From 7fd6ff09e433880977709693dce4a0cbf0d16407 Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Sat, 18 Jan 2025 16:26:40 +0700
Subject: [PATCH 1/4] Implement Serializable for PublicKeyCredentialUserEntity

Closes gh-16273

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
---
 ...pringSecurityCoreVersionSerializableTests.java |   8 ++++++++
 ...ork.security.web.webauthn.api.Bytes.serialized | Bin 0 -> 140 bytes
 ...utablePublicKeyCredentialUserEntity.serialized | Bin 0 -> 361 bytes
 .../security/web/webauthn/api/Bytes.java          |   7 +++++--
 .../ImmutablePublicKeyCredentialUserEntity.java   |   4 +++-
 .../api/PublicKeyCredentialUserEntity.java        |   6 ++++--
 6 files changed, 20 insertions(+), 5 deletions(-)
 create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized
 create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 359a7d4880..ede9a19ac8 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -191,6 +191,9 @@
 import org.springframework.security.web.firewall.RequestRejectedException;
 import org.springframework.security.web.server.firewall.ServerExchangeRejectedException;
 import org.springframework.security.web.session.HttpSessionCreatedEvent;
+import org.springframework.security.web.webauthn.api.Bytes;
+import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity;
+import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialUserEntity;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
@@ -508,6 +511,11 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new AuthenticationSwitchUserEvent(authentication, user));
 		generatorByClassName.put(HttpSessionCreatedEvent.class,
 				(r) -> new HttpSessionCreatedEvent(new MockHttpSession()));
+
+		// webauthn
+		generatorByClassName.put(Bytes.class, (r) -> Bytes.random());
+		generatorByClassName.put(ImmutablePublicKeyCredentialUserEntity.class,
+				(r) -> TestPublicKeyCredentialUserEntity.userEntity().build());
 	}
 
 	@ParameterizedTest
diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..a8ebb8b39ab46d3e1375707cbeac2c0ab278ff2f
GIT binary patch
literal 140
zcmZ4UmVvdnh`~6&C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5
zGWDD)OHzw3HEy%lIJQ8aiGeYifi(#vRKma%?Nm`vS_Gokd=~$~#u4&>iGiV_fPsNQ
mLI2iye&(vZd{biXT5s@{IFiZb`J!r?!@nb3T`u~bQak`i;4=*X

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..4dffcaaa0ea841c248495edfe96b7c65f3f9e11c
GIT binary patch
literal 361
zcmZ4UmVvdnh#@4uC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5
zGW9%jb4yDSlX6l6N|SOjlf6?bor_XaQu9hO6LUg~Q;S@ItdhzL?tc7_EaVEA7?^z+
zxKlEV3vv=G{eY&IFbMf%C6*=X=OpH(>j#&BthM%GV9HD>VKDUpIz=DNDf%#{=mVVr
z!eFQ91D&GpR9TW*4Ajh$2Q;{lp^kyEqM(F<r4;B2pudbs^B35#OO4y?HI6ONXJTNC
zW?)SMnP0-d6zx<|P+A0{*L)WL!Nw8tfQf;jqJV*cL1Et4M+Z7)cAe4k?43WsdG}ST
Xqk(3{mcK5?ObI-gtDja2auo{z3A2Up

literal 0
HcmV?d00001

diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
index 6fbcc3596c..444d6ed112 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Base64;
@@ -28,7 +29,9 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class Bytes {
+public final class Bytes implements Serializable {
+
+	private static final long serialVersionUID = -3278138671365709777L;
 
 	private static final SecureRandom RANDOM = new SecureRandom();
 
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java
index 3b2fe5adfa..55cb028d2e 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -28,6 +28,8 @@
  */
 public final class ImmutablePublicKeyCredentialUserEntity implements PublicKeyCredentialUserEntity {
 
+	private static final long serialVersionUID = -3438693960347279759L;
+
 	/**
 	 * When inherited by PublicKeyCredentialUserEntity, it is a human-palatable identifier
 	 * for a user account. It is intended only for display, i.e., aiding the user in
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java
index fd95a24c71..b3d1b9a86a 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
+
 /**
  * <a href=
  * "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialuserentity">PublicKeyCredentialUserEntity</a>
@@ -27,7 +29,7 @@
  * @since 6.4
  * @see org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations#authenticate(org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest)
  */
-public interface PublicKeyCredentialUserEntity {
+public interface PublicKeyCredentialUserEntity extends Serializable {
 
 	/**
 	 * The <a href=

From 539f2c57e9b4bf97173882f02716ed99062bcbd6 Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Sun, 19 Jan 2025 00:13:30 +0700
Subject: [PATCH 2/4] Update Serial

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
---
 ...k.security.web.webauthn.api.Bytes.serialized | Bin 140 -> 140 bytes
 ...ablePublicKeyCredentialUserEntity.serialized | Bin 361 -> 361 bytes
 .../security/web/webauthn/api/Bytes.java        |   2 ++
 .../ImmutablePublicKeyCredentialUserEntity.java |   3 +++
 4 files changed, 5 insertions(+)

diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized
index a8ebb8b39ab46d3e1375707cbeac2c0ab278ff2f..eeb99ca70fbf1ab854c3e4b143fa47594ba503b8 100644
GIT binary patch
delta 39
xcmV+?0NDSG0gM5VY#{F^N=fxWtRA$7Ssa_{I>*0N&(!Yl?e@A)gHQE^19os-6kGrR

delta 39
vcmeBS>|vacqo9B5JU?^QUcM<Ycda*gOB~7M@_bP>&Eek>t}YjSPbnS%H-ryy

diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized
index 4dffcaaa0ea841c248495edfe96b7c65f3f9e11c..917a9c93659010df65a4027db625ed868b246889 100644
GIT binary patch
delta 45
zcmV+|0Mh^I0_g&<L;)qhO>7`p{nD&5Ad%qUkHy7>yv@^FmO$;o?Fu;P&3?Uc0Db@j
D4rdna

delta 45
zcmV+|0Mh^I0_g&<L;)q9_2R&YnTpIRNsXV7L%Y>F#ZfkMIr`IFlu^NLFJ^sl0Db@j
D2w@cx

diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
index 444d6ed112..6c96a11efd 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.security.SecureRandom;
 import java.util.Arrays;
@@ -31,6 +32,7 @@
  */
 public final class Bytes implements Serializable {
 
+	@Serial
 	private static final long serialVersionUID = -3278138671365709777L;
 
 	private static final SecureRandom RANDOM = new SecureRandom();
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java
index 55cb028d2e..a383967f7d 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/ImmutablePublicKeyCredentialUserEntity.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
+
 /**
  * <a href=
  * "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialuserentity">PublicKeyCredentialUserEntity</a>
@@ -28,6 +30,7 @@
  */
 public final class ImmutablePublicKeyCredentialUserEntity implements PublicKeyCredentialUserEntity {
 
+	@Serial
 	private static final long serialVersionUID = -3438693960347279759L;
 
 	/**

From 79059060817aeb188a9f36c5f8c3ca20fbbe6ce2 Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Wed, 22 Jan 2025 03:27:20 +0700
Subject: [PATCH 3/4] Implement Serial for WebAuthnAuthentication

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
---
 ...gSecurityCoreVersionSerializableTests.java |  16 +++++++--
 ...security.web.webauthn.api.Bytes.serialized | Bin 0 -> 140 bytes
 ...lePublicKeyCredentialUserEntity.serialized | Bin 361 -> 361 bytes
 ...tication.WebAuthnAuthentication.serialized | Bin 0 -> 1185 bytes
 ...security.web.webauthn.api.Bytes.serialized | Bin 140 -> 0 bytes
 .../WebAuthnAuthentication.java               |   7 +++-
 .../security/web/webauthn/api/TestBytes.java  |  31 ++++++++++++++++++
 7 files changed, 51 insertions(+), 3 deletions(-)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.Bytes.serialized
 rename config/src/test/resources/serialized/{6.5.x => 6.4.x}/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized (88%)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized
 delete mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized
 create mode 100644 web/src/test/java/org/springframework/security/web/webauthn/api/TestBytes.java

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index ede9a19ac8..229054b023 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -193,7 +193,10 @@
 import org.springframework.security.web.session.HttpSessionCreatedEvent;
 import org.springframework.security.web.webauthn.api.Bytes;
 import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
+import org.springframework.security.web.webauthn.api.TestBytes;
 import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialUserEntity;
+import org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
@@ -513,9 +516,18 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new HttpSessionCreatedEvent(new MockHttpSession()));
 
 		// webauthn
-		generatorByClassName.put(Bytes.class, (r) -> Bytes.random());
+		generatorByClassName.put(Bytes.class, (r) -> TestBytes.getInstance());
 		generatorByClassName.put(ImmutablePublicKeyCredentialUserEntity.class,
-				(r) -> TestPublicKeyCredentialUserEntity.userEntity().build());
+				(r) -> TestPublicKeyCredentialUserEntity.userEntity().id(TestBytes.getInstance()).build());
+		generatorByClassName.put(WebAuthnAuthentication.class, (r) -> {
+			PublicKeyCredentialUserEntity userEntity = TestPublicKeyCredentialUserEntity.userEntity()
+				.id(TestBytes.getInstance())
+				.build();
+			List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
+			WebAuthnAuthentication webAuthnAuthentication = new WebAuthnAuthentication(userEntity, authorities);
+			webAuthnAuthentication.setDetails(details);
+			return webAuthnAuthentication;
+		});
 	}
 
 	@ParameterizedTest
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.Bytes.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.Bytes.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..483bef50163c6c74df8c3f3b9024d2e64c6efd16
GIT binary patch
literal 140
zcmZ4UmVvdnh`~6&C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5
zGWDD)OHzw3HEy%lIJQ8aiGeYifi(#vRKma%?Nm`vS_Gokd=~$~#u4&>iGiV_fPsNQ
mVPR74gn8@Lf9}jb$Iae<>Mhe`PD2BojzjI;t_F(j);$1UUNiXs

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized
similarity index 88%
rename from config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized
rename to config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity.serialized
index 917a9c93659010df65a4027db625ed868b246889..eb662f4843a91a70b7f1537902d6a33e280849d7 100644
GIT binary patch
delta 45
zcmaFK^pa_V3#017q}&Pf)~o;AnSYL(z5mo(rpcU!209&w+Phs16x*$P3K{AcSOCSa
B5()qS

delta 45
zcmV+|0Mh^I0_g&<L;)qhO>7`p{nD&5Ad%qUkHy7>yv@^FmO$;o?Fu;P&3?Uc0Db@j
D4rdna

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..a5baa210e663a1243b774d38bbdd7daf80fbe8c0
GIT binary patch
literal 1185
zcmb7D&r20i6h3d>Qxh?zKxvT_^uvYBC=mp25%1aKB~BXtAV?_g%v|m2ogdzNCudqn
z(!!vqpjC^awjs1C2wJsBD2T9sAX?|DMF|C+J1=`G^u&R=Gjryg?|kRG-(6XUCMjSv
z6f>rb1Pf-S1@Y-ZDCSH_-B>V{nhVs?H;L7?z|<=Z6myAUVPIaOPD#i0QV+kWb`6(S
zf8R17XG5#Tby-BXf(tfwvUYT`Hal6^Mc-K`i$u)27(1M~!!#Wf)YJHcPf98(_@>fg
zBB0uk`3|xrM=C*FwVmulI7fre&wCexs<+>O{AFn0Qb#=-+VppbS}-aVblJ1yI<aEK
zxHTAZPF<};(S{a}D#AFX9H^ym63kem&MamWlPHHmpU|bIE;Z|=^4MhHhaQ_|#NpIt
zQvK>UKJfC}z0OR(0>_Ag&Mj?qj-I}6cer|+LuI)6;mVJm3^eD?!y@F92uU5Rqm+ao
zsYXwh)($^fC6Duv8-jvlH)s+8KyIO+S1c+w6y6O5&8(tTOU-fSN1Rp#2^96T`dJu}
z@G^L9N)d9pUAb|k4T;JrXdN51D_1ASD`Sb~-G&6tHza^A`j1uXE<IP<t~w3FhIT>y
zP|=d-2`Z)T)s7C9_>Ox#<YfU(sJWJh%>MmDP7}Lw+H|*x?ly;fKUR9r8`}I+b)@6#
znVxyHCR)*BGU6m1!BhH|oxwZ>r}ucU%Bi9fJzEGif%H^`7!McDacXaKWMFGcug><q
zdurisPC=8S@f8?T<s^!Qey)7){@J{5;)?;0S?S0#$A9qT#mSA=;m5X?`|sC{hphws
TeYf8(->LK;T`u0$<8}W5{HLY5

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.Bytes.serialized
deleted file mode 100644
index eeb99ca70fbf1ab854c3e4b143fa47594ba503b8..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 140
zcmZ4UmVvdnh`~6&C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5
zGWDD)OHzw3HEy%lIJQ8aiGeYifi(#vRKma%?Nm`vS_Gokd=~$~#u4&>iGiV_fPsNQ
n;k~+-=U2xya$DLXWoEy!I=(;j{FQef-hSKV-|YXjmAMQ6fw?#M

diff --git a/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java b/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java
index 8964e0b13e..62b67c6969 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.webauthn.authentication;
 
+import java.beans.Transient;
+import java.io.Serial;
 import java.util.Collection;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -33,6 +35,9 @@
  */
 public class WebAuthnAuthentication extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = -4879907158750659197L;
+
 	private final PublicKeyCredentialUserEntity principal;
 
 	public WebAuthnAuthentication(PublicKeyCredentialUserEntity principal,
diff --git a/web/src/test/java/org/springframework/security/web/webauthn/api/TestBytes.java b/web/src/test/java/org/springframework/security/web/webauthn/api/TestBytes.java
new file mode 100644
index 0000000000..433eadc706
--- /dev/null
+++ b/web/src/test/java/org/springframework/security/web/webauthn/api/TestBytes.java
@@ -0,0 +1,31 @@
+/*
+ * Copyright 2002-2025 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.springframework.security.web.webauthn.api;
+
+public final class TestBytes {
+
+	private static final Bytes INSTANCE = Bytes.random();
+
+	public static Bytes getInstance() {
+
+		return INSTANCE;
+	}
+
+	private TestBytes() {
+	}
+
+}

From c37163fd802748be1238f483bb132d40dc103e13 Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Wed, 22 Jan 2025 03:29:06 +0700
Subject: [PATCH 4/4] Remove unused import

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
---
 .../web/webauthn/authentication/WebAuthnAuthentication.java      | 1 -
 1 file changed, 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java b/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java
index 62b67c6969..51be1e76f2 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthentication.java
@@ -16,7 +16,6 @@
 
 package org.springframework.security.web.webauthn.authentication;
 
-import java.beans.Transient;
 import java.io.Serial;
 import java.util.Collection;