Class WebAuthnAuthenticationFilter
java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter
,org.springframework.beans.factory.Aware
,org.springframework.beans.factory.BeanNameAware
,org.springframework.beans.factory.DisposableBean
,org.springframework.beans.factory.InitializingBean
,org.springframework.context.ApplicationEventPublisherAware
,org.springframework.context.EnvironmentAware
,org.springframework.context.MessageSourceAware
,org.springframework.core.env.EnvironmentCapable
,org.springframework.web.context.ServletContextAware
Authenticates
PublicKeyCredential<AuthenticatorAssertionResponse>
that is
parsed from the body of the HttpServletRequest
using the
setConverter(GenericHttpMessageConverter)
. An example request is provided
below:
{ "id": "dYF7EGnRFFIXkpXi9XU2wg", "rawId": "dYF7EGnRFFIXkpXi9XU2wg", "response": { "authenticatorData": "y9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNgdAAAAAA", "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiRFVsRzRDbU9naWhKMG1vdXZFcE9HdUk0ZVJ6MGRRWmxUQmFtbjdHQ1FTNCIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5sb2NhbGhvc3Q6ODQ0MyIsImNyb3NzT3JpZ2luIjpmYWxzZX0", "signature": "MEYCIQCW2BcUkRCAXDmGxwMi78jknenZ7_amWrUJEYoTkweldAIhAMD0EMp1rw2GfwhdrsFIeDsL7tfOXVPwOtfqJntjAo4z", "userHandle": "Q3_0Xd64_HW0BlKRAJnVagJTpLKLgARCj8zjugpRnVo" }, "clientExtensionResults": {}, "authenticatorAttachment": "platform" }
- Since:
- 6.4
-
Field Summary
Fields inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
authenticationDetailsSource, eventPublisher, messages
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionattemptAuthentication
(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) Performs actual authentication.void
setConverter
(org.springframework.http.converter.GenericHttpMessageConverter<Object> converter) Sets theGenericHttpMessageConverter
to use for writingPublicKeyCredential<AuthenticatorAssertionResponse>
to the response.void
setRequestOptionsRepository
(PublicKeyCredentialRequestOptionsRepository requestOptionsRepository) Sets thePublicKeyCredentialRequestOptionsRepository
to use.Methods inherited from class org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
afterPropertiesSet, doFilter, getAllowSessionCreation, getAuthenticationManager, getFailureHandler, getRememberMeServices, getSuccessHandler, requiresAuthentication, setAllowSessionCreation, setApplicationEventPublisher, setAuthenticationConverter, setAuthenticationDetailsSource, setAuthenticationFailureHandler, setAuthenticationManager, setAuthenticationSuccessHandler, setContinueChainBeforeSuccessfulAuthentication, setFilterProcessesUrl, setMessageSource, setRememberMeServices, setRequiresAuthenticationRequestMatcher, setSecurityContextHolderStrategy, setSecurityContextRepository, setSessionAuthenticationStrategy, successfulAuthentication, unsuccessfulAuthentication
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, createEnvironment, destroy, getEnvironment, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setEnvironment, setServletContext
-
Constructor Details
-
WebAuthnAuthenticationFilter
public WebAuthnAuthenticationFilter()
-
-
Method Details
-
attemptAuthentication
public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws AuthenticationException, IOException, jakarta.servlet.ServletException Description copied from class:AbstractAuthenticationProcessingFilter
Performs actual authentication.The implementation should do one of the following:
- Return a populated authentication token for the authenticated user, indicating successful authentication
- Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
- Throw an AuthenticationException if the authentication process fails
- Overrides:
attemptAuthentication
in classAbstractAuthenticationProcessingFilter
- Parameters:
request
- from which to extract parameters and perform the authenticationresponse
- the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).- Returns:
- the authenticated user token, or null if authentication is incomplete.
- Throws:
AuthenticationException
- if authentication fails.IOException
jakarta.servlet.ServletException
-
setConverter
public void setConverter(org.springframework.http.converter.GenericHttpMessageConverter<Object> converter) Sets theGenericHttpMessageConverter
to use for writingPublicKeyCredential<AuthenticatorAssertionResponse>
to the response. The default is @{code MappingJackson2HttpMessageConverter}- Parameters:
converter
- theGenericHttpMessageConverter
to use. Cannot be null.
-
setRequestOptionsRepository
public void setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository requestOptionsRepository) Sets thePublicKeyCredentialRequestOptionsRepository
to use. The default isHttpSessionPublicKeyCredentialRequestOptionsRepository
.- Parameters:
requestOptionsRepository
- thePublicKeyCredentialRequestOptionsRepository
to use. Cannot be null.
-