Search in sources :

Example 1 with PrincipalNotFoundException

use of com.webauthn4j.springframework.security.exception.PrincipalNotFoundException in project webauthn4j-spring-security by webauthn4j.

the class AttestationOptionsProviderImplTest method getAttestationOptions_with_non_existing_principal_test.

@Test
public void getAttestationOptions_with_non_existing_principal_test() {
    Challenge challenge = new DefaultChallenge();
    RpIdProviderImpl rpIdProvider = new RpIdProviderImpl();
    WebAuthnAuthenticatorService authenticatorService = mock(WebAuthnAuthenticatorService.class);
    ChallengeRepository challengeRepository = mock(ChallengeRepository.class);
    MockHttpServletRequest mockRequest = new MockHttpServletRequest();
    mockRequest.setServerName("example.com");
    when(authenticatorService.loadAuthenticatorsByUserPrincipal(any())).thenThrow(new PrincipalNotFoundException("dummy"));
    when(challengeRepository.loadOrGenerateChallenge(mockRequest)).thenReturn(challenge);
    AttestationOptionsProviderImpl optionsProvider = new AttestationOptionsProviderImpl(rpIdProvider, authenticatorService, challengeRepository);
    optionsProvider.setRpName("rpName");
    optionsProvider.setPubKeyCredParams(Collections.singletonList(new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256)));
    optionsProvider.setRegistrationTimeout(10000L);
    optionsProvider.setRegistrationExtensions(new AuthenticationExtensionsClientInputs<>());
    AttestationOptions attestationOptions = optionsProvider.getAttestationOptions(mockRequest, new UsernamePasswordAuthenticationToken("username", null));
    assertThat(attestationOptions.getRp().getId()).isEqualTo("example.com");
    assertThat(attestationOptions.getRp().getName()).isEqualTo("rpName");
    assertThat(attestationOptions.getUser()).isEqualTo(new PublicKeyCredentialUserEntity("username".getBytes(), "username", "username"));
    assertThat(attestationOptions.getChallenge()).isEqualTo(challenge);
    assertThat(attestationOptions.getPubKeyCredParams()).isEqualTo(Collections.singletonList(new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256)));
    assertThat(attestationOptions.getTimeout()).isEqualTo(10000L);
    assertThat(attestationOptions.getExcludeCredentials()).isEmpty();
    assertThat(attestationOptions.getExtensions()).isEqualTo(new AuthenticationExtensionsClientInputs<>());
}
Also used : ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) PrincipalNotFoundException(com.webauthn4j.springframework.security.exception.PrincipalNotFoundException) WebAuthnAuthenticatorService(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService) Test(org.junit.Test)

Example 2 with PrincipalNotFoundException

use of com.webauthn4j.springframework.security.exception.PrincipalNotFoundException in project webauthn4j-spring-security by webauthn4j.

the class WebAuthnSampleController method getCredentialIds.

private List<String> getCredentialIds() {
    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
    Object principal = authentication.getPrincipal();
    if (principal == null || authenticationTrustResolver.isAnonymous(authentication)) {
        return Collections.emptyList();
    } else {
        try {
            List<WebAuthnAuthenticator> webAuthnAuthenticators = webAuthnAuthenticatorManager.loadAuthenticatorsByUserPrincipal(principal);
            return webAuthnAuthenticators.stream().map(webAuthnAuthenticator -> Base64UrlUtil.encodeToString(webAuthnAuthenticator.getAttestedCredentialData().getCredentialId())).collect(Collectors.toList());
        } catch (PrincipalNotFoundException e) {
            return Collections.emptyList();
        }
    }
}
Also used : WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) Autowired(org.springframework.beans.factory.annotation.Autowired) SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority) User(org.springframework.security.core.userdetails.User) BindingResult(org.springframework.validation.BindingResult) Challenge(com.webauthn4j.data.client.challenge.Challenge) WebAuthnRegistrationRequestValidator(com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidator) WebAuthnException(com.webauthn4j.util.exception.WebAuthnException) Controller(org.springframework.stereotype.Controller) ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) Base64UrlUtil(com.webauthn4j.util.Base64UrlUtil) WebAuthnAuthenticationException(com.webauthn4j.springframework.security.exception.WebAuthnAuthenticationException) Valid(javax.validation.Valid) WebAuthnAuthenticatorImpl(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl) Model(org.springframework.ui.Model) HttpServletRequest(javax.servlet.http.HttpServletRequest) ModelAttribute(org.springframework.web.bind.annotation.ModelAttribute) UUIDUtil(com.webauthn4j.util.UUIDUtil) GetMapping(org.springframework.web.bind.annotation.GetMapping) WebAuthnRegistrationRequestValidationResponse(com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidationResponse) SecurityContextHolder(org.springframework.security.core.context.SecurityContextHolder) RedirectAttributes(org.springframework.web.servlet.mvc.support.RedirectAttributes) PostMapping(org.springframework.web.bind.annotation.PostMapping) UserDetailsManager(org.springframework.security.provisioning.UserDetailsManager) UUID(java.util.UUID) WebAuthnAuthenticatorManager(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorManager) Collectors(java.util.stream.Collectors) GrantedAuthority(org.springframework.security.core.GrantedAuthority) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) List(java.util.List) PasswordEncoder(org.springframework.security.crypto.password.PasswordEncoder) WebAuthnAuthenticator(com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator) Log(org.apache.commons.logging.Log) LogFactory(org.apache.commons.logging.LogFactory) AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) PrincipalNotFoundException(com.webauthn4j.springframework.security.exception.PrincipalNotFoundException) Authentication(org.springframework.security.core.Authentication) Collections(java.util.Collections) Authentication(org.springframework.security.core.Authentication) PrincipalNotFoundException(com.webauthn4j.springframework.security.exception.PrincipalNotFoundException)

Example 3 with PrincipalNotFoundException

use of com.webauthn4j.springframework.security.exception.PrincipalNotFoundException in project webauthn4j-spring-security by webauthn4j.

the class UserManagerImpl method deleteUser.

/**
 * {@inheritDoc}
 */
@Override
public void deleteUser(String username) {
    UserEntity userEntity = userEntityRepository.findOneByEmailAddress(username).orElseThrow(() -> new PrincipalNotFoundException(String.format("UserEntity with username'%s' is not found.", username)));
    userEntityRepository.delete(userEntity);
}
Also used : PrincipalNotFoundException(com.webauthn4j.springframework.security.exception.PrincipalNotFoundException) UserEntity(com.webauthn4j.springframework.security.webauthn.sample.domain.entity.UserEntity)

Aggregations

PrincipalNotFoundException (com.webauthn4j.springframework.security.exception.PrincipalNotFoundException)3 Challenge (com.webauthn4j.data.client.challenge.Challenge)2 ChallengeRepository (com.webauthn4j.springframework.security.challenge.ChallengeRepository)2 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)1 WebAuthnRegistrationRequestValidationResponse (com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidationResponse)1 WebAuthnRegistrationRequestValidator (com.webauthn4j.springframework.security.WebAuthnRegistrationRequestValidator)1 WebAuthnAuthenticator (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticator)1 WebAuthnAuthenticatorImpl (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorImpl)1 WebAuthnAuthenticatorManager (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorManager)1 WebAuthnAuthenticatorService (com.webauthn4j.springframework.security.authenticator.WebAuthnAuthenticatorService)1 WebAuthnAuthenticationException (com.webauthn4j.springframework.security.exception.WebAuthnAuthenticationException)1 UserEntity (com.webauthn4j.springframework.security.webauthn.sample.domain.entity.UserEntity)1 Base64UrlUtil (com.webauthn4j.util.Base64UrlUtil)1 UUIDUtil (com.webauthn4j.util.UUIDUtil)1 WebAuthnException (com.webauthn4j.util.exception.WebAuthnException)1 Collections (java.util.Collections)1 List (java.util.List)1 UUID (java.util.UUID)1 Collectors (java.util.stream.Collectors)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1