Add missing JavaDoc to new origins setters

Author: emlun

webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingParty.java

@@ -588,11 +588,65 @@ public static class RelyingPartyBuilder {
         Optional.empty();
     private @NonNull Optional<AttestationTrustSource> attestationTrustSource = Optional.empty();
 
+    /**
+     * The allowed origins that returned authenticator responses will be compared against.
+     *
+     * <p>The default is the set containing only the string <code>
+     * "https://" + {@link #getIdentity()}.getId()</code>.
+     *
+     * <p>If {@link RelyingPartyBuilder#allowOriginPort(boolean) allowOriginPort} and {@link
+     * RelyingPartyBuilder#allowOriginSubdomain(boolean) allowOriginSubdomain} are both <code>false
+     * </code> (the default), then a successful registration or authentication operation requires
+     * {@link CollectedClientData#getOrigin()} to exactly equal one of these values.
+     *
+     * <p>If {@link RelyingPartyBuilder#allowOriginPort(boolean) allowOriginPort} is <code>true
+     * </code> , then the above rule is relaxed to allow any port number in {@link
+     * CollectedClientData#getOrigin()}, regardless of any port specified.
+     *
+     * <p>If {@link RelyingPartyBuilder#allowOriginSubdomain(boolean) allowOriginSubdomain} is
+     * <code>true</code>, then the above rule is relaxed to allow any subdomain, of any depth, of
+     * any of these values.
+     *
+     * <p>For either of the above relaxations to take effect, both the allowed origin and the client
+     * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact
+     * string equality.
+     *
+     * @see #getIdentity()
+     * @see #origins(Optional)
+     */
     public RelyingPartyBuilder origins(@NonNull Set<String> origins) {
       this.origins = origins;
       return this;
     }
 
+    /**
+     * The allowed origins that returned authenticator responses will be compared against.
+     *
+     * <p>If set to empty, this setting reverts to the default value.
+     *
+     * <p>The default is the set containing only the string <code>
+     * "https://" + {@link #getIdentity()}.getId()</code>.
+     *
+     * <p>If {@link RelyingPartyBuilder#allowOriginPort(boolean) allowOriginPort} and {@link
+     * RelyingPartyBuilder#allowOriginSubdomain(boolean) allowOriginSubdomain} are both <code>false
+     * </code> (the default), then a successful registration or authentication operation requires
+     * {@link CollectedClientData#getOrigin()} to exactly equal one of these values.
+     *
+     * <p>If {@link RelyingPartyBuilder#allowOriginPort(boolean) allowOriginPort} is <code>true
+     * </code> , then the above rule is relaxed to allow any port number in {@link
+     * CollectedClientData#getOrigin()}, regardless of any port specified.
+     *
+     * <p>If {@link RelyingPartyBuilder#allowOriginSubdomain(boolean) allowOriginSubdomain} is
+     * <code>true</code>, then the above rule is relaxed to allow any subdomain, of any depth, of
+     * any of these values.
+     *
+     * <p>For either of the above relaxations to take effect, both the allowed origin and the client
+     * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact
+     * string equality.
+     *
+     * @see #getIdentity()
+     * @see #origins(Set)
+     */
     public RelyingPartyBuilder origins(@NonNull Optional<Set<String>> origins) {
       this.origins = origins.orElse(null);
       return this;

webauthn-server-core/src/main/java/com/yubico/webauthn/RelyingPartyV2.java

@@ -563,11 +563,65 @@ public static class RelyingPartyV2Builder<C extends CredentialRecord> {
         Optional.empty();
     private @NonNull Optional<AttestationTrustSource> attestationTrustSource = Optional.empty();
 
+    /**
+     * The allowed origins that returned authenticator responses will be compared against.
+     *
+     * <p>The default is the set containing only the string <code>
+     * "https://" + {@link #getIdentity()}.getId()</code>.
+     *
+     * <p>If {@link RelyingPartyV2Builder#allowOriginPort(boolean) allowOriginPort} and {@link
+     * RelyingPartyV2Builder#allowOriginSubdomain(boolean) allowOriginSubdomain} are both <code>
+     * false</code> (the default), then a successful registration or authentication operation
+     * requires {@link CollectedClientData#getOrigin()} to exactly equal one of these values.
+     *
+     * <p>If {@link RelyingPartyV2Builder#allowOriginPort(boolean) allowOriginPort} is <code>true
+     * </code> , then the above rule is relaxed to allow any port number in {@link
+     * CollectedClientData#getOrigin()}, regardless of any port specified.
+     *
+     * <p>If {@link RelyingPartyV2Builder#allowOriginSubdomain(boolean) allowOriginSubdomain} is
+     * <code>true</code>, then the above rule is relaxed to allow any subdomain, of any depth, of
+     * any of these values.
+     *
+     * <p>For either of the above relaxations to take effect, both the allowed origin and the client
+     * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact
+     * string equality.
+     *
+     * @see #getIdentity()
+     * @see #origins(Optional)
+     */
     public RelyingPartyV2Builder<C> origins(@NonNull Set<String> origins) {
       this.origins = origins;
       return this;
     }
 
+    /**
+     * The allowed origins that returned authenticator responses will be compared against.
+     *
+     * <p>If set to empty, this setting reverts to the default value.
+     *
+     * <p>The default is the set containing only the string <code>
+     * "https://" + {@link #getIdentity()}.getId()</code>.
+     *
+     * <p>If {@link RelyingPartyV2Builder#allowOriginPort(boolean) allowOriginPort} and {@link
+     * RelyingPartyV2Builder#allowOriginSubdomain(boolean) allowOriginSubdomain} are both <code>
+     * false</code> (the default), then a successful registration or authentication operation
+     * requires {@link CollectedClientData#getOrigin()} to exactly equal one of these values.
+     *
+     * <p>If {@link RelyingPartyV2Builder#allowOriginPort(boolean) allowOriginPort} is <code>true
+     * </code> , then the above rule is relaxed to allow any port number in {@link
+     * CollectedClientData#getOrigin()}, regardless of any port specified.
+     *
+     * <p>If {@link RelyingPartyV2Builder#allowOriginSubdomain(boolean) allowOriginSubdomain} is
+     * <code>true</code>, then the above rule is relaxed to allow any subdomain, of any depth, of
+     * any of these values.
+     *
+     * <p>For either of the above relaxations to take effect, both the allowed origin and the client
+     * data origin must be valid URLs. Origins that are not valid URLs are matched only by exact
+     * string equality.
+     *
+     * @see #getIdentity()
+     * @see #origins(Set)
+     */
     public RelyingPartyV2Builder<C> origins(@NonNull Optional<Set<String>> origins) {
       this.origins = origins.orElse(null);
       return this;