Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-06-24 13:02:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Implement Serializable for WebAuthnAuthentication

Browse Source 
Closes gh-16273
Closes gh-16285

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
This commit is contained in:
Tran Ngoc Nhan 2025-01-18 16:26:40 +07:00 committed by Rob Winch
parent 751b5580a1
commit e557c7227b
No known key found for this signature in database
8 changed files with 42 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
View File

@ -191,6 +191,12 @@ import org.springframework.security.web.csrf.MissingCsrfTokenException;
import org.springframework.security.web.firewall.RequestRejectedException; import org.springframework.security.web.firewall.RequestRejectedException;
import org.springframework.security.web.server.firewall.ServerExchangeRejectedException; import org.springframework.security.web.server.firewall.ServerExchangeRejectedException;
import org.springframework.security.web.session.HttpSessionCreatedEvent; import org.springframework.security.web.session.HttpSessionCreatedEvent;
import org.springframework.security.web.webauthn.api.Bytes;
import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity;
import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
import org.springframework.security.web.webauthn.api.TestBytes;
import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialUserEntity;
import org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication;
import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.assertThat;
import static org.assertj.core.api.Assertions.fail; import static org.assertj.core.api.Assertions.fail;
@ -508,6 +514,20 @@ class SpringSecurityCoreVersionSerializableTests {
(r) -> new AuthenticationSwitchUserEvent(authentication, user)); (r) -> new AuthenticationSwitchUserEvent(authentication, user));
generatorByClassName.put(HttpSessionCreatedEvent.class, generatorByClassName.put(HttpSessionCreatedEvent.class,
(r) -> new HttpSessionCreatedEvent(new MockHttpSession())); (r) -> new HttpSessionCreatedEvent(new MockHttpSession()));
// webauthn
generatorByClassName.put(Bytes.class, (r) -> TestBytes.get());
generatorByClassName.put(ImmutablePublicKeyCredentialUserEntity.class,
(r) -> TestPublicKeyCredentialUserEntity.userEntity().id(TestBytes.get()).build());
generatorByClassName.put(WebAuthnAuthentication.class, (r) -> {
PublicKeyCredentialUserEntity userEntity = TestPublicKeyCredentialUserEntity.userEntity()
.id(TestBytes.get())
.build();
List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
WebAuthnAuthentication webAuthnAuthentication = new WebAuthnAuthentication(userEntity, authorities);
webAuthnAuthentication.setDetails(details);
return webAuthnAuthentication;
});
} }
@ParameterizedTest @ParameterizedTest

BIN
config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.Bytes.serialized Normal file
View File

Binary file not shown.

BIN
config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized Normal file
View File

Binary file not shown.

BIN
config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized Normal file
View File

Binary file not shown.

9
web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,6 +16,8 @@
package org.springframework.security.web.webauthn.api; package org.springframework.security.web.webauthn.api;
import java.io.Serial;
import java.io.Serializable;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Arrays; import java.util.Arrays;
import java.util.Base64; import java.util.Base64;
@ -28,7 +30,10 @@ import org.springframework.util.Assert;
* @author Rob Winch * @author Rob Winch
* @since 6.4 * @since 6.4
*/ */
public final class Bytes { public final class Bytes implements Serializable {
@Serial
private static final long serialVersionUID = -3278138671365709777L;
private static final SecureRandom RANDOM = new SecureRandom(); private static final SecureRandom RANDOM = new SecureRandom();

7
web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,6 +16,8 @@
package org.springframework.security.web.webauthn.api; package org.springframework.security.web.webauthn.api;
import java.io.Serial;
/** /**
* <a href= * <a href=
* "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialuserentity">PublicKeyCredentialUserEntity</a> * "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialuserentity">PublicKeyCredentialUserEntity</a>
@ -28,6 +30,9 @@ package org.springframework.security.web.webauthn.api;
*/ */
public final class ImmutablePublicKeyCredentialUserEntity implements PublicKeyCredentialUserEntity { public final class ImmutablePublicKeyCredentialUserEntity implements PublicKeyCredentialUserEntity {
@Serial
private static final long serialVersionUID = -3438693960347279759L;
/** /**
* When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier * When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier
* for a user account. It is intended only for display, i.e., aiding the user in * for a user account. It is intended only for display, i.e., aiding the user in

6
web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,6 +16,8 @@
package org.springframework.security.web.webauthn.api; package org.springframework.security.web.webauthn.api;
import java.io.Serializable;
/** /**
* <a href= * <a href=
* "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialuserentity">PublicKeyCredentialUserEntity</a> * "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialuserentity">PublicKeyCredentialUserEntity</a>
@ -27,7 +29,7 @@ package org.springframework.security.web.webauthn.api;
* @since 6.4 * @since 6.4
* @see org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations#authenticate(org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest) * @see org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations#authenticate(org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest)
*/ */
public interface PublicKeyCredentialUserEntity { public interface PublicKeyCredentialUserEntity extends Serializable {
/** /**
* The <a href= * The <a href=

6
web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright 2002-2024 the original author or authors. * Copyright 2002-2025 the original author or authors.
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
package org.springframework.security.web.webauthn.authentication; package org.springframework.security.web.webauthn.authentication;
import java.io.Serial;
import java.util.Collection; import java.util.Collection;
import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AbstractAuthenticationToken;
@ -33,6 +34,9 @@ import org.springframework.util.Assert;
*/ */
public class WebAuthnAuthentication extends AbstractAuthenticationToken { public class WebAuthnAuthentication extends AbstractAuthenticationToken {
@Serial
private static final long serialVersionUID = -4879907158750659197L;
private final PublicKeyCredentialUserEntity principal; private final PublicKeyCredentialUserEntity principal;
public WebAuthnAuthentication(PublicKeyCredentialUserEntity principal, public WebAuthnAuthentication(PublicKeyCredentialUserEntity principal,