Add serialVersionUID to Authentication classes

Issue gh-16276

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcBackChannelLogoutAuthentication.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
+import java.io.Serial;
 import java.util.Collections;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -36,6 +37,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
  */
 class OidcBackChannelLogoutAuthentication extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 9095810699956350287L;
+
 	private final OidcLogoutToken logoutToken;
 
 	private final ClientRegistration clientRegistration;

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutAuthenticationToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.config.annotation.web.configurers.oauth2.client;
 
+import java.io.Serial;
+
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -29,6 +31,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
  */
 class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = -1568528983223505540L;
+
 	private final String logoutToken;
 
 	private final ClientRegistration clientRegistration;

config/src/main/java/org/springframework/security/config/web/server/OidcBackChannelLogoutAuthentication.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.config.web.server;
 
+import java.io.Serial;
 import java.util.Collections;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -36,6 +37,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
  */
 class OidcBackChannelLogoutAuthentication extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 9095810699956350287L;
+
 	private final OidcLogoutToken logoutToken;
 
 	private final ClientRegistration clientRegistration;

config/src/main/java/org/springframework/security/config/web/server/OidcLogoutAuthenticationToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.config.web.server;
 
+import java.io.Serial;
+
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
@@ -29,6 +31,9 @@ import org.springframework.security.oauth2.client.registration.ClientRegistratio
  */
 class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = -1568528983223505540L;
+
 	private final String logoutToken;
 
 	private final ClientRegistration clientRegistration;

config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java

@@ -32,6 +32,7 @@ import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.time.Instant;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -54,26 +55,42 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
 import org.springframework.core.type.filter.AssignableTypeFilter;
 import org.springframework.security.access.intercept.RunAsUserToken;
+import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.authentication.RememberMeAuthenticationToken;
 import org.springframework.security.authentication.TestAuthentication;
+import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
+import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken;
 import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
 import org.springframework.security.cas.authentication.CasAuthenticationToken;
 import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.SpringSecurityCoreVersion;
+import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.session.ReactiveSessionInformation;
 import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.ldap.userdetails.LdapAuthority;
 import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
 import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
 import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthenticationTokens;
 import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthorizationCodeAuthenticationTokens;
+import org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken;
+import org.springframework.security.oauth2.client.oidc.authentication.logout.TestOidcLogoutTokens;
+import org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation;
+import org.springframework.security.oauth2.client.oidc.session.TestOidcSessionInformations;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
+import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.OAuth2AccessToken;
+import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
+import org.springframework.security.oauth2.core.OAuth2DeviceCode;
+import org.springframework.security.oauth2.core.OAuth2RefreshToken;
+import org.springframework.security.oauth2.core.OAuth2UserCode;
 import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
 import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
 import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
@@ -82,16 +99,30 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
 import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
+import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
+import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
+import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
+import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
+import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers;
 import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
 import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
 import org.springframework.security.oauth2.core.user.TestOAuth2Users;
+import org.springframework.security.oauth2.jwt.Jwt;
 import org.springframework.security.oauth2.jwt.TestJwts;
+import org.springframework.security.oauth2.server.resource.BearerTokenError;
+import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
 import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
 import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
+import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
+import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
+import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
+import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
+import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
+import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 
@@ -138,6 +169,17 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new SessionInformation(user, r.alphanumeric(4), new Date(1704378933936L)));
 		generatorByClassName.put(ReactiveSessionInformation.class,
 				(r) -> new ReactiveSessionInformation(user, r.alphanumeric(4), Instant.ofEpochMilli(1704378933936L)));
+		generatorByClassName.put(OAuth2AccessToken.class, (r) -> TestOAuth2AccessTokens.scopes("scope"));
+		generatorByClassName.put(OAuth2DeviceCode.class,
+				(r) -> new OAuth2DeviceCode("token", Instant.now(), Instant.now()));
+		generatorByClassName.put(OAuth2RefreshToken.class,
+				(r) -> new OAuth2RefreshToken("refreshToken", Instant.now(), Instant.now()));
+		generatorByClassName.put(OAuth2UserCode.class,
+				(r) -> new OAuth2UserCode("token", Instant.now(), Instant.now()));
+		generatorByClassName.put(DefaultOidcUser.class, (r) -> TestOidcUsers.create());
+		generatorByClassName.put(OidcUserAuthority.class,
+				(r) -> new OidcUserAuthority(TestOidcIdTokens.idToken().build(),
+						new OidcUserInfo(Map.of("claim", "value")), "claim"));
 
 		// oauth2-client
 		ClientRegistration.Builder clientRegistrationBuilder = TestClientRegistrations.clientRegistration();
@@ -167,6 +209,18 @@ class SpringSecurityCoreVersionSerializableTests {
 			token.setDetails(details);
 			return token;
 		});
+		generatorByClassName.put(OidcIdToken.class, (r) -> TestOidcIdTokens.idToken().build());
+		generatorByClassName.put(OidcLogoutToken.class,
+				(r) -> TestOidcLogoutTokens.withSessionId("issuer", "sessionId").issuedAt(Instant.now()).build());
+		generatorByClassName.put(OidcSessionInformation.class, (r) -> TestOidcSessionInformations.create());
+		generatorByClassName.put(DefaultOAuth2AuthenticatedPrincipal.class, (r) -> {
+			OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active();
+			return new DefaultOAuth2AuthenticatedPrincipal(principal.getName(), principal.getAttributes(),
+					(Collection<GrantedAuthority>) principal.getAuthorities());
+		});
+
+		// oauth2-jwt
+		generatorByClassName.put(Jwt.class, (r) -> TestJwts.user());
 
 		// oauth2-resource-server
 		generatorByClassName
@@ -192,6 +246,9 @@ class SpringSecurityCoreVersionSerializableTests {
 			token.setDetails(details);
 			return token;
 		});
+		generatorByClassName.put(BearerTokenError.class, (r) -> BearerTokenErrors.invalidToken("invalid token"));
+		generatorByClassName.put(OAuth2IntrospectionAuthenticatedPrincipal.class,
+				(r) -> TestOAuth2AuthenticatedPrincipals.active());
 
 		// core
 		generatorByClassName.put(RunAsUserToken.class, (r) -> {
@@ -215,6 +272,11 @@ class SpringSecurityCoreVersionSerializableTests {
 			token.setDetails(details);
 			return token;
 		});
+		generatorByClassName.put(OneTimeTokenAuthenticationToken.class,
+				(r) -> applyDetails(new OneTimeTokenAuthenticationToken("username", "token")));
+
+		generatorByClassName.put(TestingAuthenticationToken.class,
+				(r) -> applyDetails(new TestingAuthenticationToken("username", "password")));
 
 		// cas
 		generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> {
@@ -234,11 +296,25 @@ class SpringSecurityCoreVersionSerializableTests {
 			return token;
 		});
 
+		// ldap
+		generatorByClassName.put(LdapAuthority.class,
+				(r) -> new LdapAuthority("USER", "username", Map.of("attribute", List.of("value1", "value2"))));
+
 		// saml2-service-provider
 		generatorByClassName.put(DefaultSaml2AuthenticatedPrincipal.class,
 				(r) -> TestSaml2Authentications.authentication().getPrincipal());
+		generatorByClassName.put(Saml2Authentication.class,
+				(r) -> applyDetails(TestSaml2Authentications.authentication()));
+		generatorByClassName.put(Saml2PostAuthenticationRequest.class,
+				(r) -> TestSaml2PostAuthenticationRequests.create());
+		generatorByClassName.put(Saml2RedirectAuthenticationRequest.class,
+				(r) -> TestSaml2RedirectAuthenticationRequests.create());
 
 		// web
+		generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {
+			Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
+			return applyDetails(new AnonymousAuthenticationToken("key", "username", authorities));
+		});
 		generatorByClassName.put(PreAuthenticatedAuthenticationToken.class, (r) -> {
 			PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(user, "creds",
 					user.getAuthorities());
@@ -361,6 +437,12 @@ class SpringSecurityCoreVersionSerializableTests {
 		return instancio;
 	}
 
+	private static <T extends AbstractAuthenticationToken> T applyDetails(T authentication) {
+		WebAuthenticationDetails details = new WebAuthenticationDetails("remote", "sessionId");
+		authentication.setDetails(details);
+		return authentication;
+	}
+
 	private static String getCurrentVersion() {
 		String version = System.getProperty("springSecurityVersion");
 		String[] parts = version.split("\\.");

core/src/main/java/org/springframework/security/authentication/ott/OneTimeTokenAuthenticationToken.java

@@ -16,6 +16,7 @@
 
 package org.springframework.security.authentication.ott;
 
+import java.io.Serial;
 import java.util.Collection;
 import java.util.Collections;
 
@@ -30,6 +31,9 @@ import org.springframework.security.core.GrantedAuthority;
  */
 public class OneTimeTokenAuthenticationToken extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = -8691636031126328365L;
+
 	private final Object principal;
 
 	private String tokenValue;

ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapAuthority.java

@@ -16,6 +16,7 @@
 
 package org.springframework.security.ldap.userdetails;
 
+import java.io.Serial;
 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
@@ -31,6 +32,9 @@ import org.springframework.util.Assert;
  */
 public class LdapAuthority implements GrantedAuthority {
 
+	@Serial
+	private static final long serialVersionUID = 343193700821611354L;
+
 	private final String dn;
 
 	private final String role;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/authentication/logout/OidcLogoutToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.client.oidc.authentication.logout;
 
+import java.io.Serial;
 import java.time.Instant;
 import java.util.Collection;
 import java.util.Collections;
@@ -45,6 +46,9 @@ import org.springframework.util.Assert;
  */
 public class OidcLogoutToken extends AbstractOAuth2Token implements LogoutTokenClaimAccessor {
 
+	@Serial
+	private static final long serialVersionUID = -5705409698230609696L;
+
 	private static final String BACKCHANNEL_LOGOUT_TOKEN_EVENT_NAME = "http://schemas.openid.net/event/backchannel-logout";
 
 	private final Map<String, Object> claims;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/oidc/session/OidcSessionInformation.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.client.oidc.session;
 
+import java.io.Serial;
 import java.util.Collections;
 import java.util.Date;
 import java.util.LinkedHashMap;
@@ -33,6 +34,9 @@ import org.springframework.security.oauth2.core.oidc.user.OidcUser;
  */
 public class OidcSessionInformation extends SessionInformation {
 
+	@Serial
+	private static final long serialVersionUID = -1703808683027974918L;
+
 	private final Map<String, String> authorities;
 
 	/**

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/DefaultOAuth2AuthenticatedPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.core;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Collection;
 import java.util.Collections;
@@ -34,6 +35,9 @@ import org.springframework.util.Assert;
  */
 public final class DefaultOAuth2AuthenticatedPrincipal implements OAuth2AuthenticatedPrincipal, Serializable {
 
+	@Serial
+	private static final long serialVersionUID = 4631662622577433065L;
+
 	private final Map<String, Object> attributes;
 
 	private final Collection<GrantedAuthority> authorities;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.core;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.time.Instant;
 import java.util.Collections;
@@ -41,6 +42,9 @@ import org.springframework.util.Assert;
  */
 public class OAuth2AccessToken extends AbstractOAuth2Token {
 
+	@Serial
+	private static final long serialVersionUID = -3041884478533441940L;
+
 	private final TokenType tokenType;
 
 	private final Set<String> scopes;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2DeviceCode.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.core;
 
+import java.io.Serial;
 import java.time.Instant;
 
 /**
@@ -30,6 +31,9 @@ import java.time.Instant;
  */
 public class OAuth2DeviceCode extends AbstractOAuth2Token {
 
+	@Serial
+	private static final long serialVersionUID = -864134962034523562L;
+
 	/**
 	 * Constructs an {@code OAuth2DeviceCode} using the provided parameters.
 	 * @param tokenValue the token value

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2RefreshToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.core;
 
+import java.io.Serial;
 import java.time.Instant;
 
 /**
@@ -36,6 +37,9 @@ import java.time.Instant;
  */
 public class OAuth2RefreshToken extends AbstractOAuth2Token {
 
+	@Serial
+	private static final long serialVersionUID = -4114856398229602435L;
+
 	/**
 	 * Constructs an {@code OAuth2RefreshToken} using the provided parameters.
 	 * @param tokenValue the token value

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2UserCode.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.core;
 
+import java.io.Serial;
 import java.time.Instant;
 
 /**
@@ -30,6 +31,9 @@ import java.time.Instant;
  */
 public class OAuth2UserCode extends AbstractOAuth2Token {
 
+	@Serial
+	private static final long serialVersionUID = -3948612521903348476L;
+
 	/**
 	 * Constructs an {@code OAuth2UserCode} using the provided parameters.
 	 * @param tokenValue the token value

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcIdToken.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.core.oidc;
 
+import java.io.Serial;
 import java.time.Instant;
 import java.util.Collection;
 import java.util.Collections;
@@ -48,6 +49,9 @@ import org.springframework.util.Assert;
  */
 public class OidcIdToken extends AbstractOAuth2Token implements IdTokenClaimAccessor {
 
+	@Serial
+	private static final long serialVersionUID = -1840734870428968020L;
+
 	private final Map<String, Object> claims;
 
 	/**

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/DefaultOidcUser.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.core.oidc.user;
 
+import java.io.Serial;
 import java.util.Collection;
 import java.util.Map;
 
@@ -42,6 +43,9 @@ import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
  */
 public class DefaultOidcUser extends DefaultOAuth2User implements OidcUser {
 
+	@Serial
+	private static final long serialVersionUID = -2378469202439157250L;
+
 	private final OidcIdToken idToken;
 
 	private final OidcUserInfo userInfo;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/user/OidcUserAuthority.java

@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.core.oidc.user;
 
+import java.io.Serial;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -36,6 +37,9 @@ import org.springframework.util.Assert;
  */
 public class OidcUserAuthority extends OAuth2UserAuthority {
 
+	@Serial
+	private static final long serialVersionUID = -4675866280835753141L;
+
 	private final OidcIdToken idToken;
 
 	private final OidcUserInfo userInfo;

oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/Jwt.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.jwt;
 
+import java.io.Serial;
 import java.time.Instant;
 import java.util.Collection;
 import java.util.Collections;
@@ -49,6 +50,9 @@ import org.springframework.util.Assert;
  */
 public class Jwt extends AbstractOAuth2Token implements JwtClaimAccessor {
 
+	@Serial
+	private static final long serialVersionUID = 4872843562494199108L;
+
 	private final Map<String, Object> headers;
 
 	private final Map<String, Object> claims;

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/BearerTokenError.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2018 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.oauth2.server.resource;
 
+import java.io.Serial;
+
 import org.springframework.http.HttpStatus;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.util.Assert;
@@ -34,6 +36,9 @@ import org.springframework.util.Assert;
  */
 public final class BearerTokenError extends OAuth2Error {
 
+	@Serial
+	private static final long serialVersionUID = 4521118368930341766L;
+
 	private final HttpStatus httpStatus;
 
 	private final String scope;

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/introspection/OAuth2IntrospectionAuthenticatedPrincipal.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.server.resource.introspection;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Collection;
 import java.util.Map;
@@ -36,6 +37,9 @@ import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAcc
 public final class OAuth2IntrospectionAuthenticatedPrincipal
 		implements OAuth2TokenIntrospectionClaimAccessor, OAuth2AuthenticatedPrincipal, Serializable {
 
+	@Serial
+	private static final long serialVersionUID = 382069143804098909L;
+
 	private final OAuth2AuthenticatedPrincipal delegate;
 
 	/**

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2Authentication.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2019 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
+import java.io.Serial;
 import java.util.Collection;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -37,6 +38,9 @@ import org.springframework.util.Assert;
  */
 public class Saml2Authentication extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 405897702378720477L;
+
 	private final AuthenticatedPrincipal principal;
 
 	private final String saml2Response;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2PostAuthenticationRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
+import java.io.Serial;
+
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 
@@ -30,6 +32,9 @@ import org.springframework.security.saml2.provider.service.registration.Saml2Mes
  */
 public class Saml2PostAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
 
+	@Serial
+	private static final long serialVersionUID = -6412064305715642123L;
+
 	Saml2PostAuthenticationRequest(String samlRequest, String relayState, String authenticationRequestUri,
 			String relyingPartyRegistrationId, String id) {
 		super(samlRequest, relayState, authenticationRequestUri, relyingPartyRegistrationId, id);

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2RedirectAuthenticationRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
+import java.io.Serial;
+
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.Saml2MessageBinding;
 
@@ -30,6 +32,9 @@ import org.springframework.security.saml2.provider.service.registration.Saml2Mes
  */
 public final class Saml2RedirectAuthenticationRequest extends AbstractSaml2AuthenticationRequest {
 
+	@Serial
+	private static final long serialVersionUID = 6476874109764554798L;
+
 	private final String sigAlg;
 
 	private final String signature;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/logout/Saml2LogoutRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.authentication.logout;
 
+import java.io.Serial;
 import java.io.Serializable;
 import java.nio.charset.StandardCharsets;
 import java.util.Collections;
@@ -39,6 +40,9 @@ import org.springframework.web.util.UriUtils;
  */
 public final class Saml2LogoutRequest implements Serializable {
 
+	@Serial
+	private static final long serialVersionUID = -3588981995674761337L;
+
 	private static final Function<Map<String, String>, String> DEFAULT_ENCODER = (params) -> {
 		if (params.isEmpty()) {
 			return null;