Allow to add/remove authentication and session management methods #7857
Conversation
Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
zap/src/main/java/org/zaproxy/zap/extension/authentication/ExtensionAuthentication.java
Outdated
Show resolved
Hide resolved
|
I guess this is WIP since only addresses part of the referenced issue? |
|
Please, check this comment as well: #6218 (comment) (to make sure it addresses those cases). |
thc202
changed the title
For this particular PR the scope was only the authentication, as the title suggests. That is why the ticket was only referenced via its ID, but without any of the That being said, if I'll have time I might consider looking into the other part as well, because it should be fairly similar. Will get back to you on this. |
Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
* reformat code with spotless Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
forgedhallpass
changed the title
…es through API * related PR on ZAP: zaproxy/zaproxy#7857 Signed-off-by: forgedhallpass <13679401+forgedhallpass@users.noreply.github.com>
|
@kingthorin @thc202 the second part, related to session management has also been added to the PR. |
| @@ -106,8 +113,9 @@ public String getUIName() { | |||
| @Override | |||
| public void hook(ExtensionHook extensionHook) { | |||
| super.hook(extensionHook); | |||
| this.extensionHook = extensionHook; | |||
There was a problem hiding this comment.
This will not work, once the hook phase is done any additions to the extensionHook have no effect.
There was a problem hiding this comment.
I am not entirely sure I understand what do you mean. Adding a new AbstractAuthenticationMethodOptionsPanel to the UI from a ZAP extension through a dynamically added AuthenticationMethodType was working.
There was a problem hiding this comment.
The class AbstractAuthenticationMethodOptionsPanel is unrelated to the ExtensionHook (that's part of the method itself), change your method to use the extensionHook. Start ZAP, install your add-on, and see if it works properly.
|
This is now closing the issue but it still lacks necessary functionality (most of the points mentioned in #6218 (comment)). |
I believe the PR covers what the ticket is asking for. I've tested it and it's working. Your points around the contexts, together with the support for reloading add-ons is a separate topic itself. Please note that first time contributors might not have the full picture of the project. If you create a follow-up ticket and provide clear requirements I might give it a shot. |
|
They are not separate topics, the authentication and session management methods are an integral part of the contexts (see I don't expect anyone to know everything, if the issue is not clear enough just ask. I linked the other comment because it mentions what needs to be considered to address the issue. If you prefer that I update the issue with those points I can do that as well. |
Implemented option to dynamically add
AuthenticationMethodTypes andSessionManagementMethodTypes from extensions to be used through the REST API.Closes #2620