Webauthn4j Spring Security Save
WebAuthn4J Extension for Spring Security
Project README
WebAuthn4J Spring Security
WebAuthn4J Spring Security provides Web Authentication specification support for your Spring application by using WebAuthn4J library. Users can login with WebAuthn compliant authenticator.
Project status
This project is under active development. API signature may change.
Documentation
You can find out more details from the reference.
Getting from Maven Central
If you are using Maven, just add the webauthn4j-spring-security as a dependency:
<properties>
...
<!-- Use the latest version whenever possible. -->
<webauthn4j-spring-security.version>0.9.1.RELEASE</webauthn4j-spring-security.version>
...
</properties>
<dependency>
<groupId>com.webauthn4j</groupId>
<artifactId>webauthn4j-spring-security-core</artifactId>
<version>${webauthn4j-spring-security.version}</version>
</dependency>
Build
WebAuthn4J Spring Security uses a Gradle based build system.
In the instructions below, gradlew is invoked from the root of the source tree and serves as a cross-platform,
self-contained bootstrap mechanism for the build.
Prerequisites
- Java8 or later
- Spring Framework 5.0 or later
Checkout sources
git clone https://github.com/webauthn4j/webauthn4j-spring-security
Build all jars
./gradlew build
Execute sample application
./gradlew samples:spa:bootRun
Configuration
WebAuthn4J Spring Security can be configured through Spring Security Java Config.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
public WebAuthnAuthenticationProvider webAuthnAuthenticationProvider(WebAuthnAuthenticatorService authenticatorService, WebAuthnManager webAuthnManager){
return new WebAuthnAuthenticationProvider(authenticatorService, webAuthnManager);
}
@Bean
public DaoAuthenticationProvider daoAuthenticationProvider(UserDetailsService userDetailsService){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());
return daoAuthenticationProvider;
}
@Bean
public AuthenticationManager authenticationManager(List<AuthenticationProvider> providers){
return new ProviderManager(providers);
}
@Bean
public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {
// WebAuthn Login
http.apply(WebAuthnLoginConfigurer.webAuthnLogin())
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("rawPassword")
.credentialIdParameter("credentialId")
.clientDataJSONParameter("clientDataJSON")
.authenticatorDataParameter("authenticatorData")
.signatureParameter("signature")
.clientExtensionsJSONParameter("clientExtensionsJSON")
.loginProcessingUrl("/login")
.rpId("example.com")
.attestationOptionsEndpoint()
.attestationOptionsProvider(attestationOptionsProvider)
.processingUrl("/webauthn/attestation/options")
.rp()
.name("example")
.and()
.pubKeyCredParams(
new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256),
new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.RS1)
)
.authenticatorSelection()
.authenticatorAttachment(AuthenticatorAttachment.CROSS_PLATFORM)
.residentKey(ResidentKeyRequirement.PREFERRED)
.userVerification(UserVerificationRequirement.PREFERRED)
.and()
.attestation(AttestationConveyancePreference.DIRECT)
.extensions()
.credProps(true)
.uvm(true)
.and()
.assertionOptionsEndpoint()
.assertionOptionsProvider(assertionOptionsProvider)
.processingUrl("/webauthn/assertion/options")
.rpId("example.com")
.userVerification(UserVerificationRequirement.PREFERRED)
.and()
.authenticationManager(authenticationManager);
}
}
License
WebAuthn4J Spring Security is Open Source software released under the Apache 2.0 license.
Open Source Agenda is not affiliated with "Webauthn4j Spring Security" Project. README Source: webauthn4j/webauthn4j-spring-security
Stars
161
Open Issues
3
Last Commit
2 weeks ago
Repository
License
Open Source Agenda Badge
