From 87c4aa501724b4d8b22bb18ba6a191b53ed4f3d6 Mon Sep 17 00:00:00 2001 From: Max Batischev Date: Thu, 23 Jan 2025 12:59:46 +0300 Subject: [PATCH] Make PublicKeyCredentialRequestOptions Serializable Closes gh-16432 Signed-off-by: Max Batischev --- ...gSecurityCoreVersionSerializableTests.java | 45 ++++++++++++++++++ ...uthn.api.AuthenticatorTransport.serialized | Bin 0 -> 124 bytes ...security.web.webauthn.api.Bytes.serialized | Bin 0 -> 140 bytes ...tensionsClientInput$CredProtect.serialized | Bin 0 -> 507 bytes ...enticationExtensionsClientInput.serialized | Bin 0 -> 733 bytes ...enticationExtensionsClientInput.serialized | Bin 0 -> 230 bytes ...nticationExtensionsClientInputs.serialized | Bin 0 -> 540 bytes ...i.PublicKeyCredentialDescriptor.serialized | Bin 0 -> 688 bytes ...blicKeyCredentialRequestOptions.serialized | Bin 0 -> 1833 bytes ...thn.api.PublicKeyCredentialType.serialized | Bin 0 -> 132 bytes ...api.UserVerificationRequirement.serialized | Bin 0 -> 134 bytes .../AuthenticationExtensionsClientInput.java | 6 ++- .../AuthenticationExtensionsClientInputs.java | 5 +- .../webauthn/api/AuthenticatorTransport.java | 10 +++- .../security/web/webauthn/api/Bytes.java | 9 +++- ...ctAuthenticationExtensionsClientInput.java | 13 ++++- ...leAuthenticationExtensionsClientInput.java | 7 ++- ...eAuthenticationExtensionsClientInputs.java | 6 ++- .../api/PublicKeyCredentialDescriptor.java | 9 +++- .../PublicKeyCredentialRequestOptions.java | 9 +++- .../webauthn/api/PublicKeyCredentialType.java | 10 +++- .../api/UserVerificationRequirement.java | 10 +++- 22 files changed, 119 insertions(+), 20 deletions(-) create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.AuthenticatorTransport.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput$CredProtect.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialType.serialized create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.UserVerificationRequirement.serialized diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java index 2b037d1e1a3..1f6f2da4233 100644 --- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java +++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java @@ -196,6 +196,18 @@ import org.springframework.security.web.firewall.RequestRejectedException; import org.springframework.security.web.server.firewall.ServerExchangeRejectedException; import org.springframework.security.web.session.HttpSessionCreatedEvent; +import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs; +import org.springframework.security.web.webauthn.api.AuthenticatorTransport; +import org.springframework.security.web.webauthn.api.Bytes; +import org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput; +import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput; +import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInputs; +import org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor; +import org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions; +import org.springframework.security.web.webauthn.api.PublicKeyCredentialType; +import org.springframework.security.web.webauthn.api.TestBytes; +import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialRequestOptions; +import org.springframework.security.web.webauthn.api.UserVerificationRequirement; import org.springframework.util.ReflectionUtils; import static org.assertj.core.api.Assertions.assertThat; @@ -515,6 +527,39 @@ class SpringSecurityCoreVersionSerializableTests { (r) -> new AuthenticationSwitchUserEvent(authentication, user)); generatorByClassName.put(HttpSessionCreatedEvent.class, (r) -> new HttpSessionCreatedEvent(new MockHttpSession())); + + // webauthn + CredProtectAuthenticationExtensionsClientInput.CredProtect credProtect = new CredProtectAuthenticationExtensionsClientInput.CredProtect( + CredProtectAuthenticationExtensionsClientInput.CredProtect.ProtectionPolicy.USER_VERIFICATION_OPTIONAL, + true); + Bytes id = TestBytes.get(); + AuthenticationExtensionsClientInputs inputs = new ImmutableAuthenticationExtensionsClientInputs( + ImmutableAuthenticationExtensionsClientInput.credProps); + // @formatter:off + PublicKeyCredentialDescriptor descriptor = PublicKeyCredentialDescriptor.builder() + .id(id) + .type(PublicKeyCredentialType.PUBLIC_KEY) + .transports(Set.of(AuthenticatorTransport.USB)) + .build(); + // @formatter:on + generatorByClassName.put(AuthenticatorTransport.class, (a) -> AuthenticatorTransport.USB); + generatorByClassName.put(PublicKeyCredentialType.class, (k) -> PublicKeyCredentialType.PUBLIC_KEY); + generatorByClassName.put(UserVerificationRequirement.class, (r) -> UserVerificationRequirement.REQUIRED); + generatorByClassName.put(CredProtectAuthenticationExtensionsClientInput.CredProtect.class, (c) -> credProtect); + generatorByClassName.put(CredProtectAuthenticationExtensionsClientInput.class, + (c) -> new CredProtectAuthenticationExtensionsClientInput(credProtect)); + generatorByClassName.put(ImmutableAuthenticationExtensionsClientInputs.class, (i) -> inputs); + generatorByClassName.put(ImmutableAuthenticationExtensionsClientInput.class, + (i) -> ImmutableAuthenticationExtensionsClientInput.credProps); + generatorByClassName.put(Bytes.class, (b) -> id); + generatorByClassName.put(PublicKeyCredentialDescriptor.class, (d) -> descriptor); + // @formatter:off + generatorByClassName.put(PublicKeyCredentialRequestOptions.class, (o) -> TestPublicKeyCredentialRequestOptions.create() + .extensions(inputs) + .allowCredentials(List.of(descriptor)) + .build() + ); + // @formatter:on } @ParameterizedTest diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.AuthenticatorTransport.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.AuthenticatorTransport.serialized new file mode 100644 index 0000000000000000000000000000000000000000..183124aa4e607bd6bfea05073e6e1951ac2c9993 GIT binary patch literal 124 zcmZ4UmVvdnh`}YlC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5 zGW8sRtkk@c%;dz9{GyPe#Ju8y{GyUgoIFYI*0@VCF);ctu$Cp}l%|$22>E0smL=-v WB<7{-2bX{>u&yX5VPGyTP67aZ3oTy& literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized new file mode 100644 index 0000000000000000000000000000000000000000..e45bced432312c60e07be3bd55dfd6d155ea2350 GIT binary patch literal 140 zcmZ4UmVvdnh`~6&C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5 zGWDD)OHzwxvV3a%pzN@aiGeYifi(#vRKma%?Nm`vS_Gokd=~$~#u4&>iGiV_fPsNQ n!BSzZ*$cs6brSAf##2h7eke^p+n@hinQJTKoP95L9=Q(yP5w3Y literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput$CredProtect.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput$CredProtect.serialized new file mode 100644 index 0000000000000000000000000000000000000000..0222d302d6c70ca486e5530b9f0697b4089e9867 GIT binary patch literal 507 zcmZ4UmVvdnh#@1tC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5 zGWDE`Qd0to@=H>aOB{iMsd*)t$%!SI`FXAtC8>GEKt{21P9{*;Gq0euLng-aN!eSj|3M{}`0 z%*FaZ*MczE#ri-O>mxaVL>H@|yUDtufU&NKp^{!fhT#APC=g;`s3>CK%StRu)XPcC oOV@MFE6qigEGS`+3JrD*iVt%Q@^tfbb`0_K_lx%r08x%U0N0thNdN!< literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput.serialized new file mode 100644 index 0000000000000000000000000000000000000000..0b0b44e588ba52ef7628208ebbdefa770e256110 GIT binary patch literal 733 zcmchT&q~8U5Qis~URA`CH=!3jY#zW<2oVCI4fPKwVp-R1x;5PmlZj0b#EW;I!jrG2 z_z3Pw)lg3!?830aZx_Cq@8uP`CBlWljFkl{osE&tH@p6Cf?ERqwopacgdTdZgH;%K!^My96C^fkf zO#<8E$L4oTaJMo+z2%v#G4CFsS(UP11Hj^J0n`ZVQ+~@?&UMBjUCr8$1;NhAQ8XN# TM#K0p4uj)(&>sy_cLm7@6-y8r literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput.serialized new file mode 100644 index 0000000000000000000000000000000000000000..604e609fcaa5da2770f4091a3288b8d32d256922 GIT binary patch literal 230 zcmZ4UmVvdnh#@M!C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5 zGW9%jb4yDSlX6lWfkLTyC7H>IC7Jnot`#MzdBs3Rv2#u)P}noCptR)qgX^vTSRO<$ zF);ZsaHqnQc&3yv2>E0smL=-vB<7{-2bX{>xAtLR%>?N}mGn=_N=+`Yt|%yB;7l$` yO$jKKT88K7{=c_Y(X6Sw~2#;bNT_!rHVu0KtTuTQ6as?GxeGa$(#1Nxd?s;2M0k1 zKZCPN7eQ2T=;mZUfP$EuD7tw=NO%&S_j!J~euauw5M?SMS}HD*14Vmmkf|f0S!@)? zAsMi?Th!p8AXIYF==BWJcFO8jVgh+gk!NBvM<%pA=#7+Hxgn%M9kibJ-_I`}eego4 z@M1=m+`~N$JBVw2S0=v_6@et zL0I@zdk5W@1tC-lu759om>^8YigmVCCbf+{UqE))$aomd4^@?C#gTm=^VAuB-R*p^W0?U@YM+Eo*7u*Rv@T@ zV$LB9=mM|(!fW4nO`v7f@S4DDDIcku&>@PP*e-K8x(F@$A}JEhL(|eS6vcN4eMS+| zb<+PZpB11)nTa6!>kFdhbT9P0_7qPZC=kd&*pTKClw7LJJTBkrOWSKhBzva-lo{wID?`AA-L-8es#SD*sTQYp%6_tv*W{ZF4h`#=By literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions.serialized new file mode 100644 index 0000000000000000000000000000000000000000..399fa41229196ab1c517a82a6f6bd02e146801e4 GIT binary patch literal 1833 zcmbtVTSyd97(O#Qu9qy`E)-g{WRErTAYMuz@`i0LD7lsFVsLgnu9LGf$8*lOvq4f| z5Is~-5rKq3kdVCuMfFfU^w2{_B$+|czU502^&(1_bH+;+8VwE13^Q}i|9}7YfB!e5 zpFj>Jpw%Ktm13fs$!-EuC~c8mm7;`Abe2)mC@xNDvmR50SXbNZxS=OnP^N*PE@Uzt z8V6CIjVNoyOt(xr@vJsFb8&cD2L3Q8hK6CKe=Vg96o-$&eyG_@H?*)$Sxp$^Cwllg zWF`><6=9A?`vZ@*h)3gC#OdPEI3BG&!w}^$3XsE)Nd*E1A|8X(@$y712`EZvT8h+Q z==^oa#5NN-6oNxt46L88z<_2_YiEKu{w zFQj3h#Uso^e?$<(>jb4Z#u^9nUIqlUs-RYFuneOekt64B-P>C_67T^j1bhr89Si`F z(u%n99WDRe{YFF+M90h`$MfL!j*7txGVq0gtatT+0U-0vFak}AEy8$bik5Z19f{^E zEQ5L9n>})|f(|1*&^!<2-l}pnbXECs>T}t?>oSmHASW(l#ef{Ecd$*wee~<*8Gl|R zD+Azi7~B)QT{#t)9oW)*w)_%{&g{4{cHWvRE4V8SJ(_y(^aB<3=W(9pCAJ&A;aVn3 zi$oS#ypvxTpB`;4;XuP6rym+N5}6bSGvKpn+~I9)@|I{7GU33FeGj+2w^qtjfL$Zl z-HS4gTj@Gmpa}4KgMGR0OYVPrUS0M4WmolyiQ31RY~;m(O=LVfQmI^fGR^_Uya5cQ zQZ|Ee11+Ou^-1k~cXV#}=A;YTue;MLuu1NWl>C~JIznKE?sRX$ir(I+eKdB)|H_qs z1R2;6TQ=&g@na|<294_>5)*RuV4MGdyJq@XQ74IR9a&VEn9r!UG+uc6n0<5lyOQmY z#gML9vd@q^w+fe*%iQmFx5NSCrpMHMz7Xv!qh5JT(b~6H7}n^7Il5 zGW7yVlX5bXy;Ccli&9fk^GY%kb3!T$QWNX`JM5CZo6p3+=)=HTmY7qTTEZaYla*MO csGpOVm#!aN0MHMz7Xv!qh5JT(b~6H7}n^7Il5 zGW9}>Q;Whclient extension * input entry in the {@link AuthenticationExtensionsClientInputs}. @@ -25,7 +27,7 @@ * @since 6.4 * @see ImmutableAuthenticationExtensionsClientInput */ -public interface AuthenticationExtensionsClientInput { +public interface AuthenticationExtensionsClientInput extends Serializable { /** * Gets the extension diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInputs.java b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInputs.java index 44a26a41c12..3befaa601fc 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInputs.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticationExtensionsClientInputs.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serializable; import java.util.List; /** @@ -31,7 +32,7 @@ * @since 6.4 * @see PublicKeyCredentialCreationOptions#getExtensions() */ -public interface AuthenticationExtensionsClientInputs { +public interface AuthenticationExtensionsClientInputs extends Serializable { /** * Gets all of the {@link AuthenticationExtensionsClientInput}. diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java index 33e9d2123cb..0974d295697 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorTransport.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,9 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; +import java.io.Serializable; + /** * AuthenticatorTransport @@ -25,7 +28,10 @@ * @author Rob Winch * @since 6.4 */ -public final class AuthenticatorTransport { +public final class AuthenticatorTransport implements Serializable { + + @Serial + private static final long serialVersionUID = -5617945441117386982L; /** * usbc diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java index 6fbcc3596c6..7a2c769ad40 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; +import java.io.Serializable; import java.security.SecureRandom; import java.util.Arrays; import java.util.Base64; @@ -28,7 +30,10 @@ * @author Rob Winch * @since 6.4 */ -public final class Bytes { +public final class Bytes implements Serializable { + + @Serial + private static final long serialVersionUID = -7420539646106189663L; private static final SecureRandom RANDOM = new SecureRandom(); diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/CredProtectAuthenticationExtensionsClientInput.java b/web/src/main/java/org/springframework/security/web/webauthn/api/CredProtectAuthenticationExtensionsClientInput.java index 22372717595..e28da6d7897 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/CredProtectAuthenticationExtensionsClientInput.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/CredProtectAuthenticationExtensionsClientInput.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,9 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; +import java.io.Serializable; + /** * Implements @@ -27,6 +30,9 @@ public class CredProtectAuthenticationExtensionsClientInput implements AuthenticationExtensionsClientInput { + @Serial + private static final long serialVersionUID = -6418175591005843455L; + private final CredProtect input; public CredProtectAuthenticationExtensionsClientInput(CredProtect input) { @@ -43,7 +49,10 @@ public CredProtect getInput() { return this.input; } - public static class CredProtect { + public static class CredProtect implements Serializable { + + @Serial + private static final long serialVersionUID = 109597301115842688L; private final ProtectionPolicy credProtectionPolicy; diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInput.java b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInput.java index eb656c3cdfb..ad479b4a017 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInput.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInput.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; + /** * An immutable {@link AuthenticationExtensionsClientInput}. * @@ -26,6 +28,9 @@ */ public class ImmutableAuthenticationExtensionsClientInput implements AuthenticationExtensionsClientInput { + @Serial + private static final long serialVersionUID = -1738152485672656808L; + /** * https://www.w3.org/TR/webauthn-3/#sctn-authenticator-credential-properties-extension */ diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInputs.java b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInputs.java index cef29f378a5..f9c43608b18 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInputs.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutableAuthenticationExtensionsClientInputs.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; import java.util.Arrays; import java.util.List; @@ -27,6 +28,9 @@ */ public class ImmutableAuthenticationExtensionsClientInputs implements AuthenticationExtensionsClientInputs { + @Serial + private static final long serialVersionUID = 4277817521578485720L; + private final List inputs; public ImmutableAuthenticationExtensionsClientInputs(List inputs) { diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialDescriptor.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialDescriptor.java index ad454814b0f..6fbe5250ac1 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialDescriptor.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialDescriptor.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; +import java.io.Serializable; import java.util.Set; /** @@ -29,7 +31,10 @@ * @author Rob Winch * @since 6.4 */ -public final class PublicKeyCredentialDescriptor { +public final class PublicKeyCredentialDescriptor implements Serializable { + + @Serial + private static final long serialVersionUID = 8793385059692676240L; private final PublicKeyCredentialType type; diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java index b0cf592009c..9cadc1cb29f 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRequestOptions.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; +import java.io.Serializable; import java.time.Duration; import java.util.ArrayList; import java.util.Collections; @@ -32,7 +34,10 @@ * @author Rob Winch * @since 6.4 */ -public final class PublicKeyCredentialRequestOptions { +public final class PublicKeyCredentialRequestOptions implements Serializable { + + @Serial + private static final long serialVersionUID = -2970057592835694354L; private final Bytes challenge; diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialType.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialType.java index 57f1c6ec463..99087a5d291 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialType.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialType.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,9 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; +import java.io.Serializable; + /** * The PublicKeyCredentialType @@ -24,7 +27,10 @@ * @author Rob Winch * @since 6.4 */ -public final class PublicKeyCredentialType { +public final class PublicKeyCredentialType implements Serializable { + + @Serial + private static final long serialVersionUID = 7025333122210061679L; /** * The only credential type that currently exists. diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java b/web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java index adc915015b5..dcbabead87b 100644 --- a/web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java +++ b/web/src/main/java/org/springframework/security/web/webauthn/api/UserVerificationRequirement.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,9 @@ package org.springframework.security.web.webauthn.api; +import java.io.Serial; +import java.io.Serializable; + /** * UserVerificationRequirement @@ -24,7 +27,10 @@ * @author Rob Winch * @since 6.4 */ -public final class UserVerificationRequirement { +public final class UserVerificationRequirement implements Serializable { + + @Serial + private static final long serialVersionUID = -2801001231345540040L; /** * The