org.zaproxy.zap.authentication

Class AuthenticationMethod

java.lang.Object

org.zaproxy.zap.authentication.AuthenticationMethod

Direct Known Subclasses:

HttpAuthenticationMethodType.HttpAuthenticationMethod, ManualAuthenticationMethodType.ManualAuthenticationMethod, PostBasedAuthenticationMethodType.PostBasedAuthenticationMethod, ScriptBasedAuthenticationMethodType.ScriptBasedAuthenticationMethod

public abstract class AuthenticationMethod
extends Object

The AuthenticationMethod represents an authentication method that can be used to authenticate an entity in a particular web application.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	AuthenticationMethod.UnsupportedAuthenticationCredentialsException Thrown when an unsupported type of credentials is used with a AuthenticationMethod .

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTH_STATE_LOGGED_IN_STATS
static String	AUTH_STATE_LOGGED_OUT_STATS
static String	AUTH_STATE_NO_INDICATOR_STATS
static String	AUTH_STATE_UNKNOWN_STATS
static String	CONTEXT_CONFIG_AUTH
static String	CONTEXT_CONFIG_AUTH_LOGGEDIN
static String	CONTEXT_CONFIG_AUTH_LOGGEDOUT
static String	CONTEXT_CONFIG_AUTH_TYPE
protected Pattern	loggedInIndicatorPattern The logged in indicator pattern.
protected Pattern	loggedOutIndicatorPattern The logged out indicator pattern.

Constructor Summary

Constructors

Constructor and Description
AuthenticationMethod()

Method Summary

Modifier and Type	Method and Description
abstract WebSession	authenticate(SessionManagementMethod sessionManagementMethod, AuthenticationCredentials credentials, User user) Performs an authentication in a web application, returning an authenticated.
AuthenticationMethod	clone() Clones the current authentication method, creating a deep-copy of it.
abstract AuthenticationCredentials	createAuthenticationCredentials() Creates a new, empty, Authentication Credentials object corresponding to this type of Authentication method.
protected abstract AuthenticationMethod	duplicate() Internal method for cloning the current authentication method, creating a deep-copy of it.
boolean	equals(Object obj)
abstract ApiResponse	getApiResponseRepresentation() Gets an api response that represents the Authentication Method.
Pattern	getLoggedInIndicatorPattern() Gets the logged in indicator pattern.
Pattern	getLoggedOutIndicatorPattern() Gets the logged out indicator pattern.
abstract AuthenticationMethodType	getType() Gets the AuthenticationMethodType corresponding to this authentication method.
int	hashCode()
boolean	isAuthenticated(HttpMessage msg) Checks if the response received by the Http Message corresponds to an authenticated Web Session.
abstract boolean	isConfigured() Checks if the authentication method is fully configured.
boolean	isSameType(AuthenticationMethod other) Checks if another method is of the same type.
void	onMethodDiscarded() Called when the Authentication Method is discarded from/not used in a Context.
void	onMethodPersisted() Called when the Authentication Method is persisted/saved in a Context.
void	setLoggedInIndicatorPattern(String loggedInIndicatorPattern) Sets the logged in indicator pattern.
void	setLoggedOutIndicatorPattern(String loggedOutIndicatorPattern) Sets the logged out indicator pattern.
boolean	validateCreationOfAuthenticationCredentials() Validates that the creation of authentication credentials is possible, returning true if it is, false otherwise.

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, toString, wait, wait, wait

Field Detail

CONTEXT_CONFIG_AUTH

public static final String CONTEXT_CONFIG_AUTH

See Also:

Constant Field Values

CONTEXT_CONFIG_AUTH_TYPE

public static final String CONTEXT_CONFIG_AUTH_TYPE

See Also:

Constant Field Values

CONTEXT_CONFIG_AUTH_LOGGEDIN

public static final String CONTEXT_CONFIG_AUTH_LOGGEDIN

See Also:

Constant Field Values

CONTEXT_CONFIG_AUTH_LOGGEDOUT

public static final String CONTEXT_CONFIG_AUTH_LOGGEDOUT

See Also:

Constant Field Values

AUTH_STATE_LOGGED_IN_STATS

public static final String AUTH_STATE_LOGGED_IN_STATS

See Also:

Constant Field Values

AUTH_STATE_LOGGED_OUT_STATS

public static final String AUTH_STATE_LOGGED_OUT_STATS

See Also:

Constant Field Values

AUTH_STATE_NO_INDICATOR_STATS

public static final String AUTH_STATE_NO_INDICATOR_STATS

See Also:

Constant Field Values

AUTH_STATE_UNKNOWN_STATS

public static final String AUTH_STATE_UNKNOWN_STATS

See Also:

Constant Field Values

loggedInIndicatorPattern

protected Pattern loggedInIndicatorPattern

The logged in indicator pattern.

loggedOutIndicatorPattern

protected Pattern loggedOutIndicatorPattern

The logged out indicator pattern.

Constructor Detail

AuthenticationMethod

public AuthenticationMethod()

Method Detail

isConfigured

public abstract boolean isConfigured()

Checks if the authentication method is fully configured.

Returns:

true, if is configured

clone

public AuthenticationMethod clone()

Clones the current authentication method, creating a deep-copy of it.

Overrides:

clone in class Object

Returns:

a deep copy of the authentication method

duplicate

protected abstract AuthenticationMethod duplicate()

Internal method for cloning the current authentication method, creating a deep-copy of it.

Returns:

a deep copy of the authentication method

validateCreationOfAuthenticationCredentials

public boolean validateCreationOfAuthenticationCredentials()

Validates that the creation of authentication credentials is possible, returning true if it is, false otherwise.

If view is enabled the user should be informed that it's not possible to create authentication credentials.

Default implementation returns, always, true.

Returns:

true if the creation of authentication credentials is possible, false otherwise

Since:

2.4.3

See Also:

createAuthenticationCredentials()

createAuthenticationCredentials

public abstract AuthenticationCredentials createAuthenticationCredentials()

Creates a new, empty, Authentication Credentials object corresponding to this type of Authentication method.

Returns:

the authentication credentials

See Also:

validateCreationOfAuthenticationCredentials()

getType

public abstract AuthenticationMethodType getType()

Gets the AuthenticationMethodType corresponding to this authentication method.

Implementations may return new instantiations at every call, so performance considerations should be taken by users.

Returns:

the type

authenticate

public abstract WebSession authenticate(SessionManagementMethod sessionManagementMethod,
                                        AuthenticationCredentials credentials,
                                        User user)
                                 throws AuthenticationMethod.UnsupportedAuthenticationCredentialsException

Performs an authentication in a web application, returning an authenticated.

Parameters:

sessionManagementMethod - the set up session management method is provided so it can be used, if needed, to automatically extract session information from Http Messages.

credentials - the credentials

user - the user to authenticate

Returns:

an authenticated web session

Throws:

AuthenticationMethod.UnsupportedAuthenticationCredentialsException - the unsupported authentication credentials exception WebSession.

getApiResponseRepresentation

public abstract ApiResponse getApiResponseRepresentation()

Gets an api response that represents the Authentication Method.

Returns:

the api response representation

onMethodPersisted

public void onMethodPersisted()

Called when the Authentication Method is persisted/saved in a Context. For example, in this method, UI elements can be marked accordingly.Description

onMethodDiscarded

public void onMethodDiscarded()

Called when the Authentication Method is discarded from/not used in a Context. For example, in this method, UI elements can be (un)marked accordingly.

isAuthenticated

public boolean isAuthenticated(HttpMessage msg)

Checks if the response received by the Http Message corresponds to an authenticated Web Session.

If none of the indicators are set up, the method defaults to returning true, so that no authentications are tried when there is no way to check authentication. A message is also shown on the output console in this case.

Parameters:

msg - the http message

Returns:

true, if is authenticated or no indicators have been set, and false otherwise

getLoggedInIndicatorPattern

public Pattern getLoggedInIndicatorPattern()

Gets the logged in indicator pattern.

Returns:

the logged in indicator pattern

setLoggedInIndicatorPattern

public void setLoggedInIndicatorPattern(String loggedInIndicatorPattern)

Sets the logged in indicator pattern.

Parameters:

loggedInIndicatorPattern - the new logged in indicator pattern

getLoggedOutIndicatorPattern

public Pattern getLoggedOutIndicatorPattern()

Gets the logged out indicator pattern.

Returns:

the logged out indicator pattern

setLoggedOutIndicatorPattern

public void setLoggedOutIndicatorPattern(String loggedOutIndicatorPattern)

Sets the logged out indicator pattern.

Parameters:

loggedOutIndicatorPattern - the new logged out indicator pattern

isSameType

public boolean isSameType(AuthenticationMethod other)

Checks if another method is of the same type.

Parameters:

other - the other

Returns:

true, if is same type

hashCode

public int hashCode()

Overrides:

hashCode in class Object

equals

public boolean equals(Object obj)

Overrides:

equals in class Object