Merge branch '6.4.x'

2025-06-23 20:42:14 +00:00 · 2025-01-14 16:17:34 -07:00 · 2025-01-14 16:17:34 -07:00 · 28644aa966
commit 28644aa966
parent a11944e19a 6f379aa907
14 changed files with 38 additions and 5 deletions
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@ -134,6 +134,10 @@ import org.springframework.security.web.authentication.rememberme.InvalidCookieE
 import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
 import org.springframework.security.web.authentication.session.SessionAuthenticationException;
 import org.springframework.security.web.authentication.www.NonceExpiredException;
 import org.springframework.security.web.csrf.CsrfException;
 import org.springframework.security.web.csrf.DefaultCsrfToken;
 import org.springframework.security.web.csrf.InvalidCsrfTokenException;
 import org.springframework.security.web.csrf.MissingCsrfTokenException;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
@ -344,6 +348,13 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new SessionAuthenticationException("message"));
 		generatorByClassName.put(NonceExpiredException.class,
 				(r) -> new NonceExpiredException("message", new IOException("fail")));
 		generatorByClassName.put(CsrfException.class, (r) -> new CsrfException("message"));
 		generatorByClassName.put(org.springframework.security.web.server.csrf.CsrfException.class, (r) -> new org.springframework.security.web.server.csrf.CsrfException("message"));
 		generatorByClassName.put(InvalidCsrfTokenException.class, (r) -> new InvalidCsrfTokenException(new DefaultCsrfToken("header", "parameter", "token"), "token"));
 		generatorByClassName.put(MissingCsrfTokenException.class, (r) -> new MissingCsrfTokenException("token"));
 		generatorByClassName.put(DefaultCsrfToken.class, (r) -> new DefaultCsrfToken("header", "parameter", "token"));
 		generatorByClassName.put(org.springframework.security.web.server.csrf.DefaultCsrfToken.class, (r) -> new org.springframework.security.web.server.csrf.DefaultCsrfToken("header", "parameter", "token"));
 	}
 	@ParameterizedTest
--- a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized
+++ b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized
--- a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized
+++ b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized
--- a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized
+++ b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized
--- a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.MissingCsrfTokenException.serialized
+++ b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.MissingCsrfTokenException.serialized
--- a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.CsrfException.serialized
+++ b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.CsrfException.serialized
--- a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized
+++ b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
@ -16,6 +16,8 @@
 package org.springframework.security.web.csrf;
 import java.io.Serial;
 import org.springframework.security.access.AccessDeniedException;
 /**
@ -24,9 +26,11 @@ import org.springframework.security.access.AccessDeniedException;
 * @author Rob Winch
 * @since 3.2
 */
@SuppressWarnings("serial")
 public class CsrfException extends AccessDeniedException {
 	@Serial
 	private static final long serialVersionUID = 7802567627837252670L;
 	public CsrfException(String message) {
 		super(message);
 	}
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java
@ -62,6 +62,7 @@ public class CsrfTokenRequestAttributeHandler implements CsrfTokenRequestHandler
 		request.setAttribute(csrfAttrName, csrfToken);
 	}
 	@SuppressWarnings("serial")
 	private static final class SupplierCsrfToken implements CsrfToken {
 		private final Supplier<CsrfToken> csrfTokenSupplier;
--- a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
@ -16,6 +16,8 @@
 package org.springframework.security.web.csrf;
 import java.io.Serial;
 import org.springframework.util.Assert;
 /**
@ -24,9 +26,11 @@ import org.springframework.util.Assert;
 * @author Rob Winch
 * @since 3.2
 */
@SuppressWarnings("serial")
 public final class DefaultCsrfToken implements CsrfToken {
 	@Serial
 	private static final long serialVersionUID = 6552658053267913685L;
 	private final String token;
 	private final String parameterName;
--- a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
@ -16,6 +16,8 @@
 package org.springframework.security.web.csrf;
 import java.io.Serial;
 import jakarta.servlet.http.HttpServletRequest;
 /**
@ -25,9 +27,11 @@ import jakarta.servlet.http.HttpServletRequest;
 * @author Rob Winch
 * @since 3.2
 */
@SuppressWarnings("serial")
 public class InvalidCsrfTokenException extends CsrfException {
 	@Serial
 	private static final long serialVersionUID = -7745955098435417418L;
 	/**
 	 * @param expectedAccessToken
 	 * @param actualAccessToken
--- a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
@ -159,6 +159,7 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 	}
 	@SuppressWarnings("serial")
 	private static final class SaveOnAccessCsrfToken implements CsrfToken {
 		private transient CsrfTokenRepository tokenRepository;
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
@ -16,6 +16,8 @@
 package org.springframework.security.web.server.csrf;
 import java.io.Serial;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.csrf.CsrfToken;
@ -25,9 +27,11 @@ import org.springframework.security.web.csrf.CsrfToken;
 * @author Rob Winch
 * @since 3.2
 */
@SuppressWarnings("serial")
 public class CsrfException extends AccessDeniedException {
 	@Serial
 	private static final long serialVersionUID = -8209680716517631141L;
 	public CsrfException(String message) {
 		super(message);
 	}
--- a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
@ -16,6 +16,8 @@
 package org.springframework.security.web.server.csrf;
 import java.io.Serial;
 import org.springframework.util.Assert;
 /**
@ -24,9 +26,11 @@ import org.springframework.util.Assert;
 * @author Rob Winch
 * @since 5.0
 */
@SuppressWarnings("serial")
 public final class DefaultCsrfToken implements CsrfToken {
 	@Serial
 	private static final long serialVersionUID = 308340117851874929L;
 	private final String token;
 	private final String parameterName;