Enhance OAuth2AccessToken to be serializable

Change the TokenType to Serializable
so that the OAuth2AccessToken can be serialized.
(org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType)

Fixes gh-5492

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -15,8 +15,10 @@
  */
 package org.springframework.security.oauth2.core;
 
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
+import java.io.Serializable;
 import java.time.Instant;
 import java.util.Collections;
 import java.util.Set;
@@ -90,7 +92,8 @@ public class OAuth2AccessToken extends AbstractOAuth2Token {
 	 *
 	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-7.1">Section 7.1 Access Token Types</a>
 	 */
-	public static final class TokenType {
+	public static final class TokenType implements Serializable {
+		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 		public static final TokenType BEARER = new TokenType("Bearer");
 		private final String value;
 

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 package org.springframework.security.oauth2.core;
 
 import org.junit.Test;
+import org.springframework.util.SerializationUtils;
 
 import java.time.Instant;
 import java.util.Arrays;
@@ -72,4 +73,20 @@ public class OAuth2AccessTokenTests {
 		assertThat(accessToken.getExpiresAt()).isEqualTo(EXPIRES_AT);
 		assertThat(accessToken.getScopes()).isEqualTo(SCOPES);
 	}
+
+	// gh-5492
+	@Test
+	public void constructorWhenCreatedThenIsSerializableAndDeserializable() {
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(
+				TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES);
+		byte[] serialized = SerializationUtils.serialize(accessToken);
+		accessToken = (OAuth2AccessToken) SerializationUtils.deserialize(serialized);
+
+		assertThat(serialized).isNotNull();
+		assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE);
+		assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE);
+		assertThat(accessToken.getIssuedAt()).isEqualTo(ISSUED_AT);
+		assertThat(accessToken.getExpiresAt()).isEqualTo(EXPIRES_AT);
+		assertThat(accessToken.getScopes()).isEqualTo(SCOPES);
+	}
 }