Add Serializable Compatibility to Web Authentication Exceptions

Issue gh-16276

config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java

@@ -128,6 +128,12 @@ import org.springframework.security.saml2.provider.service.authentication.TestSa
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
+import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
+import org.springframework.security.web.authentication.rememberme.CookieTheftException;
+import org.springframework.security.web.authentication.rememberme.InvalidCookieException;
+import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
+import org.springframework.security.web.authentication.session.SessionAuthenticationException;
+import org.springframework.security.web.authentication.www.NonceExpiredException;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
@@ -328,6 +334,16 @@ class SpringSecurityCoreVersionSerializableTests {
 			token.setDetails(details);
 			return token;
 		});
+		generatorByClassName.put(PreAuthenticatedCredentialsNotFoundException.class,
+				(r) -> new PreAuthenticatedCredentialsNotFoundException("message", new IOException("fail")));
+		generatorByClassName.put(CookieTheftException.class, (r) -> new CookieTheftException("message"));
+		generatorByClassName.put(InvalidCookieException.class, (r) -> new InvalidCookieException("message"));
+		generatorByClassName.put(RememberMeAuthenticationException.class,
+				(r) -> new RememberMeAuthenticationException("message", new IOException("fail")));
+		generatorByClassName.put(SessionAuthenticationException.class,
+				(r) -> new SessionAuthenticationException("message"));
+		generatorByClassName.put(NonceExpiredException.class,
+				(r) -> new NonceExpiredException("message", new IOException("fail")));
 	}
 
 	@ParameterizedTest

web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedCredentialsNotFoundException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,10 +16,15 @@
 
 package org.springframework.security.web.authentication.preauth;
 
+import java.io.Serial;
+
 import org.springframework.security.core.AuthenticationException;
 
 public class PreAuthenticatedCredentialsNotFoundException extends AuthenticationException {
 
+	@Serial
+	private static final long serialVersionUID = 2026209817833032728L;
+
 	public PreAuthenticatedCredentialsNotFoundException(String msg) {
 		super(msg);
 	}

web/src/main/java/org/springframework/security/web/authentication/rememberme/CookieTheftException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,11 +16,16 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
+import java.io.Serial;
+
 /**
  * @author Luke Taylor
  */
 public class CookieTheftException extends RememberMeAuthenticationException {
 
+	@Serial
+	private static final long serialVersionUID = -7215039140728554850L;
+
 	public CookieTheftException(String message) {
 		super(message);
 	}

web/src/main/java/org/springframework/security/web/authentication/rememberme/InvalidCookieException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
+import java.io.Serial;
+
 /**
  * Exception thrown by a RememberMeServices implementation to indicate that a submitted
  * cookie is of an invalid format or has expired.
@@ -24,6 +26,9 @@ package org.springframework.security.web.authentication.rememberme;
  */
 public class InvalidCookieException extends RememberMeAuthenticationException {
 
+	@Serial
+	private static final long serialVersionUID = -7952247791921087125L;
+
 	public InvalidCookieException(String message) {
 		super(message);
 	}

web/src/main/java/org/springframework/security/web/authentication/rememberme/RememberMeAuthenticationException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2016 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.authentication.rememberme;
 
+import java.io.Serial;
+
 import org.springframework.security.core.AuthenticationException;
 
 /**
@@ -27,6 +29,9 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class RememberMeAuthenticationException extends AuthenticationException {
 
+	@Serial
+	private static final long serialVersionUID = 7028526952590057426L;
+
 	/**
 	 * Constructs a {@code RememberMeAuthenticationException} with the specified message
 	 * and root cause.

web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationException.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.authentication.session;
 
+import java.io.Serial;
+
 import org.springframework.security.core.AuthenticationException;
 
 /**
@@ -31,6 +33,9 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class SessionAuthenticationException extends AuthenticationException {
 
+	@Serial
+	private static final long serialVersionUID = -2359914603911936474L;
+
 	public SessionAuthenticationException(String msg) {
 		super(msg);
 	}

web/src/main/java/org/springframework/security/web/authentication/www/NonceExpiredException.java

@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.authentication.www;
 
+import java.io.Serial;
+
 import org.springframework.security.core.AuthenticationException;
 
 /**
@@ -25,6 +27,9 @@ import org.springframework.security.core.AuthenticationException;
  */
 public class NonceExpiredException extends AuthenticationException {
 
+	@Serial
+	private static final long serialVersionUID = -3487244679050681257L;
+
 	/**
 	 * Constructs a <code>NonceExpiredException</code> with the specified message.
 	 * @param msg the detail message