Search in sources :

Example 1 with AssertionOptions

use of com.webauthn4j.springframework.security.options.AssertionOptions in project webauthn4j-spring-security by webauthn4j.

the class AssertionOptionsEndpointFilter method doFilter.

// ~ Methods
// ========================================================================================================
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
    FilterInvocation fi = new FilterInvocation(request, response, chain);
    if (!processFilter(fi.getRequest())) {
        chain.doFilter(request, response);
        return;
    }
    try {
        AssertionOptions assertionOptions = assertionOptionsProvider.getAssertionOptions(fi.getRequest(), getAuthentication());
        writeResponse(fi.getResponse(), assertionOptions);
    } catch (RuntimeException e) {
        logger.debug(e);
        writeErrorResponse(fi.getResponse(), e);
    }
}
Also used : AssertionOptions(com.webauthn4j.springframework.security.options.AssertionOptions) FilterInvocation(org.springframework.security.web.FilterInvocation)

Example 2 with AssertionOptions

use of com.webauthn4j.springframework.security.options.AssertionOptions in project webauthn4j-spring-security by webauthn4j.

the class AssertionOptionsEndpointFilterTest method doFilter_test.

@Test
public void doFilter_test() throws IOException, ServletException {
    AssertionOptionsProvider optionsProvider = mock(AssertionOptionsProvider.class);
    AssertionOptions assertionOptions = new AssertionOptions(null, null, null, null, null, null);
    when(optionsProvider.getAssertionOptions(any(), any())).thenReturn(assertionOptions);
    AssertionOptionsEndpointFilter optionsEndpointFilter = new AssertionOptionsEndpointFilter(optionsProvider, objectConverter);
    AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
    optionsEndpointFilter.setTrustResolver(trustResolver);
    MockHttpServletRequest request = new MockHttpServletRequest();
    request.setRequestURI(AssertionOptionsEndpointFilter.FILTER_URL);
    MockHttpServletResponse response = new MockHttpServletResponse();
    MockFilterChain filterChain = new MockFilterChain();
    optionsEndpointFilter.doFilter(request, response, filterChain);
    assertThat(response.getStatus()).isEqualTo(HttpStatus.OK.value());
}
Also used : AuthenticationTrustResolverImpl(org.springframework.security.authentication.AuthenticationTrustResolverImpl) MockHttpServletRequest(org.springframework.mock.web.MockHttpServletRequest) AssertionOptions(com.webauthn4j.springframework.security.options.AssertionOptions) AssertionOptionsProvider(com.webauthn4j.springframework.security.options.AssertionOptionsProvider) AuthenticationTrustResolver(org.springframework.security.authentication.AuthenticationTrustResolver) MockFilterChain(org.springframework.mock.web.MockFilterChain) MockHttpServletResponse(org.springframework.mock.web.MockHttpServletResponse) Test(org.junit.Test)

Example 3 with AssertionOptions

use of com.webauthn4j.springframework.security.options.AssertionOptions in project webauthn4j-spring-security by webauthn4j.

the class FidoServerAssertionOptionsEndpointFilter method processRequest.

@Override
protected ServerResponse processRequest(HttpServletRequest request) {
    InputStream inputStream;
    try {
        inputStream = request.getInputStream();
    } catch (IOException e) {
        throw new UncheckedIOException(e);
    }
    try {
        ServerPublicKeyCredentialGetOptionsRequest serverRequest = objectConverter.getJsonConverter().readValue(inputStream, ServerPublicKeyCredentialGetOptionsRequest.class);
        Challenge challenge = serverEndpointFilterUtil.encodeUserVerification(new DefaultChallenge(), serverRequest.getUserVerification());
        challengeRepository.saveChallenge(challenge, request);
        // TODO: UsernamePasswordAuthenticationToken should not be used here in this way
        AssertionOptions options = optionsProvider.getAssertionOptions(request, new UsernamePasswordAuthenticationToken(serverRequest.getUsername(), null, Collections.emptyList()));
        List<ServerPublicKeyCredentialDescriptor> credentials = options.getAllowCredentials().stream().map(credential -> new ServerPublicKeyCredentialDescriptor(credential.getType(), Base64UrlUtil.encodeToString(credential.getId()), credential.getTransports())).collect(Collectors.toList());
        AuthenticationExtensionsClientInputs<AuthenticationExtensionClientInput> authenticationExtensionsClientInputs;
        if (serverRequest.getExtensions() != null) {
            authenticationExtensionsClientInputs = serverRequest.getExtensions();
        } else {
            authenticationExtensionsClientInputs = options.getExtensions();
        }
        return new ServerPublicKeyCredentialGetOptionsResponse(Base64UrlUtil.encodeToString(options.getChallenge().getValue()), options.getTimeout(), options.getRpId(), credentials, serverRequest.getUserVerification(), authenticationExtensionsClientInputs);
    } catch (DataConversionException e) {
        throw new com.webauthn4j.springframework.security.exception.DataConversionException("Failed to convert data", e);
    }
}
Also used : AssertionOptionsProvider(com.webauthn4j.springframework.security.options.AssertionOptionsProvider) AssertionOptions(com.webauthn4j.springframework.security.options.AssertionOptions) IOException(java.io.IOException) Challenge(com.webauthn4j.data.client.challenge.Challenge) AuthenticationExtensionClientInput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientInput) ChallengeRepository(com.webauthn4j.springframework.security.challenge.ChallengeRepository) Base64UrlUtil(com.webauthn4j.util.Base64UrlUtil) Collectors(java.util.stream.Collectors) AuthenticationExtensionsClientInputs(com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs) UncheckedIOException(java.io.UncheckedIOException) HttpServletRequest(javax.servlet.http.HttpServletRequest) List(java.util.List) ObjectConverter(com.webauthn4j.converter.util.ObjectConverter) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DataConversionException(com.webauthn4j.converter.exception.DataConversionException) Collections(java.util.Collections) Assert(org.springframework.util.Assert) InputStream(java.io.InputStream) InputStream(java.io.InputStream) AssertionOptions(com.webauthn4j.springframework.security.options.AssertionOptions) UncheckedIOException(java.io.UncheckedIOException) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken) IOException(java.io.IOException) UncheckedIOException(java.io.UncheckedIOException) Challenge(com.webauthn4j.data.client.challenge.Challenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) DefaultChallenge(com.webauthn4j.data.client.challenge.DefaultChallenge) AuthenticationExtensionClientInput(com.webauthn4j.data.extension.client.AuthenticationExtensionClientInput) DataConversionException(com.webauthn4j.converter.exception.DataConversionException)

Aggregations

AssertionOptions (com.webauthn4j.springframework.security.options.AssertionOptions)3 AssertionOptionsProvider (com.webauthn4j.springframework.security.options.AssertionOptionsProvider)2 DataConversionException (com.webauthn4j.converter.exception.DataConversionException)1 ObjectConverter (com.webauthn4j.converter.util.ObjectConverter)1 Challenge (com.webauthn4j.data.client.challenge.Challenge)1 DefaultChallenge (com.webauthn4j.data.client.challenge.DefaultChallenge)1 AuthenticationExtensionClientInput (com.webauthn4j.data.extension.client.AuthenticationExtensionClientInput)1 AuthenticationExtensionsClientInputs (com.webauthn4j.data.extension.client.AuthenticationExtensionsClientInputs)1 ChallengeRepository (com.webauthn4j.springframework.security.challenge.ChallengeRepository)1 Base64UrlUtil (com.webauthn4j.util.Base64UrlUtil)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 UncheckedIOException (java.io.UncheckedIOException)1 Collections (java.util.Collections)1 List (java.util.List)1 Collectors (java.util.stream.Collectors)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Test (org.junit.Test)1 MockFilterChain (org.springframework.mock.web.MockFilterChain)1 MockHttpServletRequest (org.springframework.mock.web.MockHttpServletRequest)1