diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java index 9106ecc004..ba6083c2a9 100644 --- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java +++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java @@ -99,6 +99,9 @@ import org.springframework.security.authentication.jaas.event.JaasAuthentication import org.springframework.security.authentication.ott.InvalidOneTimeTokenException; import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken; import org.springframework.security.authentication.password.CompromisedPasswordException; +import org.springframework.security.authorization.AuthorityAuthorizationDecision; +import org.springframework.security.authorization.AuthorizationDecision; +import org.springframework.security.authorization.AuthorizationDeniedException; import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken; import org.springframework.security.cas.authentication.CasAuthenticationToken; import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken; @@ -471,6 +474,11 @@ class SpringSecurityCoreVersionSerializableTests { generatorByClassName.put(AbstractSessionEvent.class, (r) -> new AbstractSessionEvent(securityContext)); generatorByClassName.put(SecurityConfig.class, (r) -> new SecurityConfig("value")); generatorByClassName.put(TransientSecurityContext.class, (r) -> new TransientSecurityContext(authentication)); + generatorByClassName.put(AuthorizationDeniedException.class, + (r) -> new AuthorizationDeniedException("message", new AuthorizationDecision(false))); + generatorByClassName.put(AuthorizationDecision.class, (r) -> new AuthorizationDecision(true)); + generatorByClassName.put(AuthorityAuthorizationDecision.class, + (r) -> new AuthorityAuthorizationDecision(true, AuthorityUtils.createAuthorityList("ROLE_USER"))); // cas generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> { diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorityAuthorizationDecision.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorityAuthorizationDecision.serialized new file mode 100644 index 0000000000..ad5c632ccf Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorityAuthorizationDecision.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorizationDecision.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorizationDecision.serialized new file mode 100644 index 0000000000..3992b0122a Binary files /dev/null and b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorizationDecision.serialized differ diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorizationDeniedException.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorizationDeniedException.serialized new file mode 100644 index 0000000000..e69de29bb2 diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationDecision.java index f9dd43a784..629dfa4a39 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationDecision.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationDecision.java @@ -16,6 +16,7 @@ package org.springframework.security.authorization; +import java.io.Serial; import java.util.Collection; import org.springframework.security.core.GrantedAuthority; @@ -28,6 +29,9 @@ import org.springframework.security.core.GrantedAuthority; */ public class AuthorityAuthorizationDecision extends AuthorizationDecision { + @Serial + private static final long serialVersionUID = -8338309042331376592L; + private final Collection authorities; public AuthorityAuthorizationDecision(boolean granted, Collection authorities) { diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java index bd873ecdb1..a428fc28d9 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java @@ -16,12 +16,17 @@ package org.springframework.security.authorization; +import java.io.Serial; + /** * @author Rob Winch * @since 5.0 */ public class AuthorizationDecision implements AuthorizationResult { + @Serial + private static final long serialVersionUID = -3226018324649244416L; + private final boolean granted; public AuthorizationDecision(boolean granted) { diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java index f3893c9743..d0de9bd647 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java @@ -145,6 +145,7 @@ public final class AuthorizationManagers { private AuthorizationManagers() { } + @SuppressWarnings("serial") private static final class CompositeAuthorizationDecision extends AuthorizationDecision { private final List results; @@ -161,6 +162,7 @@ public final class AuthorizationManagers { } + @SuppressWarnings("serial") private static final class NotAuthorizationDecision extends AuthorizationDecision { private final AuthorizationResult result; diff --git a/core/src/main/java/org/springframework/security/authorization/AuthorizationResult.java b/core/src/main/java/org/springframework/security/authorization/AuthorizationResult.java index 11c5cd4a76..a98c61a3aa 100644 --- a/core/src/main/java/org/springframework/security/authorization/AuthorizationResult.java +++ b/core/src/main/java/org/springframework/security/authorization/AuthorizationResult.java @@ -16,13 +16,15 @@ package org.springframework.security.authorization; +import java.io.Serializable; + /** * Represents an authorization result * * @author Marcus da Coregio * @since 6.3 */ -public interface AuthorizationResult { +public interface AuthorizationResult extends Serializable { /** * @return whether the access has been granted diff --git a/core/src/main/java/org/springframework/security/authorization/ExpressionAuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/ExpressionAuthorizationDecision.java index 930b23a2cc..54f5adbbc6 100644 --- a/core/src/main/java/org/springframework/security/authorization/ExpressionAuthorizationDecision.java +++ b/core/src/main/java/org/springframework/security/authorization/ExpressionAuthorizationDecision.java @@ -24,6 +24,7 @@ import org.springframework.expression.Expression; * @author Marcus Da Coregio * @since 5.8 */ +@SuppressWarnings("serial") public class ExpressionAuthorizationDecision extends AuthorizationDecision { private final Expression expression;