Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/webauthn4j/webauthn4j-spring-security
WebAuthn4J Extension for Spring Security
https://github.com/webauthn4j/webauthn4j-spring-security
fido fido-u2f fido2 java passkey spring spring-security webauthn webauthn4j-spring-security
Last synced: 2 days ago
JSON representation
WebAuthn4J Extension for Spring Security
- Host: GitHub
- URL: https://github.com/webauthn4j/webauthn4j-spring-security
- Owner: webauthn4j
- License: apache-2.0
- Created: 2018-03-17T16:01:11.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-12-01T07:03:32.000Z (12 days ago)
- Last Synced: 2024-12-01T07:29:15.402Z (12 days ago)
- Topics: fido, fido-u2f, fido2, java, passkey, spring, spring-security, webauthn, webauthn4j-spring-security
- Language: Java
- Homepage:
- Size: 24.6 MB
- Stars: 196
- Watchers: 14
- Forks: 46
- Open Issues: 16
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
- awesome-webauthn - SharpLab: Spring-Security-WebAuthn - Unofficial WebAuthn module for the Spring Security project. (Server Libraries)
README
# WebAuthn4J Spring Security
[![Actions Status](https://github.com/webauthn4j/webauthn4j-spring-security/workflows/CI/badge.svg)](https://github.com/webauthn4j/webauthn4j-spring-security/actions)
[![Coverage](https://sonarcloud.io/api/project_badges/measure?project=webauthn4j-spring-security&metric=coverage)](https://sonarcloud.io/dashboard?id=webauthn4j-spring-security)
[![Maven Central](https://img.shields.io/maven-central/v/com.webauthn4j/webauthn4j-spring-security-core.svg)](https://search.maven.org/search?q=webauthn4j-spring-security)
[![license](https://img.shields.io/github/license/webauthn4j/webauthn4j-spring-security.svg)](https://github.com/webauthn4j/webauthn4j-spring-security/blob/master/LICENSE.txt)WebAuthn4J Spring Security provides [Web Authentication specification](https://www.w3.org/TR/2019/REC-webauthn-1-20190304/) support for your Spring application by using [WebAuthn4J library](https://github.com/webauthn4j/webauthn4j).
Users can login with WebAuthn compliant authenticator.## Project status
This project is under active development. API signature may change.
## Documentation
You can find out more details from the [reference](https://webauthn4j.github.io/webauthn4j-spring-security/en/).
## Getting from Maven Central
If you are using Maven, just add the webauthn4j-spring-security as a dependency:
```xml
...
0.10.0.RELEASE
...com.webauthn4j
webauthn4j-spring-security-core
${webauthn4j-spring-security.version}```
## Build
WebAuthn4J Spring Security uses a Gradle based build system.
In the instructions below, `gradlew` is invoked from the root of the source tree and serves as a cross-platform,
self-contained bootstrap mechanism for the build.### Prerequisites
- Java8 or later
- Spring Framework 5.0 or later### Checkout sources
```bash
git clone https://github.com/webauthn4j/webauthn4j-spring-security
```### Build all jars
```bash
./gradlew build
```### Execute sample application
```bash
./gradlew samples:spa:bootRun
```![Login view](./docs/src/reference/asciidoc/en/images/login.png "Login view")
## Configuration
WebAuthn4J Spring Security can be configured through Spring Security Java Config.
```java
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {@Bean
public WebAuthnAuthenticationProvider webAuthnAuthenticationProvider(WebAuthnCredentialRecordService webAuthnCredentialRecordService, WebAuthnManager webAuthnManager){
return new WebAuthnAuthenticationProvider(webAuthnCredentialRecordService, webAuthnManager);
}@Bean
public DaoAuthenticationProvider daoAuthenticationProvider(UserDetailsService userDetailsService){
DaoAuthenticationProvider daoAuthenticationProvider = new DaoAuthenticationProvider();
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
daoAuthenticationProvider.setPasswordEncoder(new BCryptPasswordEncoder());
return daoAuthenticationProvider;
}@Bean
public AuthenticationManager authenticationManager(List providers){
return new ProviderManager(providers);
}@Bean
public SecurityFilterChain filterChain(HttpSecurity http, AuthenticationManager authenticationManager) throws Exception {
// WebAuthn Login
http.apply(WebAuthnLoginConfigurer.webAuthnLogin())
.loginPage("/login")
.usernameParameter("username")
.passwordParameter("rawPassword")
.credentialIdParameter("credentialId")
.clientDataJSONParameter("clientDataJSON")
.authenticatorDataParameter("authenticatorData")
.signatureParameter("signature")
.clientExtensionsJSONParameter("clientExtensionsJSON")
.loginProcessingUrl("/login")
.rpId("example.com")
.attestationOptionsEndpoint()
.attestationOptionsProvider(attestationOptionsProvider)
.processingUrl("/webauthn/attestation/options")
.rp()
.name("example")
.and()
.pubKeyCredParams(
new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256),
new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.RS1)
)
.authenticatorSelection()
.authenticatorAttachment(AuthenticatorAttachment.CROSS_PLATFORM)
.residentKey(ResidentKeyRequirement.PREFERRED)
.userVerification(UserVerificationRequirement.PREFERRED)
.and()
.attestation(AttestationConveyancePreference.DIRECT)
.extensions()
.credProps(true)
.uvm(true)
.and()
.assertionOptionsEndpoint()
.assertionOptionsProvider(assertionOptionsProvider)
.processingUrl("/webauthn/assertion/options")
.rpId("example.com")
.userVerification(UserVerificationRequirement.PREFERRED)
.and()
.authenticationManager(authenticationManager);
}
}
```## License
WebAuthn4J Spring Security is Open Source software released under the
[Apache 2.0 license](http://www.apache.org/licenses/LICENSE-2.0.html).