Document JDBC Persistence for WebAuthn

Issue gh-16282
spring-projects · Jan 18, 2025 · d3332e1 · d3332e1
1 parent 1f98454
commit d3332e1
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc b/docs/modules/ROOT/pages/servlet/authentication/passkeys.adoc
@@ -118,6 +118,49 @@ open fun userDetailsService(): UserDetailsService {
 ----
 ======
 
+
+[[passkeys-configuration-persistence]]
+=== JDBC & Custom Persistence
+
+WebAuthn performs persistence with javadoc:org.springframework.security.web.webauthn.management.PublicKeyCredentialUserEntityRepository[] and javadoc:org.springframework.security.web.webauthn.management.UserCredentialRepository[].
+The default is to use in memory persistence, but JDBC persistence is support with javadoc:org.springframework.security.web.webauthn.management.JdbcPublicKeyCredentialUserEntityRepository[] and javadoc:org.springframework.security.web.webauthn.management.JdbcUserCredentialRepository[].
+To configure JDBC based persistence, expose the repositories as a Bean:
+
+[tabs]
+======
+Java::
++
+[source,java,role="primary"]
+----
+@Bean
+JdbcPublicKeyCredentialUserEntityRepository jdbcPublicKeyCredentialRepository(JdbcOperations jdbc) {
+	return new JdbcPublicKeyCredentialUserEntityRepository(jdbc);
+}
+
+@Bean
+JdbcUserCredentialRepository jdbcUserCredentialRepository(JdbcOperations jdbc) {
+	return new JdbcUserCredentialRepository(jdbc);
+}
+----
+
+Kotlin::
++
+[source,kotlin,role="secondary"]
+----
+@Bean
+fun jdbcPublicKeyCredentialRepository(jdbc: JdbcOperations): JdbcPublicKeyCredentialUserEntityRepository {
+    return JdbcPublicKeyCredentialUserEntityRepository(jdbc)
+}
+
+@Bean
+fun jdbcUserCredentialRepository(jdbc: JdbcOperations): JdbcUserCredentialRepository {
+    return JdbcUserCredentialRepository(jdbc)
+}
+----
+======
+
+If JDBC does not meet your needs, you can create your own implementations of the interfaces and use them by exposing them as a Bean similar to the example above.
+
 [[passkeys-configuration-pkccor]]
 === Custom PublicKeyCredentialCreationOptionsRepository
 

diff --git a/docs/modules/ROOT/pages/whats-new.adoc b/docs/modules/ROOT/pages/whats-new.adoc
@@ -17,5 +17,6 @@ Note that this may affect reports that operate on this key name.
 
 == WebAuthn
 
+* https://github.com/spring-projects/spring-security/pull/16282[gh-16282] - xref:servlet/authentication/passkeys.adoc#passkeys-configuration-persistence[JDBC Persistence] for WebAuthn/Passkeys
 * https://github.com/spring-projects/spring-security/pull/16397[gh-16397] - Added the ability to configure a custom `HttpMessageConverter` for Passkeys using the optional xref:servlet/authentication/passkeys.adoc#passkeys-configuration[`messageConverter` property] on the `webAuthn` DSL.
 * https://github.com/spring-projects/spring-security/pull/16396[gh-16396] - Added the ability to configure a custom xref:servlet/authentication/passkeys.adoc#passkeys-configuration-pkccor[`PublicKeyCredentialCreationOptionsRepository`]