Examples with AuthenticationMethodType org.zaproxy.zap.authentication.AuthenticationMethodType used on opensource projects

Example 1 with AuthenticationMethodType

use of org.zaproxy.zap.authentication.AuthenticationMethodType in project zaproxy by zaproxy.

the class ContextAPI method buildResponseFromContext.

/**
	 * Builds the response describing an Context.
	 * 
	 * @param c the context
	 * @return the api response
	 */
private ApiResponse buildResponseFromContext(Context c) {
    Map<String, String> fields = new HashMap<>();
    fields.put("name", c.getName());
    fields.put("id", Integer.toString(c.getIndex()));
    fields.put("description", c.getDescription());
    fields.put("inScope", Boolean.toString(c.isInScope()));
    fields.put("excludeRegexs", c.getExcludeFromContextRegexs().toString());
    fields.put("includeRegexs", c.getIncludeInContextRegexs().toString());
    AuthenticationMethod authenticationMethod = c.getAuthenticationMethod();
    if (authenticationMethod != null) {
        Pattern pattern = authenticationMethod.getLoggedInIndicatorPattern();
        fields.put("loggedInPattern", pattern == null ? "" : pattern.toString());
        pattern = authenticationMethod.getLoggedOutIndicatorPattern();
        fields.put("loggedOutPattern", pattern == null ? "" : pattern.toString());
        AuthenticationMethodType type = authenticationMethod.getType();
        fields.put("authType", type == null ? "" : type.getName());
    }
    AuthorizationDetectionMethod authorizationDetectionMethod = c.getAuthorizationDetectionMethod();
    if (authorizationDetectionMethod != null) {
        fields.put("authenticationDetectionMethodId", String.valueOf(authorizationDetectionMethod.getMethodUniqueIdentifier()));
    }
    fields.put("urlParameterParserClass", c.getUrlParamParser().getClass().getCanonicalName());
    fields.put("urlParameterParserConfig", c.getUrlParamParser().getConfig());
    fields.put("postParameterParserClass", c.getPostParamParser().getClass().getCanonicalName());
    fields.put("postParameterParserConfig", c.getPostParamParser().getConfig());
    return new ApiResponseSet<String>("context", fields);
}

Example 2 with AuthenticationMethodType

use of org.zaproxy.zap.authentication.AuthenticationMethodType in project zaproxy by zaproxy.

the class ContextAuthenticationPanel method getAuthenticationMethodsComboBox.

/**
	 * Gets the authentication method types combo box.
	 * 
	 * @return the authentication methods combo box
	 */
protected JComboBox<AuthenticationMethodType> getAuthenticationMethodsComboBox() {
    if (authenticationMethodsComboBox == null) {
        Vector<AuthenticationMethodType> methods = new Vector<>(extension.getAuthenticationMethodTypes());
        authenticationMethodsComboBox = new JComboBox<>(methods);
        authenticationMethodsComboBox.setSelectedItem(null);
        // Prepare the listener for the change of selection
        authenticationMethodsComboBox.addItemListener(new ItemListener() {

            @Override
            public void itemStateChanged(ItemEvent e) {
                if (e.getStateChange() == ItemEvent.SELECTED && !e.getItem().equals(shownMethodType)) {
                    log.debug("Selected new Authentication type: " + e.getItem());
                    if (needsConfirm && !confirmAndExecuteUsersDeletion()) {
                        log.debug("Cancelled change of authentication type.");
                        authenticationMethodsComboBox.setSelectedItem(shownMethodType);
                        return;
                    }
                    resetLoggedInOutIndicators();
                    // Prepare the new authentication method
                    AuthenticationMethodType type = ((AuthenticationMethodType) e.getItem());
                    // class, create a new authentication method object
                    if (selectedAuthenticationMethod == null || !type.isTypeForMethod(selectedAuthenticationMethod)) {
                        selectedAuthenticationMethod = type.createAuthenticationMethod(getContextIndex());
                    }
                    // Show the configuration panel
                    changeMethodConfigPanel(type);
                    if (type.hasOptionsPanel()) {
                        shownConfigPanel.bindMethod(selectedAuthenticationMethod, getAuthenticationIndicatorsPanel());
                    }
                }
            }
        });
    }
    return authenticationMethodsComboBox;
}

Example 3 with AuthenticationMethodType

use of org.zaproxy.zap.authentication.AuthenticationMethodType in project zaproxy by zaproxy.

the class ContextAuthenticationPanel method initContextData.

@Override
public void initContextData(Session session, Context uiSharedContext) {
    selectedAuthenticationMethod = uiSharedContext.getAuthenticationMethod();
    if (log.isDebugEnabled())
        log.debug("Initializing configuration panel for authentication method: " + selectedAuthenticationMethod + " for context " + uiSharedContext.getName());
    resetLoggedInOutIndicators();
    // If something was already configured, find the type and set the UI accordingly
    if (selectedAuthenticationMethod != null) {
        // Set logged in/out indicators
        if (selectedAuthenticationMethod.getLoggedInIndicatorPattern() != null)
            getLoggedInIndicaterRegexField().setText(selectedAuthenticationMethod.getLoggedInIndicatorPattern().pattern());
        else
            getLoggedInIndicaterRegexField().setText("");
        if (selectedAuthenticationMethod.getLoggedOutIndicatorPattern() != null)
            getLoggedOutIndicaterRegexField().setText(selectedAuthenticationMethod.getLoggedOutIndicatorPattern().pattern());
        else
            getLoggedOutIndicaterRegexField().setText("");
        // If the proper type is already selected, just rebind the data
        if (shownMethodType != null && shownMethodType.isTypeForMethod(selectedAuthenticationMethod)) {
            if (shownMethodType.hasOptionsPanel()) {
                log.debug("Binding authentication method to existing panel of proper type for context " + uiSharedContext.getName());
                shownConfigPanel.bindMethod(selectedAuthenticationMethod, getAuthenticationIndicatorsPanel());
            }
            return;
        }
        // Select what needs to be selected
        for (AuthenticationMethodType type : extension.getAuthenticationMethodTypes()) if (type.isTypeForMethod(selectedAuthenticationMethod)) {
            // Selecting the type here will also force the selection listener to run and
            // change the config panel accordingly
            log.debug("Binding authentication method to new panel of proper type for context " + uiSharedContext.getName());
            // Add hack to make sure no confirmation is needed if a change has been done
            // somewhere else (e.g. API)
            needsConfirm = false;
            getAuthenticationMethodsComboBox().setSelectedItem(type);
            needsConfirm = true;
            break;
        }
    }
}

Example 4 with AuthenticationMethodType

use of org.zaproxy.zap.authentication.AuthenticationMethodType in project zaproxy by zaproxy.

the class UsersAPI method handleApiView.

@Override
public ApiResponse handleApiView(String name, JSONObject params) throws ApiException {
    log.debug("handleApiView " + name + " " + params.toString());
    switch(name) {
        case VIEW_USERS_LIST:
            ApiResponseList usersListResponse = new ApiResponseList(name);
            // Get the users
            List<User> users;
            if (hasContextId(params))
                users = extension.getContextUserAuthManager(getContextId(params)).getUsers();
            else {
                users = new ArrayList<>();
                for (Context c : Model.getSingleton().getSession().getContexts()) users.addAll(extension.getContextUserAuthManager(c.getIndex()).getUsers());
            }
            // Prepare the response
            for (User user : users) usersListResponse.addItem(buildResponseFromUser(user));
            return usersListResponse;
        case VIEW_GET_USER_BY_ID:
            return buildResponseFromUser(getUser(params));
        case VIEW_GET_AUTH_CREDENTIALS:
            return getUser(params).getAuthenticationCredentials().getApiResponseRepresentation();
        case VIEW_GET_AUTH_CREDENTIALS_CONFIG_PARAMETERS:
            AuthenticationMethodType type = ApiUtils.getContextByParamId(params, PARAM_CONTEXT_ID).getAuthenticationMethod().getType();
            ApiDynamicActionImplementor a = loadedAuthenticationMethodActions.get(type.getUniqueIdentifier());
            return a.buildParamsDescription();
        default:
            throw new ApiException(ApiException.Type.BAD_VIEW);
    }
}

Example 5 with AuthenticationMethodType

use of org.zaproxy.zap.authentication.AuthenticationMethodType in project zaproxy by zaproxy.

the class ExtensionAuthentication method persistContextData.

@Override
public void persistContextData(Session session, Context context) {
    try {
        AuthenticationMethodType t = context.getAuthenticationMethod().getType();
        session.setContextData(context.getIndex(), RecordContext.TYPE_AUTH_METHOD_TYPE, Integer.toString(t.getUniqueIdentifier()));
        if (context.getAuthenticationMethod().getLoggedInIndicatorPattern() != null)
            session.setContextData(context.getIndex(), RecordContext.TYPE_AUTH_METHOD_LOGGEDIN_INDICATOR, context.getAuthenticationMethod().getLoggedInIndicatorPattern().toString());
        if (context.getAuthenticationMethod().getLoggedOutIndicatorPattern() != null)
            session.setContextData(context.getIndex(), RecordContext.TYPE_AUTH_METHOD_LOGGEDOUT_INDICATOR, context.getAuthenticationMethod().getLoggedOutIndicatorPattern().toString());
        t.persistMethodToSession(session, context.getIndex(), context.getAuthenticationMethod());
    } catch (DatabaseException e) {
        log.error("Unable to persist Authentication method.", e);
    }
}