From 5ff87128b1a16b9e9d3deded380dda9b5da5d173 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 30 Jan 2025 18:05:17 -0700
Subject: [PATCH] Make Saml2AuthenticationToken Serializable

Issue gh-16286
---
 ...ringSecurityCoreVersionSerializableTests.java |   7 +++++++
 ...ntication.Saml2AuthenticationToken.serialized | Bin 0 -> 6302 bytes
 .../TestSaml2AuthenticationTokens.java           |   7 +++++++
 3 files changed, 14 insertions(+)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index aea7544c58..2c806ce39f 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -178,8 +178,10 @@ import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
+import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
 import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
+import org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationTokens;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
@@ -500,6 +502,11 @@ class SpringSecurityCoreVersionSerializableTests {
 		generatorByClassName.put(AssertingPartyDetails.class,
 				(r) -> TestRelyingPartyRegistrations.full().build().getAssertingPartyMetadata());
 		generatorByClassName.put(RelyingPartyRegistration.class, (r) -> TestRelyingPartyRegistrations.full().build());
+		generatorByClassName.put(Saml2AuthenticationToken.class, (r) -> {
+			Saml2AuthenticationToken token = TestSaml2AuthenticationTokens.tokenRequested();
+			token.setDetails(details);
+			return token;
+		});
 
 		// web
 		generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..cdc6b6b25920853d28136f0fb16cfe8b61a78e81
GIT binary patch
literal 6302
zcmdT|d011&7N0DDARvMQE-V$SiYB=UMg+AI!37CI37ewmCAq{%k{j;5KmY-uTI+(A
zS{3zKm%3EkYLy~Z#a5`ev@Y1z<#WTjwRI~l#j1TXHwh#b`}%6%_x15dKJLt!bI$zc
zoZmS!TW$k8ngXdLr54f#N~2e2P`HlBC8<myO(?S|4U;FNah+BoG*D!YMnzC?oXXKC
z2_c@%OeOS;Mu{^TQZG~>DVfb!0+~tZ$GkNf|K3Zsiwk&i(A9QPJdu@6&<q3Aa_E8R
z1rJ0P4@9g7B8vxbob^Ctt4t(Irx^-YGVOR`HZ(*IyeUGP2lp9=Q%qhwq1K=^XafvL
z{Yy?zRysuSFHsH+yRe&xCujqyrwInQ%ctQvxJZlZ)glFhpdVtS!010b3EK?|EgNnJ
z^~TD+Mf%YySBUxq;9|9oP{~0@^i9IE)j;rpr^%6QMxzx)kXkLFL~uZl9aIE^YqU_r
z+Sl0hX;5N_(EwoJypHxDL`#KjOX<Kwy^d6AGBkL)mXJe)pLXgkuKH<#8y9fofUkuk
z3~;kDi)7I52mEJsZDzWS05guJJ@#dla+F!12-q17&?%2LEi#J2^N@C9$tj;@hwzm=
zz=;BUT9Z$}4Zy!#KKeDH#V&B^m_LL+mq>px>XV6dTl6DMm?5nIaJ5{(g-1^jI+7t|
zDiuZ0G_nO#!I6glL!hHn?10h00DF@hV>JhT!vD}GHmd$ya>kJ~W9zIrEjIG%r_Vn>
z;~^I!K>^}#uxE+Pm#1PIKz1-GtpXH6Vs<N$(wMR0YD^%>ffGz$JWs*k3}K$@{<4HN
z0}I0)VPw|XiZu^$8-R)#Yn=>?0*%g~CD0PXRCp%Vi{W96|102FQ-ttk6mc%H*yy(@
zF@Ou4Cjbuwhy@2)p;7Bm-g@FRq&~*NUNJD#R5*kJjDL0JlC`TEvVfo2D5;Nt#Fech
zD20iBM`-ja=n4apUfntyCowP~a5Z7p3r+jK%(R>|6&-U3bW;&ZD$jsuD@BThMo@$b
z6((HE<{FHz4(OA~YmEqJJuGrjs!=4R!x^&@SL;)1mGq<`_HdW&>+M0qDM)don#^Ww
zVX>HQPviyn1KQDIsS`G$Ce9`QXCWA98w6%5%L`DAx)^j*!39nefLAWAXG!FD!P$+_
z|96Mb*$k~rt46hGs*Z)sQ4YGdgNHdN&{_4AgTE8hR(mMRV)eGCXlu_#!scY4OF0Au
zE1oGX+lv;Xfdl!&tF1Q4HTq0KH3p}rDhTF`_PYs-F9gA2hA6mmo0NHePvoq{OLkWe
z<iUAEt}|p$x8dO?4mC1h%v6Rk&|xA`8+i#bNJ?O8s04`2gt);#3k}K)Qcnmqq`9Ti
zs0<>VnMQ<=@1TbPZMNHLEgh&}Bb_1jsG0`d?dLXh<BFwh>2)BqgbpSc!pa_%F){K6
zI+L55E6fcR!f+KyFib4M28xV2tqLByKu1zU07c^hdMYlF4l1HR!YfC0I~-yH2mp5$
zRabUrsNoWh)Mx9gC!yCJ;zveC#gB|gFc{EI`Y~YatDve-#F|5i#TBXaw>dWy4MYCK
zrj-yXQ*&(_Rrjwy+WCp*hqu_ix}y@+1vdO(YZ+*2ty<e>G$~?Nw@E>I?WAla%7i=v
zY6Ux4^<*$8p^Ou}6y(5S8%^Xfp!*AY<67rnI|#QUU;(z66(Y03h&GdfR{zHnhB<wv
ztvtMKs55MlQUTvo$hfH^V1vj&ZxCQSqamAuvm>@Nd;MbHA>lI04%oKwy|7Zg2Ug1c
zbv2L6;c^|pZ0TmnkF|Hyn2Wt*(A#6)e(b{GbhHCl$trP2%+a2g$hY_4CMql+9h|ul
zvEnY6JDPED?ihj7jF#|^CzYAvo>+G@>g4Q!0?I!D;sQh89~~w^Srl}1=0+um{V`u8
z%5(N=%R87vLS+V<Y#Nf4usGz%@$8&271wJr!ws4olEJkw4>4aa7qJwRNP;Djfl@4Z
zf|rW~eZoKX^Z#H6rJP>YuygDHuawgXV5J-<ZYhTYc2h;4dQ6P2T$FpcWyO}&sqbE^
zUnpJO=iBG&3zm=kHJ?}bY)_M0{_NS;H@?@et72*4yi*SJ*^2EV`{dLcLHmA9Oid--
z3Yr5a?#Po?Pw(yP*wI&8bKu;%35~l{^<iPsXS<t-C6Qr1R7u@*sXOV_s9wvj4+<DF
zYtSgelL_NfQj#N1;~M^=4dH(MImfZU8IyV@$E_^(_%!W`y7G4E8t>piT_sI9Ueg}>
z^p<|*FZyC>%J9mQ-U(5iABR8ERHtnGO3){iN@+e>+&EbvN{Z|Hcv<15L-og6Hotpn
zK=sM-(N3hp!srG&RlzvB@aB6$yU|Tf_&eo~7d$EmXv$kG>dNJD0O!LvY#inTqs7OS
z@5%4d*zmlRF2BbAps1#P!~u2aT5een%nwZm@Vzn58SM)=BLNS-9meBuezV3LhC0NY
z14LpWUv~Akxr>eSuhhJMr?zUwis!x3IOi9v^j5td!_yT$dK7mwqf4XcY4O3|GIsZ#
zxOY#p`v(g{t|b+_Mt+~TRdqo!Gc)#~-}a3BZ=TE^bZpA=56X%Uzc#KQt5;w^P4>;K
zph5hKF68z4;ezt98OwwFUiusxwa01go%+4!@AeZX?XOEnytkzB{;^m^MeR5c5Yv#B
z7MMLh@-Q*2N>pBdZT4LKp*aH{-r1Ra;)H`>XU_4-r^|l$(#3c3T6OoTre_tUvA3d1
zlB-pTP5Fc8aeI|C&httwNIy|kz0@aHnbbRC;q4_A9wk3J)~(N970@Is-L+~!5Amh#
z>pE<9y|943343|F6d~*Y*-qjGx`j1H@d|Vs$d(sd3P!AHT}2RQ^<{u_(#ZIzQBe`H
zgs9kYMuV{kjrU;yKQ300z<{8Fbetv<DQ%%hOR6<`b19~2QdD5ugBG&;=m43uOIuMk
zwGF5WJNHve8aw5kUZ$R)?IJ5<Kv<g%RQx5DCli6?4Mkw7`oFUYuc5GYF!#mYW)IK~
z!r8krhaC~HzmjY;E`|5pS&)oNV8;Idxp-Uh&`M99d&3I>ij~Z?u&0TOJ+RJ*Jv%r%
zCBq&Fax82v#O|0I8gy`WOv3d_G8=KO57q;XIXQPxuuoKwi%l<6{t8))+@cgxGHtM?
zWP|xd%l09QCEUT7R6I~TFc=#+5D_l=6q`T)DQ=dmvc?aQYDpQaXLGnECE(;|wRHjE
zL`X27pBSFCx9I&n18OCnirZ2~b>?R<X=a_vlnsUF6g~6HN^9ctZ`F5+e7fPH@P@bc
z=2(N6TfP5esdGzA|IDy&ciHjp7NwRSnJHN28uQ-8#g(pKpIx%a^WyhE&Ro9qW4~(g
zlZYu<DHo{5w~sPmhnfa&+T{J)xixkyqglI$_y_vsuz1dpLqh`luE%>#ywPxWRoWhT
z|FKaAzu4ZqqmEJb#6H60)en5Y<xA1PZ)L;UDK)RVhfe)Ur3<}U^wGA{p1g;;Zh4i_
z{qdss#$ju{E12$2`Us+P3v})~TJoyIJXZrh?u$$I^5u21gCken&`AmsLzaaOC|@(a
zWuj5DdnE@&V+b3WFXld)31xtTB5L%wsBxo>ttr*otiT2b_9XjSVt2l?e0>BL@Zk#$
zZn>GD<-Anj0IxWtieTR&g5}nE0^f7ku7v?TUg(ibdIJ$vz$S?Sym*DIHEpKDv@voy
zz#2<<)cjIzI-E&^Gyj<5Mvg2j5i3)!G8dZMhAjBJpxoiA`p}*cR|fal6|?5Ekg<C|
znbiH~zBO3?th?amqR>GJpYPZ2t2nf2FXuAVFyC+Dm)qaVJMgbZ7x4v0Jf!=smR+5E
zu(xzn%du%qN4jKqr5w$<6?W}Q%zn;&?lB#|@7xw*P~S<loCjM@&%L+n%y{M5DJ5JP
zxKCYL)U_~ihfCUrWn)ji;rH3JZ{OTP?3dcl+%~&DwBp`X#|`H<c5{zD-8<m5{h^9C
zP7SX+e!Sc;D|?IJK~=M+GgNVL^1Hbw_LZDVn4P+G^@Fm2ZY?tt`$tKuJb2H-i^<vc
zElIVGTQ8=~+xB$)jH6|v#Xm0WykN`~#hFvV60uw6nJTE_aP7RtH-DN%HJtJ%#?sff
zbqvsDE}ig8Nu;pT(F2#Z9BWS59eHD$)5Kjtqc7C^c6zhrNETT7T~Z(4&|x)V<=t{_
zxGd#4P}dD^-uznbb+_QHrM<8RU5i6+<HbL@hzD`LktJlzUl_OIM$&O#dc-YP)x>pu
z7C!1PTo*TR*szG5=e8C?Cu%}GGapGRXBwX#22b8dY}~QHHS6nxe%l*Xhioi7*|pR1
z_4yZqmtAChHpiT)s9dpPMaakV{m<Rry~j8u=klWQYa!9cMMo$C2E)qO&9-y53fgw+
zn?qcDRFW)VB>QSQ^7j=2Wy?@@G6~)p+A0yOcJP_RQtq@Ql1pYlH?~3v;MGt7pGVo(
KaRJFbGXERwNZkYg

literal 0
HcmV?d00001

diff --git a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java
index b0a0de264a..bccbcb869e 100644
--- a/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java
+++ b/saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java
@@ -35,4 +35,11 @@ public final class TestSaml2AuthenticationTokens {
 		return new Saml2AuthenticationToken(relyingPartyRegistration, "saml2-xml-response-object");
 	}
 
+	public static Saml2AuthenticationToken tokenRequested() {
+		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.relyingPartyRegistration()
+			.build();
+		return new Saml2AuthenticationToken(relyingPartyRegistration, "saml2-xml-response-object",
+				TestSaml2PostAuthenticationRequests.create());
+	}
+
 }