Class WebAuthnAuthenticationFilter

java.lang.Object
org.springframework.web.filter.GenericFilterBean
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationFilter
All Implemented Interfaces:
jakarta.servlet.Filter, org.springframework.beans.factory.Aware, org.springframework.beans.factory.BeanNameAware, org.springframework.beans.factory.DisposableBean, org.springframework.beans.factory.InitializingBean, org.springframework.context.ApplicationEventPublisherAware, org.springframework.context.EnvironmentAware, org.springframework.context.MessageSourceAware, org.springframework.core.env.EnvironmentCapable, org.springframework.web.context.ServletContextAware

public class WebAuthnAuthenticationFilter extends AbstractAuthenticationProcessingFilter
Authenticates PublicKeyCredential<AuthenticatorAssertionResponse> that is parsed from the body of the HttpServletRequest using the setConverter(GenericHttpMessageConverter). An example request is provided below:
 {
        "id": "dYF7EGnRFFIXkpXi9XU2wg",
        "rawId": "dYF7EGnRFFIXkpXi9XU2wg",
        "response": {
                "authenticatorData": "y9GqwTRaMpzVDbXq1dyEAXVOxrou08k22ggRC45MKNgdAAAAAA",
                "clientDataJSON": "eyJ0eXBlIjoid2ViYXV0aG4uZ2V0IiwiY2hhbGxlbmdlIjoiRFVsRzRDbU9naWhKMG1vdXZFcE9HdUk0ZVJ6MGRRWmxUQmFtbjdHQ1FTNCIsIm9yaWdpbiI6Imh0dHBzOi8vZXhhbXBsZS5sb2NhbGhvc3Q6ODQ0MyIsImNyb3NzT3JpZ2luIjpmYWxzZX0",
                "signature": "MEYCIQCW2BcUkRCAXDmGxwMi78jknenZ7_amWrUJEYoTkweldAIhAMD0EMp1rw2GfwhdrsFIeDsL7tfOXVPwOtfqJntjAo4z",
                "userHandle": "Q3_0Xd64_HW0BlKRAJnVagJTpLKLgARCj8zjugpRnVo"
            },
        "clientExtensionResults": {},
        "authenticatorAttachment": "platform"
 }
 
Since:
6.4
  • Constructor Details

    • WebAuthnAuthenticationFilter

      public WebAuthnAuthenticationFilter()
  • Method Details

    • attemptAuthentication

      public Authentication attemptAuthentication(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response) throws AuthenticationException, IOException, jakarta.servlet.ServletException
      Description copied from class: AbstractAuthenticationProcessingFilter
      Performs actual authentication.

      The implementation should do one of the following:

      1. Return a populated authentication token for the authenticated user, indicating successful authentication
      2. Return null, indicating that the authentication process is still in progress. Before returning, the implementation should perform any additional work required to complete the process.
      3. Throw an AuthenticationException if the authentication process fails
      Overrides:
      attemptAuthentication in class AbstractAuthenticationProcessingFilter
      Parameters:
      request - from which to extract parameters and perform the authentication
      response - the response, which may be needed if the implementation has to do a redirect as part of a multi-stage authentication process (such as OIDC).
      Returns:
      the authenticated user token, or null if authentication is incomplete.
      Throws:
      AuthenticationException - if authentication fails.
      IOException
      jakarta.servlet.ServletException
    • setConverter

      public void setConverter(org.springframework.http.converter.GenericHttpMessageConverter<Object> converter)
      Sets the GenericHttpMessageConverter to use for writing PublicKeyCredential<AuthenticatorAssertionResponse> to the response. The default is @{code MappingJackson2HttpMessageConverter}
      Parameters:
      converter - the GenericHttpMessageConverter to use. Cannot be null.
    • setRequestOptionsRepository

      public void setRequestOptionsRepository(PublicKeyCredentialRequestOptionsRepository requestOptionsRepository)
      Parameters:
      requestOptionsRepository - the PublicKeyCredentialRequestOptionsRepository to use. Cannot be null.