Package org.springframework.security.web.webauthn.authentication

Class WebAuthnAuthentication

java.lang.Object

org.springframework.security.authentication.AbstractAuthenticationToken

org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication

All Implemented Interfaces:

Serializable, Principal, Authentication, CredentialsContainer

public class WebAuthnAuthentication
extends AbstractAuthenticationToken

A WebAuthnAuthentication is used to represent successful authentication with WebAuthn.

Since:

6.4

See Also:

• WebAuthnAuthenticationRequestToken
• Serialized Form

Constructor Summary

Constructors

Constructor	Description
WebAuthnAuthentication(PublicKeyCredentialUserEntity principal, Collection<? extends GrantedAuthority> authorities)

Method Summary

Modifier and Type	Method	Description
Object	getCredentials()	The credentials that prove the principal is correct.
String	getName()
PublicKeyCredentialUserEntity	getPrincipal()	The identity of the principal being authenticated.
void	setAuthenticated(boolean authenticated)	See Authentication.isAuthenticated() for a full description.

Methods inherited from class org.springframework.security.authentication.AbstractAuthenticationToken

equals, eraseCredentials, getAuthorities, getDetails, hashCode, isAuthenticated, setDetails, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface java.security.Principal

implies

Constructor Details

WebAuthnAuthentication

public WebAuthnAuthentication(PublicKeyCredentialUserEntity principal,
 Collection<? extends GrantedAuthority> authorities)

Method Details

setAuthenticated

public void setAuthenticated(boolean authenticated)

Description copied from interface: Authentication

See Authentication.isAuthenticated() for a full description.

Implementations should always allow this method to be called with a false parameter, as this is used by various classes to specify the authentication token should not be trusted. If an implementation wishes to reject an invocation with a true parameter (which would indicate the authentication token is trusted - a potential security risk) the implementation should throw an IllegalArgumentException.

Specified by:

setAuthenticated in interface Authentication

Overrides:

setAuthenticated in class AbstractAuthenticationToken

Parameters:

authenticated - true if the token should be trusted (which may result in an exception) or false if the token should not be trusted

getCredentials

public Object getCredentials()

Description copied from interface: Authentication

The credentials that prove the principal is correct. This is usually a password, but could be anything relevant to the AuthenticationManager. Callers are expected to populate the credentials.

Returns:

the credentials that prove the identity of the Principal

getPrincipal

public PublicKeyCredentialUserEntity getPrincipal()

Description copied from interface: Authentication

The identity of the principal being authenticated. In the case of an authentication request with username and password, this would be the username. Callers are expected to populate the principal for an authentication request.

The AuthenticationManager implementation will often return an Authentication containing richer information as the principal for use by the application. Many of the authentication providers will create a UserDetails object as the principal.

Returns:

the Principal being authenticated or the authenticated principal after authentication.

getName

public String getName()

Specified by:

getName in interface Principal

Overrides:

getName in class AbstractAuthenticationToken