diff --git a/config/spring-security-config.gradle b/config/spring-security-config.gradle index 05dbc07057..c517447e18 100644 --- a/config/spring-security-config.gradle +++ b/config/spring-security-config.gradle @@ -112,6 +112,7 @@ dependencies { testImplementation ('org.apache.maven.resolver:maven-resolver-transport-http') { exclude group: "org.slf4j", module: "jcl-over-slf4j" } + testImplementation libs.org.instancio.instancio.junit testRuntimeOnly 'org.hsqldb:hsqldb' } @@ -153,3 +154,9 @@ tasks.withType(KotlinCompile).configureEach { jvmTarget = "17" } } + +configure(project.tasks.withType(Test)) { + doFirst { + systemProperties['springSecurityVersion'] = version + } +} diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java new file mode 100644 index 0000000000..48a9469332 --- /dev/null +++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java @@ -0,0 +1,317 @@ +/* + * Copyright 2002-2024 the original author or authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.springframework.security; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.NotSerializableException; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.io.ObjectStreamClass; +import java.io.Serializable; +import java.lang.reflect.Modifier; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.ArrayList; +import java.util.Date; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.stream.Stream; + +import org.apereo.cas.client.validation.AssertionImpl; +import org.instancio.Instancio; +import org.instancio.InstancioApi; +import org.instancio.Select; +import org.instancio.generator.Generator; +import org.junit.jupiter.api.Disabled; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; + +import org.springframework.beans.factory.config.BeanDefinition; +import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider; +import org.springframework.core.type.filter.AssignableTypeFilter; +import org.springframework.security.access.intercept.RunAsUserToken; +import org.springframework.security.authentication.AnonymousAuthenticationToken; +import org.springframework.security.authentication.RememberMeAuthenticationToken; +import org.springframework.security.authentication.TestAuthentication; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.authentication.jaas.JaasAuthenticationToken; +import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; +import org.springframework.security.cas.authentication.CasAuthenticationToken; +import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken; +import org.springframework.security.core.SpringSecurityCoreVersion; +import org.springframework.security.core.session.SessionInformation; +import org.springframework.security.core.userdetails.UserDetails; +import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; +import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken; +import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken; +import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthenticationTokens; +import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthorizationCodeAuthenticationTokens; +import org.springframework.security.oauth2.client.registration.ClientRegistration; +import org.springframework.security.oauth2.client.registration.TestClientRegistrations; +import org.springframework.security.oauth2.core.TestOAuth2AccessTokens; +import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest; +import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse; +import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges; +import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests; +import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses; +import org.springframework.security.oauth2.core.oidc.OidcUserInfo; +import org.springframework.security.oauth2.core.user.DefaultOAuth2User; +import org.springframework.security.oauth2.core.user.OAuth2UserAuthority; +import org.springframework.security.oauth2.core.user.TestOAuth2Users; +import org.springframework.security.oauth2.jwt.TestJwts; +import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication; +import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; +import org.springframework.security.web.authentication.WebAuthenticationDetails; +import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; + +import static org.assertj.core.api.Assertions.assertThat; +import static org.assertj.core.api.Assertions.fail; + +/** + * Tests that Spring Security classes that implements {@link Serializable} and have the + * same serial version as {@link SpringSecurityCoreVersion#SERIAL_VERSION_UID} can be + * deserialized from a previous minor version. + *

+ * For example, all classes from version 6.2.x that matches the previous requirement + * should be serialized and saved to a folder, and then later on, in 6.3.x, it is verified + * if they can be deserialized + * + * @author Marcus da Coregio + * @since 6.2.2 + * @see GitHub + * Issue #3737 + */ +class SpringSecurityCoreVersionSerializableTests { + + private static final Map, Generator> generatorByClassName = new HashMap<>(); + + static final long securitySerialVersionUid = SpringSecurityCoreVersion.SERIAL_VERSION_UID; + + static Path currentVersionFolder = Paths.get("src/test/resources/serialized/" + getCurrentVersion()); + + static Path previousVersionFolder = Paths.get("src/test/resources/serialized/" + getPreviousVersion()); + + static { + ClientRegistration.Builder clientRegistrationBuilder = TestClientRegistrations.clientRegistration(); + ClientRegistration clientRegistration = clientRegistrationBuilder.build(); + UserDetails user = TestAuthentication.user(); + WebAuthenticationDetails details = new WebAuthenticationDetails("remote", "sessionId"); + generatorByClassName.put(DefaultOAuth2User.class, (r) -> TestOAuth2Users.create()); + generatorByClassName.put(ClientRegistration.class, (r) -> clientRegistration); + generatorByClassName.put(ClientRegistration.ProviderDetails.class, + (r) -> clientRegistration.getProviderDetails()); + generatorByClassName.put(ClientRegistration.ProviderDetails.UserInfoEndpoint.class, + (r) -> clientRegistration.getProviderDetails().getUserInfoEndpoint()); + generatorByClassName.put(ClientRegistration.Builder.class, (r) -> clientRegistrationBuilder); + generatorByClassName.put(OAuth2AuthorizationRequest.class, + (r) -> TestOAuth2AuthorizationRequests.request().build()); + generatorByClassName.put(OAuth2AuthorizationResponse.class, + (r) -> TestOAuth2AuthorizationResponses.success().build()); + generatorByClassName.put(OAuth2AuthorizedClient.class, + (r) -> new OAuth2AuthorizedClient(clientRegistration, "principal", TestOAuth2AccessTokens.noScopes())); + generatorByClassName.put(OAuth2UserAuthority.class, (r) -> new OAuth2UserAuthority(Map.of("username", "user"))); + generatorByClassName.put(OAuth2AuthorizationExchange.class, (r) -> TestOAuth2AuthorizationExchanges.success()); + generatorByClassName.put(OidcUserInfo.class, (r) -> OidcUserInfo.builder().email("email@example.com").build()); + generatorByClassName.put(SessionInformation.class, + (r) -> new SessionInformation(user, r.alphanumeric(4), new Date(1704378933936L))); + generatorByClassName.put(OAuth2LoginAuthenticationToken.class, (r) -> { + var token = new OAuth2LoginAuthenticationToken(clientRegistration, + TestOAuth2AuthorizationExchanges.success()); + token.setDetails(details); + return token; + }); + generatorByClassName.put(OAuth2AuthorizationCodeAuthenticationToken.class, (r) -> { + var token = TestOAuth2AuthorizationCodeAuthenticationTokens.authenticated(); + token.setDetails(details); + return token; + }); + generatorByClassName + .put(org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken.class, (r) -> { + var token = new org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken( + "token"); + token.setDetails(details); + return token; + }); + generatorByClassName.put(BearerTokenAuthenticationToken.class, (r) -> { + var token = new BearerTokenAuthenticationToken("token"); + token.setDetails(details); + return token; + }); + generatorByClassName.put(BearerTokenAuthentication.class, (r) -> { + var token = new BearerTokenAuthentication(TestOAuth2AuthenticatedPrincipals.active(), + TestOAuth2AccessTokens.noScopes(), user.getAuthorities()); + token.setDetails(details); + return token; + }); + generatorByClassName.put(OAuth2AuthenticationToken.class, (r) -> { + var token = TestOAuth2AuthenticationTokens.authenticated(); + token.setDetails(details); + return token; + }); + generatorByClassName.put(JwtAuthenticationToken.class, (r) -> { + var token = new JwtAuthenticationToken(TestJwts.user()); + token.setDetails(details); + return token; + }); + generatorByClassName.put(RunAsUserToken.class, (r) -> { + RunAsUserToken token = new RunAsUserToken("key", user, "creds", user.getAuthorities(), + AnonymousAuthenticationToken.class); + token.setDetails(details); + return token; + }); + generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> { + CasServiceTicketAuthenticationToken token = CasServiceTicketAuthenticationToken.stateless("creds"); + token.setDetails(details); + return token; + }); + generatorByClassName.put(CasAuthenticationToken.class, (r) -> { + var token = new CasAuthenticationToken("key", user, "Password", user.getAuthorities(), user, + new AssertionImpl("test")); + token.setDetails(details); + return token; + }); + generatorByClassName.put(CasAssertionAuthenticationToken.class, (r) -> { + var token = new CasAssertionAuthenticationToken(new AssertionImpl("test"), "ticket"); + token.setDetails(details); + return token; + }); + generatorByClassName.put(RememberMeAuthenticationToken.class, (r) -> { + RememberMeAuthenticationToken token = new RememberMeAuthenticationToken("key", user, user.getAuthorities()); + token.setDetails(details); + return token; + }); + generatorByClassName.put(PreAuthenticatedAuthenticationToken.class, (r) -> { + PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(user, "creds", + user.getAuthorities()); + token.setDetails(details); + return token; + }); + generatorByClassName.put(UsernamePasswordAuthenticationToken.class, (r) -> { + var token = UsernamePasswordAuthenticationToken.unauthenticated(user, "creds"); + token.setDetails(details); + return token; + }); + generatorByClassName.put(JaasAuthenticationToken.class, (r) -> { + var token = new JaasAuthenticationToken(user, "creds", null); + token.setDetails(details); + return token; + }); + } + + @ParameterizedTest + @MethodSource("getClassesToSerialize") + @Disabled("This method should only be used to serialize the classes once") + void serializeCurrentVersionClasses(Class clazz) throws Exception { + Files.createDirectories(currentVersionFolder); + Path filePath = Paths.get(currentVersionFolder.toAbsolutePath() + "/" + clazz.getName()); + File file = filePath.toFile(); + if (file.exists()) { + return; + } + Files.createFile(filePath); + Object instance = instancioWithDefaults(clazz).create(); + assertThat(instance).isInstanceOf(clazz); + try (FileOutputStream fileOutputStream = new FileOutputStream(file); + ObjectOutputStream objectOutputStream = new ObjectOutputStream(fileOutputStream)) { + objectOutputStream.writeObject(instance); + objectOutputStream.flush(); + } + catch (NotSerializableException ex) { + Files.delete(filePath); + fail("Could not serialize " + clazz.getName(), ex); + } + } + + @ParameterizedTest + @MethodSource("getFilesToDeserialize") + void shouldBeAbleToDeserializeClassFromPreviousVersion(Path filePath) { + try (FileInputStream fileInputStream = new FileInputStream(filePath.toFile()); + ObjectInputStream objectInputStream = new ObjectInputStream(fileInputStream)) { + Object obj = objectInputStream.readObject(); + Class clazz = Class.forName(filePath.getFileName().toString()); + assertThat(obj).isInstanceOf(clazz); + } + catch (IOException | ClassNotFoundException ex) { + fail("Could not deserialize " + filePath, ex); + } + } + + static Stream getFilesToDeserialize() throws IOException { + assertThat(previousVersionFolder.toFile().exists()) + .as("Make sure that the " + previousVersionFolder + " exists and is not empty") + .isTrue(); + try (Stream files = Files.list(previousVersionFolder)) { + if (files.findFirst().isEmpty()) { + fail("Please make sure to run SpringSecurityCoreVersionSerializableTests#serializeCurrentVersionClasses for the " + + getPreviousVersion() + " version"); + } + } + return Files.list(previousVersionFolder); + } + + static Stream> getClassesToSerialize() throws Exception { + ClassPathScanningCandidateComponentProvider provider = new ClassPathScanningCandidateComponentProvider(false); + provider.addIncludeFilter(new AssignableTypeFilter(Serializable.class)); + List> classes = new ArrayList<>(); + + Set components = provider.findCandidateComponents("org/springframework/security"); + for (BeanDefinition component : components) { + Class clazz = Class.forName(component.getBeanClassName()); + boolean isAbstract = Modifier.isAbstract(clazz.getModifiers()); + boolean matchesExpectedSerialVersion = ObjectStreamClass.lookup(clazz) + .getSerialVersionUID() == securitySerialVersionUid; + if (!isAbstract && matchesExpectedSerialVersion) { + classes.add(clazz); + } + } + return classes.stream(); + } + + private static InstancioApi instancioWithDefaults(Class clazz) { + InstancioApi instancio = Instancio.of(clazz); + if (generatorByClassName.containsKey(clazz)) { + instancio.supply(Select.all(clazz), generatorByClassName.get(clazz)); + } + return instancio; + } + + private static String getCurrentVersion() { + String version = System.getProperty("springSecurityVersion"); + String[] parts = version.split("\\."); + parts[2] = "x"; + return String.join(".", parts); + } + + private static String getPreviousVersion() { + String version = System.getProperty("springSecurityVersion"); + String[] parts = version.split("\\."); + parts[1] = String.valueOf(Integer.parseInt(parts[1]) - 1); + parts[2] = "x"; + return String.join(".", parts); + } + +} diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.access.intercept.RunAsUserToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.access.intercept.RunAsUserToken new file mode 100644 index 0000000000..8394c9a738 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.access.intercept.RunAsUserToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.RememberMeAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.RememberMeAuthenticationToken new file mode 100644 index 0000000000..6a1c85c456 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.RememberMeAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.UsernamePasswordAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.UsernamePasswordAuthenticationToken new file mode 100644 index 0000000000..fc48077f88 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.UsernamePasswordAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.jaas.JaasAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.jaas.JaasAuthenticationToken new file mode 100644 index 0000000000..d433e15704 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.jaas.JaasAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.jaas.JaasGrantedAuthority b/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.jaas.JaasGrantedAuthority new file mode 100644 index 0000000000..60064abf12 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.authentication.jaas.JaasGrantedAuthority differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasAssertionAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasAssertionAuthenticationToken new file mode 100644 index 0000000000..f284fb248f Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasAssertionAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasAuthenticationToken new file mode 100644 index 0000000000..8fac54547b Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken new file mode 100644 index 0000000000..d3e96900c7 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.authority.SimpleGrantedAuthority b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.authority.SimpleGrantedAuthority new file mode 100644 index 0000000000..f73bd3b7ee Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.authority.SimpleGrantedAuthority differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.context.SecurityContextImpl b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.context.SecurityContextImpl new file mode 100644 index 0000000000..b3a0dd59fc Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.context.SecurityContextImpl differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.session.SessionInformation b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.session.SessionInformation new file mode 100644 index 0000000000..0455367e10 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.session.SessionInformation differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.userdetails.User b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.userdetails.User new file mode 100644 index 0000000000..1f66865ff4 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.userdetails.User differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.userdetails.User$AuthorityComparator b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.userdetails.User$AuthorityComparator new file mode 100644 index 0000000000..f0a07f16e1 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.core.userdetails.User$AuthorityComparator differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.InetOrgPerson b/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.InetOrgPerson new file mode 100644 index 0000000000..4c46fbb64c Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.InetOrgPerson differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.LdapUserDetailsImpl b/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.LdapUserDetailsImpl new file mode 100644 index 0000000000..ce77d1eb3f Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.LdapUserDetailsImpl differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.Person b/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.Person new file mode 100644 index 0000000000..d5e4fea9a9 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.ldap.userdetails.Person differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.OAuth2AuthorizedClient b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.OAuth2AuthorizedClient new file mode 100644 index 0000000000..643502ab5f Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.OAuth2AuthorizedClient differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.OAuth2AuthorizedClientId b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.OAuth2AuthorizedClientId new file mode 100644 index 0000000000..6bdf42c805 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.OAuth2AuthorizedClientId differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken new file mode 100644 index 0000000000..7f42dc790a Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken new file mode 100644 index 0000000000..29e5e02bf3 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken new file mode 100644 index 0000000000..b60916dc31 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.registration.ClientRegistration b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.registration.ClientRegistration new file mode 100644 index 0000000000..a017ac1d73 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.registration.ClientRegistration differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.registration.ClientRegistration$Builder b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.registration.ClientRegistration$Builder new file mode 100644 index 0000000000..f94ea4b7a6 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.client.registration.ClientRegistration$Builder differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.AuthenticationMethod b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.AuthenticationMethod new file mode 100644 index 0000000000..34f5fda9c0 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.AuthenticationMethod differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.AuthorizationGrantType b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.AuthorizationGrantType new file mode 100644 index 0000000000..f0102462ab Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.AuthorizationGrantType differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.ClientAuthenticationMethod b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.ClientAuthenticationMethod new file mode 100644 index 0000000000..de13b38119 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.ClientAuthenticationMethod differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType new file mode 100644 index 0000000000..1767bc4b68 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.OAuth2AccessToken$TokenType differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.OAuth2Error b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.OAuth2Error new file mode 100644 index 0000000000..1fc691bc3e Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.OAuth2Error differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange new file mode 100644 index 0000000000..b5694659b1 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest new file mode 100644 index 0000000000..029e2eb8ce Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse new file mode 100644 index 0000000000..3984149368 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType new file mode 100644 index 0000000000..baf677ce60 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponseType differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.oidc.OidcUserInfo b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.oidc.OidcUserInfo new file mode 100644 index 0000000000..be89d912a6 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.oidc.OidcUserInfo differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.user.DefaultOAuth2User b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.user.DefaultOAuth2User new file mode 100644 index 0000000000..74ff72320b Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.user.DefaultOAuth2User differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.user.OAuth2UserAuthority b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.user.OAuth2UserAuthority new file mode 100644 index 0000000000..74be373908 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.core.user.OAuth2UserAuthority differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken new file mode 100644 index 0000000000..62d9f91556 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication new file mode 100644 index 0000000000..bfed535d8e Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken new file mode 100644 index 0000000000..1e0c8c6a08 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken new file mode 100644 index 0000000000..f265989af4 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.provisioning.MutableUser b/config/src/test/resources/serialized/6.2.x/org.springframework.security.provisioning.MutableUser new file mode 100644 index 0000000000..9dbb80e047 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.provisioning.MutableUser differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.saml2.core.Saml2Error b/config/src/test/resources/serialized/6.2.x/org.springframework.security.saml2.core.Saml2Error new file mode 100644 index 0000000000..2a20f99e8b Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.saml2.core.Saml2Error differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.WebAuthenticationDetails b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.WebAuthenticationDetails new file mode 100644 index 0000000000..3b0b894c16 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.WebAuthenticationDetails differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken new file mode 100644 index 0000000000..cf2c149e82 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails new file mode 100644 index 0000000000..ff35693be1 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.preauth.PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority new file mode 100644 index 0000000000..b2ac7b88fa Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.authentication.switchuser.SwitchUserGrantedAuthority differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.savedrequest.DefaultSavedRequest b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.savedrequest.DefaultSavedRequest new file mode 100644 index 0000000000..72cdfcfb1b Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.savedrequest.DefaultSavedRequest differ diff --git a/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.savedrequest.SavedCookie b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.savedrequest.SavedCookie new file mode 100644 index 0000000000..2e07a50608 Binary files /dev/null and b/config/src/test/resources/serialized/6.2.x/org.springframework.security.web.savedrequest.SavedCookie differ diff --git a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java index af9bac98f2..186b80a89b 100644 --- a/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java +++ b/core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2017 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -39,11 +39,8 @@ public final class SpringSecurityCoreVersion { /** * Global Serialization value for Spring Security classes. - * - * N.B. Classes are not intended to be serializable between different versions. See - * SEC-1709 for why we still need a serial version. */ - public static final long SERIAL_VERSION_UID = 630L; + public static final long SERIAL_VERSION_UID = 620L; static final String MIN_SPRING_VERSION = getSpringVersion(); diff --git a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java index a9f9bfdbd3..ff9cec2ed6 100644 --- a/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java +++ b/core/src/test/java/org/springframework/security/core/SpringSecurityCoreVersionTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2013 the original author or authors. + * Copyright 2002-2024 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -23,6 +23,7 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import org.junit.jupiter.api.extension.ExtendWith; import org.mockito.Answers; @@ -79,6 +80,7 @@ public class SpringSecurityCoreVersionTests { } @Test + @Disabled("Since 6.3. See gh-3737") public void serialVersionMajorAndMinorVersionMatchBuildVersion() { String version = System.getProperty("springSecurityVersion"); // Strip patch version diff --git a/dependencies/spring-security-dependencies.gradle b/dependencies/spring-security-dependencies.gradle index 434d805583..930e0c1a52 100644 --- a/dependencies/spring-security-dependencies.gradle +++ b/dependencies/spring-security-dependencies.gradle @@ -81,6 +81,7 @@ dependencies { api libs.org.apache.maven.resolver.maven.resolver.impl api libs.org.apache.maven.resolver.maven.resolver.transport.http api libs.org.apache.maven.maven.resolver.provider + api libs.org.instancio.instancio.junit } } diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml index a3f6720ec0..754bcfd6fc 100644 --- a/gradle/libs.versions.toml +++ b/gradle/libs.versions.toml @@ -100,6 +100,7 @@ com-github-spullara-mustache-java-compiler = "com.github.spullara.mustache.java: org-hidetake-gradle-ssh-plugin = "org.hidetake:gradle-ssh-plugin:2.10.1" org-jfrog-buildinfo-build-info-extractor-gradle = "org.jfrog.buildinfo:build-info-extractor-gradle:4.29.4" org-sonarsource-scanner-gradle-sonarqube-gradle-plugin = "org.sonarsource.scanner.gradle:sonarqube-gradle-plugin:2.7.1" +org-instancio-instancio-junit = "org.instancio:instancio-junit:3.7.1" [plugins]