From 8735368d9ebce98df29b071d4746902ad9183932 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Tue, 14 Jan 2025 17:04:36 -0700
Subject: [PATCH] Don't Support Serialization of Jackson Modules

Issu gh-16276
---
 .../springframework/security/cas/jackson2/CasJackson2Module.java | 1 +
 .../security/jackson2/SecurityJackson2Modules.java               | 1 +
 .../security/ldap/jackson2/LdapJackson2Module.java               | 1 +
 .../oauth2/client/jackson2/OAuth2ClientJackson2Module.java       | 1 +
 .../security/saml2/jackson2/Saml2Jackson2Module.java             | 1 +
 .../springframework/security/web/jackson2/WebJackson2Module.java | 1 +
 .../security/web/jackson2/WebServletJackson2Module.java          | 1 +
 .../security/web/server/jackson2/WebServerJackson2Module.java    | 1 +
 .../security/web/webauthn/jackson/WebauthnJackson2Module.java    | 1 +
 9 files changed, 9 insertions(+)

diff --git a/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java b/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
index b6c7c6f8fa..fad74fdb7b 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson2/CasJackson2Module.java
@@ -41,6 +41,7 @@ import org.springframework.security.jackson2.SecurityJackson2Modules;
  * @since 4.2
  * @see org.springframework.security.jackson2.SecurityJackson2Modules
  */
+@SuppressWarnings("serial")
 public class CasJackson2Module extends SimpleModule {
 
 	public CasJackson2Module() {
diff --git a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
index 974910bc91..5db1b2e538 100644
--- a/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
+++ b/core/src/main/java/org/springframework/security/jackson2/SecurityJackson2Modules.java
@@ -201,6 +201,7 @@ public final class SecurityJackson2Modules {
 	 *
 	 * @author Rob Winch
 	 */
+	@SuppressWarnings("serial")
 	static class AllowlistTypeResolverBuilder extends ObjectMapper.DefaultTypeResolverBuilder {
 
 		AllowlistTypeResolverBuilder(ObjectMapper.DefaultTyping defaultTyping) {
diff --git a/ldap/src/main/java/org/springframework/security/ldap/jackson2/LdapJackson2Module.java b/ldap/src/main/java/org/springframework/security/ldap/jackson2/LdapJackson2Module.java
index f84e8df620..aaa4164da5 100644
--- a/ldap/src/main/java/org/springframework/security/ldap/jackson2/LdapJackson2Module.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/jackson2/LdapJackson2Module.java
@@ -46,6 +46,7 @@ import org.springframework.security.ldap.userdetails.Person;
  * @since 5.7
  * @see SecurityJackson2Modules
  */
+@SuppressWarnings("serial")
 public class LdapJackson2Module extends SimpleModule {
 
 	public LdapJackson2Module() {
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
index ba1eaacd2c..30f1185c9b 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/jackson2/OAuth2ClientJackson2Module.java
@@ -86,6 +86,7 @@ import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
  * @see OAuth2AuthenticationExceptionMixin
  * @see OAuth2ErrorMixin
  */
+@SuppressWarnings("serial")
 public class OAuth2ClientJackson2Module extends SimpleModule {
 
 	public OAuth2ClientJackson2Module() {
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2Jackson2Module.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2Jackson2Module.java
index 025ffc6b36..3d99fc2cfa 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2Jackson2Module.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/jackson2/Saml2Jackson2Module.java
@@ -39,6 +39,7 @@ import org.springframework.security.saml2.provider.service.authentication.logout
  * @since 5.7
  * @see SecurityJackson2Modules
  */
+@SuppressWarnings("serial")
 public class Saml2Jackson2Module extends SimpleModule {
 
 	public Saml2Jackson2Module() {
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
index a54a55a96d..87daedcc40 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebJackson2Module.java
@@ -40,6 +40,7 @@ import org.springframework.security.web.csrf.DefaultCsrfToken;
  * @since 4.2
  * @see SecurityJackson2Modules
  */
+@SuppressWarnings("serial")
 public class WebJackson2Module extends SimpleModule {
 
 	public WebJackson2Module() {
diff --git a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
index 70b098e4fe..b5fd4d0777 100644
--- a/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/jackson2/WebServletJackson2Module.java
@@ -44,6 +44,7 @@ import org.springframework.security.web.savedrequest.SavedCookie;
  * @since 5.1
  * @see SecurityJackson2Modules
  */
+@SuppressWarnings("serial")
 public class WebServletJackson2Module extends SimpleModule {
 
 	public WebServletJackson2Module() {
diff --git a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
index ceea54bdbc..001a5accf4 100644
--- a/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/server/jackson2/WebServerJackson2Module.java
@@ -38,6 +38,7 @@ import org.springframework.security.web.server.csrf.DefaultCsrfToken;
  * @since 5.1
  * @see SecurityJackson2Modules
  */
+@SuppressWarnings("serial")
 public class WebServerJackson2Module extends SimpleModule {
 
 	private static final String NAME = WebServerJackson2Module.class.getName();
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/jackson/WebauthnJackson2Module.java b/web/src/main/java/org/springframework/security/web/webauthn/jackson/WebauthnJackson2Module.java
index 0fe386aecc..97a1c8e1f4 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/jackson/WebauthnJackson2Module.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/jackson/WebauthnJackson2Module.java
@@ -47,6 +47,7 @@ import org.springframework.security.web.webauthn.management.RelyingPartyPublicKe
  * @author Rob Winch
  * @since 6.4
  */
+@SuppressWarnings("serial")
 public class WebauthnJackson2Module extends SimpleModule {
 
 	/**