Fixes for webauthn tests after JSpecify

Issue gh-17839
2025-10-23 10:48:51 +00:00 · 2025-09-03 14:32:07 -05:00 · 2025-09-03 14:32:07 -05:00 · 24ffda28d8
commit 24ffda28d8
parent 6a84f96930
4 changed files with 50 additions and 14 deletions
--- a/config/src/test/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurerTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurerTests.java
@ -300,7 +300,15 @@ public class WebAuthnConfigurerTests {

 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin(Customizer.withDefaults()).webAuthn(Customizer.withDefaults()).build();
+			// @formatter:off
+			http
+				.formLogin(Customizer.withDefaults())
+				.webAuthn((authn) -> authn
+					.rpId("spring.io")
+					.rpName("spring")
+				);
+			// @formatter:on
+			return http.build();
 		}

 	}
@ -316,7 +324,14 @@ public class WebAuthnConfigurerTests {

 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.webAuthn(Customizer.withDefaults()).build();
+			// @formatter:off
+			http
+				.webAuthn((authn) -> authn
+						.rpId("spring.io")
+						.rpName("spring")
+				);
+			// @formatter:on
+			return http.build();
 		}

 	}
@ -332,9 +347,16 @@ public class WebAuthnConfigurerTests {

 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin(Customizer.withDefaults())
-				.webAuthn((webauthn) -> webauthn.disableDefaultRegistrationPage(true))
-				.build();
+			// @formatter:off
+			http
+				.formLogin(Customizer.withDefaults())
+				.webAuthn((authn) -> authn
+					.rpId("spring.io")
+					.rpName("spring")
+					.disableDefaultRegistrationPage(true)
+				);
+			// @formatter:on
+			return http.build();
 		}

 	}
@ -350,9 +372,18 @@ public class WebAuthnConfigurerTests {

 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin((login) -> login.loginPage("/custom-login-page"))
-				.webAuthn((webauthn) -> webauthn.disableDefaultRegistrationPage(true))
-				.build();
+			// @formatter:off
+			http
+					.formLogin((login) -> login
+						.loginPage("/custom-login-page")
+					)
+					.webAuthn((authn) -> authn
+						.rpId("spring.io")
+						.rpName("spring")
+						.disableDefaultRegistrationPage(true)
+					);
+			// @formatter:on
+			return http.build();
 		}

 	}
--- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
@ -1,4 +1,5 @@
 /*
+
 * Copyright 2004-present the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
@ -125,6 +126,8 @@ class WebAuthnDslTests {
            http{
                formLogin { }
                webAuthn {
+                    rpId = "spring.io"
+                    rpName = "spring"
                    disableDefaultRegistrationPage = true
                }
            }
@ -144,7 +147,10 @@ class WebAuthnDslTests {
        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
            http{
                formLogin { }
-                webAuthn { }
+                webAuthn {
+                    rpId = "spring.io"
+                    rpName = "spring"
+                }
            }
            return http.build()
        }
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ImmutableCredentialRecord.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ImmutableCredentialRecord.java
@ -211,7 +211,7 @@ public final class ImmutableCredentialRecord implements CredentialRecord {
 			this.label = other.getLabel();
 		}

-		public ImmutableCredentialRecordBuilder credentialType(PublicKeyCredentialType credentialType) {
+		public ImmutableCredentialRecordBuilder credentialType(@Nullable PublicKeyCredentialType credentialType) {
 			this.credentialType = credentialType;
 			return this;
 		}
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java
@ -38,7 +38,7 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen

 	private final String id;

-	private final PublicKeyCredentialType type;
+	private final @Nullable PublicKeyCredentialType type;

 	private final Bytes rawId;

@ -48,7 +48,7 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen

 	private final @Nullable AuthenticationExtensionsClientOutputs clientExtensionResults;

-	private PublicKeyCredential(String id, PublicKeyCredentialType type, Bytes rawId, R response,
+	private PublicKeyCredential(String id, @Nullable PublicKeyCredentialType type, Bytes rawId, R response,
 			@Nullable AuthenticatorAttachment authenticatorAttachment,
 			@Nullable AuthenticationExtensionsClientOutputs clientExtensionResults) {
 		this.id = id;
@ -77,7 +77,7 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen
 	 * specifies the credential type represented by this object.
 	 * @return the credential type
 	 */
-	public PublicKeyCredentialType getType() {
+	public @Nullable PublicKeyCredentialType getType() {
 		return this.type;
 	}

@ -228,7 +228,6 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen
 		 */
 		public PublicKeyCredential<R> build() {
 			Assert.notNull(this.id, "id cannot be null");
-			Assert.notNull(this.type, "type cannot be null");
 			Assert.notNull(this.rawId, "rawId cannot be null");
 			Assert.notNull(this.response, "response cannot be null");
 			return new PublicKeyCredential(this.id, this.type, this.rawId, this.response, this.authenticatorAttachment,