Fix Kotlin webAuthn {}

Fixes the default configuration for WebAuthn Kotlin DSL Closes gh-16338 Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-06-24 04:52:16 +00:00 · 2025-01-11 11:56:39 +03:00 · 2025-01-11 11:56:39 +03:00 · 882766e54f
commit 882766e54f
parent d457e0b59d
2 changed files with 44 additions and 6 deletions
--- a/config/src/main/kotlin/org/springframework/security/config/annotation/web/WebAuthnDsl.kt
+++ b/config/src/main/kotlin/org/springframework/security/config/annotation/web/WebAuthnDsl.kt
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -26,6 +26,7 @@ import org.springframework.security.config.annotation.web.configurers.WebAuthnCo
 * @property the allowed origins
 * @since 6.4
 * @author Rob Winch
 * @author Max Batischev
 */
@SecurityMarker
 class WebAuthnDsl {
@ -34,10 +35,10 @@ class WebAuthnDsl {
    var allowedOrigins: Set<String>? = null
    internal fun get(): (WebAuthnConfigurer<HttpSecurity>) -> Unit {
-        return { webAuthn -> webAuthn
+        return { webAuthn ->
-                .rpId(rpId)
+            rpName?.also { webAuthn.rpName(rpName) }
-                .rpName(rpName)
+            rpId?.also { webAuthn.rpId(rpId) }
-                .allowedOrigins(allowedOrigins);
+            allowedOrigins?.also { webAuthn.allowedOrigins(allowedOrigins) }
        }
    }
 }
--- a/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
+++ b/config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
 package org.springframework.security.config.annotation.web
 import org.hamcrest.Matchers
 import org.junit.jupiter.api.Test
 import org.junit.jupiter.api.extension.ExtendWith
 import org.springframework.beans.factory.annotation.Autowired
@ -30,7 +31,9 @@ import org.springframework.security.core.userdetails.UserDetailsService
 import org.springframework.security.provisioning.InMemoryUserDetailsManager
 import org.springframework.security.web.SecurityFilterChain
 import org.springframework.test.web.servlet.MockMvc
 import org.springframework.test.web.servlet.get
 import org.springframework.test.web.servlet.post
 import org.springframework.test.web.servlet.result.MockMvcResultMatchers
 /**
 * Tests for [WebAuthnDsl]
@ -55,6 +58,40 @@ class WebAuthnDslTests {
                }
    }
    @Test
    fun `webauthn and formLogin configured with default registration page`() {
        spring.register(DefaultWebauthnConfig::class.java).autowire()
        this.mockMvc.get("/login/webauthn.js")
                .andExpect {
                    MockMvcResultMatchers.status().isOk
                    header {
                        string("content-type", "text/javascript;charset=UTF-8")
                    }
                    content {
                        string(Matchers.containsString("async function authenticate("))
                    }
                }
    }
    @Configuration
    @EnableWebSecurity
    open class DefaultWebauthnConfig {
        @Bean
        open fun userDetailsService(): UserDetailsService  =
                InMemoryUserDetailsManager()
        @Bean
        open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
            http{
                formLogin { }
                webAuthn { }
            }
            return http.build()
        }
    }
    @Configuration
    @EnableWebSecurity
    open class WebauthnConfig {