Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow to add/remove authentication and session management methods #2620

Open
thc202 opened this issue Jun 24, 2016 · 1 comment · May be fixed by #7857
Open

Allow to add/remove authentication and session management methods #2620

thc202 opened this issue Jun 24, 2016 · 1 comment · May be fixed by #7857
Assignees
@psiinon
Labels
enhancement
Milestone
2.16.0

Comments

@thc202
Copy link
Member

thc202 commented Jun 24, 2016

Allow add-ons to dynamically add/remove authentication (e.g. Form-based Authentication, HTTP/NTLM Authentication...) and session management (e.g. Cookie-based Session Management, HTTP Authentication Session Management) methods.
The change would allow add-ons to effectively provide authentication and session management methods (currently the methods are loaded when ZAP starts, which would prevent add-ons from being correctly installed/updated) and extract/move the current methods from core (so they can be easily updated).
@thc202 thc202 added this to the 2.6.0 milestone Jun 24, 2016
@thc202 thc202 self-assigned this Jun 24, 2016
thc202 added a commit to thc202/zaproxy that referenced this issue Jun 24, 2016
@thc202
Remove JAR scan for authentication/session methods
7482b4f 
Change classes ExtensionAuthentication and ExtensionSessionManagement to
not scan the loaded JARs (core and add-ons) to load authentication and
session management methods, instead directly add/load the methods
provided by core code.
The change reduces the time required to start ZAP as it does not need to
scan all the JARs to load the methods, moreover it will also stop
loading any methods provided by add-ons (if any), the add-ons should
add/remove the methods to be properly installed/updated.

Related to zaproxy#2620 - Allow to add/remove authentication and session
management methods
@thc202 thc202 mentioned this issue Jun 24, 2016
Merged
martinkalina pushed a commit to martinkalina/zaproxy that referenced this issue Mar 1, 2017
@thc202
Remove JAR scan for authentication/session methods
8c09708 
Change classes ExtensionAuthentication and ExtensionSessionManagement to
not scan the loaded JARs (core and add-ons) to load authentication and
session management methods, instead directly add/load the methods
provided by core code.
The change reduces the time required to start ZAP as it does not need to
scan all the JARs to load the methods, moreover it will also stop
loading any methods provided by add-ons (if any), the add-ons should
add/remove the methods to be properly installed/updated.

Related to zaproxy#2620 - Allow to add/remove authentication and session
management methods
@thc202 thc202 modified the milestones: 2.7.0, 2.6.0 Mar 27, 2017
@thc202 thc202 modified the milestones: 2.7.0, 2.8.0 Nov 28, 2017
thc202 added a commit to thc202/zap-extensions that referenced this issue Dec 7, 2017
@thc202
authstats: check if context has an auth method
2157e25 
Change ExtensionAuthStats to check if the context has an authentication
method, in future ZAP versions the context might not have one. Also,
extract a method to reduce statement nesting.
Bump version and update changes in ZapAddOn.xml file.

Part of zaproxy/zaproxy#2620 - Allow to add/remove authentication and
session management methods
@thc202 thc202 mentioned this issue Dec 7, 2017
Merged
thc202 added a commit to thc202/zap-extensions that referenced this issue Dec 7, 2017
@thc202
authstats: check if context has an auth method
b4c096e 
Change ExtensionAuthStats to check if the context has an authentication
method, in future ZAP versions the context might not have one. Also,
extract a method to reduce statement nesting.
Update help page to mention the new stat, that indicates the context
does not have the authentication method.
Bump version and update changes in ZapAddOn.xml file.

Part of zaproxy/zaproxy#2620 - Allow to add/remove authentication and
session management methods
psiinon pushed a commit to zaproxy/zap-extensions that referenced this issue Dec 8, 2017
@thc202 @psiinon
authstats: check if context has an auth method (#1192)
1354582 
Change ExtensionAuthStats to check if the context has an authentication
method, in future ZAP versions the context might not have one. Also,
extract a method to reduce statement nesting.
Update help page to mention the new stat, that indicates the context
does not have the authentication method.
Bump version and update changes in ZapAddOn.xml file.

Part of zaproxy/zaproxy#2620 - Allow to add/remove authentication and
session management methods
@psiinon psiinon modified the milestones: 2.8.0, 2.9.0 Dec 10, 2018
@thc202 thc202 modified the milestones: 2.9.0, 2.10.0 Nov 15, 2019
@thc202 thc202 removed their assignment Oct 1, 2020
@psiinon psiinon mentioned this issue Oct 5, 2020
Open
@thc202 thc202 modified the milestones: 2.10.0, 2.11.0 Dec 9, 2020
@thc202 thc202 modified the milestones: 2.11.0, 2.12.0 Sep 16, 2021
@thc202 thc202 modified the milestones: 2.12.0, 2.13.0 Aug 12, 2022
@thc202 thc202 modified the milestones: 2.13.0, 2.14.0 Dec 3, 2022
@psiinon psiinon mentioned this issue Jan 31, 2023
Merged
@psiinon
Copy link
Member

psiinon commented Jan 31, 2023

OK, so it is possible to add session management methods dynamically, but its a bit hacky and doesnt work well with the GUI or the API.

@psiinon psiinon self-assigned this Jan 31, 2023
@psiinon psiinon modified the milestones: 2.14.0, 2.13.0 Jan 31, 2023
forgedhallpass added a commit to forgedhallpass/zaproxy that referenced this issue May 9, 2023
@forgedhallpass
Allow to add/remove authentication methods zaproxy#2620
63cc0a9 
Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
@thc202 thc202 linked a pull request May 10, 2023 that will close this issue
Open
forgedhallpass added a commit to forgedhallpass/zaproxy that referenced this issue May 18, 2023
@forgedhallpass
Allow to add/remove session management methods zaproxy#2620
8e1d575 
Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
forgedhallpass added a commit to forgedhallpass/zaproxy that referenced this issue May 18, 2023
@forgedhallpass
Allow to add/remove session management methods zaproxy#2620
ca4daa9 
* reformat code with spotless

Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
@thc202 thc202 modified the milestones: 2.13.0, 2.14.0 Jul 2, 2023
@thc202 thc202 modified the milestones: 2.14.0, 2.15.0 Aug 18, 2023
@thc202 thc202 modified the milestones: 2.15.0, 2.16.0 Apr 25, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@psiinon psiinon

Labels
enhancement
Milestone
2.16.0
Development

Successfully merging a pull request may close this issue.

Allow to add/remove authentication and session management methods forgedhallpass/zaproxy
2 participants
@psiinon @thc202