diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java index 73f76bffd78..827b0a05548 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.client; +import java.io.Serial; import java.util.Collections; import org.springframework.security.authentication.AbstractAuthenticationToken; @@ -36,6 +37,9 @@ */ class OidcBackChannelLogoutAuthentication extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = 9095810699956350287L; + private final OidcLogoutToken logoutToken; private final ClientRegistration clientRegistration; diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java index 4a227e3be8e..e609389e8fe 100644 --- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java +++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.config.annotation.web.configurers.oauth2.client; +import java.io.Serial; + import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.client.registration.ClientRegistration; @@ -29,6 +31,9 @@ */ class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = -1568528983223505540L; + private final String logoutToken; private final ClientRegistration clientRegistration; diff --git a/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java b/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java index f7dd4b2e098..d5d95f471c1 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java +++ b/config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.config.web.server; +import java.io.Serial; import java.util.Collections; import org.springframework.security.authentication.AbstractAuthenticationToken; @@ -36,6 +37,9 @@ */ class OidcBackChannelLogoutAuthentication extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = 9095810699956350287L; + private final OidcLogoutToken logoutToken; private final ClientRegistration clientRegistration; diff --git a/config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java b/config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java index 8d5ab818a5f..617f2969804 100644 --- a/config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java +++ b/config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.config.web.server; +import java.io.Serial; + import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.client.registration.ClientRegistration; @@ -29,6 +31,9 @@ */ class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = -1568528983223505540L; + private final String logoutToken; private final ClientRegistration clientRegistration; diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java index bbb0adead6a..cff442fffe8 100644 --- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java +++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java @@ -32,6 +32,7 @@ import java.nio.file.Paths; import java.time.Instant; import java.util.ArrayList; +import java.util.Collection; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -54,26 +55,42 @@ import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider; import org.springframework.core.type.filter.AssignableTypeFilter; import org.springframework.security.access.intercept.RunAsUserToken; +import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.authentication.RememberMeAuthenticationToken; import org.springframework.security.authentication.TestAuthentication; +import org.springframework.security.authentication.TestingAuthenticationToken; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.authentication.jaas.JaasAuthenticationToken; +import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken; import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; import org.springframework.security.cas.authentication.CasAuthenticationToken; import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.core.session.ReactiveSessionInformation; import org.springframework.security.core.session.SessionInformation; import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.ldap.userdetails.LdapAuthority; import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken; import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken; import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthenticationTokens; import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthorizationCodeAuthenticationTokens; +import org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken; +import org.springframework.security.oauth2.client.oidc.authentication.logout.TestOidcLogoutTokens; +import org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation; +import org.springframework.security.oauth2.client.oidc.session.TestOidcSessionInformations; import org.springframework.security.oauth2.client.registration.ClientRegistration; import org.springframework.security.oauth2.client.registration.TestClientRegistrations; +import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal; +import org.springframework.security.oauth2.core.OAuth2AccessToken; +import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal; +import org.springframework.security.oauth2.core.OAuth2DeviceCode; +import org.springframework.security.oauth2.core.OAuth2RefreshToken; +import org.springframework.security.oauth2.core.OAuth2UserCode; import org.springframework.security.oauth2.core.TestOAuth2AccessTokens; import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals; import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; @@ -82,16 +99,30 @@ import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges; import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests; import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses; +import org.springframework.security.oauth2.core.oidc.OidcIdToken; import org.springframework.security.oauth2.core.oidc.OidcUserInfo; +import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens; +import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser; +import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority; +import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers; import org.springframework.security.oauth2.core.user.DefaultOAuth2User; import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; import org.springframework.security.oauth2.core.user.TestOAuth2Users; +import org.springframework.security.oauth2.jwt.Jwt; import org.springframework.security.oauth2.jwt.TestJwts; +import org.springframework.security.oauth2.server.resource.BearerTokenError; +import org.springframework.security.oauth2.server.resource.BearerTokenErrors; import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication; import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; +import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal; import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal; +import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication; +import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest; +import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest; import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications; +import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests; +import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests; import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; @@ -138,6 +169,17 @@ class SpringSecurityCoreVersionSerializableTests { (r) -> new SessionInformation(user, r.alphanumeric(4), new Date(1704378933936L))); generatorByClassName.put(ReactiveSessionInformation.class, (r) -> new ReactiveSessionInformation(user, r.alphanumeric(4), Instant.ofEpochMilli(1704378933936L))); + generatorByClassName.put(OAuth2AccessToken.class, (r) -> TestOAuth2AccessTokens.scopes("scope")); + generatorByClassName.put(OAuth2DeviceCode.class, + (r) -> new OAuth2DeviceCode("token", Instant.now(), Instant.now())); + generatorByClassName.put(OAuth2RefreshToken.class, + (r) -> new OAuth2RefreshToken("refreshToken", Instant.now(), Instant.now())); + generatorByClassName.put(OAuth2UserCode.class, + (r) -> new OAuth2UserCode("token", Instant.now(), Instant.now())); + generatorByClassName.put(DefaultOidcUser.class, (r) -> TestOidcUsers.create()); + generatorByClassName.put(OidcUserAuthority.class, + (r) -> new OidcUserAuthority(TestOidcIdTokens.idToken().build(), + new OidcUserInfo(Map.of("claim", "value")), "claim")); // oauth2-client ClientRegistration.Builder clientRegistrationBuilder = TestClientRegistrations.clientRegistration(); @@ -167,6 +209,18 @@ class SpringSecurityCoreVersionSerializableTests { token.setDetails(details); return token; }); + generatorByClassName.put(OidcIdToken.class, (r) -> TestOidcIdTokens.idToken().build()); + generatorByClassName.put(OidcLogoutToken.class, + (r) -> TestOidcLogoutTokens.withSessionId("issuer", "sessionId").issuedAt(Instant.now()).build()); + generatorByClassName.put(OidcSessionInformation.class, (r) -> TestOidcSessionInformations.create()); + generatorByClassName.put(DefaultOAuth2AuthenticatedPrincipal.class, (r) -> { + OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active(); + return new DefaultOAuth2AuthenticatedPrincipal(principal.getName(), principal.getAttributes(), + (Collection) principal.getAuthorities()); + }); + + // oauth2-jwt + generatorByClassName.put(Jwt.class, (r) -> TestJwts.user()); // oauth2-resource-server generatorByClassName @@ -192,6 +246,9 @@ class SpringSecurityCoreVersionSerializableTests { token.setDetails(details); return token; }); + generatorByClassName.put(BearerTokenError.class, (r) -> BearerTokenErrors.invalidToken("invalid token")); + generatorByClassName.put(OAuth2IntrospectionAuthenticatedPrincipal.class, + (r) -> TestOAuth2AuthenticatedPrincipals.active()); // core generatorByClassName.put(RunAsUserToken.class, (r) -> { @@ -215,6 +272,11 @@ class SpringSecurityCoreVersionSerializableTests { token.setDetails(details); return token; }); + generatorByClassName.put(OneTimeTokenAuthenticationToken.class, + (r) -> applyDetails(new OneTimeTokenAuthenticationToken("username", "token"))); + + generatorByClassName.put(TestingAuthenticationToken.class, + (r) -> applyDetails(new TestingAuthenticationToken("username", "password"))); // cas generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> { @@ -234,11 +296,25 @@ class SpringSecurityCoreVersionSerializableTests { return token; }); + // ldap + generatorByClassName.put(LdapAuthority.class, + (r) -> new LdapAuthority("USER", "username", Map.of("attribute", List.of("value1", "value2")))); + // saml2-service-provider generatorByClassName.put(DefaultSaml2AuthenticatedPrincipal.class, (r) -> TestSaml2Authentications.authentication().getPrincipal()); + generatorByClassName.put(Saml2Authentication.class, + (r) -> applyDetails(TestSaml2Authentications.authentication())); + generatorByClassName.put(Saml2PostAuthenticationRequest.class, + (r) -> TestSaml2PostAuthenticationRequests.create()); + generatorByClassName.put(Saml2RedirectAuthenticationRequest.class, + (r) -> TestSaml2RedirectAuthenticationRequests.create()); // web + generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> { + Collection authorities = AuthorityUtils.createAuthorityList("ROLE_USER"); + return applyDetails(new AnonymousAuthenticationToken("key", "username", authorities)); + }); generatorByClassName.put(PreAuthenticatedAuthenticationToken.class, (r) -> { PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(user, "creds", user.getAuthorities()); @@ -361,6 +437,12 @@ private static InstancioApi instancioWithDefaults(Class clazz) { return instancio; } + private static T applyDetails(T authentication) { + WebAuthenticationDetails details = new WebAuthenticationDetails("remote", "sessionId"); + authentication.setDetails(details); + return authentication; + } + private static String getCurrentVersion() { String version = System.getProperty("springSecurityVersion"); String[] parts = version.split("\\."); diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.AnonymousAuthenticationToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.AnonymousAuthenticationToken.serialized new file mode 100644 index 00000000000..e8872447c4e Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.AnonymousAuthenticationToken.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.TestingAuthenticationToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.TestingAuthenticationToken.serialized new file mode 100644 index 00000000000..322e774eb67 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.TestingAuthenticationToken.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized new file mode 100644 index 00000000000..f70720d5f90 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.userdetails.LdapAuthority.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.userdetails.LdapAuthority.serialized new file mode 100644 index 00000000000..55d14042f2c Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.userdetails.LdapAuthority.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.serialized new file mode 100644 index 00000000000..6eee1587de3 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation.serialized new file mode 100644 index 00000000000..959ce3cfb3f Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal.serialized new file mode 100644 index 00000000000..1acd8531274 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2AccessToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2AccessToken.serialized new file mode 100644 index 00000000000..02756044e91 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2AccessToken.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2DeviceCode.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2DeviceCode.serialized new file mode 100644 index 00000000000..adb4babe4f1 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2DeviceCode.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2RefreshToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2RefreshToken.serialized new file mode 100644 index 00000000000..07fbb5a3302 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2RefreshToken.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2UserCode.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2UserCode.serialized new file mode 100644 index 00000000000..cd08653a353 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.OAuth2UserCode.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.OidcIdToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.OidcIdToken.serialized new file mode 100644 index 00000000000..c1ba97ea047 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.OidcIdToken.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.serialized new file mode 100644 index 00000000000..1fdeabaebba Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority.serialized new file mode 100644 index 00000000000..7e6086fda3d Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.jwt.Jwt.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.jwt.Jwt.serialized new file mode 100644 index 00000000000..06f8ee1baba Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.jwt.Jwt.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.BearerTokenError.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.BearerTokenError.serialized new file mode 100644 index 00000000000..dfa831118f9 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.BearerTokenError.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal.serialized new file mode 100644 index 00000000000..aa140e89650 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2Authentication.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2Authentication.serialized new file mode 100644 index 00000000000..929b7d477bd Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2Authentication.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.serialized new file mode 100644 index 00000000000..5c4c093b58a Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.serialized new file mode 100644 index 00000000000..b706114187c Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.serialized new file mode 100644 index 00000000000..19cfd3c8f9b Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest.serialized differ diff --git a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java index eda644dca3c..3bceb22be3a 100644 --- a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java +++ b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java @@ -16,6 +16,7 @@ package org.springframework.security.authentication.ott; +import java.io.Serial; import java.util.Collection; import java.util.Collections; @@ -30,6 +31,9 @@ */ public class OneTimeTokenAuthenticationToken extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = -8691636031126328365L; + private final Object principal; private String tokenValue; diff --git a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java index 424fe11cc49..042b9a7e297 100644 --- a/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java +++ b/ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java @@ -16,6 +16,7 @@ package org.springframework.security.ldap.userdetails; +import java.io.Serial; import java.util.Collections; import java.util.List; import java.util.Map; @@ -31,6 +32,9 @@ */ public class LdapAuthority implements GrantedAuthority { + @Serial + private static final long serialVersionUID = 343193700821611354L; + private final String dn; private final String role; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java index 41b425bf408..3b08ef529d5 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.client.oidc.authentication.logout; +import java.io.Serial; import java.time.Instant; import java.util.Collection; import java.util.Collections; @@ -45,6 +46,9 @@ */ public class OidcLogoutToken extends AbstractOAuth2Token implements LogoutTokenClaimAccessor { + @Serial + private static final long serialVersionUID = -5705409698230609696L; + private static final String BACKCHANNEL_LOGOUT_TOKEN_EVENT_NAME = "http://schemas.openid.net/event/backchannel-logout"; private final Map claims; diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java index d7463151782..693a06d3aa4 100644 --- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java +++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.client.oidc.session; +import java.io.Serial; import java.util.Collections; import java.util.Date; import java.util.LinkedHashMap; @@ -33,6 +34,9 @@ */ public class OidcSessionInformation extends SessionInformation { + @Serial + private static final long serialVersionUID = -1703808683027974918L; + private final Map authorities; /** diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java index aaacad14a64..21b7075e984 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.io.Serializable; import java.util.Collection; import java.util.Collections; @@ -34,6 +35,9 @@ */ public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2AuthenticatedPrincipal, Serializable { + @Serial + private static final long serialVersionUID = 4631662622577433065L; + private final Map attributes; private final Collection authorities; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java index 8ec26b60238..d288503f131 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.io.Serializable; import java.time.Instant; import java.util.Collections; @@ -41,6 +42,9 @@ */ public class OAuth2AccessToken extends AbstractOAuth2Token { + @Serial + private static final long serialVersionUID = -3041884478533441940L; + private final TokenType tokenType; private final Set scopes; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java index c2127afdda9..dacacd90292 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.time.Instant; /** @@ -30,6 +31,9 @@ */ public class OAuth2DeviceCode extends AbstractOAuth2Token { + @Serial + private static final long serialVersionUID = -864134962034523562L; + /** * Constructs an {@code OAuth2DeviceCode} using the provided parameters. * @param tokenValue the token value diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java index f203076517e..204f12bb42a 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2020 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.time.Instant; /** @@ -36,6 +37,9 @@ */ public class OAuth2RefreshToken extends AbstractOAuth2Token { + @Serial + private static final long serialVersionUID = -4114856398229602435L; + /** * Constructs an {@code OAuth2RefreshToken} using the provided parameters. * @param tokenValue the token value diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java index 31d6b6b6094..9ffad7dca07 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; +import java.io.Serial; import java.time.Instant; /** @@ -30,6 +31,9 @@ */ public class OAuth2UserCode extends AbstractOAuth2Token { + @Serial + private static final long serialVersionUID = -3948612521903348476L; + /** * Constructs an {@code OAuth2UserCode} using the provided parameters. * @param tokenValue the token value diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java index 87f72cd3531..c62975a75f5 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core.oidc; +import java.io.Serial; import java.time.Instant; import java.util.Collection; import java.util.Collections; @@ -48,6 +49,9 @@ */ public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor { + @Serial + private static final long serialVersionUID = -1840734870428968020L; + private final Map claims; /** diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java index 2266fcf0e1c..09bf6929f55 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core.oidc.user; +import java.io.Serial; import java.util.Collection; import java.util.Map; @@ -42,6 +43,9 @@ */ public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser { + @Serial + private static final long serialVersionUID = -2378469202439157250L; + private final OidcIdToken idToken; private final OidcUserInfo userInfo; diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java index 793e2127a96..4d07ad136c0 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core.oidc.user; +import java.io.Serial; import java.util.HashMap; import java.util.Map; @@ -36,6 +37,9 @@ */ public class OidcUserAuthority extends OAuth2UserAuthority { + @Serial + private static final long serialVersionUID = -4675866280835753141L; + private final OidcIdToken idToken; private final OidcUserInfo userInfo; diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java index 829f7312491..c25eb14c433 100644 --- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java +++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.jwt; +import java.io.Serial; import java.time.Instant; import java.util.Collection; import java.util.Collections; @@ -49,6 +50,9 @@ */ public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor { + @Serial + private static final long serialVersionUID = 4872843562494199108L; + private final Map headers; private final Map claims; diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java index 30e9d29bde7..31ceac46265 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2018 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.oauth2.server.resource; +import java.io.Serial; + import org.springframework.http.HttpStatus; import org.springframework.security.oauth2.core.OAuth2Error; import org.springframework.util.Assert; @@ -34,6 +36,9 @@ */ public final class BearerTokenError extends OAuth2Error { + @Serial + private static final long serialVersionUID = 4521118368930341766L; + private final HttpStatus httpStatus; private final String scope; diff --git a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java index b75e58c40c3..9330d4a2d43 100644 --- a/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java +++ b/oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.server.resource.introspection; +import java.io.Serial; import java.io.Serializable; import java.util.Collection; import java.util.Map; @@ -36,6 +37,9 @@ public final class OAuth2IntrospectionAuthenticatedPrincipal implements OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal, Serializable { + @Serial + private static final long serialVersionUID = 382069143804098909L; + private final OAuth2AuthenticatedPrincipal delegate; /** diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java index d32c1f44697..2292f52a378 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2019 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.saml2.provider.service.authentication; +import java.io.Serial; import java.util.Collection; import org.springframework.security.authentication.AbstractAuthenticationToken; @@ -37,6 +38,9 @@ */ public class Saml2Authentication extends AbstractAuthenticationToken { + @Serial + private static final long serialVersionUID = 405897702378720477L; + private final AuthenticatedPrincipal principal; private final String saml2Response; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java index d0fb791970a..858a3e2fb01 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.saml2.provider.service.authentication; +import java.io.Serial; + import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding; @@ -30,6 +32,9 @@ */ public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationRequest { + @Serial + private static final long serialVersionUID = -6412064305715642123L; + Saml2PostAuthenticationRequest(String samlRequest, String relayState, String authenticationRequestUri, String relyingPartyRegistrationId, String id) { super(samlRequest, relayState, authenticationRequestUri, relyingPartyRegistrationId, id); diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java index 4101801204f..7096abc925d 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2022 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ package org.springframework.security.saml2.provider.service.authentication; +import java.io.Serial; + import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding; @@ -30,6 +32,9 @@ */ public final class Saml2RedirectAuthenticationRequest extends AbstractSaml2AuthenticationRequest { + @Serial + private static final long serialVersionUID = 6476874109764554798L; + private final String sigAlg; private final String signature; diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java index ab51f9bbc5c..5f607328dd0 100644 --- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java +++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2023 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.saml2.provider.service.authentication.logout; +import java.io.Serial; import java.io.Serializable; import java.nio.charset.StandardCharsets; import java.util.Collections; @@ -39,6 +40,9 @@ */ public final class Saml2LogoutRequest implements Serializable { + @Serial + private static final long serialVersionUID = -3588981995674761337L; + private static final Function, String> DEFAULT_ENCODER = (params) -> { if (params.isEmpty()) { return null;