Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WebAuthn data classes not compatible with JdkSerializationRedisSerializer, and switching to Jackson2 serializer has many issues #16328

Open
justincranford opened this issue Dec 23, 2024 · 0 comments
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@justincranford
Copy link

justincranford commented Dec 23, 2024

Describe the bug
Persistence of WebAuthn service data objects only seems to work if using in-memory MapSessionRepository.

  1. PublicKeyCredentialCreationOptions
  2. PublicKeyCredentialRequestOptions

Persistence doesn't work if using RedisSessionRepository.

  1. Redis defaultSerializer seems to be JdkSerializationRedisSerializer.
  2. WebAuthn data classes in https://github.com/spring-projects/spring-security/tree/fd267dfb71bfc8e1ab5bcc8270c12fbaad46fddf/web/src/main/java/org/springframework/security/web/webauthn/api don't seem to implement the Serializable interface required for JdkSerializationRedisSerializer to work.

To Reproduce
I implemented a repo to:

  1. Reproduce and demonstrate the initial RedisSessionRepository JdkSerializationRedisSerializer issue
  2. Reproduce and demonstrate all of the issues I encountered, and the incremental workarounds I had to apply, to make the WebAuthn service data classes compatible with RedisSessionRepository JSON Jackson2 serialization

https://github.com/justincranford/spring-security-webauthn-redis

Expected behavior

  1. WebAuthn service data classes should work with JdkSerializationRedisSerializer out-of-the-box.
  2. WebAuthn service data classes should work with GenericJackson2JsonRedisSerializer out-of-the-box too, or with minimal boilerplate.
  3. Examples should be included in official documents for WebAuthn and/or Redis.

Sample
See repo with README
https://github.com/justincranford/spring-security-webauthn-redis

@justincranford justincranford added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Dec 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Development

No branches or pull requests

1 participant