Package org.springframework.security.web.webauthn.authentication

Class WebAuthnAuthenticationRequestToken

java.lang.Object
org.springframework.security.authentication.AbstractAuthenticationToken
org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken
All Implemented Interfaces:
Serializable, Principal, Authentication, CredentialsContainer
public class WebAuthnAuthenticationRequestToken extends AbstractAuthenticationToken
An Authentication used in WebAuthnAuthenticationProvider for authenticating via WebAuthn.
Since:
6.4
See Also:

  • Constructor Details

  • Method Details

    • getWebAuthnRequest

      public RelyingPartyAuthenticationRequest getWebAuthnRequest()
      Gets the RelyingPartyAuthenticationRequest
      Returns:
      the RelyingPartyAuthenticationRequest

    • setAuthenticated

      public void setAuthenticated(boolean authenticated)
      Description copied from interface: Authentication
      See Authentication.isAuthenticated() for a full description.

      Implementations should always allow this method to be called with a false parameter, as this is used by various classes to specify the authentication token should not be trusted. If an implementation wishes to reject an invocation with a true parameter (which would indicate the authentication token is trusted - a potential security risk) the implementation should throw an IllegalArgumentException.

      Specified by:
      setAuthenticated in interface Authentication
      Overrides:
      setAuthenticated in class AbstractAuthenticationToken
      Parameters:
      authenticated - true if the token should be trusted (which may result in an exception) or false if the token should not be trusted

    • getCredentials

      public Object getCredentials()
      Description copied from interface: Authentication
      The credentials that prove the principal is correct. This is usually a password, but could be anything relevant to the AuthenticationManager. Callers are expected to populate the credentials.
      Returns:
      the credentials that prove the identity of the Principal

    • getPrincipal

      public @Nullable Object getPrincipal()
      Description copied from interface: Authentication
      The identity of the principal being authenticated. In the case of an authentication request with username and password, this would be the username. Callers are expected to populate the principal for an authentication request.

      The AuthenticationManager implementation will often return an Authentication containing richer information as the principal for use by the application. Many of the authentication providers will create a UserDetails object as the principal.

      Returns:
      the Principal being authenticated or the authenticated principal after authentication.