Implement Serializable for PublicKeyCredentialUserEntity

Author: ngocnhan-tran1996

web/src/main/java/org/springframework/security/web/webauthn/api/Bytes.java

@@ -16,10 +16,12 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
 import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Base64;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
 /**
@@ -28,7 +30,9 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class Bytes {
+public final class Bytes implements Serializable {
+
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private static final SecureRandom RANDOM = new SecureRandom();
 

web/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialUserEntity.java

@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serializable;
+
 /**
  * <a href=
  * "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialuserentity">PublicKeyCredentialUserEntity</a>
@@ -27,7 +29,7 @@
  * @since 6.4
  * @see org.springframework.security.web.webauthn.management.WebAuthnRelyingPartyOperations#authenticate(org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest)
  */
-public interface PublicKeyCredentialUserEntity {
+public interface PublicKeyCredentialUserEntity extends Serializable {
 
 	/**
 	 * The <a href=

web/src/test/java/org/springframework/security/web/webauthn/authentication/WebAuthnAuthenticationTests.java

@@ -24,6 +24,7 @@
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
 import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialUserEntity;
+import org.springframework.util.SerializationUtils;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
@@ -55,4 +56,16 @@ void setAuthenticationWhenFalseThenNotAuthenticated() {
 		assertThat(authentication.isAuthenticated()).isFalse();
 	}
 
+	@Test
+	void testSerialization() {
+		PublicKeyCredentialUserEntity userEntity = TestPublicKeyCredentialUserEntity.userEntity().build();
+		List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
+		WebAuthnAuthentication authentication = new WebAuthnAuthentication(userEntity, authorities);
+		byte[] serialize = SerializationUtils.serialize(authentication);
+		WebAuthnAuthentication deserializeAuthentication = (WebAuthnAuthentication) SerializationUtils.deserialize(serialize);
+		assertThat(deserializeAuthentication.getPrincipal().getName()).isEqualTo(authentication.getPrincipal().getName());
+		assertThat(deserializeAuthentication.getPrincipal().getDisplayName()).isEqualTo(authentication.getPrincipal().getDisplayName());
+		assertThat(deserializeAuthentication.getPrincipal().getId()).isEqualTo(authentication.getPrincipal().getId());
+	}
+
 }