-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathusers.xml
123 lines (121 loc) · 8.07 KB
/
users.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<global-method-security pre-post-annotations="enabled" />
<!--
PCS 8/27/2012
NOTE: Without Spring security, HttpServletRequest.getUserPrincipal() returns null when called from pages under Spring's control.
That method is used extensively in legacy webgoat code. Integrating Spring security into the application resolves this issue.
-->
<http pattern="/css/**" security="none"/>
<http pattern="/images/**" security="none"/>
<http pattern="/javascript/**" security="none"/>
<http pattern="/js/**" security="none"/>
<http pattern="/fonts/**" security="none"/>
<http pattern="/plugins/**" security="none"/>
<http pattern="/favicon.ico" security="none"/>
<http use-expressions="true">
<intercept-url pattern="/login.mvc" access="permitAll" />
<intercept-url pattern="/logout.mvc" access="permitAll" />
<intercept-url pattern="/index.jsp" access="permitAll" />
<intercept-url pattern="/servlet/AdminServlet/**" access="hasAnyRole('ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />
<intercept-url pattern="/JavaSource/**" access="hasRole('ROLE_SERVER_ADMIN')" />
<intercept-url pattern="/**" access="hasAnyRole('ROLE_WEBGOAT_USER','ROLE_WEBGOAT_ADMIN','ROLE_SERVER_ADMIN')" />
<form-login
login-page="/login.mvc"
default-target-url="/welcome.mvc"
authentication-failure-url="/login.mvc?error"
username-parameter="username"
password-parameter="password"
always-use-default-target="true"/>
<logout logout-url="/j_spring_security_logout" logout-success-url="/logout.mvc" />
<!-- enable csrf protection -->
<!--csrf/-->
</http>
<!-- Authentication Manager -->
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="user1" password="pgyjvsrx" authorities="ROLE_WEBGOAT_USER" />
<user name="user2" password="gqsddmuh" authorities="ROLE_WEBGOAT_USER" />
<user name="user3" password="ftvpqezn" authorities="ROLE_WEBGOAT_USER" />
<user name="user4" password="dptdvquk" authorities="ROLE_WEBGOAT_USER" />
<user name="user5" password="byakdfen" authorities="ROLE_WEBGOAT_USER" />
<user name="user6" password="sfuaxjfy" authorities="ROLE_WEBGOAT_USER" />
<user name="user7" password="ryxzvjaz" authorities="ROLE_WEBGOAT_USER" />
<user name="user8" password="yaezbrpv" authorities="ROLE_WEBGOAT_USER" />
<user name="user9" password="bqzxuhdk" authorities="ROLE_WEBGOAT_USER" />
<user name="user10" password="rerycdkt" authorities="ROLE_WEBGOAT_USER" />
<user name="user11" password="dyuqbfjz" authorities="ROLE_WEBGOAT_USER" />
<user name="user12" password="germxvwa" authorities="ROLE_WEBGOAT_USER" />
<user name="user13" password="jzdgbntc" authorities="ROLE_WEBGOAT_USER" />
<user name="user14" password="ghzpwvet" authorities="ROLE_WEBGOAT_USER" />
<user name="user15" password="ejunmtqu" authorities="ROLE_WEBGOAT_USER" />
<user name="user16" password="geukmadw" authorities="ROLE_WEBGOAT_USER" />
<user name="user17" password="zqyxpecu" authorities="ROLE_WEBGOAT_USER" />
<user name="user18" password="vkmhfyjb" authorities="ROLE_WEBGOAT_USER" />
<user name="user19" password="fmsbttcd" authorities="ROLE_WEBGOAT_USER" />
<user name="user20" password="nwxrydkg" authorities="ROLE_WEBGOAT_USER" />
<user name="user21" password="ktcmrdgu" authorities="ROLE_WEBGOAT_USER" />
<user name="user22" password="pzwpvxce" authorities="ROLE_WEBGOAT_USER" />
<user name="user23" password="jrcqwnde" authorities="ROLE_WEBGOAT_USER" />
<user name="user24" password="dxzbvfva" authorities="ROLE_WEBGOAT_USER" />
<user name="user25" password="webpsxtf" authorities="ROLE_WEBGOAT_USER" />
<user name="user26" password="yzvxsdcv" authorities="ROLE_WEBGOAT_USER" />
<user name="user27" password="trjmddhs" authorities="ROLE_WEBGOAT_USER" />
<user name="user28" password="vawrxuvn" authorities="ROLE_WEBGOAT_USER" />
<user name="user29" password="tqunjuds" authorities="ROLE_WEBGOAT_USER" />
<user name="user30" password="vgbvanzk" authorities="ROLE_WEBGOAT_USER" />
<user name="user31" password="sfmydcjn" authorities="ROLE_WEBGOAT_USER" />
<user name="user32" password="hfkdpguh" authorities="ROLE_WEBGOAT_USER" />
<user name="user33" password="rfbtkujq" authorities="ROLE_WEBGOAT_USER" />
<user name="user34" password="hmvbssak" authorities="ROLE_WEBGOAT_USER" />
<user name="user35" password="evjcdgkg" authorities="ROLE_WEBGOAT_USER" />
<user name="user36" password="vwcgndkm" authorities="ROLE_WEBGOAT_USER" />
<user name="user37" password="hnmqaudr" authorities="ROLE_WEBGOAT_USER" />
<user name="user38" password="pejabrqd" authorities="ROLE_WEBGOAT_USER" />
<user name="user39" password="ucgpsnhg" authorities="ROLE_WEBGOAT_USER" />
<user name="user40" password="gznemcvk" authorities="ROLE_WEBGOAT_USER" />
<user name="user41" password="fcxzamgk" authorities="ROLE_WEBGOAT_USER" />
<user name="user42" password="ugxeqsdj" authorities="ROLE_WEBGOAT_USER" />
<user name="user43" password="vthquqkd" authorities="ROLE_WEBGOAT_USER" />
<user name="user44" password="svsdbghc" authorities="ROLE_WEBGOAT_USER" />
<user name="user45" password="yupawkcd" authorities="ROLE_WEBGOAT_USER" />
<user name="user46" password="baqesjdw" authorities="ROLE_WEBGOAT_USER" />
<user name="user47" password="pfetamsq" authorities="ROLE_WEBGOAT_USER" />
<user name="user48" password="esdwujmh" authorities="ROLE_WEBGOAT_USER" />
<user name="user49" password="qeadpbxt" authorities="ROLE_WEBGOAT_USER" />
<user name="user50" password="buyvstak" authorities="ROLE_WEBGOAT_USER" />
<user name="user51" password="advjbpjz" authorities="ROLE_WEBGOAT_USER" />
<user name="user52" password="xpdhmyzu" authorities="ROLE_WEBGOAT_USER" />
<user name="user53" password="vxwrbfmc" authorities="ROLE_WEBGOAT_USER" />
<user name="user54" password="rseeaqth" authorities="ROLE_WEBGOAT_USER" />
<user name="user55" password="xdbzcyvp" authorities="ROLE_WEBGOAT_USER" />
<user name="user56" password="wzayddqx" authorities="ROLE_WEBGOAT_USER" />
<user name="user57" password="nymkuxzp" authorities="ROLE_WEBGOAT_USER" />
<user name="user58" password="stxredrm" authorities="ROLE_WEBGOAT_USER" />
<user name="user59" password="vbunsedx" authorities="ROLE_WEBGOAT_USER" />
<user name="user60" password="dbfukpqq" authorities="ROLE_WEBGOAT_USER" />
<user name="user61" password="mtrvpfne" authorities="ROLE_WEBGOAT_USER" />
<user name="user62" password="wazervud" authorities="ROLE_WEBGOAT_USER" />
<user name="user63" password="mfjxnvpz" authorities="ROLE_WEBGOAT_USER" />
<user name="user64" password="ufhmrctf" authorities="ROLE_WEBGOAT_USER" />
<user name="user65" password="fwahtrum" authorities="ROLE_WEBGOAT_USER" />
<user name="user66" password="ujercgxm" authorities="ROLE_WEBGOAT_USER" />
<user name="user67" password="ejbymrkg" authorities="ROLE_WEBGOAT_USER" />
<user name="user68" password="zsygbctk" authorities="ROLE_WEBGOAT_USER" />
<user name="user69" password="yvghnqtu" authorities="ROLE_WEBGOAT_USER" />
<user name="user70" password="fvtmgzbv" authorities="ROLE_WEBGOAT_USER" />
<user name="user71" password="msbtyqjp" authorities="ROLE_WEBGOAT_USER" />
<user name="user72" password="uaxsrjce" authorities="ROLE_WEBGOAT_USER" />
<user name="user73" password="uprwhdqd" authorities="ROLE_WEBGOAT_USER" />
<user name="user74" password="bndajkwm" authorities="ROLE_WEBGOAT_USER" />
<user name="user75" password="yntqfarh" authorities="ROLE_WEBGOAT_USER" />
<user name="webgoat" password="TrustFoundry7" authorities="ROLE_WEBGOAT_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>