From 593f7c44903a5c451357f8b5f8da0b74de40f194 Mon Sep 17 00:00:00 2001
From: Rob Winch <362503+rwinch@users.noreply.github.com>
Date: Tue, 25 Mar 2025 13:49:20 -0500
Subject: [PATCH] Use !isAuthenticated

It's more verbose to see if the user is not null and not anonymous

Issue gh-16385
---
 .../webauthn/management/Webauthn4JRelyingPartyOperations.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java b/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
index cdd5065e36..59d0729288 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
@@ -345,7 +345,7 @@ public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOpe
 	}
 
 	private List<CredentialRecord> findCredentialRecords(Authentication authentication) {
-		if (authentication == null || this.trustResolver.isAnonymous(authentication)) {
+		if (!this.trustResolver.isAuthenticated(authentication)) {
 			return Collections.emptyList();
 		}
 		PublicKeyCredentialUserEntity userEntity = this.userEntities.findByUsername(authentication.getName());