Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 13:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add Support disableDefaultRegistrationPage to WebAuthnDsl

Browse Source 
Closes gh-16395

Signed-off-by: Max Batischev <mblancer@mail.ru>
This commit is contained in:
Max Batischev 2025-01-11 12:02:46 +03:00 committed by Rob Winch
parent 882766e54f
commit decf4def95
2 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
config/src/main/kotlin/org/springframework/security/config/annotation/web/WebAuthnDsl.kt
View File

@ -24,6 +24,7 @@ import org.springframework.security.config.annotation.web.configurers.WebAuthnCo
* @property rpName the relying party name * @property rpName the relying party name
* @property rpId the relying party id * @property rpId the relying party id
* @property the allowed origins * @property the allowed origins
* @property disableDefaultRegistrationPage disable default webauthn registration page
* @since 6.4 * @since 6.4
* @author Rob Winch * @author Rob Winch
* @author Max Batischev * @author Max Batischev
@ -33,12 +34,14 @@ class WebAuthnDsl {
var rpName: String? = null var rpName: String? = null
var rpId: String? = null var rpId: String? = null
var allowedOrigins: Set<String>? = null var allowedOrigins: Set<String>? = null
var disableDefaultRegistrationPage: Boolean? = false
internal fun get(): (WebAuthnConfigurer<HttpSecurity>) -> Unit { internal fun get(): (WebAuthnConfigurer<HttpSecurity>) -> Unit {
return { webAuthn -> return { webAuthn ->
rpName?.also { webAuthn.rpName(rpName) } rpName?.also { webAuthn.rpName(rpName) }
rpId?.also { webAuthn.rpId(rpId) } rpId?.also { webAuthn.rpId(rpId) }
allowedOrigins?.also { webAuthn.allowedOrigins(allowedOrigins) } allowedOrigins?.also { webAuthn.allowedOrigins(allowedOrigins) }
disableDefaultRegistrationPage?.also { webAuthn.disableDefaultRegistrationPage(disableDefaultRegistrationPage!!) }
} }
} }
} }

36
config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt
View File

@ -74,6 +74,42 @@ class WebAuthnDslTests {
} }
} }
@Test
fun `webauthn and formLogin configured with disabled default registration page`() {
spring.register(FormLoginAndNoDefaultRegistrationPageConfiguration::class.java).autowire()
this.mockMvc.get("/login/webauthn.js")
.andExpect {
MockMvcResultMatchers.status().isOk
header {
string("content-type", "text/javascript;charset=UTF-8")
}
content {
string(Matchers.containsString("async function authenticate("))
}
}
}
@Configuration
@EnableWebSecurity
open class FormLoginAndNoDefaultRegistrationPageConfiguration {
@Bean
open fun userDetailsService(): UserDetailsService =
InMemoryUserDetailsManager()
@Bean
open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
http{
formLogin { }
webAuthn {
disableDefaultRegistrationPage = true
}
}
return http.build()
}
}
@Configuration @Configuration
@EnableWebSecurity @EnableWebSecurity
open class DefaultWebauthnConfig { open class DefaultWebauthnConfig {