Fix non-portable BLOB columnDefinition in WebAuthnCredential (#275)

devondragon · web-flow · commit fc53d8b3cc46 · 2026-03-11T19:03:45.000-06:00
* fix: Remove non-portable BLOB columnDefinition from WebAuthnCredential Remove hardcoded `columnDefinition = "BLOB"` from three byte[] fields in WebAuthnCredential. The `@Lob` annotation already handles dialect- appropriate type mapping (BLOB for MySQL, bytea for PostgreSQL, etc.). The explicit columnDefinition bypassed Hibernate's dialect translation, causing DDL failures on PostgreSQL and other non-MySQL databases. Fixes #274 * fix: Use plain byte[] instead of @lob for portable WebAuthn columns Replace `@Lob @column(columnDefinition = "BLOB")` with plain `byte[]` and explicit `@Column(length = ...)` on the three binary fields in WebAuthnCredential. `@Lob` on byte[] in Hibernate 7 generates literal `blob` in DDL, which bypasses dialect translation and fails on PostgreSQL (no `blob` type). Plain byte[] lets each dialect choose the correct native type: `bytea` on PostgreSQL, `varbinary`/`mediumblob` on MySQL. Verified DDL generation against a real PostgreSQL 16 instance and confirmed all three columns map to `bytea`. Full H2 test suite passes with no regressions. Fixes #274
diff --git a/src/main/java/com/digitalsanctuary/spring/user/persistence/model/WebAuthnCredential.java b/src/main/java/com/digitalsanctuary/spring/user/persistence/model/WebAuthnCredential.java
@@ -6,7 +6,6 @@
 import jakarta.persistence.FetchType;
 import jakarta.persistence.Id;
 import jakarta.persistence.JoinColumn;
-import jakarta.persistence.Lob;
 import jakarta.persistence.ManyToOne;
 import jakarta.persistence.Table;
 import lombok.Data;
@@ -31,8 +30,7 @@ public class WebAuthnCredential {
 	private WebAuthnUserEntity userEntity;
 
 	/** COSE-encoded public key (typically 77-300 bytes, RSA keys can be larger). */
-	@Lob
-	@Column(name = "public_key", nullable = false, columnDefinition = "BLOB")
+	@Column(name = "public_key", nullable = false, length = 2048)
 	private byte[] publicKey;
 
 	/** Counter to detect cloned authenticators. */
@@ -60,13 +58,11 @@ public class WebAuthnCredential {
 	private boolean backupState;
 
 	/** Attestation data from registration (can be several KB). */
-	@Lob
-	@Column(name = "attestation_object", columnDefinition = "BLOB")
+	@Column(name = "attestation_object", length = 65536)
 	private byte[] attestationObject;
 
 	/** Client data JSON from registration (can be several KB). */
-	@Lob
-	@Column(name = "attestation_client_data_json", columnDefinition = "BLOB")
+	@Column(name = "attestation_client_data_json", length = 65536)
 	private byte[] attestationClientDataJson;
 
 	/** Creation timestamp. */
