SEC-338: Serializable and serialVersionUID missing for Authentication-related objects.

2006-09-15 08:38:11 +00:00 · 2006-09-15 08:38:11 +00:00 · b0056568f0
parent 7313d5def0
commit b0056568f0
16 changed files with 18 additions and 1 deletions
--- a/adapters/jetty/src/main/java/org/acegisecurity/adapters/jetty/JettyAcegiUserToken.java
+++ b/adapters/jetty/src/main/java/org/acegisecurity/adapters/jetty/JettyAcegiUserToken.java
@ -31,6 +31,7 @@ import org.mortbay.http.UserPrincipal;
 public class JettyAcegiUserToken extends AbstractAdapterAuthenticationToken implements UserPrincipal {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private String password;
    private String username;

--- a/core/src/main/java/org/acegisecurity/GrantedAuthority.java
+++ b/core/src/main/java/org/acegisecurity/GrantedAuthority.java
@ -15,6 +15,8 @@

 package org.acegisecurity;

+import java.io.Serializable;
+
 /**
 * Represents an authority granted to an {@link Authentication} object.
 * 
@ -27,7 +29,7 @@ package org.acegisecurity;
 * @author Ben Alex
 * @version $Id$
 */
-public interface GrantedAuthority {
+public interface GrantedAuthority extends Serializable {
    //~ Methods ========================================================================================================

    /**
--- a/core/src/main/java/org/acegisecurity/GrantedAuthorityImpl.java
+++ b/core/src/main/java/org/acegisecurity/GrantedAuthorityImpl.java
@ -28,6 +28,7 @@ import java.io.Serializable;
 public class GrantedAuthorityImpl implements GrantedAuthority, Serializable {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private String role;

    //~ Constructors ===================================================================================================
--- a/core/src/main/java/org/acegisecurity/adapters/PrincipalAcegiUserToken.java
+++ b/core/src/main/java/org/acegisecurity/adapters/PrincipalAcegiUserToken.java
@ -29,6 +29,7 @@ import java.security.Principal;
 public class PrincipalAcegiUserToken extends AbstractAdapterAuthenticationToken implements Principal {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Object principal;
    private String password;
    private String username;
--- a/core/src/main/java/org/acegisecurity/providers/TestingAuthenticationToken.java
+++ b/core/src/main/java/org/acegisecurity/providers/TestingAuthenticationToken.java
@ -28,6 +28,7 @@ import org.acegisecurity.GrantedAuthority;
 public class TestingAuthenticationToken extends AbstractAuthenticationToken {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Object credentials;
    private Object principal;

--- a/core/src/main/java/org/acegisecurity/providers/UsernamePasswordAuthenticationToken.java
+++ b/core/src/main/java/org/acegisecurity/providers/UsernamePasswordAuthenticationToken.java
@ -30,6 +30,7 @@ import org.acegisecurity.GrantedAuthority;
 public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Object credentials;
    private Object principal;

--- a/core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousAuthenticationToken.java
+++ b/core/src/main/java/org/acegisecurity/providers/anonymous/AnonymousAuthenticationToken.java
@ -31,6 +31,7 @@ import java.io.Serializable;
 public class AnonymousAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Object principal;
    private int keyHash;

--- a/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java
+++ b/core/src/main/java/org/acegisecurity/providers/cas/CasAuthenticationToken.java
@ -35,6 +35,7 @@ import java.util.List;
 public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private final List proxyList;
    private final Object credentials;
    private final Object principal;
--- a/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationToken.java
+++ b/core/src/main/java/org/acegisecurity/providers/jaas/JaasAuthenticationToken.java
@ -30,6 +30,7 @@ import javax.security.auth.login.LoginContext;
 public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private transient LoginContext loginContext = null;

    //~ Constructors ===================================================================================================
--- a/core/src/main/java/org/acegisecurity/providers/jaas/JaasGrantedAuthority.java
+++ b/core/src/main/java/org/acegisecurity/providers/jaas/JaasGrantedAuthority.java
@ -32,6 +32,7 @@ import java.security.Principal;
 public class JaasGrantedAuthority extends GrantedAuthorityImpl {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Principal principal;

    //~ Constructors ===================================================================================================
--- a/core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java
+++ b/core/src/main/java/org/acegisecurity/providers/rememberme/RememberMeAuthenticationToken.java
@ -31,6 +31,7 @@ import org.acegisecurity.providers.AbstractAuthenticationToken;
 public class RememberMeAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Object principal;
    private int keyHash;

--- a/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java
+++ b/core/src/main/java/org/acegisecurity/providers/x509/X509AuthenticationToken.java
@ -31,6 +31,7 @@ import java.security.cert.X509Certificate;
 public class X509AuthenticationToken extends AbstractAuthenticationToken {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Object principal;
    private X509Certificate credentials;

--- a/core/src/main/java/org/acegisecurity/runas/RunAsUserToken.java
+++ b/core/src/main/java/org/acegisecurity/runas/RunAsUserToken.java
@ -29,6 +29,7 @@ import org.acegisecurity.providers.AbstractAuthenticationToken;
 public class RunAsUserToken extends AbstractAuthenticationToken {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Class originalAuthentication;
    private Object credentials;
    private Object principal;
--- a/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserGrantedAuthority.java
+++ b/core/src/main/java/org/acegisecurity/ui/switchuser/SwitchUserGrantedAuthority.java
@ -31,6 +31,7 @@ import org.acegisecurity.GrantedAuthorityImpl;
 public class SwitchUserGrantedAuthority extends GrantedAuthorityImpl {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private Authentication source;

    //~ Constructors ===================================================================================================
--- a/core/src/main/java/org/acegisecurity/userdetails/User.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/User.java
@ -31,6 +31,7 @@ import org.springframework.util.Assert;
 public class User implements UserDetails {
    //~ Instance fields ================================================================================================

+	private static final long serialVersionUID = 1L;
    private String password;
    private String username;
    private GrantedAuthority[] authorities;
--- a/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsImpl.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/ldap/LdapUserDetailsImpl.java
@ -41,6 +41,7 @@ import javax.naming.ldap.Control;
 public class LdapUserDetailsImpl implements LdapUserDetails {
    //~ Static fields/initializers =====================================================================================

+	private static final long serialVersionUID = 1L;
    private static final GrantedAuthority[] NO_AUTHORITIES = new GrantedAuthority[0];
    private static final Control[] NO_CONTROLS = new Control[0];