Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Missing serialVersionUIDs #16275

Closed
2 of 4 tasks
jzheaux opened this issue Dec 13, 2024 · 1 comment
Closed
2 of 4 tasks

Add Missing serialVersionUIDs #16275

jzheaux opened this issue Dec 13, 2024 · 1 comment
Assignees
Labels
in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: enhancement A general enhancement

Comments

@jzheaux
Copy link
Contributor

jzheaux commented Dec 13, 2024

To ensure backward compatibility, Security components that implement Serializable should have a serialVersionUID.

Based on internal testing across a few dozen JVMs, it appears that the serialVersionUID is consistent for Security's components. As such, we can safely add the calculated serialVersionUID value to each class that is missing it during the 6.4.x maintenance cycle.

When addressing a class that is missing its serialVersionUID, please do the following:

  1. Add the calculated serialVersionUID (IDEs can usually do this for you, or you can use serialver which ships with the JVM)

  2. In SpringSecurityCoreVersionSerializableTests, add the class and an example construction to the generatorByClassName map

  3. Run SpringSecurityCoreVersionSerializableTests#serializeCurrentVersionClasses.

  4. If successful, it will create a {className}.serialized file in config/src/main/resources/serialized:

    Run the other tests in SpringSecurityCoreVersionSerializableTests; the class should be added to the list in shouldBeAbleToDeserializeClassFromPreviousVersion, the class should no longer be in the output for listClassesMissingSerialVersion

    Commit the Serialiizable class(es) and SpringSecurityCoreVersionSerializableTests

  5. If unsuccessful, it is usually because one of its members is not serializable. Find the unserializable member; file a ticket to ensure that it is made Serializable

You can also see the list of Serializable files by running:

./gradlew :spring-security-config:test --tests "*MissingSerialVersion*" -Pserialization
@jzheaux jzheaux added in: config An issue in spring-security-config type: enhancement A general enhancement labels Dec 13, 2024
@jzheaux jzheaux added this to the 6.4.x milestone Dec 13, 2024
@jzheaux jzheaux added the status: duplicate A duplicate of another issue label Dec 16, 2024
@jzheaux jzheaux self-assigned this Dec 16, 2024
@jzheaux jzheaux removed this from the 6.4.x milestone Dec 16, 2024
@jzheaux
Copy link
Contributor Author

jzheaux commented Dec 16, 2024

This is a duplicate of #16276

@jzheaux jzheaux closed this as completed Dec 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: config An issue in spring-security-config status: duplicate A duplicate of another issue type: enhancement A general enhancement
Projects
None yet
Development

No branches or pull requests

1 participant