Merge pull request #4624 from thc202/json-auth-method

Add JSON-based authentication method

.classpath

@@ -15,7 +15,9 @@
 	<classpathentry kind="lib" path="lib/commons-io-2.4.jar"/>
 	<classpathentry kind="lib" path="lib/commons-jxpath-1.3.jar"/>
 	<classpathentry kind="lib" path="lib/commons-lang-2.6.jar"/>
+	<classpathentry kind="lib" path="lib/commons-lang3-3.7.jar"/>
 	<classpathentry kind="lib" path="lib/commons-logging-api-1.1.1.jar"/>
+	<classpathentry kind="lib" path="lib/commons-text-1.3.jar"/>
 	<classpathentry kind="lib" path="lib/diffutils-1.2.1.jar"/>
 	<classpathentry kind="lib" path="lib/ezmorph-1.0.6.jar"/>
 	<classpathentry kind="lib" path="lib/harlib-jackson-1.1.2.jar"/>

LEGALNOTICE.md

@@ -5,7 +5,7 @@ OWASP Zed Attack Proxy (ZAP)
 
 The software package is:
 
-    Copyright © 2010-2016 ZAP Development Team
+    Copyright © 2010-2018 ZAP Development Team
 
 Individual contributions, components, and libraries are copyright of their
 respective authors.
@@ -46,8 +46,10 @@ and subject to their respective licenses.
 | commons-io-2.4.jar            | Apache 2.0                |
 | commons-jxpath-1.3.jar        | Apache 2.0                |
 | commons-lang-2.6.jar          | Apache 2.0                |
+| commons-lang3-3.7.jar         | Apache 2.0                |
 | commons-logging-1.2.jar       | Apache 2.0                |
 | commons-logging-api-1.1.1.jar | Apache 2.0                |
+| commons-text-1.3.jar          | Apache 2.0                |
 | diffutils-1.2.1.jar           | Apache 2.0                |
 | ezmorph-1.0.6.jar             | Apache 2.0                |
 | harlib-jackson-1.1.2.jar      | Apache 2.0                |

src/lang/Messages.properties

@@ -466,18 +466,22 @@ authentication.method.manual.dialog.error.nosession.text 	= No HTTP Session has
 authentication.method.manual.dialog.error.title 			= Configuration Error
 authentication.method.manual.field.description				= <html><p><small>* If the HTTP sessions that you are interested in are not present in the selection box, <br/>make sure you have included the <i>Site</i> to which the HTTP sessions correspond<br/> in the proper <b>Context</b>.</small></p><html>
 authentication.method.fb.name								= Form-based Authentication
-authentication.method.fb.field.label.postData				= Login Request POST Data (if any):
-authentication.method.fb.field.label.loginUrl				= Login Form Target URL *:
-authentication.method.fb.field.label.usernameParam			= Username Parameter *:
-authentication.method.fb.field.label.passwordParam			= Password Parameter *:
-authentication.method.fb.field.label.description			= <html><small>The <i>username</i> and <i>password</i> fields will be replaced, during authentication, with the username and password corresponding to application's users.</small><html>
+authentication.method.fb.popup.login.request = {0} : Form-based Auth Login Request
+authentication.method.jb.name = JSON-based Authentication
+authentication.method.jb.popup.login.request = {0} : JSON-based Auth Login Request
+authentication.method.pb.field.label.postData				= Login Request POST Data (if any):
+authentication.method.pb.field.label.postDataRequired = Login Request POST Data *:
+authentication.method.pb.field.label.loginUrl				= Login Form Target URL *:
+authentication.method.pb.field.label.usernameParam			= Username Parameter *:
+authentication.method.pb.field.label.passwordParam			= Password Parameter *:
+authentication.method.pb.field.label.description			= <html><small>The <i>username</i> and <i>password</i> fields will be replaced, during authentication, with the username and password corresponding to application's users.</small><html>
+authentication.method.pb.dialog.error.url.text = The login url you have inserted is not a valid URL.
+authentication.method.pb.dialog.error.postData.text = The POST Data is required.
 authentication.method.fb.credentials.field.label.user		= Username:
 authentication.method.fb.credentials.field.label.pass		= Password:
 authentication.method.fb.dialog.error.nofields.text 		= The username and password form field names have to be configured for this authentication method.
-authentication.method.fb.dialog.error.url.text 				= The login url you have inserted is not a valid URL.
 authentication.method.fb.credentials.dialog.error.user.text	= The username for the current user has to be configured.
 authentication.method.fb.dialog.error.title 				= Configuration Error
-authentication.method.fb.popup.login.request 				= {0} : Form-based Auth Login Request
 authentication.method.http.name								= HTTP/NTLM Authentication
 authentication.method.http.field.label.hostname				= Hostname:
 authentication.method.http.field.label.port					= Port:

src/org/parosproxy/paros/network/HttpHeader.java

@@ -37,6 +37,7 @@
 // ZAP: 2017/02/08 Change isEmpty to check start line instead of headers (if it has the status/request line it's not empty).
 // ZAP: 2017/03/02 Issue 3226: Added API Key and Nonce headers
 // ZAP: 2018/02/06 Make the lower/upper case changes locale independent (Issue 4327).
+// ZAP: 2018/04/24 Add JSON Content-Type.
 
 package org.parosproxy.paros.network;
 
@@ -88,6 +89,7 @@ public abstract class HttpHeader implements java.io.Serializable {
     public static final String _KEEP_ALIVE = "Keep-Alive";
     public static final String _CHUNKED = "Chunked";
     public static final String FORM_URLENCODED_CONTENT_TYPE = "application/x-www-form-urlencoded";
+    public static final String JSON_CONTENT_TYPE = "application/json";
     public static final String SCHEME_HTTP = "http://";
     public static final String SCHEME_HTTPS = "https://";
     public static final String HTTP = "http";