Package org.springframework.security.web.webauthn.authentication

Class WebAuthnAuthenticationFilter

java.lang.Object

org.springframework.web.filter.GenericFilterBean

org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class WebAuthnAuthenticationFilter
extends AbstractAuthenticationProcessingFilter

Authenticates PublicKeyCredential<AuthenticatorAssertionResponse> that is parsed from the body of the HttpServletRequest using the setConverter(GenericHttpMessageConverter). An example request is provided below:

 {
        "id": "dYF7EGnRFFIXkpXi9XU2wg",
        "rawId": "dYF7EGnRFFIXkpXi9XU2wg",
        "response": {
                "authenticatorData": "y9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNgdAAAAAA",
                "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiRFVsRzRDbU9naWhKMG1vdXZFcE9HdUk0ZVJ6MGRRWmxUQmFtbjdHQ1FTNCIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5sb2NhbGhvc3Q6ODQ0MyIsImNyb3NzT3JpZ2luIjpmYWxzZX0",
                "signature": "MEYCIQCW2BcUkRCAXDmGxwMi78jknenZ7_amWrUJEYoTkweldAIhAMD0EMp1rw2GfwhdrsFIeDsL7tfOXVPwOtfqJntjAo4z",
                "userHandle": "Q3_0Xd64_HW0BlKRAJnVagJTpLKLgARCj8zjugpRnVo"
            },
        "clientExtensionResults": {},
        "authenticatorAttachment": "platform"
 }
 

Since:

6.4

Field Summary

Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

authenticationDetailsSource, eventPublisher, messages

Fields inherited from class org.springframework.web.filter.GenericFilterBean

logger

Constructor Summary

Constructors

Constructor	Description
WebAuthnAuthenticationFilter()

Method Summary

Modifier and Type	Method	Description
Authentication	attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response)	Performs actual authentication.
void	setConverter(org.springframework.http.converter.GenericHttpMessageConverter<Object> converter)	Deprecated, for removal: This API element is subject to removal in a future version. use setConverter(SmartHttpMessageConverter)
void	setConverter(org.springframework.http.converter.SmartHttpMessageConverter<Object> converter)	Sets the SmartHttpMessageConverter to use for writing PublicKeyCredential<AuthenticatorAssertionResponse> to the response.
void	setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository requestOptionsRepository)	Sets the PublicKeyCredentialRequestOptionsRepository to use.

Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter

afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationConverter, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setMfaEnabled, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication

Methods inherited from class org.springframework.web.filter.GenericFilterBean

addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

WebAuthnAuthenticationFilter

public WebAuthnAuthenticationFilter()

Method Details

attemptAuthentication

public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response)
                                     throws AuthenticationException,
IOException,
jakarta.servlet.ServletException

Description copied from class: AbstractAuthenticationProcessingFilter

Performs actual authentication.

The implementation should do one of the following:

1. Return a populated authentication token for the authenticated user, indicating successful authentication
2. Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
3. Throw an AuthenticationException if the authentication process fails

Overrides:

attemptAuthentication in class AbstractAuthenticationProcessingFilter

Parameters:

request - from which to extract parameters and perform the authentication

response - the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).

Returns:

the authenticated user token, or null if authentication is incomplete.

Throws:

AuthenticationException - if authentication fails.

IOException

jakarta.servlet.ServletException

setConverter

@Deprecated(forRemoval=true,
            since="7.0")
public void setConverter(org.springframework.http.converter.GenericHttpMessageConverter<Object> converter)

Deprecated, for removal: This API element is subject to removal in a future version.

use setConverter(SmartHttpMessageConverter)

Sets the GenericHttpMessageConverter to use for writing PublicKeyCredential<AuthenticatorAssertionResponse> to the response. The default is @{code MappingJackson2HttpMessageConverter}

Parameters:

converter - the GenericHttpMessageConverter to use. Cannot be null.

setConverter

public void setConverter(org.springframework.http.converter.SmartHttpMessageConverter<Object> converter)

Sets the SmartHttpMessageConverter to use for writing PublicKeyCredential<AuthenticatorAssertionResponse> to the response. The default is @{code MappingJackson2HttpMessageConverter}

Parameters:

converter - the SmartHttpMessageConverter to use. Cannot be null.

Since:

7.0

setRequestOptionsRepository

public void setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository requestOptionsRepository)

Sets the PublicKeyCredentialRequestOptionsRepository to use. The default is HttpSessionPublicKeyCredentialRequestOptionsRepository.

Parameters:

requestOptionsRepository - the PublicKeyCredentialRequestOptionsRepository to use. Cannot be null.