Examples with ExtensionUserManagement org.zaproxy.zap.extension.users.ExtensionUserManagement used on opensource projects

Search in sources :

Example 6 with ExtensionUserManagement

use of org.zaproxy.zap.extension.users.ExtensionUserManagement in project zaproxy by zaproxy.

the class GenericAuthenticationCredentials method getSetCredentialsForUserApiAction.

/**
	 * Gets the api action for setting a {@link GenericAuthenticationCredentials} for an User.
	 * 
	 * @param methodType the method type for which this is called
	 * @return api action implementation
	 */
public static ApiDynamicActionImplementor getSetCredentialsForUserApiAction(final AuthenticationMethodType methodType) {
    return new ApiDynamicActionImplementor(ACTION_SET_CREDENTIALS, null, new String[] { PARAM_CONFIG_PARAMS }) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, UsersAPI.PARAM_CONTEXT_ID);
            int userId = ApiUtils.getIntParam(params, UsersAPI.PARAM_USER_ID);
            // Make sure the type of authentication method is compatible
            if (!methodType.isTypeForMethod(context.getAuthenticationMethod()))
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "User's credentials should match authentication method type of the context: " + context.getAuthenticationMethod().getType().getName());
            // NOTE: no need to check if extension is loaded as this method is called only if
            // the Users extension is loaded
            ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
            User user = extensionUserManagement.getContextUserAuthManager(context.getIndex()).getUserById(userId);
            if (user == null)
                throw new ApiException(ApiException.Type.USER_NOT_FOUND, UsersAPI.PARAM_USER_ID);
            // Build and set the credentials
            GenericAuthenticationCredentials credentials = (GenericAuthenticationCredentials) context.getAuthenticationMethod().createAuthenticationCredentials();
            for (String paramName : credentials.paramNames) credentials.setParam(paramName, ApiUtils.getNonEmptyStringParam(params, paramName));
            user.setAuthenticationCredentials(credentials);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement) User(org.zaproxy.zap.users.User) JSONObject(net.sf.json.JSONObject) ApiException(org.zaproxy.zap.extension.api.ApiException)

Example 7 with ExtensionUserManagement

use of org.zaproxy.zap.extension.users.ExtensionUserManagement in project zaproxy by zaproxy.

the class ManualAuthenticationMethodType method getSetCredentialsForUserApiAction.

@Override
public ApiDynamicActionImplementor getSetCredentialsForUserApiAction() {
    return new ApiDynamicActionImplementor(ACTION_SET_CREDENTIALS, new String[] { PARAM_SESSION_NAME }, null) {

        @Override
        public void handleAction(JSONObject params) throws ApiException {
            Context context = ApiUtils.getContextByParamId(params, UsersAPI.PARAM_CONTEXT_ID);
            int userId = ApiUtils.getIntParam(params, UsersAPI.PARAM_USER_ID);
            // Make sure the type of authentication method is compatible
            if (!isTypeForMethod(context.getAuthenticationMethod())) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, "User's credentials should match authentication method type of the context: " + context.getAuthenticationMethod().getType().getName());
            }
            // NOTE: no need to check if extension is loaded as this method
            // is called only if
            // the Users
            // extension is loaded
            ExtensionUserManagement extensionUserManagement = (ExtensionUserManagement) Control.getSingleton().getExtensionLoader().getExtension(ExtensionUserManagement.NAME);
            User user = extensionUserManagement.getContextUserAuthManager(context.getIndex()).getUserById(userId);
            if (user == null) {
                throw new ApiException(Type.USER_NOT_FOUND, UsersAPI.PARAM_USER_ID);
            }
            String sessionName = ApiUtils.getNonEmptyStringParam(params, PARAM_SESSION_NAME);
            // Get the matching session
            ExtensionHttpSessions extensionHttpSessions = (ExtensionHttpSessions) Control.getSingleton().getExtensionLoader().getExtension(ExtensionHttpSessions.NAME);
            if (extensionHttpSessions == null) {
                throw new ApiException(Type.NO_IMPLEMENTOR, "HttpSessions extension is not loaded.");
            }
            List<HttpSession> sessions = extensionHttpSessions.getHttpSessionsForContext(context);
            HttpSession matchedSession = null;
            for (HttpSession session : sessions) {
                if (session.getName().equals(sessionName)) {
                    matchedSession = session;
                    break;
                }
            }
            if (matchedSession == null) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_SESSION_NAME);
            }
            // Set the credentials
            ManualAuthenticationCredentials credentials = createAuthenticationCredentials();
            credentials.setSelectedSession(matchedSession);
            user.setAuthenticationCredentials(credentials);
        }
    };
}
Also used : ApiDynamicActionImplementor(org.zaproxy.zap.extension.api.ApiDynamicActionImplementor) Context(org.zaproxy.zap.model.Context) ExtensionUserManagement(org.zaproxy.zap.extension.users.ExtensionUserManagement) User(org.zaproxy.zap.users.User) JSONObject(net.sf.json.JSONObject) HttpSession(org.zaproxy.zap.extension.httpsessions.HttpSession) ExtensionHttpSessions(org.zaproxy.zap.extension.httpsessions.ExtensionHttpSessions) ApiException(org.zaproxy.zap.extension.api.ApiException)

Aggregations

ExtensionUserManagement (org.zaproxy.zap.extension.users.ExtensionUserManagement)7 ApiException (org.zaproxy.zap.extension.api.ApiException)6 Context (org.zaproxy.zap.model.Context)6 User (org.zaproxy.zap.users.User)5 JSONObject (net.sf.json.JSONObject)3 DatabaseException (org.parosproxy.paros.db.DatabaseException)3 ApiDynamicActionImplementor (org.zaproxy.zap.extension.api.ApiDynamicActionImplementor)3 ArrayList (java.util.ArrayList)2 PatternSyntaxException (java.util.regex.PatternSyntaxException)2 JSONException (net.sf.json.JSONException)2 ConfigurationException (org.apache.commons.configuration.ConfigurationException)2 URIException (org.apache.commons.httpclient.URIException)2 Session (org.parosproxy.paros.model.Session)2 ApiResponseElement (org.zaproxy.zap.extension.api.ApiResponseElement)2 GenericScanner2 (org.zaproxy.zap.model.GenericScanner2)2 IOException (java.io.IOException)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 Plugin (org.parosproxy.paros.core.scanner.Plugin)1 AlertThreshold (org.parosproxy.paros.core.scanner.Plugin.AlertThreshold)1 ScannerParamFilter (org.parosproxy.paros.core.scanner.ScannerParamFilter)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial