From 1b213d65d2dc8d9fd38ea9c114cc223fe3f4edc4 Mon Sep 17 00:00:00 2001 From: "mhyeon.lee" Date: Tue, 10 Jul 2018 17:17:21 +0900 Subject: [PATCH] Enhance OAuth2AccessToken to be serializable Change the TokenType to Serializable so that the OAuth2AccessToken can be serialized. (org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType) Fixes gh-5492 --- .../oauth2/core/OAuth2AccessToken.java | 7 +++++-- .../oauth2/core/OAuth2AccessTokenTests.java | 19 ++++++++++++++++++- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java index 20a3014e91..8e18df55a1 100644 --- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java +++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -15,8 +15,10 @@ */ package org.springframework.security.oauth2.core; +import org.springframework.security.core.SpringSecurityCoreVersion; import org.springframework.util.Assert; +import java.io.Serializable; import java.time.Instant; import java.util.Collections; import java.util.Set; @@ -90,7 +92,8 @@ public class OAuth2AccessToken extends AbstractOAuth2Token { * * @see Section 7.1 Access Token Types */ - public static final class TokenType { + public static final class TokenType implements Serializable { + private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID; public static final TokenType BEARER = new TokenType("Bearer"); private final String value; diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java index 7745856fde..4309cbb645 100644 --- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java +++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2018 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.oauth2.core; import org.junit.Test; +import org.springframework.util.SerializationUtils; import java.time.Instant; import java.util.Arrays; @@ -72,4 +73,20 @@ public class OAuth2AccessTokenTests { assertThat(accessToken.getExpiresAt()).isEqualTo(EXPIRES_AT); assertThat(accessToken.getScopes()).isEqualTo(SCOPES); } + + // gh-5492 + @Test + public void constructorWhenCreatedThenIsSerializableAndDeserializable() { + OAuth2AccessToken accessToken = new OAuth2AccessToken( + TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES); + byte[] serialized = SerializationUtils.serialize(accessToken); + accessToken = (OAuth2AccessToken) SerializationUtils.deserialize(serialized); + + assertThat(serialized).isNotNull(); + assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE); + assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE); + assertThat(accessToken.getIssuedAt()).isEqualTo(ISSUED_AT); + assertThat(accessToken.getExpiresAt()).isEqualTo(EXPIRES_AT); + assertThat(accessToken.getScopes()).isEqualTo(SCOPES); + } }