Skip to content

Implement Serializable for WebAuthnAuthentication #16285

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 4 commits into from
Closed

Implement Serializable for WebAuthnAuthentication #16285

wants to merge 4 commits into from

Conversation

ngocnhan-tran1996
Copy link
Contributor

Closes gh-16273

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 13, 2024
@ngocnhan-tran1996 ngocnhan-tran1996 force-pushed the gh-16273 branch 3 times, most recently from b1b63b8 to 125e369 Compare December 14, 2024 19:57
@rwinch rwinch closed this Jan 18, 2025
@rwinch rwinch reopened this Jan 18, 2025
@rwinch
Copy link
Member

rwinch commented Jan 18, 2025

Thanks for the Pull Request. Historically the serialVersionUID no longer used for new classes implementing Serializable. Going forward we should generate a serialVersionUID.

Please take a look at 6f379aa which was progress towards #16276 for an example for how to implement it. It uses generated serialVersionUID and adds tests. The ticket #16276 also has instructions on how to address it.

NOTE: This PR has some overlap with gh-16438

@rwinch rwinch mentioned this pull request Jan 18, 2025
Closed
@ngocnhan-tran1996 ngocnhan-tran1996 mentioned this pull request Jan 20, 2025
Open
@rwinch rwinch self-assigned this Jan 21, 2025
rwinch
rwinch requested changes Jan 21, 2025
View reviewed changes
Copy link
Member

@rwinch rwinch left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates.

This PR says it closes gh-16273 but it doesn't add a test for serialization / deserialization of WebAuthnAuthentication. Can you please add it?

Since the ticket is targeting 6.4.x this PR should be pointed at the 6.4.x branch. We will then forward merge it.

I've also provided feedback inline.

...g/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java Outdated
@@ -508,6 +511,11 @@ class SpringSecurityCoreVersionSerializableTests {
(r) -> new AuthenticationSwitchUserEvent(authentication, user));
generatorByClassName.put(HttpSessionCreatedEvent.class,
(r) -> new HttpSessionCreatedEvent(new MockHttpSession()));

// webauthn
generatorByClassName.put(Bytes.class, (r) -> Bytes.random());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please create a TestBytes which returns a constant Bytes so that this does not change for each run.

...g/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java Outdated
// webauthn
generatorByClassName.put(Bytes.class, (r) -> Bytes.random());
generatorByClassName.put(ImmutablePublicKeyCredentialUserEntity.class,
(r) -> TestPublicKeyCredentialUserEntity.userEntity().build());
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please ensure that TestPublicKeyCredentialUserEntity uses a constant value for the Bytes (get it from TestBytes).

@ngocnhan-tran1996
Implement Serializable for PublicKeyCredentialUserEntity
7fd6ff0 
Closes spring-projectsgh-16273

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
@ngocnhan-tran1996
Update Serial
539f2c5 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
@ngocnhan-tran1996
Implement Serial for WebAuthnAuthentication
7905906 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
@ngocnhan-tran1996 ngocnhan-tran1996 changed the base branch from main to 6.4.x January 21, 2025 20:28
@ngocnhan-tran1996
Remove unused import
c37163f 
Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
@rwinch rwinch changed the title Implement Serializable for PublicKeyCredentialUserEntity Implement Serializable for WebAuthnAuthentication Jan 23, 2025
@rwinch rwinch mentioned this pull request Jan 23, 2025
Closed
@rwinch rwinch closed this in e557c72 Jan 23, 2025
@rwinch rwinch added in: web An issue in web modules (web, webmvc) type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Jan 23, 2025
@rwinch rwinch added this to the 6.4.3 milestone Jan 23, 2025
@ngocnhan-tran1996 ngocnhan-tran1996 deleted the gh-16273 branch January 24, 2025 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwinch rwinch rwinch requested changes

Assignees

@rwinch rwinch

Labels
in: web An issue in web modules (web, webmvc) type: bug A general bug
Projects
None yet
Milestone
6.4.3
Development

Successfully merging this pull request may close these issues.

Make WebAuthnAuthentication Serializable
3 participants
@ngocnhan-tran1996 @rwinch @spring-projects-issues