Add Missing serialVersionUIDs #16275
Labels
in: config
An issue in spring-security-config
status: duplicate
A duplicate of another issue
type: enhancement
A general enhancement
To ensure backward compatibility, Security components that implement
Serializable
should have aserialVersionUID
.Based on internal testing across a few dozen JVMs, it appears that the
serialVersionUID
is consistent for Security's components. As such, we can safely add the calculatedserialVersionUID
value to each class that is missing it during the 6.4.x maintenance cycle.Serializable
classes missingserialVersionUID
Serializable
class is missing aserialVersionUID
When addressing a class that is missing its
serialVersionUID
, please do the following:Add the calculated
serialVersionUID
(IDEs can usually do this for you, or you can useserialver
which ships with the JVM)In
SpringSecurityCoreVersionSerializableTests
, add the class and an example construction to thegeneratorByClassName
mapRun
SpringSecurityCoreVersionSerializableTests#serializeCurrentVersionClasses
.If successful, it will create a
{className}.serialized
file inconfig/src/main/resources/serialized
:Run the other tests in
SpringSecurityCoreVersionSerializableTests
; the class should be added to the list inshouldBeAbleToDeserializeClassFromPreviousVersion
, the class should no longer be in the output forlistClassesMissingSerialVersion
Commit the
Serialiizable
class(es) andSpringSecurityCoreVersionSerializableTests
If unsuccessful, it is usually because one of its members is not serializable. Find the unserializable member; file a ticket to ensure that it is made
Serializable
You can also see the list of
Serializable
files by running:./gradlew :spring-security-config:test --tests "*MissingSerialVersion*" -Pserialization
The text was updated successfully, but these errors were encountered: