Skip to content

Commit

Permalink
Add serialVersionUID to Authentication classes
Browse files Browse the repository at this point in the history
  • Loading branch information
jzheaux committed Dec 13, 2024
1 parent 77f76f8 commit aed95a4
Show file tree
Hide file tree
Showing 46 changed files with 192 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.security.config.annotation.web.configurers.oauth2.client;

import java.io.Serial;
import java.util.Collections;

import org.springframework.security.authentication.AbstractAuthenticationToken;
Expand All @@ -36,6 +37,9 @@
*/
class OidcBackChannelLogoutAuthentication extends AbstractAuthenticationToken {

@Serial
private static final long serialVersionUID = 9095810699956350287L;

private final OidcLogoutToken logoutToken;

private final ClientRegistration clientRegistration;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@

package org.springframework.security.config.annotation.web.configurers.oauth2.client;

import java.io.Serial;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
Expand All @@ -29,6 +31,9 @@
*/
class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken {

@Serial
private static final long serialVersionUID = -1568528983223505540L;

private final String logoutToken;

private final ClientRegistration clientRegistration;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.security.config.web.server;

import java.io.Serial;
import java.util.Collections;

import org.springframework.security.authentication.AbstractAuthenticationToken;
Expand All @@ -36,6 +37,9 @@
*/
class OidcBackChannelLogoutAuthentication extends AbstractAuthenticationToken {

@Serial
private static final long serialVersionUID = 9095810699956350287L;

private final OidcLogoutToken logoutToken;

private final ClientRegistration clientRegistration;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@

package org.springframework.security.config.web.server;

import java.io.Serial;

import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
Expand All @@ -29,6 +31,9 @@
*/
class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken {

@Serial
private static final long serialVersionUID = -1568528983223505540L;

private final String logoutToken;

private final ClientRegistration clientRegistration;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
import java.nio.file.Paths;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
Expand All @@ -40,6 +41,9 @@
import java.util.stream.Collectors;
import java.util.stream.Stream;

import com.nimbusds.oauth2.sdk.token.BearerTokenError;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apereo.cas.client.validation.AssertionImpl;
import org.instancio.Instancio;
import org.instancio.InstancioApi;
Expand All @@ -54,26 +58,42 @@
import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
import org.springframework.core.type.filter.AssignableTypeFilter;
import org.springframework.security.access.intercept.RunAsUserToken;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.authentication.TestAuthentication;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.session.ReactiveSessionInformation;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.LdapAuthority;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthenticationTokens;
import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthorizationCodeAuthenticationTokens;
import org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken;
import org.springframework.security.oauth2.client.oidc.authentication.logout.TestOidcLogoutTokens;
import org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation;
import org.springframework.security.oauth2.client.oidc.session.TestOidcSessionInformations;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.OAuth2DeviceCode;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2UserCode;
import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
Expand All @@ -82,16 +102,28 @@
import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges;
import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.security.oauth2.core.user.TestOAuth2Users;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.TestJwts;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

Expand All @@ -118,6 +150,8 @@ class SpringSecurityCoreVersionSerializableTests {

static final long securitySerialVersionUid = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

private static final Log log = LogFactory.getLog(SpringSecurityCoreVersionSerializableTests.class);

static Path currentVersionFolder = Paths.get("src/test/resources/serialized/" + getCurrentVersion());

static Path previousVersionFolder = Paths.get("src/test/resources/serialized/" + getPreviousVersion());
Expand All @@ -138,6 +172,17 @@ class SpringSecurityCoreVersionSerializableTests {
(r) -> new SessionInformation(user, r.alphanumeric(4), new Date(1704378933936L)));
generatorByClassName.put(ReactiveSessionInformation.class,
(r) -> new ReactiveSessionInformation(user, r.alphanumeric(4), Instant.ofEpochMilli(1704378933936L)));
generatorByClassName.put(OAuth2AccessToken.class, (r) -> TestOAuth2AccessTokens.scopes("scope"));
generatorByClassName.put(OAuth2DeviceCode.class,
(r) -> new OAuth2DeviceCode("token", Instant.now(), Instant.now()));
generatorByClassName.put(OAuth2RefreshToken.class,
(r) -> new OAuth2RefreshToken("refreshToken", Instant.now(), Instant.now()));
generatorByClassName.put(OAuth2UserCode.class,
(r) -> new OAuth2UserCode("token", Instant.now(), Instant.now()));
generatorByClassName.put(DefaultOidcUser.class, (r) -> TestOidcUsers.create());
generatorByClassName.put(OidcUserAuthority.class,
(r) -> new OidcUserAuthority(TestOidcIdTokens.idToken().build(),
new OidcUserInfo(Map.of("claim", "value")), "claim"));

// oauth2-client
ClientRegistration.Builder clientRegistrationBuilder = TestClientRegistrations.clientRegistration();
Expand Down Expand Up @@ -167,6 +212,18 @@ class SpringSecurityCoreVersionSerializableTests {
token.setDetails(details);
return token;
});
generatorByClassName.put(OidcIdToken.class, (r) -> TestOidcIdTokens.idToken().build());
generatorByClassName.put(OidcLogoutToken.class,
(r) -> TestOidcLogoutTokens.withSessionId("issuer", "sessionId").issuedAt(Instant.now()).build());
generatorByClassName.put(OidcSessionInformation.class, (r) -> TestOidcSessionInformations.create());
generatorByClassName.put(DefaultOAuth2AuthenticatedPrincipal.class, (r) -> {
OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active();
return new DefaultOAuth2AuthenticatedPrincipal(principal.getName(), principal.getAttributes(),
(Collection<GrantedAuthority>) principal.getAuthorities());
});

// oauth2-jwt
generatorByClassName.put(Jwt.class, (r) -> TestJwts.user());

// oauth2-resource-server
generatorByClassName
Expand All @@ -192,6 +249,9 @@ class SpringSecurityCoreVersionSerializableTests {
token.setDetails(details);
return token;
});
generatorByClassName.put(BearerTokenError.class, (r) -> BearerTokenError.INSUFFICIENT_SCOPE);
generatorByClassName.put(OAuth2IntrospectionAuthenticatedPrincipal.class,
(r) -> TestOAuth2AuthenticatedPrincipals.active());

// core
generatorByClassName.put(RunAsUserToken.class, (r) -> {
Expand All @@ -215,6 +275,11 @@ class SpringSecurityCoreVersionSerializableTests {
token.setDetails(details);
return token;
});
generatorByClassName.put(OneTimeTokenAuthenticationToken.class,
(r) -> applyDetails(new OneTimeTokenAuthenticationToken("username", "token")));

generatorByClassName.put(TestingAuthenticationToken.class,
(r) -> applyDetails(new TestingAuthenticationToken("username", "password")));

// cas
generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> {
Expand All @@ -234,11 +299,25 @@ class SpringSecurityCoreVersionSerializableTests {
return token;
});

// ldap
generatorByClassName.put(LdapAuthority.class,
(r) -> new LdapAuthority("USER", "username", Map.of("attribute", List.of("value1", "value2"))));

// saml2-service-provider
generatorByClassName.put(DefaultSaml2AuthenticatedPrincipal.class,
(r) -> TestSaml2Authentications.authentication().getPrincipal());
generatorByClassName.put(Saml2Authentication.class,
(r) -> applyDetails(TestSaml2Authentications.authentication()));
generatorByClassName.put(Saml2PostAuthenticationRequest.class,
(r) -> TestSaml2PostAuthenticationRequests.create());
generatorByClassName.put(Saml2RedirectAuthenticationRequest.class,
(r) -> TestSaml2RedirectAuthenticationRequests.create());

// web
generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {
Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
return applyDetails(new AnonymousAuthenticationToken("key", "username", authorities));
});
generatorByClassName.put(PreAuthenticatedAuthenticationToken.class, (r) -> {
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(user, "creds",
user.getAuthorities());
Expand Down Expand Up @@ -361,6 +440,12 @@ private static InstancioApi<?> instancioWithDefaults(Class<?> clazz) {
return instancio;
}

private static <T extends AbstractAuthenticationToken> T applyDetails(T authentication) {
WebAuthenticationDetails details = new WebAuthenticationDetails("remote", "sessionId");
authentication.setDetails(details);
return authentication;
}

private static String getCurrentVersion() {
String version = System.getProperty("springSecurityVersion");
String[] parts = version.split("\\.");
Expand Down
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.security.authentication.ott;

import java.io.Serial;
import java.util.Collection;
import java.util.Collections;

Expand All @@ -30,6 +31,9 @@
*/
public class OneTimeTokenAuthenticationToken extends AbstractAuthenticationToken {

@Serial
private static final long serialVersionUID = -8691636031126328365L;

private final Object principal;

private String tokenValue;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
*/
public class LdapAuthority implements GrantedAuthority {

private static final long serialVersionUID = 343193700821611354L;

private final String dn;

private final String role;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.security.oauth2.client.oidc.authentication.logout;

import java.io.Serial;
import java.time.Instant;
import java.util.Collection;
import java.util.Collections;
Expand Down Expand Up @@ -45,6 +46,9 @@
*/
public class OidcLogoutToken extends AbstractOAuth2Token implements LogoutTokenClaimAccessor {

@Serial
private static final long serialVersionUID = -5705409698230609696L;

private static final String BACKCHANNEL_LOGOUT_TOKEN_EVENT_NAME = "http://schemas.openid.net/event/backchannel-logout";

private final Map<String, Object> claims;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.security.oauth2.client.oidc.session;

import java.io.Serial;
import java.util.Collections;
import java.util.Date;
import java.util.LinkedHashMap;
Expand All @@ -33,6 +34,9 @@
*/
public class OidcSessionInformation extends SessionInformation {

@Serial
private static final long serialVersionUID = -1703808683027974918L;

private final Map<String, String> authorities;

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.security.oauth2.core;

import java.io.Serial;
import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
Expand All @@ -34,6 +35,9 @@
*/
public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2AuthenticatedPrincipal, Serializable {

@Serial
private static final long serialVersionUID = 4631662622577433065L;

private final Map<String, Object> attributes;

private final Collection<GrantedAuthority> authorities;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.security.oauth2.core;

import java.io.Serial;
import java.io.Serializable;
import java.time.Instant;
import java.util.Collections;
Expand All @@ -41,6 +42,9 @@
*/
public class OAuth2AccessToken extends AbstractOAuth2Token {

@Serial
private static final long serialVersionUID = -3041884478533441940L;

private final TokenType tokenType;

private final Set<String> scopes;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@

package org.springframework.security.oauth2.core;

import java.io.Serial;
import java.time.Instant;

/**
Expand All @@ -30,6 +31,9 @@
*/
public class OAuth2DeviceCode extends AbstractOAuth2Token {

@Serial
private static final long serialVersionUID = -864134962034523562L;

/**
* Constructs an {@code OAuth2DeviceCode} using the provided parameters.
* @param tokenValue the token value
Expand Down
Loading

0 comments on commit aed95a4

Please sign in to comment.