[Owasp-webgoat] LAB: Role Based Access Control - exception
Bruce Mayhew
Bruce.Mayhew at OunceLabs.com
Wed Oct 8 07:51:12 EDT 2008
This error is confirmed. Can you please file an issue at goggle code
issues for WebGoat. I will look into it a little later and send you a
reply
Thanks
Bruce
-----Original Message-----
From: owasp-webgoat-bounces at lists.owasp.org
[mailto:owasp-webgoat-bounces at lists.owasp.org] On Behalf Of Andrew
Petukhov
Sent: Wednesday, October 08, 2008 1:35 AM
To: owasp-webgoat at lists.owasp.org
Subject: [Owasp-webgoat] LAB: Role Based Access Control - exception
Hi, everybody.
Perhaps, this topic was already discussed in this list - the I am sorry.
At least I haven't found the answer using google.
The trouble is that I cannot create user accounts in the "LAB: Role
Based Access Control".
The sequence of steps:
1. http://localhost:9090/WebGoat/attack
2. Start Web Goat
3. Click on "LAB: Role Based Access Control"
4. Login for example by John the Admin.
5. Click on CreateProfile.
As a result webgoat HR application forcefully expires my session by John
the Admin and present blank page with "Login" button.
The Tomcat console reports the following error:
Wed Oct 08 09:11:56 MSD 2008 | 127.0.0.1:127.0.0.1 |
org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl
| [Screen=37,password=john,action=Login,employee_id=111,menu=200]
org.owasp.webgoat.session.ParameterNotFoundException: employee_id not
found
at
org.owasp.webgoat.session.ParameterParser.getStringParameter(ParameterPa
rser.java:679)
at
org.owasp.webgoat.session.ParameterParser.getIntParameter(ParameterParse
r.java:462)
at
org.owasp.webgoat.lessons.RoleBasedAccessControl.EditProfile.handleReque
st(EditProfile.java:59)
at
org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl.
handleRequest(RoleBasedAccessControl.java:243)
at org.owasp.webgoat.HammerHead.makeScreen(HammerHead.java:324)
at org.owasp.webgoat.HammerHead.doPost(HammerHead.java:146)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:237)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:157)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:214)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:178)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:482)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
48)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:82
5)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC
onnection(Http11Protocol.java:731)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint
.java:526)
at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow
erWorkerThread.java:80)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool
.java:684)
at java.lang.Thread.run(Thread.java:619)
- WebGoat: Wed Oct 08 09:11:58 MSD 2008 | 127.0.0.1:127.0.0.1 |
org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl
| [Screen=37,action=CreateProfile,menu=200]
Wed Oct 08 09:11:58 MSD 2008 | 127.0.0.1:127.0.0.1 |
org.owasp.webgoat.lessons.RoleBasedAccessControl.RoleBasedAccessControl
| [Screen=37,action=CreateProfile,menu=200]
So, anybody knows solution to this? I'd be very grateful!
Thanks in advance!
Andrew
_______________________________________________
Owasp-webgoat mailing list
Owasp-webgoat at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-webgoat
More information about the Owasp-webgoat
mailing list