Enhance OAuth2AccessToken to be serializable

Change the TokenType to Serializable so that the OAuth2AccessToken can be serialized. (org.springframework.security.oauth2.core.OAuth2AccessToken.TokenType) Fixes gh-5492
2018-07-10 17:17:21 +09:00 · 2018-07-10 17:17:21 +09:00 · 1d920680bf
parent 2af69f08a9
commit 1d920680bf
2 changed files with 23 additions and 3 deletions
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -15,8 +15,10 @@
 */
 package org.springframework.security.oauth2.core;

+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;

+import java.io.Serializable;
 import java.time.Instant;
 import java.util.Collections;
 import java.util.Set;
@ -90,7 +92,8 @@ public class OAuth2AccessToken extends AbstractOAuth2Token {
 	 *
 	 * @see <a target="_blank" href="https://tools.ietf.org/html/rfc6749#section-7.1">Section 7.1 Access Token Types</a>
 	 */
-	public static final class TokenType {
+	public static final class TokenType implements Serializable {
+		private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 		public static final TokenType BEARER = new TokenType("Bearer");
 		private final String value;

--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/OAuth2AccessTokenTests.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2018 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
 package org.springframework.security.oauth2.core;

 import org.junit.Test;
+import org.springframework.util.SerializationUtils;

 import java.time.Instant;
 import java.util.Arrays;
@ -72,4 +73,20 @@ public class OAuth2AccessTokenTests {
 		assertThat(accessToken.getExpiresAt()).isEqualTo(EXPIRES_AT);
 		assertThat(accessToken.getScopes()).isEqualTo(SCOPES);
 	}
+
+	// gh-5492
+	@Test
+	public void constructorWhenCreatedThenIsSerializableAndDeserializable() {
+		OAuth2AccessToken accessToken = new OAuth2AccessToken(
+				TOKEN_TYPE, TOKEN_VALUE, ISSUED_AT, EXPIRES_AT, SCOPES);
+		byte[] serialized = SerializationUtils.serialize(accessToken);
+		accessToken = (OAuth2AccessToken) SerializationUtils.deserialize(serialized);
+
+		assertThat(serialized).isNotNull();
+		assertThat(accessToken.getTokenType()).isEqualTo(TOKEN_TYPE);
+		assertThat(accessToken.getTokenValue()).isEqualTo(TOKEN_VALUE);
+		assertThat(accessToken.getIssuedAt()).isEqualTo(ISSUED_AT);
+		assertThat(accessToken.getExpiresAt()).isEqualTo(EXPIRES_AT);
+		assertThat(accessToken.getScopes()).isEqualTo(SCOPES);
+	}
 }