Allow Custom PublicKeyCredentialRequestOptionsRepository in WebAuthnConfigurer #16874
Description
Expected Behavior
As a developer, I would like to provide my own implementations for PublicKeyCredentialRequestOptionsRepository.
Current Behavior
Currently, there is no option to change the credentialRequestOptionsFilter and webAuthnAuthnFilter requestOptionsRepository. While this provides a default implementation, it lacks the flexibility to easily inject a custom PublicKeyCredentialRequestOptionsRepository for specific application needs.
Context
I'm trying to integrate WebAuthn into a Spring Security application and require a custom PublicKeyCredentialRequestOptionsRepository. The current configuration forces me to either accept the defaults or do workarounds.
#16369
Workarounds:
- Manually retrieve the
credentialRequestOptionsFilterandwebAuthnAuthnFilterfrom theSecurityFilterChainto set theRequestOptionsRepository.
securityFilterChain.getFilters().stream()
.filter(WebAuthnAuthenticationFilter.class::isInstance)
.map(WebAuthnAuthenticationFilter.class::cast)
.findFirst()
.ifPresent(filter -> {
filter.setAuthenticationSuccessHandler(webAuthnAuthenticationSuccessHandler);
filter.setRequestOptionsRepository(databasePublicKeyCredentialRequestOptionsRepository);
});
securityFilterChain.getFilters().stream()
.filter(PublicKeyCredentialRequestOptionsFilter.class::isInstance)
.map(PublicKeyCredentialRequestOptionsFilter.class::cast)
.findFirst()
.ifPresent(filter -> {
filter.setRequestOptionsRepository(databasePublicKeyCredentialRequestOptionsRepository);
});