From 6f379aa9074e629870fc84b2c2be606320aee035 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Tue, 14 Jan 2025 16:06:18 -0700
Subject: [PATCH] Add Serializable to Csrf Components

Issue gh-16276
---
 ...ingSecurityCoreVersionSerializableTests.java |  11 +++++++++++
 ...k.security.web.csrf.CsrfException.serialized | Bin 0 -> 10718 bytes
 ...ecurity.web.csrf.DefaultCsrfToken.serialized | Bin 0 -> 172 bytes
 ...eb.csrf.InvalidCsrfTokenException.serialized | Bin 0 -> 10882 bytes
 ...eb.csrf.MissingCsrfTokenException.serialized | Bin 0 -> 10868 bytes
 ...ity.web.server.csrf.CsrfException.serialized | Bin 0 -> 10725 bytes
 ....web.server.csrf.DefaultCsrfToken.serialized | Bin 0 -> 179 bytes
 .../security/web/csrf/CsrfException.java        |   6 +++++-
 .../csrf/CsrfTokenRequestAttributeHandler.java  |   1 +
 .../security/web/csrf/DefaultCsrfToken.java     |   6 +++++-
 .../web/csrf/InvalidCsrfTokenException.java     |   6 +++++-
 .../web/csrf/LazyCsrfTokenRepository.java       |   1 +
 .../security/web/server/csrf/CsrfException.java |   6 +++++-
 .../web/server/csrf/DefaultCsrfToken.java       |   6 +++++-
 14 files changed, 38 insertions(+), 5 deletions(-)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.MissingCsrfTokenException.serialized
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.CsrfException.serialized
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 5072da9f5c..aedbd7096c 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -134,6 +134,10 @@ import org.springframework.security.web.authentication.rememberme.InvalidCookieE
 import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
 import org.springframework.security.web.authentication.session.SessionAuthenticationException;
 import org.springframework.security.web.authentication.www.NonceExpiredException;
+import org.springframework.security.web.csrf.CsrfException;
+import org.springframework.security.web.csrf.DefaultCsrfToken;
+import org.springframework.security.web.csrf.InvalidCsrfTokenException;
+import org.springframework.security.web.csrf.MissingCsrfTokenException;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
@@ -344,6 +348,13 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new SessionAuthenticationException("message"));
 		generatorByClassName.put(NonceExpiredException.class,
 				(r) -> new NonceExpiredException("message", new IOException("fail")));
+		generatorByClassName.put(CsrfException.class, (r) -> new CsrfException("message"));
+		generatorByClassName.put(org.springframework.security.web.server.csrf.CsrfException.class, (r) -> new org.springframework.security.web.server.csrf.CsrfException("message"));
+		generatorByClassName.put(InvalidCsrfTokenException.class, (r) -> new InvalidCsrfTokenException(new DefaultCsrfToken("header", "parameter", "token"), "token"));
+		generatorByClassName.put(MissingCsrfTokenException.class, (r) -> new MissingCsrfTokenException("token"));
+		generatorByClassName.put(DefaultCsrfToken.class, (r) -> new DefaultCsrfToken("header", "parameter", "token"));
+		generatorByClassName.put(org.springframework.security.web.server.csrf.DefaultCsrfToken.class, (r) -> new org.springframework.security.web.server.csrf.DefaultCsrfToken("header", "parameter", "token"));
+
 	}
 
 	@ParameterizedTest
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..55eddf9e9f0cc57d99e9e0d3087dcfdc91e76bc9
GIT binary patch
literal 10718
zcmeGiTZ|k>vG;7B&zCrU;8*<2ITM>;d3^Ty86UQnyR&`f>@&A#6PyQ{o9)}1yV;rX
zOz+*E6(WSgD^eaJC`b{CfFK?cNC{ZjLVO_{A@Ktr`QQVDgrZ21_&|JtWI|PUPfyRz
z?A{(WUwA)yXS%Das;jE2x~k_Ve<RDHko5Us#f*Z`@hX#{Ri$%&IAccCu7wVpH|OYt
zX-DCtIRMR2-KGI^e9t{Q{NdmGzJH>Fka|dtwZvfAHjN^)$o~eZ=g_jk^W?9;)N|sW
zFYgt2Hcwl#mg!nv#T=`7%&AfZ_~z$3&vYNW{=NYGSOTaZet&1jiOt8i{w4!4J{9_N
z)`Uynd-u@pV{^BDw}dPmA<Jy57Ewmlk07pnNOYfqJU&8JmMOCw_dKv}RRC_S23KMz
ztm99S?uc3T%y?+o0I~h46i7TU<kBkj7@%Ai)q)@dgqi>%MplbyHRibcMx2NpuLoDj
z^JE1h%d3KVEsT*1;gl5B7<tF(PxSZS*?9~X9}q&`0=;fYgp`?Jt+@ThuET%&atG=9
z6zQDw!>YxGNw@2G^g^vVLBkQU%66?N8u6_%4KILMAWxkm<e@T!0bKt8j?3PzNynuc
zRCkrKDZiZR@yoRo%*rb7xlF?dEQ%wl2L(b3&oHvY3IayXw6v=dH`$Uj)B!)F5><(Y
zj^#SnQ0L<`Vj$yv?E{-AHqeS|RVT`p0UBnGZ5%oh1bne8fkSc-xn0G`QDo5Z0LHT&
zAD$QuJ<ByK)T5!r{LrjAk!_xdUk9n}^L|D)W;-S2E;*a(6wgVDCz?>4vb?ejk~A+x
zG%SIgxv<R?iHo6+d(aOVd9*cv<Y6tCyqY~mqngWfZVpRs`u{6#&I(=`>B;3q4ogl}
z04G@nu1f}XHDN&Ue%i9ZfEiiW(8IAKlFj<Mu5h&2Jc3ORBWo%`cl3f^rk5?Zrfa3+
zRSwTcGd6}}(-`t9u(g1Vh90@dl`)k@3givN(PQ|ui;)NIkXnq6PE1ofrIcF@p!oW@
zzPjlK07f<mTw}h^1ioQu!TPi!p9YrGMAk!L=!Z(DYxGySybZSRl^u*5mU|kU>Zr$o
zbRyintU^lhI#)OHri0&>JZ*2nQ!#LctAPvBl21zC2Xr(yltlQBKEz0;psE2Cd<C=`
zpVok<hdstU3>~P2AvkyGc(_NTQ9PM^1V3<Nd#B4YiEjw$qzjshodPYN=dMzOM?X9O
z6FMDl)}K+922P#qf$sgecm}CUE8wHNN*a+^e^0AnC6s<fR`6&sVPQ<{+<(OEHT#6W
z1L_?|f%>K-oWx5I1Q~fiJS6B)PN%RbDxcZ$5f>x4VpQ35&2yL;xE90MW7>YT>U)ui
zG0+?n0s?Ef1h3${*ERG=t9npKNzjgEj^4RnQsM_2L20@cIN+O2%J-p3>ku{29!)WO
z802k(41Es{1dUyi-0}dOC@t%hVmCCFtf?ubga+Sac#!hLfho)J4A}KfnX51XVq{11
z(l|p&dPL{u+ik3yQ4gc7ISz*_zs82@vIExL*d^D!f=4xESEuzFr-jXDuo;7Zrr<E<
zV(iUo=Gn}wEvZ@K6gDk5x9rRcpUKFTwj>Rz<_A@;GQ>5F+@LgPXlTU7Gz&cv4)kET
z;4F5k9@tHpnNl9><-x$8yzD!2^BTRnY@U(4p1NCJ5ziGyR!NEuUqPCd@ac?{+M*R(
zxmsszfvSU+6RSh=qu8XZjPGkW`+V}QDCXndi`_g5OmF~39<p(V6g|#X;u3M2^FW~i
z<BWb?4^Jy>Tq8WVrvNT51n@@=zz9F*<a&}ajqK3Dt!$#%3&X{yK{de0wq`@pq#jNw
zH~}_}>dP6H%oG#BD+en58YUQU$TO!LIDUrqlw-qTRAn^-zKf9uPk|e=osyU3!Z)hm
zgOYwv$;rW|X*eAVTTEEh8GW$<9AAAMU~nOT*pnS!<WljFhCGd1(F~m3^jEpOEmG8S
zm1CGaM9wUA=Z(WUi$d7QXB8Wso}||B4Yh_EKFu=H0(DA{U*|KK$h#W?VJki2Y9LPI
zpIl6*75X(V6_Lb=6e+a9*0Dvc_?66x*Jh=tV=OmJz}J)vALRgyJh@0UmmnPl1EyB_
ztY+w_c;U4D5K_Qd2a|HMZP-|*QEj5?q+;C%lFiGDWK%akV~|c-kVOs7dsfx4bzTws
zY(_SJ;6$<E+bIk15(i*}XN2werZ~7FZQVQV;5$Y}-t-`sNrpAPBe>(`JiMGF%hDc<
zzSs=#=z0?lk9+vxkst3O28yeir~PoqvZqFa$WV{Q=p;mE2zaU|inW48q<|qS`neL(
z-v;!%GUx#hg_F5WFFFCmvWC%T>}O;{re7`bn|a88-X`(`#(tdsEo^cT-R3o&*INVK
z<UriB@blIG7}Gr?*ZDaR)5jAX6vNP($5NJ|o=Q-VfYTP%L?EcEZmHhYkOiPMjL|AY
zdpLaM=%V9aKxB79MA}hCp~hM83tY}nK$CcL&=uCTsoEp=M73?{za5|@e@Tl$6Ko{J
zt@S_*)ZWBqLRq|(Cy+aUxF;ju;sglVvRS;3AW>-Sl1l8d{a_vrl71fYe{j=&8;9P3
z4L%oI0UYWEn$IAw13Qmp*hxG?;x-WJYfz!3vrwOb?4d-j)*vZ|3_XVv^3#S*b~6v?
z!xXz+G3Ff5j&a~~XNJ#=S>jag9)6I61dI`Tf24r&c0TMf9RDsh-@~Sf7IElpY~I1<
zXV^6O%z~~B9KVqR1PZ|3Utq(%QLdmCElouC%N%kbN9_F-Hg_i{hzN*e0bhI1fbOe>
z+&5pcu=!#l)p&A3J58O4_h659w8{X8%m};1`5vF<;?owASajlo7_R9UM1F$Z&tdZg
zY@XKvUd0~HWWvK2b$|tVcqIqJbsa;?)B#R?%RT_FD{cY#p;8?v5HWX-88?f<d0f%`
z3O;=m(kYS17F|~-{~ZOFtnmL+$|#7xV$;4*5&Hf6(#&RTBHcyt2<yYAujzt1hCNVP
z<M*D6s0=jAf}!%%Y)GX&Dfe?&GBC8rOgBSCUUzNDAIK;Et|YD%+f;qawQ8O{1qFP#
zKc%L)O%u636thR6(giuKOfDX2F`7^K$DA-U1%gchUsGZc1>F_^Pv8{vh!R6KBTf~F
zMe44DZ<uq~lvac-@g!N@B%$vT#*s`yk|{3Z5_xZq^3w8?wTKZZRJdVj=*gGUB_zpL
z*^O*Gkl|n-2gt8%HF6MNS|v<uOs=Zp&MY4w2=W~G{;RmiN@&5Qw`m1Va=pf&^cR^7
z>;ck9anGcz=-ef^b-E}oov_luFYMIixFHLq5De5HjpC9LBgO*rIk%7>@r$A;N~4MQ
zIWEA)18QLnHftH_79YqMy}imv5a?N0C9mq=<5fzkOCtu>Bfn`tdMAM%ujwyLuT+Cv
zUWrJ_kCClSMq)h{HpLV>;A-^WKr#Pr^a5Ol&B|M#_+nJtXKrgYB!$0R#PeRX#D=Vg
zoabWSh631*<NbL+dk~16z~*E#Ah-|3p#f}oEjxn=1!}<Z_+_UQs1tu3Qg))iV)m4F
z(>W-+pfV4cBUb6buf?5mX<hNWScXVs6JL`7oD}drq_9gL>;VprXd5NV!2sNN(z@6O
z;!~fPDBM3bA5{8Gk$W1*U1&)TOr<^_Qz(|L07^ne{0{pyxqDLI6Fi(ZC#Ij=_r!PY
zYw?a8Heh}JfNAilhq;6{!9GidG_(ILFwMVTTiERJ!#D^*X!xJyk47JqGLl!RrzK&{
z)3xwIgBDu2s|*EHDG=Ez3#(8vIS&Og_%O{A^>6&ZN~cxfi^VWr=z}H+5NInWTMgnB
zKQARqIe-lLXM4(KByVu3<d)%MJ~U7jfrU62*__+2w57roax)JEKdo6yYl5Zuh|y{h
zziSc~_1tv}lZ~nGUKmKKXer!_sRKVUbB2oscYOhOec@CrRE)esC`mY$Jt0NV2GeJF
zWD<;Vjgj?@U9nUO2X$KKI4xuWy-Q(`k)>D?1(1;JNUBUSQh^R4W2hQ1UTwX0YvYan
NAHMl#$dBql{XdTZ9fAM=

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..693e898c3136a9e65df47fdc39ca758e46cbb6bb
GIT binary patch
literal 172
zcmZ4UmVvdnh`}tsC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT*x#xwt4z&m}c2
zu{5W|8ORRF&rZ#YdcXaI{-WPknHZRT7`QT06H`)){D9g^7=(PX63Y_xa}x8?^@B@5
t=34tO@D?P33@?EwDrBf*VDw>NEdiMX=2R4vFt9;PDPiD*D=vYm0RXq3J!Jp@

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..18f8a50a348f8192945f88a31a68885efa09c1ac
GIT binary patch
literal 10882
zcmeGiTWlRib*_^*j+?ZOn|IpeI=zjdQ8rGTI7#!WYdeX9^N_C-O4Amt_l~bO*}J>h
zo$E(|0&Nkrh_-_8P=zX>m8wec0WBmF;s=omi68hV5+9&`0F^57f%pO`lyhcgXJ;Sx
z`kF-ikoz%rcjnA_&zU)M_J@BX%ff&h^Ma}o`ho3MrvkG^XT9LE5mKuj*lgaIrIUsg
z22;kUJ7YR_WeA=pyvx)bnX{<RY|p*=h2Ot_?fWnOtc{Slfb_S94bdnJ&dJda|K9(`
zQGwxLQw*kM(J(Xy`QI>gZCX)y9{c69JxBlf(oTVA(<O7pG#t~d8sl}B*)^&FU;A|X
ziO#*x{Y3!Y8v`nc-`?DMbkm{xewBfkm=3&IbJC&jy}PgX;OzC^EFnwB$TG{Uhm?`E
zV~A@P65XXB4~>yk70OK8ISs6vRe<Z(;K~eDf9N9V44G+No(N0}AhujgfJ6f$4y{p_
z0m?OD-S-1Ps3{<1q)SYzGuzoUW{2$1oPUKpLpm9GQd+P$R31NG<Tfn!GBjmxan=lr
zQ(oPz6g{`drfD&tSL!rmMc+i1U^FQ9s>j}<7Zj(dS;1cM-)q!^h-IPjvXUiYx$XEv
zhY#P}b`VwS6GC1G-`gCkJ~P2wapTqP1AqKd8|iqIv`=|K&19pb)3IH8re2$*!5F#6
za?CIs^N^J@z$Z$&e2m;(p)i129l~+h+c9N3RD<dSxu(5JqQ|S$6ELf4yypT9Lhy8s
zXwEMXQZN}=V){NKCz^U|nJ=rdTueh=Kqaa&4QyCWPopPIfTF>2yIKb}P;Fpq$E;0O
z%o6wwv#rv;gTBv&y&E_rdy(5NMh+l@whJ(>Wqa@h#&k``s8W{(Ci4QLW`~w>B6=OB
zmdE=US)c8clsn{Xs#82ADIRS=aoTh%4rtOiAJU)<-s`~PRV2;@9<FRJVB~@30FsAp
zSV(I2I1TF#)43Ut+#LR|xH&0!WuzyU7db3BSpl468F)@Iu)P5TiudED1rE%}np6+R
zjz~7^ay`z`V$*}oHbz!gh3)7WuR<@FPF=T3+bbNNkw$EcMy@g9R$*xY8>t>C<f@2D
zngV%MakL$udKp=11=M8p?BpeCC5&=C1&Xf^>C#<F0Wh*b;2QTlCh(0)57ws*@@e2X
z4Rk#c1YV$Qx>|pg;;pkhw_@XdW;(|qRG)P@kWPe$moB6f$=Q|WO$WardD_x|r$OHy
zt@#dUOFk)k_v>ihQ5xBYPXmm!3#uAWfiHW`+G+&qhW!K97>_V?s2&8cWyrw8BO(o>
z$>byWK^WV4sd71v4FR2Uz;aPgpq0}+REka43--W-cH5nSy(7W{L7nV??%la~hN(lV
z5To2`5|NO<r`fPl$`M9Z@ZDn4#GST%_kN?#=oj%0sJ9&e>Ko$iBoaXoWaKXK5Tipq
zakqI?#mu&kxUL}-qscDSU7H!cV=~-(49lz4JU29OXEnx!g1}qO!z%>uHK`uyRV#&-
z1no#y7@ZGGO8mGaC|#=iHpFIw@^xs?IoLJO9}O`Zc5lxD9eOStGtym>+;Sg-D6Qy}
zqA)Zb%hZrkOoJ~nJm7i3(6nj0C0O-#g_|%2Vq|OllAfV7eOl+{yDiAgsEfO;F#$(5
zug*s1WCzHd?viq^;JX^KtJC@hr-jWpHf7k*6ddlkxc6o)^HgTm=ESTC3X2wkTXtrZ
z&t&BBmNX5f<_BoEI>IfD+@Llu)1VYN(+u=TIIx51K(N@RdSEqWW=egml?MZF>Vjv>
z#arsrb@Qa;^^sfU74ckT<Q_@U<`N`niI~nvxg}bWmn%6V4^$nr5_=tzKZi}i%N~)^
z9l0fn`M7s-+}KzgfRVc`Tp@!lXDbegxXd3+0psft-40JE0Pc4eGXNJB0{8<5V1%D@
zawAEFhE`zXQZ~@-h2!GWuo__G{zgO6r8XuE90QjQ=;Dk@W(H%$s{ktF8m299$TOyG
zIDQ7!v~9s*ROL!To`X9No&wirJ0&m6MQl`?4{G{7r6=xgm*I3Qd@*KKXY|DsIKKKi
z!0<u<Q6xLGNKx^ShCEG}AuzdGf0g2Gma3Lgj$`%^+B4LdFAeA{3S}doJTvh!GJIXh
zFoRFCj5I-=u;UASCKK6wY9nlBN0bKkY5bGIw3`9ul{(+zM2ZwzU@MW+EGY5I8Hu~I
zTGV-|q$c2N!Vezc0E|4gNHdoq9R&x5EcvA7=xBHmw7mdQz!@7;eWPXANT*?avSugt
zx(_6q7Z%B;?tZ0VI%Pr@H9YT{HQUm8MeMT~-TaOd#pbK|0AJ$(jPQ)GmDm(*u1H&t
zPFwkkkvng4kn05LB+ORhl(BgUo0sEcS^7gs9kTK0dJPVbJNV&|AMZj2hN~IJy<o(&
zrqB9eNj;X%PQmUB8=mS3Bdg%ml+Tcyey&9HHvs+i40^yr;bd;nbGA?MTBFoo+Rezi
zOurKGn|a9JZV~yO(r%po9c*$D-SBbf+s%QlaUg!Qy81uBblb?ae+ty}vDgNKL150~
z1zAZwmEl4HPFr{<0-L((mgen(EC9V>oYr8shr<_2pE7jYzko<@Oho!o#-OE>5Er<f
z8Cfpz=AbLAY0<R%Z;NSLvVSW;OWseaK~rof)UEZv9;m&E#e}+eBTpeW0dY@8zk`#Y
zXwzcRI)X$Y-6f6KVR`;M93=T(nKEACAKbNnjC6kj3w$;(eK^z&HJ(Af1?)VSVJD6Z
zao9klSK;25!X<hgvWGI>ufnCY>Ewt>ew12d{MsbNF8MIQZbyVU2VdI+@VPC+XT~jY
zDi05D<{$xQ#NM|QP+kmyRfgj~z~*&q8dwpBgrf23ZERBFC9HwtKg|IG17PnpY<M)v
zRn(%jiRgZwLk{$ay}!Wb*7O8B0wP%;*4{RtJ7ytw+?OouzL-d*PfqBkiKEpH?CHWr
z9IY|{A~V8nalXf=IsMSR;4wa(xFCkl=omzPg596P<{4~0uLHb-J)FsyhcD^?3-XXo
zB@p5BI)<jH1DyJneE?Bc)E4=nQXMD|6AzA=FpK*CxZ?cF`1BP>r$iz<=r}t0?<u%g
z!v9Y#qayx{P3uZU=)d04W;Uf0=`N~AcppB!peyPi_H@a*=OS(f8fC$7^VDcar9Fx8
zGawllS!AZ0p(4v&oAU?qiN7m}YnN^6e#<fIt~Cu8_)tHkhNz~ATpup8&%#X?<g_xm
zC^i|*C;S#C3{9bcO&h)@)FLi)n*cnFQ!pY*4B3phPq(v3-F5JFvo@R7E@8_&Nmi94
zj9tPx;z>v{!DSVDz<c^~jF;4(yo(r<N`(qbswZDh=Q#o7;4W-d;%kC~T^u0)W-HA>
zRJ4kjSRa?FqRuQIpa}9=i2YYk$ZB9h(c3V6J1(y=xcUnX2L1qPq^L6~FFJJ|s!r!*
z(Ft!lc)?B;$4l~p6gC4jNW<t#iILI*^EtPWAMrv_7$(s~_D2CMANALb&Ap6tiqCFJ
zeSOMF5a=n8lHcmzW+^4rr6Kc_@sQpzpvUj@7p7OPLoTmWr1ZzgeGNt;I~F!ZYG{Mf
z=)Zwter@y&6vJj@6(}l<ihAb#jfSN1my7+p4?QuJ^*|W|W#59$RvbT)2ebo$$T4hq
zr6Ugr>Y+G3jLir(86Z?>3B=>YPN`5k`Z}ayhrY?IX|2*ZEW6-l9x_L~rH8l{bxP4X
zqIr=Hk;n!v6P7{>SU4~A>VrMN!G3L_WH}guiYJ{D>p*<!6A^{_W8*<(&jh(AfZUm;
z<iJ(t<|7J&71M_+p;Gh?>ou-DsqYCk=FN%d$Mv45*4~XZa#(<K^LvaEpE|%bv=P=>
zJS0EmK?VLAnC4%_E$sIA@g8hJ==h)HkEMRN%7|a3ot6Z3SGU6RDJwJyR~ZUu(!H>*
z<i#pnnVg0TGWguh75Crxft60H%7xv}r$G~kXB72Vvq3EJ^Q&a32hbt^7*P3)<PC~S
zP6a*@L<dznuuumhn{xY=wG#1W9teIy^OoiW%kv?lwL$!@NfhdN=oT&;QSV(CNSbIV
z)Wy_+A60XLs|Htn0atwi2&pd@#1ijf<YB3T7MMQ4cP7CYw-{NQ?uxWh*r(Gvg;wiA
w7BIRLMi^O&SE2wCkgf48liaDm24QKW<}-fV`t<en?;L*fwLd|AH0RI#2f80!+5i9m

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.MissingCsrfTokenException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.MissingCsrfTokenException.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..dd210a46128a80cf449bd69666729ccb35639dd6
GIT binary patch
literal 10868
zcmeGiTWlRib*_^*iJPR3n|Ip8PHz+1C>tkEoTPcxwVlMli6dVpl%^D|cgNS8?A_h$
z&h?`}5wr*jqOG7jRH3S(m8wec0WC@-#1A4B5<l=!seFL=04i1D1Mvk?DCf+~&dxsW
z^)-q3A@^hM?#!9<o-=di?2rCNmPH{s>4#M#3PQ)LPK9QT&idh1BcfJ4blAKxOD7F0
z3a5;7P80#iAUsd_SE)BVXVHK;zIS5V2hqdpU;m(ukhzfbwT2DRC=BkIk&ph~_vQ(K
z;Yd>qre)D6G6wkH5cM2tD?Cs9^2<FZ{`uk_foIDVbH+4W)2kZeb&okUssLa6Z2Res
z1JC_M0N$4XDv00S+J0io(ffaugP52O{aJI;rSHFYaMzL98^2jXmX4BTmRXM|BkM;I
z*Ip#LS3w>fC97@9OvgP3teaJU>(byV3{`*hGU<qzX<eNNO$#8lT~2|-1H&$@QI7%2
zbx}PCLO`e~AY!CbOsg};-8<?;?C4x@jXX;_7#SP%>#p7H`K)_}hR)P{H=Cy2LFmso
zHnqD4E90lS8Cte`l5%kXRCdgoQTLQz_iT9Yw)|RPhSaEsF_S{c6~%qbWZS7njvc$T
z;|MA-AcVXD-nKPSc5Z^X^5&~M`~UEjHnQSz(mv&fHIt2y4%hMM`Fd@VhNI+O%Qd5D
z)HiJ!o(E?|*_MxzH8zC-)Z-wI%ia}Jj!QMDjv8gtzMbmv?RpAkb&dC2qG1HS%@NH7
zB|=J*j4UyOfRWQp{j<UsQbjJGK|iDtRRwfzy3RA`I}<cwV5_~Y0~@F|u&!&?CT+6}
zp28ff+}|4nT-Y_hAvu8Db~17p8FV~=@hr!OCq_fhbd4(YXlOD&G-^&{8K>jdA!_-&
zpOKCEPDy!%oK1C#XC=iG4Jb~Vp6!Arjf)WtE8wp#ELTP1Lg?dK_CrP<Yz`oK=z^uA
zW{=aT?lPU5e#y<T|B9P4f>%a*3VD&kl9QFdNuGh{Bm+AeFraupWm@3CjI7J_aO{X=
zt1j1*94$6I*z90rZB^Kgp7(8f$#m<wRoY(W@QgHKV<dKsVXq2H3)sl?NFi6pRI(Jv
ztBRwY__T|WRaQt%M#m<vP%CAW8yQf1eMFb;N(O+DO#;`r?=yjKM0&73ZGcY$&uO6R
z;V|?=Wz)6#s}yg8<$Jb+JDBO7g5W&naUh)t4=<faDVDP{%bN~<Q}VQ}0Z#*gGg1p&
z(3X5s_U_ZsysI>F5TE)PX%|#Apb}s9oVB$G)CD^RtT7&8=wLkzVUv)7het#j#goa$
z@Pjb6=Zbwbi47s0a=~(OP@wiX9xBB)>xcVcLc8P5!1fU1fuK%yL-)QyJVVr_Rfthu
zHH}Ef-_vYZDdjjLEBS6QY2x16zVDFHYxIeD2h`gR1NBYGb`pyq2r_bycu3Hpp19jQ
zu3~1}$6VJCiqT|O>Yl@lz%?1}JqB!aHQ$R2+)Isdp&;;<i|`7;dtIhSdethSB|$sZ
z6-MV{k`g~42})P$fdjGGpnM$~bPje6^hZO?9szw@phMq-gGIJWl3Nb@w?(O~Q;NgT
zcp_6nN(l|V$nZ$#hlA6m<CS66J2p3A0>sGn<Rv>pY5JVb%@10Tn^6yUTVnzaX?~pz
z&&dvuJKH7YUdeYgWLKy4ZB7fDacnBEp(!}rb8+v@TjuH9tgWe86BHIL1h@RmDxb;7
zlPzf)OwEtXUUisT8o5DjUZr6<cBUEVk#JxK(}iHML-oLF%FUGeST7F-{?sMkk&CyS
zIvspQ^7`2A@``vaGjgw_=x_<rv_wp2q|y?t*vpliu?MOSYA0TY<S$^8^0LRIbjNRt
zVlnPL95*%=2Vi84g)3yh<7_1%5tsQx8DM-puKVay3V{3F<s87Jg#dof0T|)uoWe+A
z)5r=PT*?Nzy>MK78d3v{JkV%Jy42>BffL~JVO^XN$;?2acojfpT*E{K4td731IN$M
znszKWjH>Kt(06g?!BgPIe5d4PxrmKw^Fd9&uk^&-?JAs(g)b(o>WqFp1CFnO4luM3
zKpe@AE>cuHq#;ieW&}*G)nBD}TcxU{l;fB^M9vI#=ga*%i$dARC(lg$oDAPmGR)x9
zEF(=&r|kFwpUFi2p4kYS*%76IeH#CyFzsfDsiMxeIFTZS7T7wX&s<RAmvRz!<+Z3|
zv@;X%HRT5nasWo2SfrUNkdA@_Q`0`9IXW6%1Z_Wr6mZ7D<lbl*Hr8oWpR75lz3xNF
z=A}ilsk>i!h)$W1MGeh+X3ep5UJ?6jPB*{fM6vlsF~B!D03$pjY$Z0un=8`RqtkZ2
zV&u-79^^VfIw`Z&IAv^J#O9?WS(g4#R)=gnx?YFF<8FR<<j1>+f#GV#DL))Gt?98K
zDyzrx*c9x}u;HnmD7Fe-Mg<JX>E}vBe-qH}%%KN76i((Az2F2CuQkej<$a87$n`4`
zzf*+#ofeVrFYm+Y-^Zp9(aivdzSkV+ItSuMt5^O9nC=+4_D_SFK9Sg9APmiUyb>#`
zrwUw1z-bHbL|{`_-O{|BkOiPOjMEzI_Hg(@=`)6I`xg+|l@O7Blrw1g48#SlXGWGw
zyanh=>smDJp*v#Qmh9gO(2_r;)u1Uh66)4^U=P&Z#9~5Syji4>TY$JHr{94|P_${W
zcpX8aknNI2Tw(daJRBtXUYRjo=^xy+e}Z&>3JZKTGy^!)4K|)Zz6<O;lw&7}3`y8P
zq_4nDFP(w=8OR<g^jaN~a>&pN#3Vn?EHZv=l3|y8lwx;9jJW_`+XV2rBgbdXEpaLj
z4{sG90cXVCw-r!P41raK<3Gga4Qv`%5r>4L@#!6GGUBDIf#W|b00IMG?{#c=G%8fo
zqP2<WeqKNh^oYH`z~=V!1UmvESs>QlF`&C<A$Q%EEbP9RNM%n>=%=Zp)o$$R#6}#g
zasVPT!ftWC$EP{{(7oU>KAX58hR^93M1F$ZU%=*BY`&-iyo^1Z$%Kb5=>QAzkWD2J
z;qy9%rl|v*`j&kNQCCzG`JqxBC=e45j=3<4`hQq){#AVX8l+PqksWYdo&4(xE|Kv6
zQ_HA`KV#FnQW5&EceR;M=|sAV>Ji?DPcP_-I)Xi&vhKNvn}J4IFx)&f8d7ObD*W_I
z28I`z>E@`&a@W@4fnwtCN#fdNo4Vg}&AMkz!v#LnPpKiQX(HE$%j_|@>4KbACKugJ
zMvDo*%?U$ODq+)xuPL>N3*9CFkKz=Jh!R6SBktAhEK+wJe8a56rnO7h3Qv+%B?)7f
zaE@dWl1y<~#UAjU-U8#L^(XHlMx|1r!jkDJ*3(5!06Dk^n^pLl;$SZaD8AXsau64-
z5+*h#rK-3y&j%=id>&%|H59TMno#sM%)m*?YYeXbB7=cHKpH9POv;PSUWBUC1zB{$
zn+{&EQ^oPJydZ_mKn>C;zEWbOyuf_UE#ybMP!vUJG_n0r04qTKbzyTKBOT&Hn{scj
zauNi38l>d6`gd4LNp)$&d}TbOcM|CFJN<>}RqBw-D-|jIF>-%{k=Tx<&9NHVpfvh#
zpjccRJrBjO8CeC23!|c*`9Px~sr=<)Kkr3P%w#=K#z5J(VY3~_j~4;$Mj&z$8(!%s
z0)l!djt^loj7<&*6<P-Ic(GF|)QP_iv7IO|nKi9dI)`Kz+{{Dfh`00**Wyko+KPBy
ztV1NSiOYngkP;ToOS|;J9^l}RwovjM3_`_|&WUv(KJ|%-LjAGvpt5I*+*3gAd{c7Z
zDs%HOg#p_P;7X_*zr%V>YESBWg3U#9V){wFC$6=3VT~LX;N1Lvqs*uFa}8~Vb(Rdt
zPkB&*zXqoHcW?{4J$|kSTM#<_r}$&J53VwjS81muVcpZM@O;J!O~O@<0-E#ytSfo3
z3RfoQ;DQW3aP!3dH-2EH)2eb|5AkWxB;grFJ=ts!OZ@yQS?U3F$Upy6J|lU9qLORF
zM}g>|Y6lkTU}Q^Szp_>;-pm8RPio%MoM2@>Vzf4Z-!+LsJrCW&Wn=2Q76y_gS_*YB
zb>K(UoaU;*RbRqYUjjnv%LTE-I~jRYs-Oj?PxGBgFvcxL)@Qq7t&|Sxw9cZ{I*|p8
uE~Q~cmg1EtfP`dwa?2!lDzHIR9<Bw9-?lz;W8=HW-g@nikRQzjbN>M<(O2LA

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.CsrfException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.CsrfException.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..6556a08dde7b2047a4672d9548a33672217a0d56
GIT binary patch
literal 10725
zcmeGiTZ|k>vG;7B&zCrU;8*;JbI!yjSRS8!e*3U}+@0++XP>z}n_vf{x!JzGInU0F
zXL|2pg$UvBlyD*vB~m~U5Q&EbQUVsX5MKyKNc_M@KKKA3P!tJ?FTOxBp{l#5r{}SI
zd)R#8{pg+PuCA)Cs;=s)o*)06EQvyL#1E@x6oigfod~TOo$<q~W<>3J=&(6+hK|Ea
zI88&-j=~AEADY2gn+DABy_>5p{pHoyzje8dklBzNZi>jVZ5l;pAO9Pmo<l1N&$GY!
zV%M>M-rObdY@D*DEz`BUsySNsm{X$)@XgP)pX%Iq<9z}6kpxgd{O;b?V;hfd{&fyw
zY%=s`tZ|pV_wN23hiC5mb`e=TOqSSIJ)(@P9Y$Qck?3v(d32a8uTW+=?pa{nssh|<
z4X(^kW=AiR&WKs|)v?gB0pf|vDUf(z(4{r%F+jN{ss}*`2sHsjjI0#X>dbL>4?7V%
zIvZRgFOX%7EUgLZ^)N;*gi}^jW8`foKi1oOZ`)y9d_V|!3)H(Q5mIh~we0R2+YkKl
zOKqg%6Qq5@4{H`1BAu?|(R20MI1Pu%3fr}!XxO(ZG&~2^fjqSjlgBC)25|lTI4*lT
zCLEV)P@Of(CjCmP$FI~=Fw1Ma=OPUwuqcjbHYgENy28jJD+m}l)zq%a+;Yp(Ui<x!
zN>pVUI+p8PN1cz+h=GiEw+?Kg*gz|;RU5BZ256W$wz2<E5b(t=2M)<T<aPxkhmb+X
z0~pVCe0X9s^eoq`Qjdlf^Fy=dM7DV<ejT8;&-)o!pYN2EJLGJtQ#>On9&12x(()=U
zNYcCjd$tUA=E62pB+iFE?m<6f<f-NWl84n`@@n=djp{Dbxj7)Y>HV*`IW2f)q^pn@
zIV?F@2At#>xFH$X-hctc`$@|N17>7RriWukBpda0UE*l5c@mp0MpjjY?&vwcLN8iw
zUDrz6%N(AOMr;hlrZMPMVQT>!nI5^w<uR2k1@eaC=xKb~&d8&7NG(Q3#;2&AQp%kS
zD84?UuWl*>z{m!HYt;9dz&9i<SfAF%r-9`(ko8~~`k~V4D*aV1Z=LOX6$j&n<(>qm
zI^uC4od|a?E09vW&Xrl-bnv^9rzaZl)E78IwZH{w$tR`ny*ip(N+Ntm?`Nc4P}P7+
zz5-f_PpiPw!ye-vhW6LP5S+VoJlrGFD4t9{gde!ET~n2-iEjw$gbSLBodT_#<*rhM
zM?c&P6WSeb+P|tS4V*gJ3Eg`N@eELxR>4Pk)iffp{;p=jN+`XIEaTB)+`^dHzUQFX
zZT1L%2h`gR0rd?@IEj}a2r}}Bcu3HpoK9fVr+jAHhg^){icw`#b<bgD;93l0k7@h0
zn(sv>#z1pa2nej@0=$CrUX$sOR`sZmlAs;S9KCa|q|}p8nyLp5_-2#xeQ45Ih#F{*
zrkFhh^0q;Sz6S?_Y?marG(aaxD>|jv4UM)yDWSnP86Kqkuz%8WJOg&UQ{gI1fEd}D
zykuu6Ne}DXe7l8pGwNZqHOJs^<=5HZtn7ewXS?LOm+`2E?CP{$;k2;%6gHy}&=efT
zT#UVW&0NXN+LW3#Mq$%}bIZ@H@|lcWYDv<dYJO1ls)Jn9$PG&KDh-X;n5Lme!hs$v
z7o5d5)dRaJH&e=Etvnd`6Bm6)ZeF8Xm(6D-uP5%8SHyFPkrk4n!&i`|C44#~<(6p0
zR<70=TcGNomBi|h{0KHFE93hb&ORT%FN(#ucVRb=0^=Njk;iP@A$=ZaD{+aq&3T~E
zfN@5zu7~FoHm(sK+*1G-=L7fy2VjJsbA->zc#;Z@?9jojY@*o<!^NioHNeQ0Mnlr1
z9#1Ja0X9;H&LPQ6Um|$rK&4;91OpCv=A;A1&(NN9Y&eXntft?0G4kLkaDBd0^0HL;
zMiqQe((frbIruaMr(<D@39Gu?zn%fdS6>Ghm=7TKWJedcR6L|1Ph(be70zz@t6bhD
zDQdaOQOq79XPUZm#sQs0A#CKch7C_oQfv68T0<S5rWt91I;F?2@tKTh;i)A(;%XpH
z<DXniyA}F%FBOr*i4-Zcz}Ddft@x$fidW~QsAH^TCg5vIhEH(-MxI@un#+)mf&o*j
za#}NVRJ?H7eh4Yxw1Y{x*)nV_)2KdPb5gPH1Igya1+uA|pD{ouEXbk;<~*zB*gCI>
zeL5$b-*cka@a>cb_yz}HglB}U_@+3xB5mC}ZRI;gM&9%wmr0H_z9YEf<viR>l4WTR
zMo(-8cyzrDhsT}#@W_vM5d+25%#(gNXxWn^L1d^$V`KuNGXy-<6UAD=B2vJR75!X^
z=<fph?K$*-hr-F+rsti2Vp+rJG4?RBF4wP?_-YaIpS6g5udxTGzm82IqPx7N^ICJD
z+Z>2{7Jk0^A7gr8<k~+2V)|&JgT64d=CG7ysHZX%B;d4#H4zBvs#~geC1e3;4WqOM
z(H;(81-fYa7ZBNz5RrD2Q>bwo`~sIV6woBz0(7M{Evok515s^D`fmkj(Vx>|&;%O^
zaceyg1GP7?nNSvQ6$#`XAnwY^w{IK-ZP_f|N02CFyQC63Y(JQTgQQ=C{2$!3-^QVL
zV1v(uRse^({>C%NYrxLaId&4ykhl#*`U+HN=`_@5AbTj&YjsG<Aww_Vg#0A4$!-?`
z{Vm0AM~t}uv~3Ld+?L}rXO=jXyNB-=AOT~<-XAKUqMZ-B49CBV&G)crphX;d8=H5q
z`6)ITpIOqif#bIdfItD*`*Uo#H!2j=f~AS*eo;UU<cPh$#OD6w1Q7v|%;Rex7|=tt
zkcZ|=<~LtVq_QU`wA0jycqjH~N2?rw$c(UCobT~zCO&N;i3KMvh~c`9LF6ac{X90G
z$L0kc;AQOLOeQ>hK?j(ZhnEU4+|V&JO&#FWx8wuxy5bg)A1c*>0ugiPm~*ozoM#l>
zFXPi!Ae|D4Y@h4u<iDffk`?}cN*M+5S8Q4rDnh^iP@4ISO{BXh9$|g>^i^F@hp`7r
zYy93bQzCCx;c1iwL*=Q_kV<<}?&pAHU~qw%ZjOq)?%Gs5P)z(?Nn9(osk(@3)jfL>
zKSh9RUQ^triCiCw*&|Ttf}B<+7f&`BEhhXUP8gaJ!KQ?-DY1xxZWDkbI0ZeT#E{R3
zQw3s?y6fQUW*j!D6=BOfNme&W=(~h*B$JS2ip#h}-d&))wESc(Vps|lZdfus#d5lU
zB>5^kk&Q=k9PH)*#g(lr2l1s<!o>RIsw(cx^8tb&&x7y3hKsC*7F>FpR^TMpYYa+%
zk;%XwAdM9FOv;MRT!34r^YYROD;@m8PF;>0vOo&KKn>C;E-5i$%rl>J3;7YhD2k#q
zns}e%0&F~>mR4c2nvqWNfsE1Jt&9YLuD~jJRsR96Qc_(UF|Z!_O#{+94)l0Ue|~!9
zI^^<7L`r^)Y;G_T>#?*Urq~8oqyGkq#do9U;4*Al-U7uJqvAeuOQRtv{G}qEccUd{
zvL14li+u|U;0YY>Edtt!K;#%U#~T5`eJBp~W5a9NIZP-}1D3}xJEcIK`0J3069pEt
zC$*c-0oetWdB_~GN)LW5?vzXGi08#JL?RpbnhfBig!dt(?fPIBaBxuDD0vS0;l`8B
zihUqH^@)kX{bS=nrOy<(=YZU~rsTj>X6IrGeHAN!l8_O<!+uTfp49gQj~C5}=_mI+
z@m>3Byd#GVI6Jr3H2Bm5TtXXQpCv<@+5ZNZ=HIW)Z}#|o9E2b={7>^oqX$YE$*a`U
zqOk7iT6i&|g(mJQM*&p|L^jL9DwIslLV*lEO!Gwj8$YnpX;t}RF^rdbph*G*+RE`}
zgLuWyOUY6WAVdDyp0XLq8(b>675JDB4OB&7Ar3}17WOM`sc?nd%mKkqYSz-6V0kWL
zwAP2;HHnLQ?z)A^#?*Jr4<uEz81BW?fghPU#YKa=zJ$BJbRrfiM&3b`Bpl0*ND;Ka
z^eG;h1Y=xdWNo%9mP%=#PU{S(g)E?VDGe~P7)zo65|XV+l}Sb_&_QGj)&j<>t=I3Y
Qzt#JLH~$3r(QGjLA9Z*jUjP6A

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.server.csrf.DefaultCsrfToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..9cff958c4907a45a8acbea834b1143808b70d1bc
GIT binary patch
literal 179
zcmZ4UmVvdnh`~0$C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(c(DJn}X(n~Hb
zO4D;mO-n4zDRBm}L-Mmz^H|&qw@6J;D`a9|_F>@4NKH&hE%F1JQo<nQla*MOsGpOV
ym#!aN0y5s(hk>^s5oAXRL{T9_9Rs5e18WJ$BrvC<poD=9VoC`ECtPs}R1E-thCO)z

literal 0
HcmV?d00001

diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
index c53541ac54..e18dc3961b 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfException.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
+import java.io.Serial;
+
 import org.springframework.security.access.AccessDeniedException;
 
 /**
@@ -24,9 +26,11 @@ import org.springframework.security.access.AccessDeniedException;
  * @author Rob Winch
  * @since 3.2
  */
-@SuppressWarnings("serial")
 public class CsrfException extends AccessDeniedException {
 
+	@Serial
+	private static final long serialVersionUID = 7802567627837252670L;
+
 	public CsrfException(String message) {
 		super(message);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java
index 621391651f..a0950fa44b 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/CsrfTokenRequestAttributeHandler.java
@@ -62,6 +62,7 @@ public class CsrfTokenRequestAttributeHandler implements CsrfTokenRequestHandler
 		request.setAttribute(csrfAttrName, csrfToken);
 	}
 
+	@SuppressWarnings("serial")
 	private static final class SupplierCsrfToken implements CsrfToken {
 
 		private final Supplier<CsrfToken> csrfTokenSupplier;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
index 682be4b1dd..122d95d1ce 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/DefaultCsrfToken.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
+import java.io.Serial;
+
 import org.springframework.util.Assert;
 
 /**
@@ -24,9 +26,11 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @since 3.2
  */
-@SuppressWarnings("serial")
 public final class DefaultCsrfToken implements CsrfToken {
 
+	@Serial
+	private static final long serialVersionUID = 6552658053267913685L;
+
 	private final String token;
 
 	private final String parameterName;
diff --git a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
index 0c57e5a604..bb4afac31d 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/InvalidCsrfTokenException.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
+import java.io.Serial;
+
 import jakarta.servlet.http.HttpServletRequest;
 
 /**
@@ -25,9 +27,11 @@ import jakarta.servlet.http.HttpServletRequest;
  * @author Rob Winch
  * @since 3.2
  */
-@SuppressWarnings("serial")
 public class InvalidCsrfTokenException extends CsrfException {
 
+	@Serial
+	private static final long serialVersionUID = -7745955098435417418L;
+
 	/**
 	 * @param expectedAccessToken
 	 * @param actualAccessToken
diff --git a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
index 5a6a63f4bb..a8326fa2a7 100644
--- a/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
+++ b/web/src/main/java/org/springframework/security/web/csrf/LazyCsrfTokenRepository.java
@@ -159,6 +159,7 @@ public final class LazyCsrfTokenRepository implements CsrfTokenRepository {
 
 	}
 
+	@SuppressWarnings("serial")
 	private static final class SaveOnAccessCsrfToken implements CsrfToken {
 
 		private transient CsrfTokenRepository tokenRepository;
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
index 631c5b7fdc..bdb693e95c 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/CsrfException.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.server.csrf;
 
+import java.io.Serial;
+
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.web.csrf.CsrfToken;
 
@@ -25,9 +27,11 @@ import org.springframework.security.web.csrf.CsrfToken;
  * @author Rob Winch
  * @since 3.2
  */
-@SuppressWarnings("serial")
 public class CsrfException extends AccessDeniedException {
 
+	@Serial
+	private static final long serialVersionUID = -8209680716517631141L;
+
 	public CsrfException(String message) {
 		super(message);
 	}
diff --git a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
index eb49369e6f..2a32018a5c 100644
--- a/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
+++ b/web/src/main/java/org/springframework/security/web/server/csrf/DefaultCsrfToken.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.server.csrf;
 
+import java.io.Serial;
+
 import org.springframework.util.Assert;
 
 /**
@@ -24,9 +26,11 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @since 5.0
  */
-@SuppressWarnings("serial")
 public final class DefaultCsrfToken implements CsrfToken {
 
+	@Serial
+	private static final long serialVersionUID = 308340117851874929L;
+
 	private final String token;
 
 	private final String parameterName;