Fix issues identified in PR review

Borghii · Borghii · commit e3a715b8f5c8 · 2025-03-24T13:00:27.000-03:00
Signed-off-by: Borghi &lt;137845283+Borghii@users.noreply.github.com&gt;
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java b/web/src/main/java/org/springframework/security/web/webauthn/management/Webauthn4JRelyingPartyOperations.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -346,7 +346,8 @@ public PublicKeyCredentialRequestOptions createCredentialRequestOptions(
 	}
 
 	private List<CredentialRecord> findCredentialRecords(Authentication authentication) {
-		if (authentication instanceof AnonymousAuthenticationToken) {
+		AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
+		if (authentication == null || trustResolver.isAnonymous(authentication)) {
 			return Collections.emptyList();
 		}
 		PublicKeyCredentialUserEntity userEntity = this.userEntities.findByUsername(authentication.getName());
diff --git a/web/src/test/java/org/springframework/security/web/webauthn/management/Webauthn4jRelyingPartyOperationsTests.java b/web/src/test/java/org/springframework/security/web/webauthn/management/Webauthn4jRelyingPartyOperationsTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -548,6 +548,15 @@ void shouldReturnEmptyCredentialsWhenUserIsAnonymous() {
 		assertThat(credentialRequestOptions.getAllowCredentials()).isEmpty();
 	}
 
+	@Test
+	void shouldReturnEmptyCredentialsWhenAnonymousUserIsDisabled() {
+		PublicKeyCredentialRequestOptionsRequest createRequest = new ImmutablePublicKeyCredentialRequestOptionsRequest(null);
+		PublicKeyCredentialRequestOptions credentialRequestOptions = this.rpOperations
+			.createCredentialRequestOptions(createRequest);
+
+		assertThat(credentialRequestOptions.getAllowCredentials()).isEmpty();
+	}
+
 	private static AuthenticatorAttestationResponse setFlag(byte... flags) throws Exception {
 		AuthenticatorAttestationResponseBuilder authAttResponseBldr = TestAuthenticatorAttestationResponse
 			.createAuthenticatorAttestationResponse();

Original file line number	Diff line number	Diff line change
`@@ -1,5 +1,5 @@`
`1`	`1`	`/*`
`2`		`- * Copyright 2002-2024 the original author or authors.`
	`2`	`+ * Copyright 2002-2025 the original author or authors.`
`3`	`3`	`*`
`4`	`4`	`* Licensed under the Apache License, Version 2.0 (the "License");`
`5`	`5`	`* you may not use this file except in compliance with the License.`
`@@ -346,7 +346,8 @@ public PublicKeyCredentialRequestOptions createCredentialRequestOptions(`
`346`	`346`	`}`
`347`	`347`
`348`	`348`	`private List<CredentialRecord> findCredentialRecords(Authentication authentication) {`
`349`		`- if (authentication instanceof AnonymousAuthenticationToken) {`
	`349`	`+ AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();`
	`350`	`+ if (authentication == null \|\| trustResolver.isAnonymous(authentication)) {`
`350`	`351`	`return Collections.emptyList();`
`351`	`352`	`}`
`352`	`353`	`PublicKeyCredentialUserEntity userEntity = this.userEntities.findByUsername(authentication.getName());`