diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java index 5072da9f5c..aedbd7096c 100644 --- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java +++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java @@ -134,6 +134,10 @@ import org.springframework.security.web.authentication.rememberme.InvalidCookieE import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException; import org.springframework.security.web.authentication.session.SessionAuthenticationException; import org.springframework.security.web.authentication.www.NonceExpiredException; +import org.springframework.security.web.csrf.CsrfException; +import org.springframework.security.web.csrf.DefaultCsrfToken; +import org.springframework.security.web.csrf.InvalidCsrfTokenException; +import org.springframework.security.web.csrf.MissingCsrfTokenException; import static org.assertj.core.api.Assertions.assertThat; import static org.assertj.core.api.Assertions.fail; @@ -344,6 +348,13 @@ class SpringSecurityCoreVersionSerializableTests { (r) -> new SessionAuthenticationException("message")); generatorByClassName.put(NonceExpiredException.class, (r) -> new NonceExpiredException("message", new IOException("fail"))); + generatorByClassName.put(CsrfException.class, (r) -> new CsrfException("message")); + generatorByClassName.put(org.springframework.security.web.server.csrf.CsrfException.class, (r) -> new org.springframework.security.web.server.csrf.CsrfException("message")); + generatorByClassName.put(InvalidCsrfTokenException.class, (r) -> new InvalidCsrfTokenException(new DefaultCsrfToken("header", "parameter", "token"), "token")); + generatorByClassName.put(MissingCsrfTokenException.class, (r) -> new MissingCsrfTokenException("token")); + generatorByClassName.put(DefaultCsrfToken.class, (r) -> new DefaultCsrfToken("header", "parameter", "token")); + generatorByClassName.put(org.springframework.security.web.server.csrf.DefaultCsrfToken.class, (r) -> new org.springframework.security.web.server.csrf.DefaultCsrfToken("header", "parameter", "token")); + } @ParameterizedTest diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized new file mode 100644 index 0000000000..55eddf9e9f Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized new file mode 100644 index 0000000000..693e898c31 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized new file mode 100644 index 0000000000..18f8a50a34 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.MissingCsrfTokenException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.MissingCsrfTokenException.serialized new file mode 100644 index 0000000000..dd210a4612 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.MissingCsrfTokenException.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.CsrfException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.CsrfException.serialized new file mode 100644 index 0000000000..6556a08dde Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.CsrfException.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized new file mode 100644 index 0000000000..9cff958c49 Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized differ diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java index c53541ac54..e18dc3961b 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java +++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java @@ -16,6 +16,8 @@ package org.springframework.security.web.csrf; +import java.io.Serial; + import org.springframework.security.access.AccessDeniedException; /** @@ -24,9 +26,11 @@ import org.springframework.security.access.AccessDeniedException; * @author Rob Winch * @since 3.2 */ -@SuppressWarnings("serial") public class CsrfException extends AccessDeniedException { + @Serial + private static final long serialVersionUID = 7802567627837252670L; + public CsrfException(String message) { super(message); } diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java index 621391651f..a0950fa44b 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java +++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java @@ -62,6 +62,7 @@ public class CsrfTokenRequestAttributeHandler implements CsrfTokenRequestHandler request.setAttribute(csrfAttrName, csrfToken); } + @SuppressWarnings("serial") private static final class SupplierCsrfToken implements CsrfToken { private final Supplier csrfTokenSupplier; diff --git a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java index 682be4b1dd..122d95d1ce 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java +++ b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java @@ -16,6 +16,8 @@ package org.springframework.security.web.csrf; +import java.io.Serial; + import org.springframework.util.Assert; /** @@ -24,9 +26,11 @@ import org.springframework.util.Assert; * @author Rob Winch * @since 3.2 */ -@SuppressWarnings("serial") public final class DefaultCsrfToken implements CsrfToken { + @Serial + private static final long serialVersionUID = 6552658053267913685L; + private final String token; private final String parameterName; diff --git a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java index 0c57e5a604..bb4afac31d 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java +++ b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java @@ -16,6 +16,8 @@ package org.springframework.security.web.csrf; +import java.io.Serial; + import jakarta.servlet.http.HttpServletRequest; /** @@ -25,9 +27,11 @@ import jakarta.servlet.http.HttpServletRequest; * @author Rob Winch * @since 3.2 */ -@SuppressWarnings("serial") public class InvalidCsrfTokenException extends CsrfException { + @Serial + private static final long serialVersionUID = -7745955098435417418L; + /** * @param expectedAccessToken * @param actualAccessToken diff --git a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java index 5a6a63f4bb..a8326fa2a7 100644 --- a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java +++ b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java @@ -159,6 +159,7 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository { } + @SuppressWarnings("serial") private static final class SaveOnAccessCsrfToken implements CsrfToken { private transient CsrfTokenRepository tokenRepository; diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java index 631c5b7fdc..bdb693e95c 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java @@ -16,6 +16,8 @@ package org.springframework.security.web.server.csrf; +import java.io.Serial; + import org.springframework.security.access.AccessDeniedException; import org.springframework.security.web.csrf.CsrfToken; @@ -25,9 +27,11 @@ import org.springframework.security.web.csrf.CsrfToken; * @author Rob Winch * @since 3.2 */ -@SuppressWarnings("serial") public class CsrfException extends AccessDeniedException { + @Serial + private static final long serialVersionUID = -8209680716517631141L; + public CsrfException(String message) { super(message); } diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java index eb49369e6f..2a32018a5c 100644 --- a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java +++ b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java @@ -16,6 +16,8 @@ package org.springframework.security.web.server.csrf; +import java.io.Serial; + import org.springframework.util.Assert; /** @@ -24,9 +26,11 @@ import org.springframework.util.Assert; * @author Rob Winch * @since 5.0 */ -@SuppressWarnings("serial") public final class DefaultCsrfToken implements CsrfToken { + @Serial + private static final long serialVersionUID = 308340117851874929L; + private final String token; private final String parameterName;