Examples with AuthenticationMethod org.zaproxy.zap.authentication.AuthenticationMethod used on opensource projects

Search in sources :

Example 1 with AuthenticationMethod

use of org.zaproxy.zap.authentication.AuthenticationMethod in project zaproxy by zaproxy.

the class ContextAPI method buildResponseFromContext.

/**
 * Builds the response describing an Context.
 *
 * @param c the context
 * @return the api response
 */
private ApiResponse buildResponseFromContext(Context c) {
    Map<String, String> fields = new HashMap<>();
    fields.put("name", c.getName());
    fields.put("id", Integer.toString(c.getId()));
    fields.put("description", c.getDescription());
    fields.put("inScope", Boolean.toString(c.isInScope()));
    fields.put("excludeRegexs", jsonEncodeList(c.getExcludeFromContextRegexs()));
    fields.put("includeRegexs", jsonEncodeList(c.getIncludeInContextRegexs()));
    AuthenticationMethod authenticationMethod = c.getAuthenticationMethod();
    if (authenticationMethod != null) {
        Pattern pattern = authenticationMethod.getLoggedInIndicatorPattern();
        fields.put("loggedInPattern", pattern == null ? "" : pattern.toString());
        pattern = authenticationMethod.getLoggedOutIndicatorPattern();
        fields.put("loggedOutPattern", pattern == null ? "" : pattern.toString());
        AuthenticationMethodType type = authenticationMethod.getType();
        fields.put("authType", type == null ? "" : type.getName());
        AuthCheckingStrategy strategy = authenticationMethod.getAuthCheckingStrategy();
        fields.put(PARAM_CHECKING_STRATEGRY, strategy == null ? "" : strategy.name());
        if (AuthCheckingStrategy.POLL_URL.equals(strategy)) {
            fields.put(PARAM_POLL_URL, authenticationMethod.getPollUrl());
            fields.put(PARAM_POLL_DATA, authenticationMethod.getPollData());
            fields.put(PARAM_POLL_HEADERS, authenticationMethod.getPollData());
            fields.put(PARAM_POLL_FREQ, Integer.toString(authenticationMethod.getPollFrequency()));
            AuthPollFrequencyUnits units = authenticationMethod.getPollFrequencyUnits();
            fields.put(PARAM_POLL_FREQ_UNITS, units == null ? "" : units.name());
        }
    }
    AuthorizationDetectionMethod authorizationDetectionMethod = c.getAuthorizationDetectionMethod();
    if (authorizationDetectionMethod != null) {
        fields.put("authenticationDetectionMethodId", String.valueOf(authorizationDetectionMethod.getMethodUniqueIdentifier()));
    }
    fields.put("urlParameterParserClass", c.getUrlParamParser().getClass().getCanonicalName());
    fields.put("urlParameterParserConfig", c.getUrlParamParser().getConfig());
    fields.put("postParameterParserClass", c.getPostParamParser().getClass().getCanonicalName());
    fields.put("postParameterParserConfig", c.getPostParamParser().getConfig());
    return new ApiResponseSet<>("context", fields);
}
Also used : AuthorizationDetectionMethod(org.zaproxy.zap.extension.authorization.AuthorizationDetectionMethod) Pattern(java.util.regex.Pattern) AuthenticationMethodType(org.zaproxy.zap.authentication.AuthenticationMethodType) HashMap(java.util.HashMap) AuthPollFrequencyUnits(org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits) AuthCheckingStrategy(org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy) AuthenticationMethod(org.zaproxy.zap.authentication.AuthenticationMethod)

Example 2 with AuthenticationMethod

use of org.zaproxy.zap.authentication.AuthenticationMethod in project zaproxy by zaproxy.

the class ExtensionAuthenticationUnitTest method shouldImportAllAuthContextData.

@Test
void shouldImportAllAuthContextData() throws ConfigurationException {
    // Given
    Context context = new Context(null, 0);
    String loggedInIndicator = "logged in";
    String loggedOutIndicator = "logged out";
    String pollUrl = "https://www.example.com/poll";
    String pollData = "example-poll-data";
    String pollHeaders = "aaa : bbb\\Nccc : ddd";
    int pollFreq = 55;
    Configuration config = new ZapXmlConfiguration();
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_TYPE, 2);
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_STRATEGY, AuthCheckingStrategy.POLL_URL.name());
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_URL, pollUrl);
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_DATA, pollData);
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_HEADERS, pollHeaders);
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_FREQ, pollFreq);
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_UNITS, AuthPollFrequencyUnits.REQUESTS.name());
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDIN, loggedInIndicator);
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDOUT, loggedOutIndicator);
    ExtensionHook hook = new ExtensionHook(Model.getSingleton(), null);
    extensionAuthentication.hook(hook);
    // When
    extensionAuthentication.importContextData(context, config);
    AuthenticationMethod method = context.getAuthenticationMethod();
    // Then
    assertThat(method.getClass().getCanonicalName(), is(FormBasedAuthenticationMethod.class.getCanonicalName()));
    assertThat(method.getAuthCheckingStrategy(), is(AuthCheckingStrategy.POLL_URL));
    assertThat(method.getPollUrl(), is(pollUrl));
    assertThat(method.getPollData(), is(pollData));
    assertThat(method.getPollHeaders(), is(pollHeaders));
    assertThat(method.getPollFrequencyUnits(), is(AuthPollFrequencyUnits.REQUESTS));
    assertThat(method.getPollFrequency(), is(pollFreq));
    assertThat(method.getLoggedInIndicatorPattern().toString(), is(loggedInIndicator));
    assertThat(method.getLoggedOutIndicatorPattern().toString(), is(loggedOutIndicator));
}
Also used : Context(org.zaproxy.zap.model.Context) Configuration(org.apache.commons.configuration.Configuration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) ExtensionHook(org.parosproxy.paros.extension.ExtensionHook) FormBasedAuthenticationMethod(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType.FormBasedAuthenticationMethod) AuthenticationMethod(org.zaproxy.zap.authentication.AuthenticationMethod) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 3 with AuthenticationMethod

use of org.zaproxy.zap.authentication.AuthenticationMethod in project zaproxy by zaproxy.

the class ExtensionAuthenticationUnitTest method shouldImportContextWithNoPollData.

@Test
void shouldImportContextWithNoPollData() throws ConfigurationException {
    // Given
    Context context = new Context(null, 0);
    String loggedInIndicator = "logged in";
    String loggedOutIndicator = "logged out";
    Configuration config = new ZapXmlConfiguration();
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_TYPE, 2);
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDIN, loggedInIndicator);
    config.setProperty(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDOUT, loggedOutIndicator);
    ExtensionHook hook = new ExtensionHook(Model.getSingleton(), null);
    extensionAuthentication.hook(hook);
    // When
    extensionAuthentication.importContextData(context, config);
    AuthenticationMethod method = context.getAuthenticationMethod();
    // Then
    assertThat(method.getClass().getCanonicalName(), is(FormBasedAuthenticationMethod.class.getCanonicalName()));
    assertThat(method.getAuthCheckingStrategy(), is(AuthCheckingStrategy.EACH_RESP));
    assertThat(method.getLoggedInIndicatorPattern().toString(), is(loggedInIndicator));
    assertThat(method.getLoggedOutIndicatorPattern().toString(), is(loggedOutIndicator));
}
Also used : Context(org.zaproxy.zap.model.Context) Configuration(org.apache.commons.configuration.Configuration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) ZapXmlConfiguration(org.zaproxy.zap.utils.ZapXmlConfiguration) ExtensionHook(org.parosproxy.paros.extension.ExtensionHook) FormBasedAuthenticationMethod(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType.FormBasedAuthenticationMethod) AuthenticationMethod(org.zaproxy.zap.authentication.AuthenticationMethod) Test(org.junit.jupiter.api.Test) WithConfigsTest(org.zaproxy.zap.WithConfigsTest)

Example 4 with AuthenticationMethod

use of org.zaproxy.zap.authentication.AuthenticationMethod in project zaproxy by zaproxy.

the class ExtensionAuthentication method importContextData.

@Override
public void importContextData(Context ctx, Configuration config) throws ConfigurationException {
    int typeId = config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_TYPE, NO_AUTH_METHOD);
    if (typeId == NO_AUTH_METHOD) {
        return;
    }
    AuthenticationMethodType authMethodType = getAuthenticationMethodTypeForIdentifier(typeId);
    if (authMethodType == null) {
        log.warn("No authentication method type found for ID: " + typeId);
        return;
    }
    ctx.setAuthenticationMethod(authMethodType.createAuthenticationMethod(ctx.getId()));
    AuthenticationMethod method = ctx.getAuthenticationMethod();
    AuthCheckingStrategy strategy = AuthCheckingStrategy.valueOf(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_STRATEGY, AuthCheckingStrategy.EACH_RESP.name()));
    method.setAuthCheckingStrategy(strategy);
    method.setPollUrl(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_URL, ""));
    method.setPollData(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_DATA, ""));
    method.setPollHeaders(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_HEADERS, ""));
    method.setPollFrequency(config.getInt(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_FREQ, AuthenticationMethod.DEFAULT_POLL_FREQUENCY));
    AuthPollFrequencyUnits units = AuthPollFrequencyUnits.valueOf(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_POLL_UNITS, AuthPollFrequencyUnits.REQUESTS.name()));
    method.setPollFrequencyUnits(units);
    method.setLoggedInIndicatorPattern(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDIN, ""));
    method.setLoggedOutIndicatorPattern(config.getString(AuthenticationMethod.CONTEXT_CONFIG_AUTH_LOGGEDOUT, ""));
    method.getType().importData(config, method);
}
Also used : HttpAuthenticationMethodType(org.zaproxy.zap.authentication.HttpAuthenticationMethodType) JsonBasedAuthenticationMethodType(org.zaproxy.zap.authentication.JsonBasedAuthenticationMethodType) FormBasedAuthenticationMethodType(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType) ScriptBasedAuthenticationMethodType(org.zaproxy.zap.authentication.ScriptBasedAuthenticationMethodType) ManualAuthenticationMethodType(org.zaproxy.zap.authentication.ManualAuthenticationMethodType) AuthenticationMethodType(org.zaproxy.zap.authentication.AuthenticationMethodType) AuthPollFrequencyUnits(org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits) AuthCheckingStrategy(org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy) AuthenticationMethod(org.zaproxy.zap.authentication.AuthenticationMethod) FormBasedAuthenticationMethod(org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType.FormBasedAuthenticationMethod)

Aggregations

AuthenticationMethod (org.zaproxy.zap.authentication.AuthenticationMethod)4 FormBasedAuthenticationMethod (org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType.FormBasedAuthenticationMethod)3 Configuration (org.apache.commons.configuration.Configuration)2 Test (org.junit.jupiter.api.Test)2 ExtensionHook (org.parosproxy.paros.extension.ExtensionHook)2 WithConfigsTest (org.zaproxy.zap.WithConfigsTest)2 AuthCheckingStrategy (org.zaproxy.zap.authentication.AuthenticationMethod.AuthCheckingStrategy)2 AuthPollFrequencyUnits (org.zaproxy.zap.authentication.AuthenticationMethod.AuthPollFrequencyUnits)2 AuthenticationMethodType (org.zaproxy.zap.authentication.AuthenticationMethodType)2 Context (org.zaproxy.zap.model.Context)2 ZapXmlConfiguration (org.zaproxy.zap.utils.ZapXmlConfiguration)2 HashMap (java.util.HashMap)1 Pattern (java.util.regex.Pattern)1 FormBasedAuthenticationMethodType (org.zaproxy.zap.authentication.FormBasedAuthenticationMethodType)1 HttpAuthenticationMethodType (org.zaproxy.zap.authentication.HttpAuthenticationMethodType)1 JsonBasedAuthenticationMethodType (org.zaproxy.zap.authentication.JsonBasedAuthenticationMethodType)1 ManualAuthenticationMethodType (org.zaproxy.zap.authentication.ManualAuthenticationMethodType)1 ScriptBasedAuthenticationMethodType (org.zaproxy.zap.authentication.ScriptBasedAuthenticationMethodType)1 AuthorizationDetectionMethod (org.zaproxy.zap.extension.authorization.AuthorizationDetectionMethod)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial