BAEL-9015 Integrating Passkeys into Spring Security (#18294)

* [BAEL-8844] Article code

* [BAEL-8844] Refactoring & Simplification

* [BAEL-8844] Code cleanup

* [BAEL-9015] Initial Code

* [BAEL-9015] Article code

* Persistence

* [BAEL-9015] Peristence code cleanup

* [BAEL-9015] LiveTest

Author: psevestre

spring-security-modules/pom.xml

@@ -61,6 +61,7 @@
         <module>spring-security-authorization</module>
         <module>spring-security-dynamic-registration</module>
         <module>spring-security-ott</module>
+        <module>spring-security-passkey</module>
     </modules>
 
     <build>

spring-security-modules/spring-security-passkey/pom.xml

@@ -0,0 +1,92 @@
+<project xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xmlns="http://maven.apache.org/POM/4.0.0"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <artifactId>spring-security-passkey</artifactId>
+    <description>Spring Security with PassKey/WebAuthN authentication</description>
+
+    <parent>
+        <groupId>com.baeldung</groupId>
+        <artifactId>parent-boot-3</artifactId>
+        <version>0.0.1-SNAPSHOT</version>
+        <relativePath>../../parent-boot-3</relativePath>
+    </parent>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.webauthn4j</groupId>
+            <artifactId>webauthn4j-core</artifactId>
+            <version>${webauthn4j.version}</version>
+        </dependency>
+
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>${lombok.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.thymeleaf.extras</groupId>
+            <artifactId>thymeleaf-extras-springsecurity6</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>com.h2database</groupId>
+            <artifactId>h2</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jdbc</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>io.github.bonigarcia</groupId>
+            <artifactId>webdrivermanager</artifactId>
+            <version>5.9.3</version>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.seleniumhq.selenium</groupId>
+            <artifactId>selenium-java</artifactId>
+            <version>${selenium.version}</version>
+            <scope>test</scope>
+        </dependency>
+
+    </dependencies>
+
+    <properties>
+        <spring-boot.version>3.4.1</spring-boot.version>
+        <logback.version>1.5.7</logback.version>
+        <webauthn4j.version>0.28.4.RELEASE</webauthn4j.version>
+        <selenium.version>4.29.0</selenium.version>
+    </properties>
+
+
+</project>

spring-security-modules/spring-security-passkey/src/main/java/com/baeldung/tutorials/passkey/PassKeyApplication.java

@@ -0,0 +1,13 @@
+package com.baeldung.tutorials.passkey;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class PassKeyApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(PassKeyApplication.class, args);
+    }
+
+}

spring-security-modules/spring-security-passkey/src/main/java/com/baeldung/tutorials/passkey/config/SecurityConfiguration.java

@@ -0,0 +1,55 @@
+package com.baeldung.tutorials.passkey.config;
+
+import com.baeldung.tutorials.passkey.repository.DbPublicKeyCredentialUserEntityRepository;
+import com.baeldung.tutorials.passkey.repository.DbUserCredentialRepository;
+import com.baeldung.tutorials.passkey.repository.PasskeyCredentialRepository;
+import com.baeldung.tutorials.passkey.repository.PasskeyUserRepository;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository;
+import org.springframework.security.web.webauthn.management.UserCredentialRepository;
+
+import java.util.Set;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@Configuration
+@EnableConfigurationProperties(SecurityConfiguration.WebAuthNProperties.class)
+public class SecurityConfiguration {
+
+    @Bean
+    SecurityFilterChain webauthnFilterChain(HttpSecurity http, WebAuthNProperties webAuthNProperties) throws Exception {
+        return http.authorizeHttpRequests( ht -> ht.anyRequest().authenticated())
+          .formLogin(withDefaults())
+          .webAuthn( webauth ->
+              webauth.allowedOrigins(webAuthNProperties.getAllowedOrigins())
+                .rpId(webAuthNProperties.getRpId())
+                .rpName(webAuthNProperties.getRpName())
+          )
+          .build();
+    }
+
+    @Bean
+    PublicKeyCredentialUserEntityRepository userEntityRepository(PasskeyUserRepository userRepository) {
+        return new DbPublicKeyCredentialUserEntityRepository(userRepository);
+    }
+
+    @Bean
+    UserCredentialRepository userCredentialRepository(PasskeyUserRepository userRepository, PasskeyCredentialRepository credentialRepository) {
+        return new DbUserCredentialRepository(credentialRepository,userRepository);
+    }
+
+    @ConfigurationProperties(prefix = "spring.security.webauthn")
+    @Data
+    static class WebAuthNProperties {
+        private String rpId;
+        private String rpName;
+        private Set<String> allowedOrigins;
+    }
+
+}

spring-security-modules/spring-security-passkey/src/main/java/com/baeldung/tutorials/passkey/domain/PasskeyCredential.java

@@ -0,0 +1,167 @@
+package com.baeldung.tutorials.passkey.domain;
+
+import org.springframework.data.annotation.Id;
+import org.springframework.data.jdbc.core.mapping.AggregateReference;
+import org.springframework.data.relational.core.mapping.Column;
+import org.springframework.data.relational.core.mapping.Table;
+
+import java.time.Instant;
+
+@Table(name = "PASSKEY_CREDENTIALS")
+public class PasskeyCredential {
+    @Id
+    @Column(value = "ID")
+    public Long id;
+
+    @Column(value = "USER_ID")
+    public Long userId;
+
+    @Column(value = "LABEL")
+    public String label;
+
+    @Column(value = "CREDENTIAL_TYPE")
+    public String credentialType;
+
+    @Column(value = "CREDENTIAL_ID")
+    public String credentialId;
+
+    @Column(value = "PUBLIC_KEY_COSE")
+    public String publicKeyCose;
+
+    @Column(value = "SIGNATURE_COUNT")
+    public Long signatureCount;
+
+    @Column(value = "UV_INITIALIZED")
+    public Boolean uvInitialized;
+
+    @Column(value = "TRANSPORTS")
+    public String transports;
+
+    @Column(value = "BACKUP_ELIGIBLE")
+    public Boolean backupEligible;
+
+    @Column(value = "BACKUP_STATE")
+    public Boolean backupState;
+
+    @Column(value = "ATTESTATION_OBJECT")
+    public String attestationObject;
+
+    @Column(value = "LAST_USED")
+    public Instant lastUsed;
+
+    @Column(value = "CREATED")
+    public Instant created;
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public AggregateReference<PasskeyUser, Long> getUser() {
+        return AggregateReference.to(userId);
+    }
+
+    public void setUser(AggregateReference<PasskeyUser, Long> userId) {
+        this.userId = userId.getId();
+    }
+
+    public String getLabel() {
+        return label;
+    }
+
+    public void setLabel(String label) {
+        this.label = label;
+    }
+
+    public String getCredentialType() {
+        return credentialType;
+    }
+
+    public void setCredentialType(String credentialType) {
+        this.credentialType = credentialType;
+    }
+
+    public String getCredentialId() {
+        return credentialId;
+    }
+
+    public void setCredentialId(String credentialId) {
+        this.credentialId = credentialId;
+    }
+
+    public String getPublicKeyCose() {
+        return publicKeyCose;
+    }
+
+    public void setPublicKeyCose(String publicKeyCose) {
+        this.publicKeyCose = publicKeyCose;
+    }
+
+    public Long getSignatureCount() {
+        return signatureCount;
+    }
+
+    public void setSignatureCount(Long signatureCount) {
+        this.signatureCount = signatureCount;
+    }
+
+    public Boolean getUvInitialized() {
+        return uvInitialized;
+    }
+
+    public void setUvInitialized(Boolean uvInitialized) {
+        this.uvInitialized = uvInitialized;
+    }
+
+    public String getTransports() {
+        return transports;
+    }
+
+    public void setTransports(String transports) {
+        this.transports = transports;
+    }
+
+    public Boolean getBackupEligible() {
+        return backupEligible;
+    }
+
+    public void setBackupEligible(Boolean backupEligible) {
+        this.backupEligible = backupEligible;
+    }
+
+    public Boolean getBackupState() {
+        return backupState;
+    }
+
+    public void setBackupState(Boolean backupState) {
+        this.backupState = backupState;
+    }
+
+    public String getAttestationObject() {
+        return attestationObject;
+    }
+
+    public void setAttestationObject(String attestationObject) {
+        this.attestationObject = attestationObject;
+    }
+
+    public Instant getLastUsed() {
+        return lastUsed;
+    }
+
+    public void setLastUsed(Instant lastUsed) {
+        this.lastUsed = lastUsed;
+    }
+
+    public Instant getCreated() {
+        return created;
+    }
+
+    public void setCreated(Instant created) {
+        this.created = created;
+    }
+
+}

spring-security-modules/spring-security-passkey/src/main/java/com/baeldung/tutorials/passkey/domain/PasskeyUser.java

@@ -0,0 +1,54 @@
+package com.baeldung.tutorials.passkey.domain;
+
+import org.springframework.data.annotation.Id;
+import org.springframework.data.relational.core.mapping.Column;
+import org.springframework.data.relational.core.mapping.Table;
+
+@Table(name = "PASSKEY_USERS")
+public class PasskeyUser {
+    @Id
+    @Column(value = "ID")
+    public Long id;
+
+    @Column(value = "EXTERNAL_ID")
+    public String externalId;
+
+    @Column(value = "NAME")
+    public String name;
+
+    @Column(value = "DISPLAY_NAME")
+    public String displayName;
+
+    public Long getId() {
+        return id;
+    }
+
+    public void setId(Long id) {
+        this.id = id;
+    }
+
+    public String getExternalId() {
+        return externalId;
+    }
+
+    public void setExternalId(String externalId) {
+        this.externalId = externalId;
+    }
+
+    public String getName() {
+        return name;
+    }
+
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this.displayName = displayName;
+    }
+
+}