Package org.springframework.security.config.annotation.web.configurers

Class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>

java.lang.Object

org.springframework.security.config.annotation.SecurityConfigurerAdapter<DefaultSecurityFilterChain,B>

org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer<WebAuthnConfigurer<H>,H>

org.springframework.security.config.annotation.web.configurers.WebAuthnConfigurer<H>

Type Parameters:

H - the type of builder

All Implemented Interfaces:

SecurityConfigurer<DefaultSecurityFilterChain,H>

public class WebAuthnConfigurer<H extends HttpSecurityBuilder<H>>
extends AbstractHttpConfigurer<WebAuthnConfigurer<H>,H>

Configures WebAuthn for Spring Security applications

Since:

6.4

Constructor Summary

Constructors

Constructor	Description
WebAuthnConfigurer()

Method Summary

Modifier and Type	Method	Description
WebAuthnConfigurer<H>	allowedOrigins(String... allowedOrigins)	Convenience method for allowedOrigins(Set)
WebAuthnConfigurer<H>	allowedOrigins(Set<String> allowedOrigins)	Sets the allowed origins.
void	configure(H http)	Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.
WebAuthnConfigurer<H>	creationOptionsRepository(PublicKeyCredentialCreationOptionsRepository creationOptionsRepository)	Sets PublicKeyCredentialCreationOptionsRepository
WebAuthnConfigurer<H>	disableDefaultRegistrationPage(boolean disable)	Configures whether the default webauthn registration should be disabled.
void	init(H http)	Initialize the SecurityBuilder.
WebAuthnConfigurer<H>	messageConverter(org.springframework.http.converter.HttpMessageConverter<Object> converter)	Sets HttpMessageConverter used for WebAuthn to read/write to the HTTP request/response.
WebAuthnConfigurer<H>	rpId(String rpId)	The Relying Party id.
WebAuthnConfigurer<H>	rpName(String rpName)	Sets the relying party name

Methods inherited from class org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer

disable, getRequestMatcherBuilder, getSecurityContextHolderStrategy, withObjectPostProcessor

Methods inherited from class org.springframework.security.config.annotation.SecurityConfigurerAdapter

addObjectPostProcessor, getBuilder, postProcess, setBuilder

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

WebAuthnConfigurer

public WebAuthnConfigurer()

Method Details

rpId

public WebAuthnConfigurer<H> rpId(String rpId)

The Relying Party id.

Parameters:

rpId - the relying party id

Returns:

the WebAuthnConfigurer for further customization

rpName

public WebAuthnConfigurer<H> rpName(String rpName)

Sets the relying party name

Parameters:

rpName - the relying party name

Returns:

the WebAuthnConfigurer for further customization

allowedOrigins

public WebAuthnConfigurer<H> allowedOrigins(String... allowedOrigins)

Convenience method for allowedOrigins(Set)

Parameters:

allowedOrigins - the allowed origins

Returns:

the WebAuthnConfigurer for further customization

See Also:

• allowedOrigins(Set)

allowedOrigins

public WebAuthnConfigurer<H> allowedOrigins(Set<String> allowedOrigins)

Sets the allowed origins.

Parameters:

allowedOrigins - the allowed origins

Returns:

the WebAuthnConfigurer for further customization

See Also:

• allowedOrigins(String...)

disableDefaultRegistrationPage

public WebAuthnConfigurer<H> disableDefaultRegistrationPage(boolean disable)

Configures whether the default webauthn registration should be disabled. Setting it to true will prevent the configurer from registering the DefaultWebAuthnRegistrationPageGeneratingFilter.

Parameters:

disable - disable the default registration page if true, enable it otherwise

Returns:

the WebAuthnConfigurer for further customization

messageConverter

public WebAuthnConfigurer<H> messageConverter(org.springframework.http.converter.HttpMessageConverter<Object> converter)

Sets HttpMessageConverter used for WebAuthn to read/write to the HTTP request/response.

Parameters:

converter - the HttpMessageConverter

Returns:

the WebAuthnConfigurer for further customization

creationOptionsRepository

public WebAuthnConfigurer<H> creationOptionsRepository(PublicKeyCredentialCreationOptionsRepository creationOptionsRepository)

Sets PublicKeyCredentialCreationOptionsRepository

Parameters:

creationOptionsRepository - the creationOptionsRepository

Returns:

the WebAuthnConfigurer for further customization

init

public void init(H http)

Description copied from interface: SecurityConfigurer

Initialize the SecurityBuilder. Here only shared state should be created and modified, but not properties on the SecurityBuilder used for building the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses the correct shared objects when building. Configurers should be applied here.

Specified by:

init in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

init in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

configure

public void configure(H http)

Description copied from interface: SecurityConfigurer

Configure the SecurityBuilder by setting the necessary properties on the SecurityBuilder.

Specified by:

configure in interface SecurityConfigurer<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>

Overrides:

configure in class SecurityConfigurerAdapter<DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>