From e557c7227bc981f1b4af60352ac3bcd0e0213113 Mon Sep 17 00:00:00 2001 From: Tran Ngoc Nhan Date: Sat, 18 Jan 2025 16:26:40 +0700 Subject: [PATCH] Implement Serializable for WebAuthnAuthentication Closes gh-16273 Closes gh-16285 Signed-off-by: Tran Ngoc Nhan --- ...gSecurityCoreVersionSerializableTests.java | 20 ++++++++++++++++++ ...security.web.webauthn.api.Bytes.serialized | Bin 0 -> 140 bytes ...lePublicKeyCredentialUserEntity.serialized | Bin 0 -> 361 bytes ...tication.WebAuthnAuthentication.serialized | Bin 0 -> 1185 bytes .../security/web/webauthn/api/Bytes.java | 9 ++++++-- ...mmutablePublicKeyCredentialUserEntity.java | 7 +++++- .../api/PublicKeyCredentialUserEntity.java | 6 ++++-- .../WebAuthnAuthentication.java | 6 +++++- 8 files changed, 42 insertions(+), 6 deletions(-) create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.Bytes.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java index 359a7d4880..443c6749c4 100644 --- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java +++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java @@ -191,6 +191,12 @@ import org.springframework.security.web.csrf.MissingCsrfTokenException; import org.springframework.security.web.firewall.RequestRejectedException; import org.springframework.security.web.server.firewall.ServerExchangeRejectedException; import org.springframework.security.web.session.HttpSessionCreatedEvent; +import org.springframework.security.web.webauthn.api.Bytes; +import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity; +import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity; +import org.springframework.security.web.webauthn.api.TestBytes; +import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialUserEntity; +import org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.fail; @@ -508,6 +514,20 @@ class SpringSecurityCoreVersionSerializableTests { (r) -> new AuthenticationSwitchUserEvent(authentication, user)); generatorByClassName.put(HttpSessionCreatedEvent.class, (r) -> new HttpSessionCreatedEvent(new MockHttpSession())); + + // webauthn + generatorByClassName.put(Bytes.class, (r) -> TestBytes.get()); + generatorByClassName.put(ImmutablePublicKeyCredentialUserEntity.class, + (r) -> TestPublicKeyCredentialUserEntity.userEntity().id(TestBytes.get()).build()); + generatorByClassName.put(WebAuthnAuthentication.class, (r) -> { + PublicKeyCredentialUserEntity userEntity = TestPublicKeyCredentialUserEntity.userEntity() + .id(TestBytes.get()) + .build(); + List authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); + WebAuthnAuthentication webAuthnAuthentication = new WebAuthnAuthentication(userEntity, authorities); + webAuthnAuthentication.setDetails(details); + return webAuthnAuthentication; + }); } @ParameterizedTest diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.Bytes.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.Bytes.serialized new file mode 100644 index 0000000000000000000000000000000000000000..483bef50163c6c74df8c3f3b9024d2e64c6efd16 GIT binary patch literal 140 zcmZ4UmVvdnh`~6&C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5 zGWDD)OHzw3HEy%lIJQ8aiGeYifi(#vRKma%?Nm`vS_Gokd=~$~#u4&>iGiV_fPsNQ mVPR74gn8@Lf9}jb$Iae<>Mhe`PD2BojzjI;t_F(j);$1UUNiXs literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized new file mode 100644 index 0000000000000000000000000000000000000000..eb662f4843a91a70b7f1537902d6a33e280849d7 GIT binary patch literal 361 zcmZ4UmVvdnh#@4uC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5 zGW9%jb4yDSlX6l6N|SOjlf6?bor_XaQu9hO6LUg~Q;S@ItdhzL?tc7_EaVEA7?^z+ zxKlEV3vv=G{eY&IFbMf%C6*=X=OpH(>j#&BthM%GV9HD>VKDUpIz=DNDf%#{=mVVr z!eFQ91D&GpR9TW*4Ajh$2Q;{lp^kyEqM(Fk)qn2HKgZ49f9fsM XWKKf^osL88-L3|T?bbaYSFr#9#{z=r literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized new file mode 100644 index 0000000000000000000000000000000000000000..a5baa210e663a1243b774d38bbdd7daf80fbe8c0 GIT binary patch literal 1185 zcmb7D&r20i6h3d>Qxh?zKxvT_^uvYBC=mp25%1aKB~BXtAV?_g%v|m2ogdzNCudqn z(!!vqpjC^awjs1C2wJsBD2T9sAX?|DMF|C+J1=`G^u&R=Gjryg?|kRG-(6XUCMjSv z6f>rb1Pf-S1@Y-ZDCSH_-B>V{nhVs?H;L7?z|<=Z6myAUVPIaOPD#i0QV+kWb`6(S zf8R17XG5#Tby-BXf(tfwvUYT`Hal6^Mc-K`i$u)27(1M~!!#Wf)YJHcPf98(_@>fg zBB0uk`3|xrM=C*FwVmulI7fre&wCexs<+>O{AFn0Qb#=-+VppbS}-aVblJ1yIUKJfC}z0OR(0>_Ag&Mj?qj-I}6cer|+LuI)6;mVJm3^eD?!y@F92uU5Rqm+ao zsYXwh)($^fC6Duv8-jvlH)s+8KyIO+S1c+w6y6O5&8(tTOU-fSN1Rp#2^96T`dJu} z@G^L9N)d9pUAb|k4T;JrXdN51D_1ASD`Sb~-G&6tHza^A`j1uXEy zP|=d-2`Z)T)s7C9_>Ox#MmDP7}Lw+H|*x?ly;fKUR9r8`}I+b)@6# znVxyHCR)*BGU6m1!BhH|oxwZ>r}ucU%Bi9fJzEGif%H^`7!McDacXaKWMFGcug>LK;T`u0$<8}W5{HLY5 literal 0 HcmV?d00001 diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java index 6fbcc3596c..6c96a11efd 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; +import java.io.Serializable; import java.security.SecureRandom; import java.util.Arrays; import java.util.Base64; @@ -28,7 +30,10 @@ import org.springframework.util.Assert; * @author Rob Winch * @since 6.4 */ -public final class Bytes { +public final class Bytes implements Serializable { + + @Serial + private static final long serialVersionUID = -3278138671365709777L; private static final SecureRandom RANDOM = new SecureRandom(); diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java index 3b2fe5adfa..a383967f7d 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; + /** * PublicKeyCredentialUserEntity @@ -28,6 +30,9 @@ package org.springframework.security.web.webauthn.api; */ public final class ImmutablePublicKeyCredentialUserEntity implements PublicKeyCredentialUserEntity { + @Serial + private static final long serialVersionUID = -3438693960347279759L; + /** * When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier * for a user account. It is intended only for display, i.e., aiding the user in diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java index fd95a24c71..b3d1b9a86a 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serializable; + /** * PublicKeyCredentialUserEntity @@ -27,7 +29,7 @@ package org.springframework.security.web.webauthn.api; * @since 6.4 * @see org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations#authenticate(org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest) */ -public interface PublicKeyCredentialUserEntity { +public interface PublicKeyCredentialUserEntity extends Serializable { /** * The