Fixes for webauthn tests after JSpecify

Issue spring-projectsgh-17839

Author: rwinch

config/src/test/java/org/springframework/security/config/annotation/web/configurers/WebAuthnConfigurerTests.java

@@ -300,7 +300,15 @@ UserDetailsService userDetailsService() {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin(Customizer.withDefaults()).webAuthn(Customizer.withDefaults()).build();
+			// @formatter:off
+			http
+				.formLogin(Customizer.withDefaults())
+				.webAuthn((authn) -> authn
+					.rpId("spring.io")
+					.rpName("spring")
+				);
+			// @formatter:on
+			return http.build();
 		}
 
 	}
@@ -316,7 +324,14 @@ UserDetailsService userDetailsService() {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.webAuthn(Customizer.withDefaults()).build();
+			// @formatter:off
+			http
+				.webAuthn((authn) -> authn
+						.rpId("spring.io")
+						.rpName("spring")
+				);
+			// @formatter:on
+			return http.build();
 		}
 
 	}
@@ -332,9 +347,16 @@ UserDetailsService userDetailsService() {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin(Customizer.withDefaults())
-				.webAuthn((webauthn) -> webauthn.disableDefaultRegistrationPage(true))
-				.build();
+			// @formatter:off
+			http
+				.formLogin(Customizer.withDefaults())
+				.webAuthn((authn) -> authn
+					.rpId("spring.io")
+					.rpName("spring")
+					.disableDefaultRegistrationPage(true)
+				);
+			// @formatter:on
+			return http.build();
 		}
 
 	}
@@ -350,9 +372,18 @@ UserDetailsService userDetailsService() {
 
 		@Bean
 		SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
-			return http.formLogin((login) -> login.loginPage("/custom-login-page"))
-				.webAuthn((webauthn) -> webauthn.disableDefaultRegistrationPage(true))
-				.build();
+			// @formatter:off
+			http
+					.formLogin((login) -> login
+						.loginPage("/custom-login-page")
+					)
+					.webAuthn((authn) -> authn
+						.rpId("spring.io")
+						.rpName("spring")
+						.disableDefaultRegistrationPage(true)
+					);
+			// @formatter:on
+			return http.build();
 		}
 
 	}

config/src/test/kotlin/org/springframework/security/config/annotation/web/WebAuthnDslTests.kt

@@ -1,4 +1,5 @@
 /*
+
  * Copyright 2004-present the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -125,6 +126,8 @@ class WebAuthnDslTests {
             http{
                 formLogin { }
                 webAuthn {
+                    rpId = "spring.io"
+                    rpName = "spring"
                     disableDefaultRegistrationPage = true
                 }
             }
@@ -144,7 +147,10 @@ class WebAuthnDslTests {
         open fun securityFilterChain(http: HttpSecurity): SecurityFilterChain {
             http{
                 formLogin { }
-                webAuthn { }
+                webAuthn {
+                    rpId = "spring.io"
+                    rpName = "spring"
+                }
             }
             return http.build()
         }

webauthn/src/main/java/org/springframework/security/web/webauthn/api/ImmutableCredentialRecord.java

@@ -211,7 +211,7 @@ private ImmutableCredentialRecordBuilder(CredentialRecord other) {
 			this.label = other.getLabel();
 		}
 
-		public ImmutableCredentialRecordBuilder credentialType(PublicKeyCredentialType credentialType) {
+		public ImmutableCredentialRecordBuilder credentialType(@Nullable PublicKeyCredentialType credentialType) {
 			this.credentialType = credentialType;
 			return this;
 		}

webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredential.java

@@ -38,7 +38,7 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen
 
 	private final String id;
 
-	private final PublicKeyCredentialType type;
+	private final @Nullable PublicKeyCredentialType type;
 
 	private final Bytes rawId;
 
@@ -48,7 +48,7 @@ public final class PublicKeyCredential<R extends AuthenticatorResponse> implemen
 
 	private final @Nullable AuthenticationExtensionsClientOutputs clientExtensionResults;
 
-	private PublicKeyCredential(String id, PublicKeyCredentialType type, Bytes rawId, R response,
+	private PublicKeyCredential(String id, @Nullable PublicKeyCredentialType type, Bytes rawId, R response,
 			@Nullable AuthenticatorAttachment authenticatorAttachment,
 			@Nullable AuthenticationExtensionsClientOutputs clientExtensionResults) {
 		this.id = id;
@@ -77,7 +77,7 @@ public String getId() {
 	 * specifies the credential type represented by this object.
 	 * @return the credential type
 	 */
-	public PublicKeyCredentialType getType() {
+	public @Nullable PublicKeyCredentialType getType() {
 		return this.type;
 	}
 
@@ -228,7 +228,6 @@ public PublicKeyCredentialBuilder clientExtensionResults(
 		 */
 		public PublicKeyCredential<R> build() {
 			Assert.notNull(this.id, "id cannot be null");
-			Assert.notNull(this.type, "type cannot be null");
 			Assert.notNull(this.rawId, "rawId cannot be null");
 			Assert.notNull(this.response, "response cannot be null");
 			return new PublicKeyCredential(this.id, this.type, this.rawId, this.response, this.authenticatorAttachment,