spring-security icon indicating copy to clipboard operation
spring-security copied to clipboard
verified publisher icon spring-projects

webauthn: use DefaultResourcesFilter without reflection

Open Kehrlann opened this issue 1 year ago • 0 comments

reviewer: @rwinch

Description

Use DefaultResourcesFilter with a proper static method for webauthn pages.

Note that the filter used to be registered only when the DefaultLoginPageGeneratingFilter was registered. It is now always used, because the DefaultWebAuthnRegistrationPageGeneratingFilter uses the javascript, and that file is always present. Also note that while the registration page is after the AuthorizationFilter, the javascript will always be publicly served, because, when the login page is served, it needs the javascript to be publicly accessible.

Kehrlann avatar Oct 22 '24 13:10 Kehrlann