New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to add/remove authentication and session management methods #2620
Comments
thc202
added a commit
to thc202/zaproxy
that referenced
this issue
Jun 24, 2016
Change classes ExtensionAuthentication and ExtensionSessionManagement to not scan the loaded JARs (core and add-ons) to load authentication and session management methods, instead directly add/load the methods provided by core code. The change reduces the time required to start ZAP as it does not need to scan all the JARs to load the methods, moreover it will also stop loading any methods provided by add-ons (if any), the add-ons should add/remove the methods to be properly installed/updated. Related to zaproxy#2620 - Allow to add/remove authentication and session management methods
martinkalina
pushed a commit
to martinkalina/zaproxy
that referenced
this issue
Mar 1, 2017
Change classes ExtensionAuthentication and ExtensionSessionManagement to not scan the loaded JARs (core and add-ons) to load authentication and session management methods, instead directly add/load the methods provided by core code. The change reduces the time required to start ZAP as it does not need to scan all the JARs to load the methods, moreover it will also stop loading any methods provided by add-ons (if any), the add-ons should add/remove the methods to be properly installed/updated. Related to zaproxy#2620 - Allow to add/remove authentication and session management methods
thc202
added a commit
to thc202/zap-extensions
that referenced
this issue
Dec 7, 2017
Change ExtensionAuthStats to check if the context has an authentication method, in future ZAP versions the context might not have one. Also, extract a method to reduce statement nesting. Bump version and update changes in ZapAddOn.xml file. Part of zaproxy/zaproxy#2620 - Allow to add/remove authentication and session management methods
thc202
added a commit
to thc202/zap-extensions
that referenced
this issue
Dec 7, 2017
Change ExtensionAuthStats to check if the context has an authentication method, in future ZAP versions the context might not have one. Also, extract a method to reduce statement nesting. Update help page to mention the new stat, that indicates the context does not have the authentication method. Bump version and update changes in ZapAddOn.xml file. Part of zaproxy/zaproxy#2620 - Allow to add/remove authentication and session management methods
psiinon
pushed a commit
to zaproxy/zap-extensions
that referenced
this issue
Dec 8, 2017
Change ExtensionAuthStats to check if the context has an authentication method, in future ZAP versions the context might not have one. Also, extract a method to reduce statement nesting. Update help page to mention the new stat, that indicates the context does not have the authentication method. Bump version and update changes in ZapAddOn.xml file. Part of zaproxy/zaproxy#2620 - Allow to add/remove authentication and session management methods
OK, so it is possible to add session management methods dynamically, but its a bit hacky and doesnt work well with the GUI or the API. |
forgedhallpass
added a commit
to forgedhallpass/zaproxy
that referenced
this issue
May 9, 2023
Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
forgedhallpass
added a commit
to forgedhallpass/zaproxy
that referenced
this issue
May 18, 2023
Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
forgedhallpass
added a commit
to forgedhallpass/zaproxy
that referenced
this issue
May 18, 2023
* reformat code with spotless Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Allow add-ons to dynamically add/remove authentication (e.g. Form-based Authentication, HTTP/NTLM Authentication...) and session management (e.g. Cookie-based Session Management, HTTP Authentication Session Management) methods.
The change would allow add-ons to effectively provide authentication and session management methods (currently the methods are loaded when ZAP starts, which would prevent add-ons from being correctly installed/updated) and extract/move the current methods from core (so they can be easily updated).
The text was updated successfully, but these errors were encountered: