From d032b23ab7856bae892b2250774729bae38f0707 Mon Sep 17 00:00:00 2001
From: Marcus Hert Da Coregio <marcusdacoregio@gmail.com>
Date: Fri, 5 Jan 2024 07:53:28 -0300
Subject: [PATCH] Make OAuth2AuthorizationExchange serializable

Closes gh-14402
---
 .../endpoint/OAuth2AuthorizationExchange.java   | 11 +++++++++--
 .../endpoint/OAuth2AuthorizationResponse.java   | 11 +++++++++--
 .../OAuth2AuthorizationExchangeTests.java       | 17 ++++++++++++++++-
 3 files changed, 34 insertions(+), 5 deletions(-)

diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
index c4ef805bdf..7d46a50d66 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.oauth2.core.endpoint;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
 /**
@@ -27,7 +31,10 @@ import org.springframework.util.Assert;
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationResponse
  */
-public final class OAuth2AuthorizationExchange {
+public final class OAuth2AuthorizationExchange implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final OAuth2AuthorizationRequest authorizationRequest;
 
diff --git a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
index d0142d046d..1d179d10d8 100644
--- a/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
+++ b/oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.oauth2.core.endpoint;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
@@ -31,7 +35,10 @@ import org.springframework.util.StringUtils;
  * "https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization
  * Response</a>
  */
-public final class OAuth2AuthorizationResponse {
+public final class OAuth2AuthorizationResponse implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private String redirectUri;
 
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
index 5ceb83463e..0d9e36e150 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.oauth2.core.endpoint;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+
 import org.junit.jupiter.api.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -50,4 +54,15 @@ public class OAuth2AuthorizationExchangeTests {
 		assertThat(authorizationExchange.getAuthorizationResponse()).isEqualTo(authorizationResponse);
 	}
 
+	@Test
+	void oauth2AuthorizationExchangeShouldBeSerializable() throws IOException {
+		OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success();
+		try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
+				ObjectOutputStream objectOutputStream = new ObjectOutputStream(baos)) {
+			objectOutputStream.writeObject(exchange);
+			objectOutputStream.flush();
+			assertThat(baos.size()).isNotZero();
+		}
+	}
+
 }