SEC-338: Serializable and serialVersionUID missing for Authentication-related objects.

adapters/jetty/src/main/java/org/acegisecurity/adapters/jetty/JettyAcegiUserToken.java

@@ -31,6 +31,7 @@ import org.mortbay.http.UserPrincipal;
 public class JettyAcegiUserToken extends AbstractAdapterAuthenticationToken implements UserPrincipal {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private String password;
     private String username;
 

core/src/main/java/org/acegisecurity/GrantedAuthority.java

@@ -15,6 +15,8 @@
 
 package org.acegisecurity;
 
+import java.io.Serializable;
+
 /**
  * Represents an authority granted to an {@link Authentication} object.
  * 
@@ -27,7 +29,7 @@ package org.acegisecurity;
  * @author Ben Alex
  * @version $Id$
  */
-public interface GrantedAuthority {
+public interface GrantedAuthority extends Serializable {
     //~ Methods ========================================================================================================
 
     /**

core/src/main/java/org/acegisecurity/GrantedAuthorityImpl.java

@@ -28,6 +28,7 @@ import java.io.Serializable;
 public class GrantedAuthorityImpl implements GrantedAuthority, Serializable {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private String role;
 
     //~ Constructors ===================================================================================================

core/src/main/java/org/acegisecurity/adapters/PrincipalAcegiUserToken.java

@@ -29,6 +29,7 @@ import java.security.Principal;
 public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken implements Principal {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Object principal;
     private String password;
     private String username;

core/src/main/java/org/acegisecurity/providers/TestingAuthenticationToken.java

@@ -28,6 +28,7 @@ import org.acegisecurity.GrantedAuthority;
 public class TestingAuthenticationToken extends AbstractAuthenticationToken {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Object credentials;
     private Object principal;
 

core/src/main/java/org/acegisecurity/providers/UsernamePasswordAuthenticationToken.java

@@ -30,6 +30,7 @@ import org.acegisecurity.GrantedAuthority;
 public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Object credentials;
     private Object principal;
 

core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousAuthenticationToken.java

@@ -31,6 +31,7 @@ import java.io.Serializable;
 public class AnonymousAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Object principal;
     private int keyHash;
 

core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java

@@ -35,6 +35,7 @@ import java.util.List;
 public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private final List proxyList;
     private final Object credentials;
     private final Object principal;

core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationToken.java

@@ -30,6 +30,7 @@ import javax.security.auth.login.LoginContext;
 public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private transient LoginContext loginContext = null;
 
     //~ Constructors ===================================================================================================

core/src/main/java/org/acegisecurity/providers/jaas/JaasGrantedAuthority.java

@@ -32,6 +32,7 @@ import java.security.Principal;
 public class JaasGrantedAuthority extends GrantedAuthorityImpl {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Principal principal;
 
     //~ Constructors ===================================================================================================

core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java

@@ -31,6 +31,7 @@ import org.acegisecurity.providers.AbstractAuthenticationToken;
 public class RememberMeAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Object principal;
     private int keyHash;
 

core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java

@@ -31,6 +31,7 @@ import java.security.cert.X509Certificate;
 public class X509AuthenticationToken extends AbstractAuthenticationToken {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Object principal;
     private X509Certificate credentials;
 

core/src/main/java/org/acegisecurity/runas/RunAsUserToken.java

@@ -29,6 +29,7 @@ import org.acegisecurity.providers.AbstractAuthenticationToken;
 public class RunAsUserToken extends AbstractAuthenticationToken {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Class originalAuthentication;
     private Object credentials;
     private Object principal;

core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserGrantedAuthority.java

@@ -31,6 +31,7 @@ import org.acegisecurity.GrantedAuthorityImpl;
 public class SwitchUserGrantedAuthority extends GrantedAuthorityImpl {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private Authentication source;
 
     //~ Constructors ===================================================================================================

core/src/main/java/org/acegisecurity/userdetails/User.java

@@ -31,6 +31,7 @@ import org.springframework.util.Assert;
 public class User implements UserDetails {
     //~ Instance fields ================================================================================================
 
+	private static final long serialVersionUID = 1L;
     private String password;
     private String username;
     private GrantedAuthority[] authorities;

core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsImpl.java

@@ -41,6 +41,7 @@ import javax.naming.ldap.Control;
 public class LdapUserDetailsImpl implements LdapUserDetails {
     //~ Static fields/initializers =====================================================================================
 
+	private static final long serialVersionUID = 1L;
     private static final GrantedAuthority[] NO_AUTHORITIES = new GrantedAuthority[0];
     private static final Control[] NO_CONTROLS = new Control[0];