WebAuthn4J Spring Security provides Web Authentication specification support for your Spring application by using WebAuthn4J library. Users can login with WebAuthn compliant authenticator.
This project is under active development. API signature may change.
You can find out more details from the reference.
If you are using Maven, just add the webauthn4j-spring-security as a dependency:
<properties>
...
<!-- Use the latest version whenever possible. -->
<webauthn4j-spring-security.version>0.7.3.RELEASE</webauthn4j-spring-security.version>
...
</properties>
<dependency>
<groupId>com.webauthn4j</groupId>
<artifactId>webauthn4j-spring-security-core</artifactId>
<version>${webauthn4j-spring-security.version}</version>
</dependency>
WebAuthn4J Spring Security uses a Gradle based build system.
In the instructions below, gradlew
is invoked from the root of the source tree and serves as a cross-platform,
self-contained bootstrap mechanism for the build.
- Java8 or later
- Spring Framework 5.0 or later
git clone https://github.com/webauthn4j/webauthn4j-spring-security
./gradlew build
./gradlew samples:spa:bootRun
WebAuthn4J Spring Security can be configured through Spring Security Java Config.
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
public void configure(AuthenticationManagerBuilder builder) throws Exception {
builder.apply(new WebAuthnAuthenticationProviderConfigurer<>(webAuthnAuthenticatorService, webAuthnManager));
builder.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// WebAuthn Login
http.apply(WebAuthnLoginConfigurer.webAuthnLogin())
.defaultSuccessUrl("/", true)
.rpId("example.com")
.attestationOptionsEndpoint()
.rp()
.name("WebAuthn4J Spring Security Sample MPA")
.and()
.pubKeyCredParams(
new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.ES256),
new PublicKeyCredentialParameters(PublicKeyCredentialType.PUBLIC_KEY, COSEAlgorithmIdentifier.RS1)
)
.attestation(AttestationConveyancePreference.DIRECT)
.extensions()
.uvm(true)
.credProps(true);
}
}
WebAuthn4J Spring Security is Open Source software released under the Apache 2.0 license.