Merge branch '6.2.x'

Closes gh-14406

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.oauth2.core.endpoint;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.util.Assert;
 
 /**
@@ -27,7 +31,10 @@ import org.springframework.util.Assert;
  * @see OAuth2AuthorizationRequest
  * @see OAuth2AuthorizationResponse
  */
-public final class OAuth2AuthorizationExchange {
+public final class OAuth2AuthorizationExchange implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private final OAuth2AuthorizationRequest authorizationRequest;
 

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.oauth2.core.endpoint;
 
+import java.io.Serial;
+import java.io.Serializable;
+
+import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.oauth2.core.OAuth2Error;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
@@ -31,7 +35,10 @@ import org.springframework.util.StringUtils;
  * "https://tools.ietf.org/html/rfc6749#section-4.1.2">Section 4.1.2 Authorization
  * Response</a>
  */
-public final class OAuth2AuthorizationResponse {
+public final class OAuth2AuthorizationResponse implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
 
 	private String redirectUri;
 

oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchangeTests.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2017 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,10 @@
 
 package org.springframework.security.oauth2.core.endpoint;
 
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectOutputStream;
+
 import org.junit.jupiter.api.Test;
 
 import static org.assertj.core.api.Assertions.assertThat;
@@ -50,4 +54,15 @@ public class OAuth2AuthorizationExchangeTests {
 		assertThat(authorizationExchange.getAuthorizationResponse()).isEqualTo(authorizationResponse);
 	}
 
+	@Test
+	void oauth2AuthorizationExchangeShouldBeSerializable() throws IOException {
+		OAuth2AuthorizationExchange exchange = TestOAuth2AuthorizationExchanges.success();
+		try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
+				ObjectOutputStream objectOutputStream = new ObjectOutputStream(baos)) {
+			objectOutputStream.writeObject(exchange);
+			objectOutputStream.flush();
+			assertThat(baos.size()).isNotZero();
+		}
+	}
+
 }