 | 677 | 678 | 679 | 680 | 681 | 682 | 683 | 684 | 685 | 686 | 687 | 688 | 689 | 690 | 691 | 692 | 693 | 694 | 695 | 696 | 697 | 698 | 699 | 700 | 701 | 702 | 703 | 704 | 705 | 706 | 707 | 708 | 709 | 710 | 711 | 712 | 713 | 714 | 715 | 716 | 717 | 718 | 719 | 720 | 721 | 722 | 723 | 724 | 725 | 726 | 727 | 728 | 729 | 730 | 731 | 732 | 733 | 734 | 735 | 736 | 737 | 738 | 739 | 740 | 741 | 742 | 743 | 744 | 745 | 746 | 747 | 748 | 749 | 750 | 751 | 752 | 753 | 754 | 755 | 756 | 757 | 758 | 759 | 760 | 761 | 762 | 763 | 764 | 765 | 766 | 767 | 768 | 769 | 770 | 771 | 772 | 773 | 774 | 775 | 776 | 777 | 778 | 779 | 780 | 781 | 782 | 783 | 784 | 785 | 786 | 787 | 788 | 789 | 790 | 791 | 792 | 793 | 794 | 795 | 796 | 797 | 798 | The libs.CopyLibs.classpath property is not set up. 799 | This property must point to 800 | org-netbeans-modules-java-j2seproject-copylibstask.jar file which is part 801 | of NetBeans IDE installation and is usually located at 802 | <netbeans_installation>/java<version>/ant/extra folder. 803 | Either open the project in the IDE and make sure CopyLibs library 804 | exists or setup the property manually. For example like this: 805 | ant -Dlibs.CopyLibs.classpath=a/path/to/org-netbeans-modules-java-j2seproject-copylibstask.jar 806 | 807 | 808 | 809 | 810 | 811 | 812 | 813 | 814 | 815 | 816 | 817 | 818 | 819 | 820 | 821 | 822 | 823 | 824 | 825 | 826 | 827 | 828 | 829 | 830 | 831 | 832 | 835 | 836 | 837 | 838 | 839 | 840 | 841 | 842 | 843 | 844 | 845 | Must set JVM to use for profiling in profiler.info.jvm 846 | Must set profiler agent JVM arguments in profiler.info.jvmargs.agent 847 | 848 | 851 | 852 | 855 | 856 | 857 | 858 | 859 | 860 | 861 | 862 | 863 | 864 | 865 | 866 | 867 | 868 | 869 | 870 | 871 | 872 | 873 | 874 | 875 | 876 | 877 | 878 | 879 | 880 | 881 | 882 | 883 | 884 | 885 | 886 | 887 | 888 | 889 | 890 | 891 | 892 | 893 | 894 | 895 | 896 | 897 | 898 | 899 | 900 | 901 | Must select some files in the IDE or set javac.includes 902 | 903 | 904 | 905 | 906 | 907 | 908 | 909 | 910 | 911 | 912 | 913 | 914 | 915 | 916 | 917 | 918 | 919 | 920 | 921 | 922 | 923 | 924 | 925 | 926 | 927 | 928 | 929 | 930 | 931 | 932 | 933 | 934 | Must select some files in the IDE or set javac.jsp.includes 935 | 936 | 937 | 938 | 939 | 940 | 941 | 942 | 943 | 944 | 945 | 946 | 947 | 948 | 949 | 950 | 951 | 952 | 953 | 954 | 955 | 956 | 957 | 958 | 959 | 960 | Must select a file in the IDE or set jsp.includes 961 | 962 | 963 | 966 | 967 | 968 | 969 | 970 | 971 | 972 | 973 | 974 | 975 | 976 | 977 | 978 | 979 | 980 | 981 | 982 | 983 | 984 | 985 | 986 | 987 | 988 | 989 | 990 | 991 | 992 | 993 | 994 | 995 | 996 | 997 | 998 | 999 | 1000 | 1001 | 1002 | 1003 | 1004 | 1005 | 1006 | 1007 | 1008 | 1009 | 1010 | 1011 | 1012 | 1013 | 1014 | 1015 | 1016 | 1017 | 1018 | 1019 | 1020 | 1021 | 1022 | 1023 | 1024 | 1025 | 1026 | 1027 | 1028 | 1029 | 1030 | 1031 | 1032 | 1033 | 1034 | 1035 | 1036 | 1037 | 1038 | 1039 | 1040 | 1041 | 1044 | 1045 | 1046 | 1047 | 1048 | 1049 | 1050 | 1051 | 1052 | 1053 | 1054 | 1055 | 1056 | 1057 | 1058 | 1059 | 1060 | 1061 | 1062 | 1063 | 1064 | 1065 | 1066 | 1067 | 1068 | 1069 | 1070 | 1071 | 1072 | 1073 | 1074 | 1075 | 1076 | 1077 | 1078 | 1079 | 1080 | 1081 | 1082 | 1083 | 1084 | 1085 | 1086 | 1087 | 1088 | 1089 | 1090 | 1091 | 1092 | 1093 | 1094 | 1095 | 1096 | 1097 | 1098 | 1099 | 1100 | 1101 | 1102 | 1103 | 1104 | 1105 | 1106 | 1107 | 1108 | 1109 | 1110 | 1111 | 1112 | 1113 | 1114 | 1115 | 1116 | 1117 | 1118 | 1119 | 1120 | 1121 | 1122 | 1123 | 1124 | 1125 | 1126 | 1127 | 1128 | 1129 | 1130 | 1131 | 1132 | 1133 | 1134 | 1135 | 1136 | 1137 | 1138 | 1139 | 1140 | 1141 | 1142 | 1143 | 1144 | 1145 | 1146 | 1147 | 1148 | Browser not found, cannot launch the deployed application. Try to set the BROWSER environment variable. 1149 | 1150 | 1151 | Launching ${browse.url} 1152 | 1153 | 1154 | 1155 | 1156 | 1157 | Must select one file in the IDE or set run.class 1158 | 1159 | 1160 | 1161 | Must select one file in the IDE or set run.class 1162 | 1163 | 1164 | 1165 | 1166 | 1167 | 1170 | 1171 | 1172 | 1173 | 1174 | 1175 | 1176 | 1177 | 1178 | 1179 | 1180 | 1181 | 1182 | 1183 | 1184 | 1185 | 1186 | 1187 | 1188 | 1189 | 1190 | 1191 | 1192 | 1193 | 1194 | 1195 | 1196 | 1197 | 1198 | 1199 | 1200 | 1201 | Must select one file in the IDE or set debug.class 1202 | 1203 | 1204 | 1205 | 1206 | 1207 | 1208 | 1209 | 1210 | 1211 | 1212 | 1213 | Must select one file in the IDE or set debug.class 1214 | 1215 | 1216 | 1217 | 1218 | Must set fix.includes 1219 | 1220 | 1221 | 1222 | 1223 | 1224 | 1225 | 1230 | 1233 | 1234 | 1235 | 1236 | 1237 | 1238 | 1239 | 1240 | 1241 | 1242 | 1243 | 1244 | 1245 | 1246 | 1247 | 1248 | 1249 | 1250 | 1251 | 1252 | 1253 | 1254 | 1255 | This target only works when run from inside the NetBeans IDE. 1256 | 1257 | 1258 | 1259 | 1260 | 1261 | 1262 | 1263 | 1264 | 1265 | 1266 | 1267 | 1268 | 1269 | 1270 | 1271 | 1272 | 1273 | 1274 | 1275 | 1276 | 1277 | 1278 | 1279 | 1280 | 1281 | 1282 | 1283 | 1284 | 1285 | 1286 | 1287 | 1288 | 1289 | 1290 | 1291 | 1292 | 1293 | 1294 | 1295 | 1296 | 1297 | 1298 | 1299 | 1300 | 1301 | 1302 | 1303 | 1304 | 1305 | 1306 | 1309 | 1310 | 1311 | 1312 | 1313 | 1314 | 1315 | 1316 | 1317 | 1318 | 1319 | 1320 | 1321 | 1322 | 1323 | 1324 | 1325 | 1326 | 1327 | 1328 | 1329 | 1330 | 1331 | 1332 | 1333 | 1334 | 1335 | 1339 | 1340 | 1341 | 1342 | 1343 | 1344 | 1345 | 1346 | 1347 | 1348 | 1349 | 1350 | 1351 | 1352 | 1353 | 1354 | 1355 | 1356 | 1357 | 1358 | 1359 | 1360 | 1361 | 1362 | 1363 | Must select some files in the IDE or set javac.includes 1364 | 1365 | 1366 | 1367 | 1368 | 1369 | 1370 | 1371 | 1372 | 1373 | 1374 | 1378 | 1379 | 1380 | 1381 | 1382 | 1383 | 1384 | 1385 | Some tests failed; see details above. 1386 | 1387 | 1388 | 1389 | 1390 | 1391 | 1392 | 1393 | 1394 | Must select some files in the IDE or set test.includes 1395 | 1396 | 1397 | 1398 | Some tests failed; see details above. 1399 | 1400 | 1401 | 1402 | Must select some files in the IDE or set test.class 1403 | Must select some method in the IDE or set test.method 1404 | 1405 | 1406 | 1407 | Some tests failed; see details above. 1408 | 1409 | 1410 | 1414 | 1415 | Must select one file in the IDE or set test.class 1416 | 1417 | 1418 | 1419 | Must select one file in the IDE or set test.class 1420 | Must select some method in the IDE or set test.method 1421 | 1422 | 1423 | 1424 | 1425 | 1426 | 1427 | 1428 | 1429 | 1430 | 1431 | 1432 | 1436 | 1437 | 1438 | 1439 | 1440 | 1441 | 1442 | 1443 | 1444 | 1445 | 1446 | 1447 | 1448 | 1449 | 1450 | 1451 | 1452 | 1453 | 1454 | 1455 | 1456 | 1457 | 1458 | 1459 | 1460 | 1461 | 1462 | 1463 | -------------------------------------------------------------------------------- /nbproject/genfiles.properties: -------------------------------------------------------------------------------- 1 | build.xml.data.CRC32=1978b2e4 2 | build.xml.script.CRC32=0cdce8e3 3 | build.xml.stylesheet.CRC32=651128d4@1.67.1.1 4 | # This file is used by a NetBeans-based IDE to track changes in generated files such as build-impl.xml. 5 | # Do not edit this file. You may delete it but then the IDE will never regenerate such files for you. 6 | nbproject/build-impl.xml.data.CRC32=1978b2e4 7 | nbproject/build-impl.xml.script.CRC32=222aa4d3 8 | nbproject/build-impl.xml.stylesheet.CRC32=99ea4b56@1.67.1.1 9 | -------------------------------------------------------------------------------- /nbproject/private/private.properties: -------------------------------------------------------------------------------- 1 | deploy.ant.properties.file=/home/breakthesec/.netbeans/8.0/config/GlassFishEE6/Properties/gfv32054444240.properties 2 | j2ee.platform.is.jsr109=true 3 | j2ee.server.domain=/home/breakthesec/glassfish-4.0/glassfish/domains/domain1 4 | j2ee.server.home=/home/breakthesec/glassfish-4.0/glassfish 5 | j2ee.server.instance=[/home/breakthesec/glassfish-4.0/glassfish:/home/breakthesec/glassfish-4.0/glassfish/domains/domain1]deployer:gfv3ee6:localhost:4848 6 | j2ee.server.middleware=/home/breakthesec/glassfish-4.0 7 | javac.debug=true 8 | javadoc.preview=true 9 | selected.browser=default 10 | user.properties.file=/home/breakthesec/.netbeans/8.0/build.properties 11 | -------------------------------------------------------------------------------- /nbproject/private/private.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | file:/home/breakthesec/NetBeansProjects/VulnerableSpring/src/java/org/cysecurity/springdemo/AdminController.java 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /nbproject/private/retriever/catalog.xml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/CSPF-Founder/VulnerableSpring/28a9b4738d9eb1e62c9de41a058b55573332d10a/nbproject/private/retriever/catalog.xml -------------------------------------------------------------------------------- /nbproject/project.properties: -------------------------------------------------------------------------------- 1 | annotation.processing.enabled=true 2 | annotation.processing.enabled.in.editor=true 3 | annotation.processing.processors.list= 4 | annotation.processing.run.all.processors=true 5 | annotation.processing.source.output=${build.generated.sources.dir}/ap-source-output 6 | auxiliary.org-netbeans-modules-web-clientproject-api.js_2e_libs_2e_folder=js/libs 7 | build.classes.dir=${build.web.dir}/WEB-INF/classes 8 | build.classes.excludes=**/*.java,**/*.form 9 | build.dir=build 10 | build.generated.dir=${build.dir}/generated 11 | build.generated.sources.dir=${build.dir}/generated-sources 12 | build.test.classes.dir=${build.dir}/test/classes 13 | build.test.results.dir=${build.dir}/test/results 14 | build.web.dir=${build.dir}/web 15 | build.web.excludes=${build.classes.excludes} 16 | client.urlPart= 17 | compile.jsps=false 18 | conf.dir=${source.root}/conf 19 | debug.classpath=${build.classes.dir}:${javac.classpath} 20 | debug.test.classpath=\ 21 | ${run.test.classpath} 22 | display.browser=true 23 | dist.dir=dist 24 | dist.ear.war=${dist.dir}/${war.ear.name} 25 | dist.javadoc.dir=${dist.dir}/javadoc 26 | dist.war=${dist.dir}/${war.name} 27 | endorsed.classpath= 28 | excludes= 29 | file.reference.commons-logging-1.2.jar=/media/breakthesec/Extra/GuestFolder/jar libs/commons-logging-1.2.jar 30 | file.reference.spring-aop-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-aop-3.0.5.RELEASE.jar 31 | file.reference.spring-asm-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-asm-3.0.5.RELEASE.jar 32 | file.reference.spring-beans-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-beans-3.0.5.RELEASE.jar 33 | file.reference.spring-context-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-context-3.0.5.RELEASE.jar 34 | file.reference.spring-core-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-core-3.0.5.RELEASE.jar 35 | file.reference.spring-expression-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-expression-3.0.5.RELEASE.jar 36 | file.reference.spring-security-taglibs-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-security-taglibs-3.0.5.RELEASE.jar 37 | file.reference.spring-web-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-web-3.0.5.RELEASE.jar 38 | file.reference.spring-webmvc-3.0.5.RELEASE.jar=/media/breakthesec/Extra/GuestFolder/jar libs/spring-webmvc-3.0.5.RELEASE.jar 39 | includes=** 40 | j2ee.compile.on.save=true 41 | j2ee.copy.static.files.on.save=true 42 | j2ee.deploy.on.save=true 43 | j2ee.platform=1.5 44 | j2ee.platform.classpath=${j2ee.server.middleware}/mq/lib/jaxm-api.jar:${j2ee.server.home}/modules/endorsed/jaxb-api-osgi.jar:${j2ee.server.home}/modules/endorsed/javax.annotation-api.jar:${j2ee.server.home}/modules/endorsed/webservices-api-osgi.jar:${j2ee.server.home}/modules/javax.servlet.jsp-api.jar:${j2ee.server.home}/modules/javax.interceptor-api.jar:${j2ee.server.home}/modules/javax.persistence.jar:${j2ee.server.home}/modules/javax.enterprise.concurrent-api.jar:${j2ee.server.home}/modules/javax.transaction-api.jar:${j2ee.server.home}/modules/webservices-osgi.jar:${j2ee.server.home}/modules/javax.inject.jar:${j2ee.server.home}/modules/weld-osgi-bundle.jar:${j2ee.server.home}/modules/javax.mail.jar:${j2ee.server.home}/modules/jaxb-osgi.jar:${j2ee.server.home}/modules/javax.json.jar:${j2ee.server.home}/modules/javax.enterprise.concurrent.jar:${j2ee.server.home}/modules/javax.servlet-api.jar:${j2ee.server.home}/modules/javax.xml.rpc-api.jar:${j2ee.server.home}/modules/javax.websocket-api.jar:${j2ee.server.home}/modules/javax.enterprise.deploy-api.jar:${j2ee.server.home}/modules/javax.servlet.jsp.jar:${j2ee.server.home}/modules/javax.servlet.jsp.jstl.jar:${j2ee.server.home}/modules/javax.security.auth.message-api.jar:${j2ee.server.home}/modules/javax.servlet.jsp.jstl-api.jar:${j2ee.server.home}/modules/javax.resource-api.jar:${j2ee.server.home}/modules/javax.ejb-api.jar:${j2ee.server.home}/modules/javax.management.j2ee-api.jar:${j2ee.server.home}/modules/javax.ws.rs-api.jar:${j2ee.server.home}/modules/bean-validator.jar:${j2ee.server.home}/modules/javax.jms-api.jar:${j2ee.server.home}/modules/javax.security.jacc-api.jar:${j2ee.server.home}/modules/javax.batch-api.jar:${j2ee.server.home}/modules/javax.xml.registry-api.jar:${j2ee.server.home}/modules/javax.el.jar:${j2ee.server.home}/modules/javax.faces.jar 45 | j2ee.platform.embeddableejb.classpath=${j2ee.server.home}/lib/embedded/glassfish-embedded-static-shell.jar 46 | j2ee.platform.wscompile.classpath=${j2ee.server.home}/modules/webservices-osgi.jar 47 | j2ee.platform.wsgen.classpath=${j2ee.server.home}/modules/webservices-osgi.jar:${j2ee.server.home}/modules/endorsed/webservices-api-osgi.jar:${j2ee.server.home}/modules/jaxb-osgi.jar:${j2ee.server.home}/modules/endorsed/jaxb-api-osgi.jar 48 | j2ee.platform.wsimport.classpath=${j2ee.server.home}/modules/webservices-osgi.jar:${j2ee.server.home}/modules/endorsed/webservices-api-osgi.jar:${j2ee.server.home}/modules/jaxb-osgi.jar:${j2ee.server.home}/modules/endorsed/jaxb-api-osgi.jar 49 | j2ee.platform.wsit.classpath= 50 | j2ee.server.type=gfv3ee6 51 | jar.compress=false 52 | javac.classpath=\ 53 | ${file.reference.spring-webmvc-3.0.5.RELEASE.jar}:\ 54 | ${file.reference.spring-security-taglibs-3.0.5.RELEASE.jar}:\ 55 | ${file.reference.spring-web-3.0.5.RELEASE.jar}:\ 56 | ${file.reference.spring-aop-3.0.5.RELEASE.jar}:\ 57 | ${file.reference.spring-asm-3.0.5.RELEASE.jar}:\ 58 | ${file.reference.spring-beans-3.0.5.RELEASE.jar}:\ 59 | ${file.reference.spring-context-3.0.5.RELEASE.jar}:\ 60 | ${file.reference.spring-core-3.0.5.RELEASE.jar}:\ 61 | ${file.reference.spring-expression-3.0.5.RELEASE.jar}:\ 62 | ${file.reference.commons-logging-1.2.jar} 63 | # Space-separated list of extra javac options 64 | javac.compilerargs= 65 | javac.debug=true 66 | javac.deprecation=false 67 | javac.processorpath=\ 68 | ${javac.classpath} 69 | javac.source=1.5 70 | javac.target=1.5 71 | javac.test.classpath=\ 72 | ${javac.classpath}:\ 73 | ${build.classes.dir}:\ 74 | ${libs.junit.classpath}:\ 75 | ${libs.junit_4.classpath} 76 | javac.test.processorpath=${javac.test.classpath} 77 | javadoc.additionalparam= 78 | javadoc.author=false 79 | javadoc.encoding=${source.encoding} 80 | javadoc.noindex=false 81 | javadoc.nonavbar=false 82 | javadoc.notree=false 83 | javadoc.preview=true 84 | javadoc.private=false 85 | javadoc.splitindex=true 86 | javadoc.use=true 87 | javadoc.version=false 88 | javadoc.windowtitle= 89 | jspcompilation.classpath=${jspc.classpath}:${javac.classpath} 90 | lib.dir=${web.docbase.dir}/WEB-INF/lib 91 | persistence.xml.dir=${conf.dir} 92 | platform.active=default_platform 93 | resource.dir=setup 94 | run.test.classpath=\ 95 | ${javac.test.classpath}:\ 96 | ${build.test.classes.dir} 97 | # Space-separated list of JVM arguments used when running a class with a main method or a unit test 98 | # (you may also define separate properties like run-sys-prop.name=value instead of -Dname=value): 99 | runmain.jvmargs= 100 | source.encoding=UTF-8 101 | source.root=src 102 | src.dir=${source.root}/java 103 | test.src.dir=test 104 | war.content.additional= 105 | war.ear.name=VulnerableSpring.war 106 | war.name=VulnerableSpring.war 107 | web.docbase.dir=web 108 | webinf.dir=web/WEB-INF 109 | -------------------------------------------------------------------------------- /nbproject/project.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | org.netbeans.modules.web.project 4 | 5 | 6 | VulnerableSpring 7 | 1.6.5 8 | 9 | 10 | ${file.reference.spring-webmvc-3.0.5.RELEASE.jar} 11 | WEB-INF/lib 12 | 13 | 14 | ${file.reference.spring-security-taglibs-3.0.5.RELEASE.jar} 15 | WEB-INF/lib 16 | 17 | 18 | ${file.reference.spring-web-3.0.5.RELEASE.jar} 19 | WEB-INF/lib 20 | 21 | 22 | ${file.reference.spring-aop-3.0.5.RELEASE.jar} 23 | WEB-INF/lib 24 | 25 | 26 | ${file.reference.spring-asm-3.0.5.RELEASE.jar} 27 | WEB-INF/lib 28 | 29 | 30 | ${file.reference.spring-beans-3.0.5.RELEASE.jar} 31 | WEB-INF/lib 32 | 33 | 34 | ${file.reference.spring-context-3.0.5.RELEASE.jar} 35 | WEB-INF/lib 36 | 37 | 38 | ${file.reference.spring-core-3.0.5.RELEASE.jar} 39 | WEB-INF/lib 40 | 41 | 42 | ${file.reference.spring-expression-3.0.5.RELEASE.jar} 43 | WEB-INF/lib 44 | 45 | 46 | ${file.reference.commons-logging-1.2.jar} 47 | WEB-INF/lib 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | web/WEB-INF/applicationContext.xml 61 | web/WEB-INF/dispatcher-servlet.xml 62 | 63 | 64 | 65 | web/WEB-INF/applicationContext.xml 66 | web/WEB-INF/dispatcher-servlet.xml 67 | 68 | 69 | 70 | 71 | 72 | -------------------------------------------------------------------------------- /src/conf/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | 3 | -------------------------------------------------------------------------------- /src/java/org/cysecurity/springdemo/AdminController.java: -------------------------------------------------------------------------------- 1 | 2 | package org.cysecurity.springdemo; 3 | 4 | import javax.servlet.http.HttpServletRequest; 5 | import javax.servlet.http.HttpServletResponse; 6 | import org.springframework.web.servlet.ModelAndView; 7 | import org.springframework.web.servlet.mvc.AbstractController; 8 | 9 | public class AdminController extends AbstractController{ 10 | protected ModelAndView handleRequestInternal(HttpServletRequest request, 11 | HttpServletResponse response) throws Exception { 12 | 13 | ModelAndView model = new ModelAndView("Admin"); 14 | return model; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /src/java/org/cysecurity/springdemo/ErrorController.java: -------------------------------------------------------------------------------- 1 | 2 | package org.cysecurity.springdemo; 3 | 4 | import javax.servlet.http.HttpServletRequest; 5 | import javax.servlet.http.HttpServletResponse; 6 | import org.springframework.web.servlet.ModelAndView; 7 | import org.springframework.web.servlet.mvc.AbstractController; 8 | 9 | public class ErrorController extends AbstractController{ 10 | protected ModelAndView handleRequestInternal(HttpServletRequest request, 11 | HttpServletResponse response) throws Exception { 12 | 13 | ModelAndView model = new ModelAndView("Error"); 14 | return model; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /src/java/org/cysecurity/springdemo/HelloController.java: -------------------------------------------------------------------------------- 1 | /* 2 | * To change this template, choose Tools | Templates 3 | * and open the template in the editor. 4 | */ 5 | 6 | package org.cysecurity.springdemo; 7 | import javax.servlet.http.HttpServletRequest; 8 | import javax.servlet.http.HttpServletResponse; 9 | import org.springframework.web.servlet.ModelAndView; 10 | import org.springframework.web.servlet.mvc.AbstractController; 11 | 12 | 13 | public class HelloController extends AbstractController{ 14 | protected ModelAndView handleRequestInternal(HttpServletRequest request, 15 | HttpServletResponse response) throws Exception { 16 | 17 | ModelAndView model = new ModelAndView("HelloWorld"); 18 | return model; 19 | } 20 | } 21 | -------------------------------------------------------------------------------- /web/META-INF/context.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /web/WEB-INF/applicationContext.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 11 | 21 | 22 | 23 | 24 | 25 | -------------------------------------------------------------------------------- /web/WEB-INF/dispatcher-servlet.xml: -------------------------------------------------------------------------------- 1 | 2 | 10 | 11 | 13 | 14 | 15 | 16 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 33 | 34 | 35 | 36 | indexController 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 54 | 55 | 58 | 61 | 62 | 63 | -------------------------------------------------------------------------------- /web/WEB-INF/glassfish-web.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | Keep a copy of the generated servlet class' java code. 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /web/WEB-INF/jsp/Admin.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | Document : admin 3 | Created on : 28 Dec, 2014, 7:51:18 PM 4 | Author : breakthesec 5 | --%> 6 | <% 7 | if(session.getAttribute("privilege")!=null && session.getAttribute("privilege").equals("admin")) 8 | { 9 | %> 10 | <%@page contentType="text/html" pageEncoding="UTF-8"%> 11 | 12 | 13 | 14 | 15 | JSP Page 16 | 17 | 18 |

Welcome to Admin Panel

19 | 20 | 21 | <% 22 | 23 | } else 24 | { 25 | response.sendRedirect("error.htm?msg=error.c403"); 26 | } 27 | %> -------------------------------------------------------------------------------- /web/WEB-INF/jsp/Error.jsp: -------------------------------------------------------------------------------- 1 | <%@ page contentType="text/html;charset=UTF-8" %> 2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> 3 | 4 | 5 |

Error Page :

6 | 7 | <% 8 | 9 | out.print("
"); 10 | out.print("Hello "+session.getAttribute("privilege")); 11 | 12 | %> 13 | 14 |

15 | 16 |

17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /web/WEB-INF/jsp/HelloWorld.jsp: -------------------------------------------------------------------------------- 1 | <%@ page contentType="text/html;charset=UTF-8" %> 2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %> 3 | 4 | 5 |

Spring Demo

6 | <% 7 | if(session.getAttribute("privilege")==null) 8 | { 9 | session.setAttribute("privilege","user"); 10 | } 11 | %> 12 | Go to Admin Panel 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /web/WEB-INF/messages.properties: -------------------------------------------------------------------------------- 1 | welcome.springmvc=Welcome to Spring Demo Page 2 | error.c403=You are not allowed to Access this page -------------------------------------------------------------------------------- /web/WEB-INF/messages_en.properties: -------------------------------------------------------------------------------- 1 | welcome.springmvc=Welcome to Spring Demo Page 2 | error.c403=You are not allowed to Access this page -------------------------------------------------------------------------------- /web/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | contextConfigLocation 5 | /WEB-INF/applicationContext.xml 6 | 7 | 8 | org.springframework.web.context.ContextLoaderListener 9 | 10 | 11 | dispatcher 12 | org.springframework.web.servlet.DispatcherServlet 13 | 2 14 | 15 | 16 | dispatcher 17 | *.htm 18 | 19 | 20 | 21 | 30 22 | 23 | 24 | 25 | redirect.jsp 26 | 27 | 28 | -------------------------------------------------------------------------------- /web/redirect.jsp: -------------------------------------------------------------------------------- 1 | <%-- 2 | Views should be stored under the WEB-INF folder so that 3 | they are not accessible except through controller process. 4 | 5 | This JSP is here to provide a redirect to the dispatcher 6 | servlet but should be the only JSP outside of WEB-INF. 7 | --%> 8 | <%@page contentType="text/html" pageEncoding="UTF-8"%> 9 | <% 10 | response.sendRedirect("helloworld.htm"); 11 | %> 12 | --------------------------------------------------------------------------------