Server-side U2F library for Java. Provides functionality for registering U2F devices and authenticate with said devices.
<dependency>
<groupId>com.yubico</groupId>
<artifactId>u2flib-server-core</artifactId>
<version>0.15.0</version>
</dependency>
Note
|
Make sure that you have read Using a U2F library before continuing. |
@GET
public View startAuthentication(String username) throws NoEligableDevicesException {
// Generate a challenge for each U2F device that this user has registered
AuthenticateRequestData requestData
= u2f.startAuthentication(SERVER_ADDRESS, getRegistrations(username));
// Store the challenges for future reference
requestStorage.put(requestData.getRequestId(), requestData.toJson());
// Return an HTML page containing the challenges
return new AuthenticationView(requestData.toJson(), username);
}
@POST
public String finishAuthentication(AuthenticateResponse response, String username) throws
DeviceCompromisedException {
// Get the challenges that we stored when starting the authentication
AuthenticateRequestData authenticateRequest
= requestStorage.remove(authenticateResponse.getRequestId());
// Verify the that the given response is valid for one of the registered devices
u2f.finishAuthentication(authenticateRequest,
authenticateResponse,
getRegistrations(username));
return "Successfully authenticated!";
}
In the above example getRegistrations()
returns the U2F devices currently associated with a given user.
This is most likely stored in a database.
See u2flib-server-demo
for a complete demo server (including registration and storage of U2F devices).
JavaDoc can be found at developers.yubico.com/java-u2flib-server.
The attestation module (u2flib-server-attestation
) enables you to restrict registrations to certain U2F devices (e.g. devices made by a specific vendor). It can also provide metadata for devices.