首页 发现 帮助
注册 登录
github
/
spring-security
镜像自地址 https://github.com/spring-projects/spring-security
2
0
派生 0
文件 工单管理 0 Wiki
浏览代码

Fix issues identified in PR review

Signed-off-by: Borghi <137845283+Borghii@users.noreply.github.com>
Borghi 5 月之前
父节点
0bc9313fdd
当前提交
e3a715b8f5
共有 2 个文件被更改,包括 13 次插入3 次删除
分列视图 显示文件统计
  1. 3 2
      web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
  2. 10 1
      web/src/test/java/org/springframework/security/web/webauthn/management/Webauthn4jRelyingPartyOperationsTests.java

+ 3 - 2
web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2024 the original author or authors.
 
+ * Copyright 2002-2025 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -346,7 +346,8 @@ public class Webauthn4JRelyingPartyOperations implements WebAuthnRelyingPartyOpe
 
 	}
 
 
 	private List<CredentialRecord> findCredentialRecords(Authentication authentication) {
 
-		if (authentication instanceof AnonymousAuthenticationToken) {
 
+		AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 
+		if (authentication == null || trustResolver.isAnonymous(authentication)) {
 
 			return Collections.emptyList();
 
 		}
 
 		PublicKeyCredentialUserEntity userEntity = this.userEntities.findByUsername(authentication.getName());

+ 10 - 1
web/src/test/java/org/springframework/security/web/webauthn/management/Webauthn4jRelyingPartyOperationsTests.java
查看文件 

@@ -1,5 +1,5 @@
 
 /*
 
- * Copyright 2002-2024 the original author or authors.
 
+ * Copyright 2002-2025 the original author or authors.
 
  *
 
  * Licensed under the Apache License, Version 2.0 (the "License");
 
  * you may not use this file except in compliance with the License.
 
@@ -548,6 +548,15 @@ class Webauthn4jRelyingPartyOperationsTests {
 
 		assertThat(credentialRequestOptions.getAllowCredentials()).isEmpty();
 
 	}
 
 
+	@Test
 
+	void shouldReturnEmptyCredentialsWhenAnonymousUserIsDisabled() {
 
+		PublicKeyCredentialRequestOptionsRequest createRequest = new ImmutablePublicKeyCredentialRequestOptionsRequest(null);
 
+		PublicKeyCredentialRequestOptions credentialRequestOptions = this.rpOperations
 
+			.createCredentialRequestOptions(createRequest);
 
+
 
+		assertThat(credentialRequestOptions.getAllowCredentials()).isEmpty();
 
+	}
 
+
 
 	private static AuthenticatorAttestationResponse setFlag(byte... flags) throws Exception {
 
 		AuthenticatorAttestationResponseBuilder authAttResponseBldr = TestAuthenticatorAttestationResponse
 
 			.createAuthenticatorAttestationResponse();