From b9911fd522c197722ebf9d98d1457ab2fe207972 Mon Sep 17 00:00:00 2001 From: Josh Cummings <3627351+jzheaux@users.noreply.github.com> Date: Thu, 12 Dec 2024 11:43:42 -0700 Subject: [PATCH] Add serialVersionUID to Authentication classes Issue gh-16276 --- .../OidcBackChannelLogoutAuthentication.java | 6 +- .../client/OidcLogoutAuthenticationToken.java | 7 +- .../OidcBackChannelLogoutAuthentication.java | 6 +- .../server/OidcLogoutAuthenticationToken.java | 7 +- ...gSecurityCoreVersionSerializableTests.java | 82 ++++++++++++++++++ ...on.AnonymousAuthenticationToken.serialized | Bin 0 -> 787 bytes ...tion.TestingAuthenticationToken.serialized | Bin 0 -> 534 bytes ...OneTimeTokenAuthenticationToken.serialized | Bin 0 -> 699 bytes ....ldap.userdetails.LdapAuthority.serialized | Bin 0 -> 265 bytes ...tication.logout.OidcLogoutToken.serialized | Bin 0 -> 895 bytes ....session.OidcSessionInformation.serialized | Bin 0 -> 2430 bytes ...ultOAuth2AuthenticatedPrincipal.serialized | Bin 0 -> 1225 bytes ...y.oauth2.core.OAuth2AccessToken.serialized | Bin 0 -> 733 bytes ...ty.oauth2.core.OAuth2DeviceCode.serialized | Bin 0 -> 313 bytes ....oauth2.core.OAuth2RefreshToken.serialized | Bin 0 -> 322 bytes ...rity.oauth2.core.OAuth2UserCode.serialized | Bin 0 -> 311 bytes ...ty.oauth2.core.oidc.OidcIdToken.serialized | Bin 0 -> 682 bytes ....core.oidc.user.DefaultOidcUser.serialized | Bin 0 -> 2051 bytes ...ore.oidc.user.OidcUserAuthority.serialized | Bin 0 -> 1313 bytes ...amework.security.oauth2.jwt.Jwt.serialized | Bin 0 -> 831 bytes ...erver.resource.BearerTokenError.serialized | Bin 0 -> 469 bytes ...ospectionAuthenticatedPrincipal.serialized | Bin 0 -> 1434 bytes ...hentication.Saml2Authentication.serialized | Bin 0 -> 1187 bytes ....Saml2PostAuthenticationRequest.serialized | Bin 0 -> 417 bytes ...l2RedirectAuthenticationRequest.serialized | Bin 0 -> 473 bytes ...ation.logout.Saml2LogoutRequest.serialized | Bin 0 -> 736 bytes .../ott/OneTimeTokenAuthenticationToken.java | 4 + .../ldap/userdetails/LdapAuthority.java | 4 + .../logout/OidcLogoutToken.java | 6 +- .../oidc/session/OidcSessionInformation.java | 6 +- .../DefaultOAuth2AuthenticatedPrincipal.java | 6 +- .../oauth2/core/OAuth2AccessToken.java | 6 +- .../oauth2/core/OAuth2DeviceCode.java | 6 +- .../oauth2/core/OAuth2RefreshToken.java | 6 +- .../security/oauth2/core/OAuth2UserCode.java | 6 +- .../oauth2/core/oidc/OidcIdToken.java | 6 +- .../core/oidc/user/DefaultOidcUser.java | 6 +- .../core/oidc/user/OidcUserAuthority.java | 4 + .../security/oauth2/jwt/Jwt.java | 6 +- .../server/resource/BearerTokenError.java | 7 +- ...h2IntrospectionAuthenticatedPrincipal.java | 6 +- .../authentication/Saml2Authentication.java | 6 +- .../Saml2PostAuthenticationRequest.java | 7 +- .../Saml2RedirectAuthenticationRequest.java | 7 +- .../logout/Saml2LogoutRequest.java | 6 +- 45 files changed, 199 insertions(+), 20 deletions(-) create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.AnonymousAuthenticationToken.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.TestingAuthenticationToken.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.userdetails.LdapAuthority.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2AccessToken.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2DeviceCode.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2RefreshToken.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2UserCode.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.OidcIdToken.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.jwt.Jwt.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.BearerTokenError.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2Authentication.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.serialized create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.serialized diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java index 73f76bffd78..827b0a05548 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.client; +import java.io.Serial; import java.util.Collections; import org.springframework.security.authentication.AbstractAuthenticationToken; @@ -36,6 +37,9 @@ */ class OidcBackChannelLogoutAuthentication extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = 9095810699956350287L; + private final OidcLogoutToken logoutToken; private final ClientRegistration clientRegistration; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java index 4a227e3be8e..e609389e8fe 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.client; +import java.io.Serial; + import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.client.registration.ClientRegistration; @@ -29,6 +31,9 @@ */ class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = -1568528983223505540L; + private final String logoutToken; private final ClientRegistration clientRegistration; diff --git a/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java b/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java index f7dd4b2e098..d5d95f471c1 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java +++ b/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.config.web.server; +import java.io.Serial; import java.util.Collections; import org.springframework.security.authentication.AbstractAuthenticationToken; @@ -36,6 +37,9 @@ */ class OidcBackChannelLogoutAuthentication extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = 9095810699956350287L; + private final OidcLogoutToken logoutToken; private final ClientRegistration clientRegistration; diff --git a/config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java b/config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java index 8d5ab818a5f..617f2969804 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java +++ b/config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.config.web.server; +import java.io.Serial; + import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.client.registration.ClientRegistration; @@ -29,6 +31,9 @@ */ class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = -1568528983223505540L; + private final String logoutToken; private final ClientRegistration clientRegistration; diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java index bbb0adead6a..cff442fffe8 100644 --- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java +++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java @@ -32,6 +32,7 @@ import java.nio.file.Paths; import java.time.Instant; import java.util.ArrayList; +import java.util.Collection; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -54,26 +55,42 @@ import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider; import org.springframework.core.type.filter.AssignableTypeFilter; import org.springframework.security.access.intercept.RunAsUserToken; +import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.RememberMeAuthenticationToken; import org.springframework.security.authentication.TestAuthentication; +import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.jaas.JaasAuthenticationToken; +import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken; import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; import org.springframework.security.cas.authentication.CasAuthenticationToken; import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.session.ReactiveSessionInformation; import org.springframework.security.core.session.SessionInformation; import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.ldap.userdetails.LdapAuthority; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken; import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthenticationTokens; import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthorizationCodeAuthenticationTokens; +import org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken; +import org.springframework.security.oauth2.client.oidc.authentication.logout.TestOidcLogoutTokens; +import org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation; +import org.springframework.security.oauth2.client.oidc.session.TestOidcSessionInformations; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.TestClientRegistrations; +import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal; +import org.springframework.security.oauth2.core.OAuth2DeviceCode; +import org.springframework.security.oauth2.core.OAuth2RefreshToken; +import org.springframework.security.oauth2.core.OAuth2UserCode; import org.springframework.security.oauth2.core.TestOAuth2AccessTokens; import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; @@ -82,16 +99,30 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges; import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests; import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.core.oidc.OidcUserInfo; +import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens; +import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; +import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; +import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers; import org.springframework.security.oauth2.core.user.DefaultOAuth2User; import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; import org.springframework.security.oauth2.core.user.TestOAuth2Users; +import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.TestJwts; +import org.springframework.security.oauth2.server.resource.BearerTokenError; +import org.springframework.security.oauth2.server.resource.BearerTokenErrors; import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication; import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; +import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal; +import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication; +import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest; +import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications; +import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests; +import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests; import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; @@ -138,6 +169,17 @@ class SpringSecurityCoreVersionSerializableTests { (r) -> new SessionInformation(user, r.alphanumeric(4), new Date(1704378933936L))); generatorByClassName.put(ReactiveSessionInformation.class, (r) -> new ReactiveSessionInformation(user, r.alphanumeric(4), Instant.ofEpochMilli(1704378933936L))); + generatorByClassName.put(OAuth2AccessToken.class, (r) -> TestOAuth2AccessTokens.scopes("scope")); + generatorByClassName.put(OAuth2DeviceCode.class, + (r) -> new OAuth2DeviceCode("token", Instant.now(), Instant.now())); + generatorByClassName.put(OAuth2RefreshToken.class, + (r) -> new OAuth2RefreshToken("refreshToken", Instant.now(), Instant.now())); + generatorByClassName.put(OAuth2UserCode.class, + (r) -> new OAuth2UserCode("token", Instant.now(), Instant.now())); + generatorByClassName.put(DefaultOidcUser.class, (r) -> TestOidcUsers.create()); + generatorByClassName.put(OidcUserAuthority.class, + (r) -> new OidcUserAuthority(TestOidcIdTokens.idToken().build(), + new OidcUserInfo(Map.of("claim", "value")), "claim")); // oauth2-client ClientRegistration.Builder clientRegistrationBuilder = TestClientRegistrations.clientRegistration(); @@ -167,6 +209,18 @@ class SpringSecurityCoreVersionSerializableTests { token.setDetails(details); return token; }); + generatorByClassName.put(OidcIdToken.class, (r) -> TestOidcIdTokens.idToken().build()); + generatorByClassName.put(OidcLogoutToken.class, + (r) -> TestOidcLogoutTokens.withSessionId("issuer", "sessionId").issuedAt(Instant.now()).build()); + generatorByClassName.put(OidcSessionInformation.class, (r) -> TestOidcSessionInformations.create()); + generatorByClassName.put(DefaultOAuth2AuthenticatedPrincipal.class, (r) -> { + OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active(); + return new DefaultOAuth2AuthenticatedPrincipal(principal.getName(), principal.getAttributes(), + (Collection) principal.getAuthorities()); + }); + + // oauth2-jwt + generatorByClassName.put(Jwt.class, (r) -> TestJwts.user()); // oauth2-resource-server generatorByClassName @@ -192,6 +246,9 @@ class SpringSecurityCoreVersionSerializableTests { token.setDetails(details); return token; }); + generatorByClassName.put(BearerTokenError.class, (r) -> BearerTokenErrors.invalidToken("invalid token")); + generatorByClassName.put(OAuth2IntrospectionAuthenticatedPrincipal.class, + (r) -> TestOAuth2AuthenticatedPrincipals.active()); // core generatorByClassName.put(RunAsUserToken.class, (r) -> { @@ -215,6 +272,11 @@ class SpringSecurityCoreVersionSerializableTests { token.setDetails(details); return token; }); + generatorByClassName.put(OneTimeTokenAuthenticationToken.class, + (r) -> applyDetails(new OneTimeTokenAuthenticationToken("username", "token"))); + + generatorByClassName.put(TestingAuthenticationToken.class, + (r) -> applyDetails(new TestingAuthenticationToken("username", "password"))); // cas generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> { @@ -234,11 +296,25 @@ class SpringSecurityCoreVersionSerializableTests { return token; }); + // ldap + generatorByClassName.put(LdapAuthority.class, + (r) -> new LdapAuthority("USER", "username", Map.of("attribute", List.of("value1", "value2")))); + // saml2-service-provider generatorByClassName.put(DefaultSaml2AuthenticatedPrincipal.class, (r) -> TestSaml2Authentications.authentication().getPrincipal()); + generatorByClassName.put(Saml2Authentication.class, + (r) -> applyDetails(TestSaml2Authentications.authentication())); + generatorByClassName.put(Saml2PostAuthenticationRequest.class, + (r) -> TestSaml2PostAuthenticationRequests.create()); + generatorByClassName.put(Saml2RedirectAuthenticationRequest.class, + (r) -> TestSaml2RedirectAuthenticationRequests.create()); // web + generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> { + Collection authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); + return applyDetails(new AnonymousAuthenticationToken("key", "username", authorities)); + }); generatorByClassName.put(PreAuthenticatedAuthenticationToken.class, (r) -> { PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(user, "creds", user.getAuthorities()); @@ -361,6 +437,12 @@ private static InstancioApi instancioWithDefaults(Class clazz) { return instancio; } + private static T applyDetails(T authentication) { + WebAuthenticationDetails details = new WebAuthenticationDetails("remote", "sessionId"); + authentication.setDetails(details); + return authentication; + } + private static String getCurrentVersion() { String version = System.getProperty("springSecurityVersion"); String[] parts = version.split("\\."); diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.AnonymousAuthenticationToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.AnonymousAuthenticationToken.serialized new file mode 100644 index 0000000000000000000000000000000000000000..e8872447c4e4b79e806c9228b3fd7a09c546b6fa GIT binary patch literal 787 zcmb7?u}<7T5QfLTBR~QP3R0vLNd<@k`9yuy5zyU9mQLb=BBcPW?crE%y=!*IoSgzC zFOWV(@&HlVJVT0f;WeP9Ns-;N#BmV<;bLXaj%U7^|Nn6bGe$#4=|NyJ&E?=wvlK^4 z4+Dd7t~r$f%jpOu@t6@;GH6L9%T(p2H5GrWhA5$WJRkfn%nq^aFmn{byel2^j0uA0 z;W0a94Z-A~(Tk2Tre>j`{UCzKkY+L60&xC){Y^kjhTPEKXRDh( zFFr5%;Dt~ZHbSs;qm9dP({9{fZqnxE7JU4@fAxA?)QcTet;j6Y@}x>jYgW4I#iu{7 zzWiceYv6UEZukc*GOLLIY-=V76SwVgxYF1c)s$KZ zoL03@&PdH7BbeXqg*yj({hi&yaX-G-Ya@*Q_uD&+riI?FJx&8L5Jo49fFKkK3MgqPs5S?HCgLX`twcd2Bs%YU2u>WY@ywEhf}_wPAxaAF zLC+1i17o%zi4YR5Y|mJJ@0*uTSf&6cW$35mgK_=qphh?@!!RW*s$h7Us)}#Wu_+Xr z(xp8lmd4K9ZLb`ngL*X*NHSP20_yloSz_4C2I@|=t#bYLc|O2`_cK_FKNiL-dkYWH zm;~tl2c(k|2UYMdB=66A53Z{>5?H!|){FpZA&ciy)Qp(GR!vs1vF*dsT0s*_pB!%lc!rhw9naJlnqCpfytQmA!r)~5U+$i~ AcK`qY literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized new file mode 100644 index 0000000000000000000000000000000000000000..f70720d5f902c36826eb0e5f295676445b64fc4f GIT binary patch literal 699 zcmb7CJx?1!6ns9+S1iCH2q}s}1&9KjMeWLf1eQ*65hq9~koN8#W?{X1?7qVX1qu}% zeTw`6przptP|)GOk<@7@vU@IUBLrfL)86jvyqVG5{Do1Yp`mokH;Lx5wWnDdJ4zq= z2BTDSI`LUb`zVP=jJT4%BJvv&o4k!pb%?Sybe$hvu+MXyyX&q8UI3GhH{uBs1hc^b zJ7yKZWUJB$4=|!?03XQFd}kuXVZ>K*imI80t@jA5g@!bX=mlZjtCcgk6;FFG@&l#@ zjA0x=$^9#9nWG_??@3LGi^_%)!fLhdt=#b#iE&|$;0y{`0ye*8=gN0bzYjHw-(*|G ze2=qGV89JM%`C0m{<$oBPzazX>6R WCk&hBpzj%mIgd?I8LG?n^x_w=^;F3K literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.serialized new file mode 100644 index 0000000000000000000000000000000000000000..6eee1587de34eda9f15f6c1b4cf7e926c97a21c1 GIT binary patch literal 895 zcma)5ziSjh6rS6VOD-mu7||kP5w#G^ECjLe1Ul!7auT0|jrJGc-b1ECd_x}`Iqbvz1+=>^^9 z>hb!ykp~|yeeg&rAmvapkys$xgL$^d{0xNj&#<(b8**$*>9ygs*0f+)2=$tyRAeE= z@T5n&0#f05Dh#(Z05aT31R~-7l(N7SR0Gm0tj%~-g9UQkMf8EAdXdSD1KH6DkxaGx z1~@yad5ZoFILg!^(FQlGvp1iQj7~o7CnQgo20W7PS^vJ8Z&dHR-pH-PExTPDtt+)J z!_V%n=RmrPJcxCmz;g2GDJ>-ror8A&v`Ta&<^*d>j<$Tg|L`Y#>p59?S4tdcsi3lZ zGdvKg&7(F6mGh`bJLvC%|MBJdiLz^+bZ+G{+d--bDwYOcwn;?Bs zvuFZc)nt`{3G>7ex_zxa0{+ s|HHM?`60$cgqVUA2fc1;vCGRvn;Bfrg87%g5FXn}9VabKAx%^wpp+CSqPu{?fuyK7aeu6s7{vsM@DrYQpW{uQceiif zk_`tGBsd{~1PT|hU<$W?Ub>O}-A2h6l#D@k>#J|1=AKtaG60dkJ^+w<|BH>cGZEgL z>6&B{VaiqG8wOk&1zuyJP=xU!u7CLZ=69Fs#qBhtOOSQ!XT3G72TYgHw7IKzX0v!^ zY}zCkO)_ngxniu0X%3JlDxHE;|HBZ)McP!y(>W=b%~6arlh6%Q`J z>)m-&;Z(3;7m1s1YR&Nt((8|W1pjzarddx2EHIKZm{@chp6%2eRuvq%_}fPxZ>!(4 zGn%!jhIXsf#}f6DA62 z8-3+^2GVC?P%Hsmez>`qMovn2I0@_DkVy8A%)sVXFaL3O42Y#*w5^YlYuF1I&7L5k|8K4;bnJ4T5qS+^BH5_0pS{$B&)=6kTJ} z9>6#OR$eG?k32GQiM%>YX$s!oI?Mm6&mz$KV_J@{w}+lVFNL1lA?f&Lt5Z+V$lUmH z{4e{_cW%se^gJPIn-i zi{DcLPAj-0?kQrUS#$%%TpDHrnzD9YQA(3I4iydi=a>ka=+c1(;)KH6_DOxAE9Cn~ zC5DZj5-5{0BtY*j2$EgG)PKj720OhVlKkN4609hq6w~o!OCp;nKR3hGh2iDq=KP%YaRQNN3F0Pr>7}o bVe5OLgYhYy2@Mq-XZ_1oAZz%mixt5?HfINe literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal.serialized new file mode 100644 index 0000000000000000000000000000000000000000..1acd8531274b89c17c7f9c7f1323bca71d41808f GIT binary patch literal 1225 zcmaJ>O=uHA6n@F3f3d}CMNm;h)RS(c@uylr+iJBCZEID~QtM=Q(oCG}tTS($ErNLP z;LVeQqBjK(dhzH%5Rc+P!GoR!=|RDRDB|CnO=3jQh0IRgoA=)LzW2@Ee-CX&LqX{| z*MwRGb0y8Hyr%Ry*KjY=0vBAxA}sg2p3>Ysz)LKWI6h=ecHsdEk0JLbDB2Stllw=% z+`j4FSWJUcfGk7Qq8K4J2ulkUHqUYq3Yj~?!odP8v8feR5!S!*5C4dgl6xprK*urx zfkIeb_e&Pc<)$cYFgF;71b>rF>)Nz#E6i*>5mc2gN`e(7r*a?f-ur={I)>AbDnP1w z9xg&E318L*-j<$8YdGd7S*%uC^MMomNhqJCH*+uw;$}&UF)Q^ zmwsIc4vTz3w7QjYNNcuWHYTrvF!=h;-p9|cw7(=6(~x2aebaxmHD0Vx*VI;|n-16Z z>o)p*@bcul#kCg>r2*oQN~RDtmk~p=CzlJgLJH=-%VSmzC3gdkIfAPq?Gb&BiHZm- zPVX4cN8!ZCz`&#)s>Iv2`Gg9bpjaZ{Jqd6WRqjr4eQoCQqcs~2KkT;EYCTjG+Fwn6 zx4lA)BppwM+*l^FkzISp?jU3|XFj=WG+3(J;VT)IMLZ8j z&^FIx#N&|W;Lt1KqOZ;r9KUhzXoIOPPYSvzvw~>pmHqjFO1?kuo2~tMQQ3~r84<3! z#xoUP@t6v4X-Vi`qHft&4a22pXFjj1YumH^q#J0mq@*3w|G(kM)jp(IK;p5N+TO^8 z!P4$;aCN43s;M=HP!0e0OOfRHJur7lSQY-A*HQwImI>C3CQch;LdZ^yj87b#wem@r V%pokPn-VECZ9R2cLsm9=*)IqemVN*L literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2AccessToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2AccessToken.serialized new file mode 100644 index 0000000000000000000000000000000000000000..02756044e91897a95b670a16288a4bc0f057c5ec GIT binary patch literal 733 zcma))ze^lJ6vyAKxg?60!~_J9ScrBq10hw;kgSR*ELfb{BoW5--8pe@XEXCw*G8@| zbs#|-{{<@>#nwu!EUf(t6s&ABv&(U!kT}&a%zVB--t1pN*=YEnbc2~h%eYb3qKO+y zuQ7vRswHhQB~n^_$3mr%&G~Nchanm>uhuZWIDNrxKGq`-ya1k>P$g&xUIyRAy5K3v zh}V#+0d$kQJ-?YC!E|8t_&q(|*5id9cY6GR-bk+MIMqzU_@j;c%Z9WFsQ~5>$d_lW zcUga!B~qjDiQrA)o@5jGY-~uxF2QqYOo}T${eUfa5K_zHJ{54$mC)0%XZX#d8K4U;o6FlbfE*IPSCd=@@oY$V_35+A2qm)r%>9kb#+Z8a(Ec&~ Y91CuE)@pg(O~Lh7&Jx?$1PYD%FTV!)=Kufz literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2DeviceCode.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2DeviceCode.serialized new file mode 100644 index 0000000000000000000000000000000000000000..adb4babe4f134310b4974eaf3c95d3573ffa572d GIT binary patch literal 313 zcmZ4UmVvdnh`}MHMz7Xv!qflKe4nV!$>bVzbIAD z-x0)iNiEAvPIb;tN&Uk3^UBoshr*Z`7%GYwY=}0;F{!wuC^5MNVqQpoc4{627%=59 zF);fuaHduiWEQ0sJC>9%2>WCumL=+!Wag&od*&6FB<7V^`!H~178jSMrZ|=qGSo3J z`7m&mfD8#s%qdMRVGx37$w|yh*AFfM`OCVZ0O(O(kV$$Vlk|d9i>Ai5?2=aU*u(>L kd_g%c&<_j@>Cukw_)Kr5RuqHGWknI4b*rL;ffZ~I0Pl-x&j0`b literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2RefreshToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2RefreshToken.serialized new file mode 100644 index 0000000000000000000000000000000000000000..07fbb5a3302a886b040367acec63d1def0306ba3 GIT binary patch literal 322 zcmZ4UmVvdnh`~C)C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qflKe4nV!$>bVzbIAD z-x0(PN=++DEzStZ&rZ!d_Eh|ZY!m|+Fy$~Y zF#9lYrdAYW0&Q_DDPa)y$x19s)Gx`*P1X0zD=taQE3x)r;K(d4E=^5wEGcBDV_@=O z;3@&RCoD0iG_{052%;q?F)v*|xCG=g>xu%PS9w7u>48kr3r;PX8r!l literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2UserCode.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2UserCode.serialized new file mode 100644 index 0000000000000000000000000000000000000000..cd08653a3533e58d52fe72ebe3e1605ff285333c GIT binary patch literal 311 zcmZ4UmVvdnh`~I+C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qflKe4nV!$>bVzbIAD z-x0(PElw?R&QD1_X}tByAFrh>ObiSaMGQ7Xo8p*MTvC*nTmmsIBtJVfj{yvra+nyH zeHb`XD+)4;Qi~l+N*IKFvJ%S@^-D5yQ}sRbic1pnO00btI5LZiOH)%EO9~n47?^w* zxJp2VgeB&brj{@WLA2x~=B4WgmwQubC9gUn?`5%n*vC}Cg)+XDbcIBC8B literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.OidcIdToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.OidcIdToken.serialized new file mode 100644 index 0000000000000000000000000000000000000000..c1ba97ea047144b8765946b1aea930b1ca74df2a GIT binary patch literal 682 zcma))J#W-N5QfJ#xsQ;DBqxE;bqG3QONfRX5*$d;opf-B@F78v*z<1e&8@x8?wB(T zRcbm)N~B1nqM)D(;txPU!w;aNprArR%sQY@V#(u`z3=%JM zK}%X&3f{*Zc;*!I=vuwUR4EWv4ke1^Nwk4(!r1`UZuKDHthm(>mp4ywZ%X6IgAA(8iPyrdsi;xN^0|yD)3fbBXQ-LO=)! zZ;DvhwI~u5%L*mvAIRt%D>+U0Pn?^OpxuA|`t4eGZ#e*O2m!LBD#*>79di|-9V;nv kT$P+y1-6_ZG^uVA8yCpx<7&~84%m@sBKVTK)#(a;1Fw494*&oF literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.serialized new file mode 100644 index 0000000000000000000000000000000000000000..1fdeabaebba5c028393a3fa2da390fe4d8cec69e GIT binary patch literal 2051 zcmbVNO>7%Q6n?SYI7u67D72K&QX;riWLH3iL{q6aNlUFRHL3}R@>3?eV|$wMj+uQ+ z91bW4xPpWfE}W4#R6^nc>V={nIrRkM@5l*|I3Of`BHo*=y>S{U3rl{xJ8$Nj_rCew zo2$RTp2Wg}u`Ms@S{1jNR&?Z=v8!Gp!_+EV_l!uf{e%}9D?Ov4&`T3(y(QTcsm3}D zEYtUo|NQy=C+*r+0SW<>RrG>cl`+D6K+ygUXul8bXV5-F`wZC;<$MAe9yw^ky9MXuF9!14!B=I7oZrxlt8p<_MpH-w*}(*ARzOJVP2 z!VGbzcKRC<$zO?y<7yw`yj(}PCj-$UZut$uj$8A+E}hJyjO{VDw`jDMAu1Cmk1WR> z6RD;WD_YW?zkT%a7XDsdD8N_%W1ZLGEhxF=hw|ltidSWHP9$wwaN_!fmn-`EU$o#7 zg&T%4N$NI|mYBLbUvq2rp7OU}-Z=Q$%_0=e!jv{5Ix9jnwg!{fwlZlO9re1WpK%oJ zTbrO~h5luPVv?>Pl*wM9(CJ&G(P&u_QyWL#zxm#W8_NX%3hS{vtp8#nA3wYR8(+Qp z$I*fTq}7y==T9G7?%F}7c+lHkH7of`Jslu(U3$3bj6NlK=n! literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority.serialized new file mode 100644 index 0000000000000000000000000000000000000000..7e6086fda3dd4ab0e59ba609e193ad4e90a3ff94 GIT binary patch literal 1313 zcmbVL&rcIU6n@ZX5-$RYR*=wGX#%2&VsyGYv;*7Sb!L{XiSgu_ zi}6n|A(4{@4_?Ih7kJgXH;o=VX^ihpsepQDY_i|(cHjHneBXSt^9j0@gt<`GY!yin z)Yc?x@Mb7CY{lJJ3jM$iS*+`mwi`-rhr)C1SaE4r@M#4fiuf_4y4Qst-np$0S1qv0 zkP+VXaDxXLrprj~{6X%t$(^`|t?5lL+_Z3^CfoXwQbe&s{CTK#i{ijnETof>nKvlfFLN{;9uZ zE?bZ)L#jdTU8a3(zr8Gi4el*4RmX<&yNj!X{_b~dxCKX;>vE+k(&G{x%I){;Rd;9J zzj>R#_bv_AJoNb?^X8eWLs^2Xu1l`!q3o7HB$Y z=xxlsq9#eFFyETa?+r4O{=rbv?F2zVW3@M73d~wF2D5+Vpogl52!;vz362sB666R@ w5)=r=2n>Iop7IHxuTvd6@Y~n+ncvrsN8^yO(LWZQGU25dq-gpG!Ds@%0Gwx@i~s-t literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.jwt.Jwt.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.jwt.Jwt.serialized new file mode 100644 index 0000000000000000000000000000000000000000..06f8ee1babad6d1d3feecb7b8b1dff1079308921 GIT binary patch literal 831 zcma))F>KR76oy|M(zGQNEmR!yCa#c} zI%4!1G}!P+Ue9;gH|v_joNu zscKhwGV4RRC3q-|y$cVZkQtc!ACEvA!Rif*h6lJ@cfQwkN5qg{p7NmR!-&WdX@spK z!jU~+l#!?{#TI#t8~!8KfQf-^v+HZyagClnuiNSRhuOk!4~mrX%%M4 z`3rgaN_UvXak|S0MV^KfqdF*AH->N6>3r~|#g9+t-h6mCv`b0WpunjSYky%~ZnSC3 zgf%t$KbYgq`n+H6u73G?;{IjN!6nNA!c+?}vFBx|=$oO&bUkkq$aDC@jv0wK7xTa6DeDCC6^1_LGmaU;#7lC+sjkJU9XZnE?Up29PD z6;I$D>>h&=abd5zx{Ips`(Hm`#S%0O4TVifC&K}$2|gMc3yV=knxBMG8IKNJO;aR6 zXiY{DiW(|H>Y6boO(H|*Z)fHAm(p_pK?rLj=Cs3#Gt00Oy7}_geCa!6>$|NII+Vzy z$WRRL)l|t?B}3U^PgR)_9R3F~GK8XC^}sn4=CgXs9=Xs_gQ^b2>( zVt-Ch`pd#cA(l~mK?4*4ocERwL-;U6Gsz}DKON#m@2cACw%XU1x6KAa;ih)+3A25g A?f?J) literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal.serialized new file mode 100644 index 0000000000000000000000000000000000000000..aa140e896508f67d26c9228e50bc651cd266b4a3 GIT binary patch literal 1434 zcmah}O^6&t6n-;3vpc)l!9iU}$HtOc^kGinTg=OPo z_Q<(tphMY_ysZSK`|Z;!ckuVgrHska;7xcNDp~c1#>Y=_+oP@3$sfM{X6}veJSeZg zw9-6W;Q?y122|mQ(1`_Ihd=L74?30{nejuKK#~d86b@*WeMSl9%5{t z^ZnRpq{AX)BIScv2^IqIQRX*E8TK z2ZC)1^ZxcbUq1Bssn2Izwqc!;!o-a;w_UA}BF#deV__YW^~61$!$YVT!9#Knsj<|y z$xy4fNBRd(T1!c0vLpnKoqMJA!O>@)K78vZwpf zNDCdQ#Aw~q7K?Swm9GP>if_+|PPR<{Y&2#6DTG==xN?nG`k@vnB|bKm(0_?~Y=3YGE`9s@ACKhP4qQFe z0!^KibYg4&3C~7*)$oYK;k|Jk sB>-iWVXYYAv}hB;^yc#V#!DBRd@?2*2nTXgCZ&ljQ5WcuBG(g%45QrgVDTo2tf`Ngsq_hf^TopAGL$@%WP@4NdhuYbX)l5jne4M)Y2 zhmE>qP3%N+-BIYbB-dR>v8Fih#4>90042p`oBQanmR`kBbDwD*g-+FEm3PHPpXWa= zgx)s`ED!Pq-sdqB8ZLU&&>d*#ZZ~xONTQp8!rll7{d1f=L1mhNrtUw`Chk*wN&F_eY#8GKD z)+5r=T)3AbA<#F2A;$Xy)Qk&C$#Pw+tx-lPiF34p(?)}1N}YbGnqCf@QNZh*)dYH6 z>Aw@F&b|HlaMFUD2ezPyhRIA@lVjAM-5ajo=EMx#{c!8|R0^8&@4zP5Nlc`U^ij%E zvaUf-?tLykdC#7XKyDsv#WygC0U+10&6A2|h7R7WHg%4fTGy%aW-PEGS*S5E(@(>M zL?27^RLV%8;bbMThWyf^H+OrvI=7UV*dc0oWoW|=)&`w=18ch%J=+IN?xE|94QcSZ6Jv2k$C#43F=>`V$n3k1Vh~ zIKVWSzt+;miW3=6EU=h7XoqyyTQbHaHfWVHJ=`rV9*l1b2m?$ol{}W(V5)C}zG>9- zTr<{P0>63T=!2E7KR#IiW{>=jBub`ydcS$^UoZ{~=(yCuv#HBR#)_UD?{uJ|VI!RmSlK)6*|lav9C2<e`l; literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.serialized new file mode 100644 index 0000000000000000000000000000000000000000..b706114187c4d428a2e32015b0022e4bf436cc91 GIT binary patch literal 473 zcmb`Du};H442DfmkpQtUAs*r?u`*>u%779vFq+g{4VUEVa{^)DiI8{|Hg{2 zl}l7^YE#6ioE9upYP!?QY1LBD+pm}RPyb;ONHRDGY*S|yPO}H>aPF|S^FkxSWd?^s zw?=J+R`3dY&;Ns%-USsbbwvFW5yqFe1ZEkW?K+%X+z5|M86>=zen&zM`$AFIycwJi zm45JYjiP-{mgD7^)77u$IL12dT$}U?`!VsjSYd0Y!b#xDJBkv&9Okygy2)}A+Yhyg Br`7-f literal 0 HcmV?d00001 diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.serialized new file mode 100644 index 0000000000000000000000000000000000000000..19cfd3c8f9bd0950aac2b086810fee48bf3422ef GIT binary patch literal 736 zcmbV~zi-qq6vtn4JzcqqUmc3X467{=8v{^8MWr0AE`dkts4!Q-Kx9RFKpaQ##i*u_PqN?f)1LYIOAJ&Z}=cMO&rEr1%Fj&wdTYup=F*XEEqUuTLgz$|Yu&l`V~Au%uoAx! z6Ty|Ja-L8C^E*pQcb7eYBZy)c8WCs-ts}VFDQc36kA(5*H!Z5ES8fSQ)A5|~M%EtC zm?I0@|5LhoimqaRQ^4$50cb2-2`DU}uqRbr&Tkrm#jVX`n>y-qK;P5btt#NK$66^& zLzmpG=T)gQxhKW0LXY|5?YrOfbFdb{LJSLK;OaHT%WquBV_EHE_EfmS3+|mh+qtGr ze|f=6SQcsO%fD&;T=` y%hWqu^4~@OMg+^rqftDYARmQsIFE*7RAQQtAS4+2F3o}l2rfHW8igU>6y^_|8vX77 literal 0 HcmV?d00001 diff --git a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java index eda644dca3c..3bceb22be3a 100644 --- a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java @@ -16,6 +16,7 @@ package org.springframework.security.authentication.ott; +import java.io.Serial; import java.util.Collection; import java.util.Collections; @@ -30,6 +31,9 @@ */ public class OneTimeTokenAuthenticationToken extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = -8691636031126328365L; + private final Object principal; private String tokenValue; diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java index 424fe11cc49..042b9a7e297 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java @@ -16,6 +16,7 @@ package org.springframework.security.ldap.userdetails; +import java.io.Serial; import java.util.Collections; import java.util.List; import java.util.Map; @@ -31,6 +32,9 @@ */ public class LdapAuthority implements GrantedAuthority { + @Serial + private static final long serialVersionUID = 343193700821611354L; + private final String dn; private final String role; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java index 41b425bf408..3b08ef529d5 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.client.oidc.authentication.logout; +import java.io.Serial; import java.time.Instant; import java.util.Collection; import java.util.Collections; @@ -45,6 +46,9 @@ */ public class OidcLogoutToken extends AbstractOAuth2Token implements LogoutTokenClaimAccessor { + @Serial + private static final long serialVersionUID = -5705409698230609696L; + private static final String BACKCHANNEL_LOGOUT_TOKEN_EVENT_NAME = "http://schemas.openid.net/event/backchannel-logout"; private final Map claims; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java index d7463151782..693a06d3aa4 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.client.oidc.session; +import java.io.Serial; import java.util.Collections; import java.util.Date; import java.util.LinkedHashMap; @@ -33,6 +34,9 @@ */ public class OidcSessionInformation extends SessionInformation { + @Serial + private static final long serialVersionUID = -1703808683027974918L; + private final Map authorities; /** diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java index aaacad14a64..21b7075e984 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.io.Serializable; import java.util.Collection; import java.util.Collections; @@ -34,6 +35,9 @@ */ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2AuthenticatedPrincipal, Serializable { + @Serial + private static final long serialVersionUID = 4631662622577433065L; + private final Map attributes; private final Collection authorities; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java index 8ec26b60238..d288503f131 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.io.Serializable; import java.time.Instant; import java.util.Collections; @@ -41,6 +42,9 @@ */ public class OAuth2AccessToken extends AbstractOAuth2Token { + @Serial + private static final long serialVersionUID = -3041884478533441940L; + private final TokenType tokenType; private final Set scopes; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java index c2127afdda9..dacacd90292 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.time.Instant; /** @@ -30,6 +31,9 @@ */ public class OAuth2DeviceCode extends AbstractOAuth2Token { + @Serial + private static final long serialVersionUID = -864134962034523562L; + /** * Constructs an {@code OAuth2DeviceCode} using the provided parameters. * @param tokenValue the token value diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java index f203076517e..204f12bb42a 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.time.Instant; /** @@ -36,6 +37,9 @@ */ public class OAuth2RefreshToken extends AbstractOAuth2Token { + @Serial + private static final long serialVersionUID = -4114856398229602435L; + /** * Constructs an {@code OAuth2RefreshToken} using the provided parameters. * @param tokenValue the token value diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java index 31d6b6b6094..9ffad7dca07 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.time.Instant; /** @@ -30,6 +31,9 @@ */ public class OAuth2UserCode extends AbstractOAuth2Token { + @Serial + private static final long serialVersionUID = -3948612521903348476L; + /** * Constructs an {@code OAuth2UserCode} using the provided parameters. * @param tokenValue the token value diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java index 87f72cd3531..c62975a75f5 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core.oidc; +import java.io.Serial; import java.time.Instant; import java.util.Collection; import java.util.Collections; @@ -48,6 +49,9 @@ */ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor { + @Serial + private static final long serialVersionUID = -1840734870428968020L; + private final Map claims; /** diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java index 2266fcf0e1c..09bf6929f55 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core.oidc.user; +import java.io.Serial; import java.util.Collection; import java.util.Map; @@ -42,6 +43,9 @@ */ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser { + @Serial + private static final long serialVersionUID = -2378469202439157250L; + private final OidcIdToken idToken; private final OidcUserInfo userInfo; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java index 793e2127a96..4d07ad136c0 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core.oidc.user; +import java.io.Serial; import java.util.HashMap; import java.util.Map; @@ -36,6 +37,9 @@ */ public class OidcUserAuthority extends OAuth2UserAuthority { + @Serial + private static final long serialVersionUID = -4675866280835753141L; + private final OidcIdToken idToken; private final OidcUserInfo userInfo; diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java index 829f7312491..c25eb14c433 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.jwt; +import java.io.Serial; import java.time.Instant; import java.util.Collection; import java.util.Collections; @@ -49,6 +50,9 @@ */ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor { + @Serial + private static final long serialVersionUID = 4872843562494199108L; + private final Map headers; private final Map claims; diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java index 30e9d29bde7..31ceac46265 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.oauth2.server.resource; +import java.io.Serial; + import org.springframework.http.HttpStatus; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.util.Assert; @@ -34,6 +36,9 @@ */ public final class BearerTokenError extends OAuth2Error { + @Serial + private static final long serialVersionUID = 4521118368930341766L; + private final HttpStatus httpStatus; private final String scope; diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java index b75e58c40c3..9330d4a2d43 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.server.resource.introspection; +import java.io.Serial; import java.io.Serializable; import java.util.Collection; import java.util.Map; @@ -36,6 +37,9 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal implements OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal, Serializable { + @Serial + private static final long serialVersionUID = 382069143804098909L; + private final OAuth2AuthenticatedPrincipal delegate; /** diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java index d32c1f44697..2292f52a378 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.saml2.provider.service.authentication; +import java.io.Serial; import java.util.Collection; import org.springframework.security.authentication.AbstractAuthenticationToken; @@ -37,6 +38,9 @@ */ public class Saml2Authentication extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = 405897702378720477L; + private final AuthenticatedPrincipal principal; private final String saml2Response; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java index d0fb791970a..858a3e2fb01 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.saml2.provider.service.authentication; +import java.io.Serial; + import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding; @@ -30,6 +32,9 @@ */ public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationRequest { + @Serial + private static final long serialVersionUID = -6412064305715642123L; + Saml2PostAuthenticationRequest(String samlRequest, String relayState, String authenticationRequestUri, String relyingPartyRegistrationId, String id) { super(samlRequest, relayState, authenticationRequestUri, relyingPartyRegistrationId, id); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java index 4101801204f..7096abc925d 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.saml2.provider.service.authentication; +import java.io.Serial; + import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding; @@ -30,6 +32,9 @@ */ public final class Saml2RedirectAuthenticationRequest extends AbstractSaml2AuthenticationRequest { + @Serial + private static final long serialVersionUID = 6476874109764554798L; + private final String sigAlg; private final String signature; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java index ab51f9bbc5c..5f607328dd0 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.saml2.provider.service.authentication.logout; +import java.io.Serial; import java.io.Serializable; import java.nio.charset.StandardCharsets; import java.util.Collections; @@ -39,6 +40,9 @@ */ public final class Saml2LogoutRequest implements Serializable { + @Serial + private static final long serialVersionUID = -3588981995674761337L; + private static final Function, String> DEFAULT_ENCODER = (params) -> { if (params.isEmpty()) { return null;