From 7c28b154716ce0542fa450587b1193f463a0f383 Mon Sep 17 00:00:00 2001
From: johnycho <shunnn215@gmail.com>
Date: Sat, 10 Jan 2026 17:24:37 +0900
Subject: [PATCH 1/7] Improve serialVersionUID check in tests

Signed-off-by: johnycho <shunnn215@gmail.com>
---
 .../security/SpringSecurityCoreVersionSerializableTests.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 85714f4124..0306bed51a 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -36,6 +36,7 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Stream;
 
@@ -208,8 +209,8 @@ class SpringSecurityCoreVersionSerializableTests {
 				.map(Field::getName)
 				.anyMatch((n) -> n.equals("serialVersionUID"));
 			SuppressWarnings suppressWarnings = clazz.getAnnotation(SuppressWarnings.class);
-			boolean hasSerialIgnore = suppressWarnings == null
-					|| Arrays.asList(suppressWarnings.value()).contains("Serial");
+			boolean hasSerialIgnore = Objects.nonNull(suppressWarnings)
+					&& Arrays.asList(suppressWarnings.value()).contains("serial");
 			if (!hasSerialVersion && !hasSerialIgnore) {
 				classes.add(clazz);
 				continue;

From 0b680be97b4e48474dafdf917fdb13da501c558d Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Mon, 30 Mar 2026 17:14:03 -0600
Subject: [PATCH 2/7] Update Test to find SuppressWarnings

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
---
 ...gSecurityCoreVersionSerializableTests.java | 60 +++++++++++++++++--
 1 file changed, 54 insertions(+), 6 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 0306bed51a..daa733675d 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -33,11 +33,10 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Objects;
 import java.util.Set;
+import java.util.regex.Pattern;
 import java.util.stream.Stream;
 
 import org.apache.commons.lang3.ObjectUtils;
@@ -208,10 +207,7 @@ class SpringSecurityCoreVersionSerializableTests {
 			boolean hasSerialVersion = Stream.of(clazz.getDeclaredFields())
 				.map(Field::getName)
 				.anyMatch((n) -> n.equals("serialVersionUID"));
-			SuppressWarnings suppressWarnings = clazz.getAnnotation(SuppressWarnings.class);
-			boolean hasSerialIgnore = Objects.nonNull(suppressWarnings)
-					&& Arrays.asList(suppressWarnings.value()).contains("serial");
-			if (!hasSerialVersion && !hasSerialIgnore) {
+			if (!hasSerialVersion && !hasSuppressSerialInSource(clazz)) {
 				classes.add(clazz);
 				continue;
 			}
@@ -250,6 +246,58 @@ class SpringSecurityCoreVersionSerializableTests {
 		return classes.stream();
 	}
 
+	private static boolean hasSuppressSerialInSource(Class<?> clazz) {
+		try {
+			Class<?> fileClass = clazz;
+			while (fileClass.getEnclosingClass() != null) {
+				fileClass = fileClass.getEnclosingClass();
+			}
+			var codeSource = fileClass.getProtectionDomain().getCodeSource();
+			if (codeSource == null) {
+				return false;
+			}
+			Path sourceFile = findSourceFile(Path.of(codeSource.getLocation().toURI()), fileClass);
+			if (sourceFile == null) {
+				return false;
+			}
+			return hasSuppressSerialAnnotation(Files.readAllLines(sourceFile), clazz.getSimpleName());
+		}
+		catch (Exception ex) {
+			return false;
+		}
+	}
+
+	private static Path findSourceFile(Path start, Class<?> clazz) {
+		String relativePath = clazz.getName().replace('.', '/') + ".java";
+		Path dir = start;
+		for (int i = 0; i < 10 && dir != null; i++) {
+			for (String sourceRoot : List.of("src/main/java", "src/test/java")) {
+				Path candidate = dir.resolve(sourceRoot).resolve(relativePath);
+				if (Files.exists(candidate)) {
+					return candidate;
+				}
+			}
+			dir = dir.getParent();
+		}
+		return null;
+	}
+
+	private static boolean hasSuppressSerialAnnotation(List<String> lines, String simpleClassName) {
+		Pattern classDeclaration = Pattern
+			.compile("\\b(?:class|interface|enum|record)\\s+" + Pattern.quote(simpleClassName) + "\\b");
+		for (int i = 0; i < lines.size(); i++) {
+			if (classDeclaration.matcher(lines.get(i)).find()) {
+				for (int j = Math.max(0, i - 5); j < i; j++) {
+					String line = lines.get(j);
+					if (line.contains("@SuppressWarnings") && line.contains("\"serial\"")) {
+						return true;
+					}
+				}
+			}
+		}
+		return false;
+	}
+
 	private static String getCurrentVersion() {
 		String version = System.getProperty("springSecurityVersion");
 		String[] parts = version.split("\\.");

From 52d98ab7afd020af919462c91b0f05e585fa1628 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Mon, 30 Mar 2026 17:14:17 -0600
Subject: [PATCH 3/7] Add Needed SuppressWarnings Annotations

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
---
 .../method/ExpressionAttributeAuthorizationDecision.java         | 1 +
 .../client/web/OAuth2AuthorizationRequestRedirectFilter.java     | 1 +
 .../security/oauth2/jwt/DPoPProofJwtDecoderFactory.java          | 1 +
 .../service/registration/OpenSamlRelyingPartyRegistration.java   | 1 +
 .../web/access/expression/WebExpressionConfigAttribute.java      | 1 +
 5 files changed, 5 insertions(+)

diff --git a/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java
index 6eff3cc8ae..5cf340520e 100644
--- a/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java
@@ -28,6 +28,7 @@ import org.springframework.security.authorization.AuthorizationDecision;
  * instead
  */
 @Deprecated
+@SuppressWarnings("serial")
 public class ExpressionAttributeAuthorizationDecision extends AuthorizationDecision {
 
 	private final ExpressionAttribute expressionAttribute;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 0757ae4693..434e4bc3fe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -269,6 +269,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 
 	}
 
+	@SuppressWarnings("serial")
 	private static final class OAuth2AuthorizationRequestException extends AuthenticationException {
 
 		OAuth2AuthorizationRequestException(Throwable cause) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/DPoPProofJwtDecoderFactory.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/DPoPProofJwtDecoderFactory.java
index be89885b7b..de88ba57ae 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/DPoPProofJwtDecoderFactory.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/DPoPProofJwtDecoderFactory.java
@@ -185,6 +185,7 @@ public final class DPoPProofJwtDecoderFactory implements JwtDecoderFactory<DPoPP
 			return Base64.getUrlEncoder().withoutPadding().encodeToString(digest);
 		}
 
+		@SuppressWarnings("serial")
 		private static final class JtiCache extends LinkedHashMap<String, Long> {
 
 			private static final int MAX_SIZE = 1000;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
index 03e4a54172..448ff5340a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
@@ -42,6 +42,7 @@ import org.springframework.security.saml2.core.Saml2X509Credential;
  * </pre>
  */
 @Deprecated
+@SuppressWarnings("serial")
 public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistration {
 
 	OpenSamlRelyingPartyRegistration(RelyingPartyRegistration registration) {
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
index 9a71c98480..94e54d524f 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
@@ -32,6 +32,7 @@ import org.springframework.security.web.FilterInvocation;
  * {@link AuthorizationManager}.
  */
 @Deprecated
+@SuppressWarnings("serial")
 class WebExpressionConfigAttribute implements ConfigAttribute, EvaluationContextPostProcessor<FilterInvocation> {
 
 	private final Expression authorizeExpression;

From 1a130fca3cc7d8c87a6d3746b3b4a341e2d16239 Mon Sep 17 00:00:00 2001
From: johnycho <shunnn215@gmail.com>
Date: Sat, 10 Jan 2026 17:24:37 +0900
Subject: [PATCH 4/7] Improve serialVersionUID check in tests

Signed-off-by: johnycho <shunnn215@gmail.com>
---
 .../security/SpringSecurityCoreVersionSerializableTests.java | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 85714f4124..0306bed51a 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -36,6 +36,7 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Objects;
 import java.util.Set;
 import java.util.stream.Stream;
 
@@ -208,8 +209,8 @@ class SpringSecurityCoreVersionSerializableTests {
 				.map(Field::getName)
 				.anyMatch((n) -> n.equals("serialVersionUID"));
 			SuppressWarnings suppressWarnings = clazz.getAnnotation(SuppressWarnings.class);
-			boolean hasSerialIgnore = suppressWarnings == null
-					|| Arrays.asList(suppressWarnings.value()).contains("Serial");
+			boolean hasSerialIgnore = Objects.nonNull(suppressWarnings)
+					&& Arrays.asList(suppressWarnings.value()).contains("serial");
 			if (!hasSerialVersion && !hasSerialIgnore) {
 				classes.add(clazz);
 				continue;

From acabacb9711c2e6896fe96cbe6db1e849f295994 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Mon, 30 Mar 2026 17:14:03 -0600
Subject: [PATCH 5/7] Update Test to find SuppressWarnings

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
---
 ...gSecurityCoreVersionSerializableTests.java | 60 +++++++++++++++++--
 1 file changed, 54 insertions(+), 6 deletions(-)

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 0306bed51a..daa733675d 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -33,11 +33,10 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Objects;
 import java.util.Set;
+import java.util.regex.Pattern;
 import java.util.stream.Stream;
 
 import org.apache.commons.lang3.ObjectUtils;
@@ -208,10 +207,7 @@ class SpringSecurityCoreVersionSerializableTests {
 			boolean hasSerialVersion = Stream.of(clazz.getDeclaredFields())
 				.map(Field::getName)
 				.anyMatch((n) -> n.equals("serialVersionUID"));
-			SuppressWarnings suppressWarnings = clazz.getAnnotation(SuppressWarnings.class);
-			boolean hasSerialIgnore = Objects.nonNull(suppressWarnings)
-					&& Arrays.asList(suppressWarnings.value()).contains("serial");
-			if (!hasSerialVersion && !hasSerialIgnore) {
+			if (!hasSerialVersion && !hasSuppressSerialInSource(clazz)) {
 				classes.add(clazz);
 				continue;
 			}
@@ -250,6 +246,58 @@ class SpringSecurityCoreVersionSerializableTests {
 		return classes.stream();
 	}
 
+	private static boolean hasSuppressSerialInSource(Class<?> clazz) {
+		try {
+			Class<?> fileClass = clazz;
+			while (fileClass.getEnclosingClass() != null) {
+				fileClass = fileClass.getEnclosingClass();
+			}
+			var codeSource = fileClass.getProtectionDomain().getCodeSource();
+			if (codeSource == null) {
+				return false;
+			}
+			Path sourceFile = findSourceFile(Path.of(codeSource.getLocation().toURI()), fileClass);
+			if (sourceFile == null) {
+				return false;
+			}
+			return hasSuppressSerialAnnotation(Files.readAllLines(sourceFile), clazz.getSimpleName());
+		}
+		catch (Exception ex) {
+			return false;
+		}
+	}
+
+	private static Path findSourceFile(Path start, Class<?> clazz) {
+		String relativePath = clazz.getName().replace('.', '/') + ".java";
+		Path dir = start;
+		for (int i = 0; i < 10 && dir != null; i++) {
+			for (String sourceRoot : List.of("src/main/java", "src/test/java")) {
+				Path candidate = dir.resolve(sourceRoot).resolve(relativePath);
+				if (Files.exists(candidate)) {
+					return candidate;
+				}
+			}
+			dir = dir.getParent();
+		}
+		return null;
+	}
+
+	private static boolean hasSuppressSerialAnnotation(List<String> lines, String simpleClassName) {
+		Pattern classDeclaration = Pattern
+			.compile("\\b(?:class|interface|enum|record)\\s+" + Pattern.quote(simpleClassName) + "\\b");
+		for (int i = 0; i < lines.size(); i++) {
+			if (classDeclaration.matcher(lines.get(i)).find()) {
+				for (int j = Math.max(0, i - 5); j < i; j++) {
+					String line = lines.get(j);
+					if (line.contains("@SuppressWarnings") && line.contains("\"serial\"")) {
+						return true;
+					}
+				}
+			}
+		}
+		return false;
+	}
+
 	private static String getCurrentVersion() {
 		String version = System.getProperty("springSecurityVersion");
 		String[] parts = version.split("\\.");

From 08fca57d129aa7b305ad38500bae9aa001c19dbd Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Tue, 31 Mar 2026 13:56:37 -0600
Subject: [PATCH 6/7] Add Missing Serialization Support

Closed gh-19012

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
---
 .../security/SerializationSamples.java           |   4 ++++
 ...i.AuthenticatorAttestationResponse.serialized | Bin 0 -> 1197 bytes
 ...ExpressionAttributeAuthorizationDecision.java |   1 +
 ...OAuth2AuthorizationRequestRedirectFilter.java |   1 +
 .../oauth2/jwt/DPoPProofJwtDecoderFactory.java   |   1 +
 .../authentication/Saml2AuthenticationToken.java |   4 ++++
 .../OpenSamlRelyingPartyRegistration.java        |   1 +
 .../expression/WebExpressionConfigAttribute.java |   1 +
 .../api/AuthenticatorAttestationResponse.java    |   4 ++++
 9 files changed, 17 insertions(+)
 create mode 100644 config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.serialized

diff --git a/config/src/test/java/org/springframework/security/SerializationSamples.java b/config/src/test/java/org/springframework/security/SerializationSamples.java
index 82297189ea..0093b902b8 100644
--- a/config/src/test/java/org/springframework/security/SerializationSamples.java
+++ b/config/src/test/java/org/springframework/security/SerializationSamples.java
@@ -211,6 +211,7 @@ import org.springframework.security.web.webauthn.api.AuthenticationExtensionsCli
 import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutputs;
 import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse;
 import org.springframework.security.web.webauthn.api.AuthenticatorAttachment;
+import org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse;
 import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
 import org.springframework.security.web.webauthn.api.Bytes;
 import org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput;
@@ -225,6 +226,7 @@ import org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestO
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialType;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
 import org.springframework.security.web.webauthn.api.TestAuthenticationAssertionResponses;
+import org.springframework.security.web.webauthn.api.TestAuthenticatorAttestationResponses;
 import org.springframework.security.web.webauthn.api.TestBytes;
 import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialRequestOptions;
 import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialUserEntities;
@@ -654,6 +656,8 @@ final class SerializationSamples {
 		generatorByClassName.put(CredentialPropertiesOutput.class, (o) -> credentialOutput);
 		generatorByClassName.put(ImmutableAuthenticationExtensionsClientOutputs.class, (o) -> outputs);
 		generatorByClassName.put(AuthenticatorAssertionResponse.class, (r) -> response);
+		generatorByClassName.put(AuthenticatorAttestationResponse.class,
+				(r) -> TestAuthenticatorAttestationResponses.createAuthenticatorAttestationResponse().build());
 		generatorByClassName.put(RelyingPartyAuthenticationRequest.class, (r) -> authRequest);
 		generatorByClassName.put(PublicKeyCredential.class, (r) -> credential);
 		generatorByClassName.put(WebAuthnAuthenticationRequestToken.class, (r) -> requestToken);
diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..5ca34eea2203a12408188c21a8213cc3c07abb89
GIT binary patch
literal 1197
zcmZ4UmVvdnh`}$vC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5
zGW8sRtkk@c%;dz9{36GalGNgo#FEVXyr9(Lg8aPV)R$?7CCuN%)-y3M`7j73A{6*1
zWu+#UlrWh304>x<vrr#qp+3+u5C&VQ542F<sS;?1wGRVVNl{`R(2k;#;t~b{pRB~P
zME%l|%p856%;FO3iXsMQ3OoXH{lOEN8=78~oM&QS^kLvj&dCIN)g`ec(JR>BuaKdR
zfw7_h7-Ytz*#!2%rN(Xc8pjss15J)*U`+yfs)T_l+Nq+Tv<O76`7Hi}jU(g%69Yp<
z0RscWq-v#-%7RoSD<xQH=p`4WCYGcs=_n;<B<AF#=B0yV3(a$!Q&NnB!vZT(oOR1A
z3i5&+-Cgqxos4{SOU$EOox=mlogH&C!po9@I`fM%(=+pc+A>N?3W}}t^;0Vna|?1(
z^>Xr)6LT{1i%YC5OiYYHb`<3o7yCn%rzPeTr`8sOLV&dtL~<}NFxoFpPRlJx$;;16
zO$Wwva7k{-f(%f+fdVXI%IS-%4w^(6&AH0E_0`ooEsUjp$9CymK52G~Ly)`AN8?5;
z(31?iZiS{TU*#abcbaSBtWY6d1_9HFIuBo6%qe(ycnRmrO><T)Wn^MjQ(#n#P<T+O
zJwH=gDl5|W7IUg|_Oe;FcU~=Uj5}v;n!k8rH%GWqgu?3jH62bIS~tXR&bzkZs5B$%
z*0w*POA@$5J}W<3s=u?1f92H>mu&e}nug1-NY&o_;?pavH>d9ULCyGY$zrP4%)>sY
zbRId>786>YS9QuySxEJf`h>hgFJzb6-Di2Gdn)6lgG0l~4hD}f4wd!WswN*f?7dj#
z{(`+xWpZ=x)gRa#T=VL{yQ1mx+&5lxOyl5sF6TGZu*F{J((iM@3=Da*+g63FWAaR@
z)@`^u$+}Swn2@AEsaOw`iuD|eiV`b}RlpP|Mc-Uvv+ryN+a+*%VN5Jx5RQhV`JBYO
zbbUx>vIZv}_h?X#A~y?%z;cy!{-)c}+8-?gVJVOa=s*{0n7oOTC+Xc9cPVhDVl7L|
qDNQY55JK`za0#gN0s5wdfi0slsVFlAoYVwM7&tQXN>YpR5_16KQp^Vc

literal 0
HcmV?d00001

diff --git a/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java
index 6eff3cc8ae..5cf340520e 100644
--- a/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java
+++ b/core/src/main/java/org/springframework/security/authorization/method/ExpressionAttributeAuthorizationDecision.java
@@ -28,6 +28,7 @@ import org.springframework.security.authorization.AuthorizationDecision;
  * instead
  */
 @Deprecated
+@SuppressWarnings("serial")
 public class ExpressionAttributeAuthorizationDecision extends AuthorizationDecision {
 
 	private final ExpressionAttribute expressionAttribute;
diff --git a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
index 0757ae4693..434e4bc3fe 100644
--- a/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
+++ b/oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestRedirectFilter.java
@@ -269,6 +269,7 @@ public class OAuth2AuthorizationRequestRedirectFilter extends OncePerRequestFilt
 
 	}
 
+	@SuppressWarnings("serial")
 	private static final class OAuth2AuthorizationRequestException extends AuthenticationException {
 
 		OAuth2AuthorizationRequestException(Throwable cause) {
diff --git a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/DPoPProofJwtDecoderFactory.java b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/DPoPProofJwtDecoderFactory.java
index be89885b7b..de88ba57ae 100644
--- a/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/DPoPProofJwtDecoderFactory.java
+++ b/oauth2/oauth2-jose/src/main/java/org/springframework/security/oauth2/jwt/DPoPProofJwtDecoderFactory.java
@@ -185,6 +185,7 @@ public final class DPoPProofJwtDecoderFactory implements JwtDecoderFactory<DPoPP
 			return Base64.getUrlEncoder().withoutPadding().encodeToString(digest);
 		}
 
+		@SuppressWarnings("serial")
 		private static final class JtiCache extends LinkedHashMap<String, Long> {
 
 			private static final int MAX_SIZE = 1000;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
index 797bc124b0..9f0f39dd43 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/Saml2AuthenticationToken.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.authentication;
 
+import java.io.Serial;
 import java.util.Collections;
 
 import org.springframework.security.authentication.AbstractAuthenticationToken;
@@ -33,6 +34,9 @@ import org.springframework.util.Assert;
  */
 public class Saml2AuthenticationToken extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 5225098478444036532L;
+
 	private final RelyingPartyRegistration relyingPartyRegistration;
 
 	private final String saml2Response;
diff --git a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
index 03e4a54172..448ff5340a 100644
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlRelyingPartyRegistration.java
@@ -42,6 +42,7 @@ import org.springframework.security.saml2.core.Saml2X509Credential;
  * </pre>
  */
 @Deprecated
+@SuppressWarnings("serial")
 public final class OpenSamlRelyingPartyRegistration extends RelyingPartyRegistration {
 
 	OpenSamlRelyingPartyRegistration(RelyingPartyRegistration registration) {
diff --git a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
index 9a71c98480..94e54d524f 100644
--- a/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
+++ b/web/src/main/java/org/springframework/security/web/access/expression/WebExpressionConfigAttribute.java
@@ -32,6 +32,7 @@ import org.springframework.security.web.FilterInvocation;
  * {@link AuthorizationManager}.
  */
 @Deprecated
+@SuppressWarnings("serial")
 class WebExpressionConfigAttribute implements ConfigAttribute, EvaluationContextPostProcessor<FilterInvocation> {
 
 	private final Expression authorizeExpression;
diff --git a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorAttestationResponse.java b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorAttestationResponse.java
index 75123cb88f..50532f898c 100644
--- a/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorAttestationResponse.java
+++ b/web/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorAttestationResponse.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
 import java.util.Arrays;
 import java.util.List;
 
@@ -34,6 +35,9 @@ import java.util.List;
  */
 public final class AuthenticatorAttestationResponse extends AuthenticatorResponse {
 
+	@Serial
+	private static final long serialVersionUID = -1628559840895428945L;
+
 	private final Bytes attestationObject;
 
 	private final List<AuthenticatorTransport> transports;

From d4678c8e04a12c79685dd9f7e839b3e71f9f3e75 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Tue, 31 Mar 2026 15:54:49 -0600
Subject: [PATCH 7/7] Add Missing Serialization Support

Closes gh-19013

Signed-off-by: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
---
 .../cas/jackson/CasJacksonModule.java         |   1 +
 .../security/SerializationSamples.java        |  73 ++++++++++++++++++
 ...ion.FactorAuthorizationDecision.serialized | Bin 0 -> 906 bytes
 ...ty.authorization.RequiredFactor.serialized | Bin 0 -> 208 bytes
 ...thorization.RequiredFactorError.serialized | Bin 0 -> 574 bytes
 ...ization.OAuth2AuthorizationCode.serialized | Bin 0 -> 335 bytes
 ...rizationCodeAuthenticationToken.serialized | Bin 0 -> 1656 bytes
 ...eRequestAuthenticationException.serialized | Bin 0 -> 13577 bytes
 ...tCredentialsAuthenticationToken.serialized | Bin 0 -> 1741 bytes
 ...h2DeviceCodeAuthenticationToken.serialized | Bin 0 -> 1640 bytes
 ...RefreshTokenAuthenticationToken.serialized | Bin 0 -> 1767 bytes
 ...cation.OAuth2TokenExchangeActor.serialized | Bin 0 -> 315 bytes
 ...okenExchangeAuthenticationToken.serialized | Bin 0 -> 2157 bytes
 ...ngeCompositeAuthenticationToken.serialized | Bin 0 -> 1803 bytes
 ...uthenticatorAttestationResponse.serialized | Bin 0 -> 1056 bytes
 .../FactorAuthorizationDecision.java          |   4 +
 .../authorization/RequiredFactor.java         |   7 +-
 .../authorization/RequiredFactorError.java    |   7 +-
 .../NonBuildableAuthenticationToken.java      |   1 +
 .../InMemoryOAuth2AuthorizationService.java   |   1 +
 .../OAuth2AuthorizationCode.java              |   4 +
 ...2AuthorizationCodeAuthenticationToken.java |   4 +
 ...ionCodeRequestAuthenticationException.java |   5 ++
 ...2ClientCredentialsAuthenticationToken.java |   4 +
 .../OAuth2DeviceCodeAuthenticationToken.java  |   4 +
 ...OAuth2RefreshTokenAuthenticationToken.java |   4 +
 .../OAuth2TokenExchangeActor.java             |   7 +-
 ...Auth2TokenExchangeAuthenticationToken.java |   4 +
 ...nExchangeCompositeAuthenticationToken.java |   4 +
 .../token/OAuth2AccessTokenGenerator.java     |   1 +
 .../TestOidcAuthorizationRequest.java         |   1 +
 .../DefaultEqualsGrantedAuthority.java        |   1 +
 32 files changed, 134 insertions(+), 3 deletions(-)
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.FactorAuthorizationDecision.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.RequiredFactor.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.RequiredFactorError.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceCodeAuthenticationToken.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationToken.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeActor.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeAuthenticationToken.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeCompositeAuthenticationToken.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.serialized

diff --git a/cas/src/main/java/org/springframework/security/cas/jackson/CasJacksonModule.java b/cas/src/main/java/org/springframework/security/cas/jackson/CasJacksonModule.java
index 0e5e2cc4d1..a7e8bdd164 100644
--- a/cas/src/main/java/org/springframework/security/cas/jackson/CasJacksonModule.java
+++ b/cas/src/main/java/org/springframework/security/cas/jackson/CasJacksonModule.java
@@ -48,6 +48,7 @@ import org.springframework.security.jackson.SecurityJacksonModules;
  * @since 7.0
  * @see SecurityJacksonModules
  */
+@SuppressWarnings("serial")
 public class CasJacksonModule extends SecurityJacksonModule {
 
 	public CasJacksonModule() {
diff --git a/config/src/test/java/org/springframework/security/SerializationSamples.java b/config/src/test/java/org/springframework/security/SerializationSamples.java
index 1da24bb551..2a2d0d1e63 100644
--- a/config/src/test/java/org/springframework/security/SerializationSamples.java
+++ b/config/src/test/java/org/springframework/security/SerializationSamples.java
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.io.Serializable;
 import java.lang.reflect.Field;
 import java.security.Principal;
+import java.time.Duration;
 import java.time.Instant;
 import java.util.Collection;
 import java.util.Date;
@@ -85,6 +86,9 @@ import org.springframework.security.authentication.password.CompromisedPasswordE
 import org.springframework.security.authorization.AuthorityAuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.AuthorizationDeniedException;
+import org.springframework.security.authorization.FactorAuthorizationDecision;
+import org.springframework.security.authorization.RequiredFactor;
+import org.springframework.security.authorization.RequiredFactorError;
 import org.springframework.security.authorization.event.AuthorizationEvent;
 import org.springframework.security.authorization.event.AuthorizationGrantedEvent;
 import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
@@ -161,6 +165,7 @@ import org.springframework.security.oauth2.jwt.JwtException;
 import org.springframework.security.oauth2.jwt.JwtValidationException;
 import org.springframework.security.oauth2.jwt.TestJwts;
 import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
+import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationConsent;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationServerMetadata;
 import org.springframework.security.oauth2.server.authorization.OAuth2ClientRegistration;
@@ -168,15 +173,22 @@ import org.springframework.security.oauth2.server.authorization.OAuth2TokenIntro
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
 import org.springframework.security.oauth2.server.authorization.TestOAuth2Authorizations;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AccessTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationConsentAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationGrantAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientRegistrationAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceAuthorizationConsentAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceAuthorizationRequestAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceCodeAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceVerificationAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2PushedAuthorizationRequestAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeActor;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeAuthenticationToken;
+import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeCompositeAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenIntrospectionAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenRevocationAuthenticationToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
@@ -190,6 +202,7 @@ import org.springframework.security.oauth2.server.authorization.settings.Authori
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 import org.springframework.security.oauth2.server.authorization.settings.OAuth2TokenFormat;
 import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
+import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimNames;
 import org.springframework.security.oauth2.server.resource.BearerTokenError;
 import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
 import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
@@ -429,6 +442,8 @@ final class SerializationSamples {
 		generatorByClassName.put(RegisteredClient.class, (r) -> registeredClient);
 		generatorByClassName.put(OAuth2Authorization.class, (r) -> authorization);
 		generatorByClassName.put(OAuth2Authorization.Token.class, (r) -> authorization.getAccessToken());
+		generatorByClassName.put(OAuth2AuthorizationCode.class,
+				(r) -> new OAuth2AuthorizationCode("code", Instant.now(), Instant.now().plusSeconds(300)));
 		generatorByClassName.put(OAuth2AuthorizationConsent.class,
 				(r) -> OAuth2AuthorizationConsent.withId("registeredClientId", "principalName")
 					.scope("scope1")
@@ -454,6 +469,58 @@ final class SerializationSamples {
 			authenticationToken.setDetails(details);
 			return authenticationToken;
 		});
+		generatorByClassName.put(
+				org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken.class,
+				(r) -> {
+					org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken token = new org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken(
+							"code", principal, "https://localhost/callback", Map.of("custom_param", "custom_value"));
+					token.setDetails(details);
+					return token;
+				});
+		generatorByClassName.put(OAuth2AuthorizationCodeRequestAuthenticationException.class, (r) -> {
+			OAuth2AuthorizationCodeRequestAuthenticationToken authToken = new OAuth2AuthorizationCodeRequestAuthenticationToken(
+					"https://localhost/authorize", "clientId", principal, "https://localhost/callback", "state",
+					authorizationRequest.getScopes(), authorizationRequest.getAdditionalParameters());
+			return new OAuth2AuthorizationCodeRequestAuthenticationException(
+					new OAuth2Error("invalid_request", "Missing required parameter", "https://example.com/error"),
+					authToken);
+		});
+		generatorByClassName.put(OAuth2ClientCredentialsAuthenticationToken.class, (r) -> {
+			OAuth2ClientCredentialsAuthenticationToken token = new OAuth2ClientCredentialsAuthenticationToken(principal,
+					Set.of("scope1", "scope2"), Map.of("custom_param", "custom_value"));
+			token.setDetails(details);
+			return token;
+		});
+		generatorByClassName.put(OAuth2DeviceCodeAuthenticationToken.class, (r) -> {
+			OAuth2DeviceCodeAuthenticationToken token = new OAuth2DeviceCodeAuthenticationToken("device-code",
+					principal, Map.of("custom_param", "custom_value"));
+			token.setDetails(details);
+			return token;
+		});
+		generatorByClassName.put(OAuth2RefreshTokenAuthenticationToken.class, (r) -> {
+			OAuth2RefreshTokenAuthenticationToken token = new OAuth2RefreshTokenAuthenticationToken("refresh-token",
+					principal, Set.of("scope1", "scope2"), Map.of("custom_param", "custom_value"));
+			token.setDetails(details);
+			return token;
+		});
+		generatorByClassName.put(OAuth2TokenExchangeAuthenticationToken.class, (r) -> {
+			OAuth2TokenExchangeAuthenticationToken token = new OAuth2TokenExchangeAuthenticationToken(
+					"urn:ietf:params:oauth:token-type:access_token", "subject-token",
+					"urn:ietf:params:oauth:token-type:jwt", principal, "actor-token",
+					"urn:ietf:params:oauth:token-type:jwt", Set.of("https://resource.example.com"), Set.of("audience"),
+					Set.of("scope1"), Map.of("custom_param", "custom_value"));
+			token.setDetails(details);
+			return token;
+		});
+		OAuth2TokenExchangeActor actor = new OAuth2TokenExchangeActor(Map.of(OAuth2TokenClaimNames.ISS,
+				"https://issuer.example.com", OAuth2TokenClaimNames.SUB, "actor-subject"));
+		generatorByClassName.put(OAuth2TokenExchangeActor.class, (r) -> actor);
+		generatorByClassName.put(OAuth2TokenExchangeCompositeAuthenticationToken.class, (r) -> {
+			AbstractAuthenticationToken token = new OAuth2TokenExchangeCompositeAuthenticationToken(authentication,
+					List.of(actor));
+			token.setDetails(details);
+			return token;
+		});
 		generatorByClassName.put(OAuth2AuthorizationConsentAuthenticationToken.class, (r) -> {
 			OAuth2AuthorizationConsentAuthenticationToken authenticationToken = new OAuth2AuthorizationConsentAuthenticationToken(
 					"authorizationUri", "clientId", principal, "state", authorizationRequest.getScopes(),
@@ -670,6 +737,12 @@ final class SerializationSamples {
 		generatorByClassName.put(AuthorizationDecision.class, (r) -> new AuthorizationDecision(true));
 		generatorByClassName.put(AuthorityAuthorizationDecision.class,
 				(r) -> new AuthorityAuthorizationDecision(true, AuthorityUtils.createAuthorityList("ROLE_USER")));
+		RequiredFactor factor = RequiredFactor.withAuthority("authority").validDuration(Duration.ofSeconds(5)).build();
+		generatorByClassName.put(RequiredFactor.class, (r) -> factor);
+		RequiredFactorError error = RequiredFactorError.createMissing(factor);
+		generatorByClassName.put(RequiredFactorError.class, (r) -> error);
+		generatorByClassName.put(FactorAuthorizationDecision.class,
+				(r) -> new FactorAuthorizationDecision(List.of(error)));
 		generatorByClassName.put(CycleInRoleHierarchyException.class, (r) -> new CycleInRoleHierarchyException());
 		generatorByClassName.put(AuthorizationEvent.class,
 				(r) -> new AuthorizationEvent(new SerializableSupplier<>(authentication), "source",
diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.FactorAuthorizationDecision.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.FactorAuthorizationDecision.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..747fc7d2e83a89fa5f401b7fcba9040a1ef27bec
GIT binary patch
literal 906
zcmZ4UmVvdnh`}wtC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qflv9u&3zbLaRu_QA;
zPtPqexg@{H5n0S7H94~wDEDVZ9Fr2;@`+3gj6MuJX<&t}MMe2V#U%^^K3R!niTb4_
znK}ACnZ+g66$L<x)j)!JAVEFn{G6QBWRMlbDxrC~`6-!cnTbg`sUXFF_*D(JzUdPH
z8_bde6e(n=V_>W(V$dOM0K#BNCx(X8ao^>@#xN$AFo+>J3ZV?*G(l98gHwyb`&MtW
zl3pRm%)sc$z+94;UQxinz`$6}0wRH)u_GZAgHj7iGmBDFAfX8kBx$BN{qFsRtxOC|
zJ`8L{sfoq;c_j?)K0s6T(c(rQ7B~7RaifpLRFxpGLDoJDd_^dBmM~b8Z!|E7>WUa#
zDf2MYX~56}10e<mV1)94gFPoPFI~?yuQV4~vY>>4-PbcX*wfD)7}}O(Th1bR<;0w1
zVODTJb3#L~q_TuT2$CE?mg@(XfN}#c*m%nlb23w0N{hhBzl1>qqNpS@H&q`d3Ji`C
s282mK*YSeA0aBy~OgU3yTXsn+d2HeVda<CKml5hKRuElL0ZPjp0Fs3}`v3p{

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.RequiredFactor.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.RequiredFactor.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..5232a96c9b7af3022c6f22d6ef30e2938abe5847
GIT binary patch
literal 208
zcmZ4UmVvdnh`}<yC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qflv9u&3zbLaRu_QA;
zPcJC7ur#wMHN`D4xg@`cMe@ptImyDTObkpu44hDvC6y%%LOxlEWr_MZiFxVz!6hJ*
zt$i4H%Mx=kQ(Q`mz($oYh(HvTWag&o!$hqs3QCYn0=kYDWRf08kzR0W(bU+MUD8S(
Un|K%)DhkSZ85tme6+~440RJpTCIA2c

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.RequiredFactorError.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.authorization.RequiredFactorError.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..db9a321996e289ef4118ec28c2d464fe259bbe14
GIT binary patch
literal 574
zcmZ4UmVvdnh`}zuC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qflv9u&3zbLaRu_QA;
zPcJC7ur#wMHN`D4xg@{HwWuh+NSY~5zk7dSD-#2g4+C3KYGQGIUI~M{571P7G*k6q
zrs|`Zs*lA~l_0P|);<h;MJRTbFj$jsv~@*6T@iyTWgdn)jR6XT7#J#w82GXh%M$f+
z67$maT=PnEktGXC7}$M1gM&T&+<~EONw(!Il2=a5Nfu@W2Q()%1WPJQ7=(O4mg|Eo
z*AFfM#Un7-c*_!VGE-bii@*_A!XN@sRFavSst*$d21f}4!X%*Uc){KPDbfp0Et(qJ
XvP)XYV-pY1iv{Jpj8I>(g6IkWx5>!#

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationCode.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..2035cac048ca0a6dc448a1675d617f17eda5c906
GIT binary patch
literal 335
zcma)%u}T9$5Qc}-fQo6fw6hiFK<uKzVWV)M5V4c6UdD6HW%rz&OI8ajUqNdhz{<kH
zO0W_IAHgT^32fXoklHB*<{#!`zK3sUIfetvCAylmDNk7qX>56bj*5o0T%uKtoUMnM
zN5mKh%lb-*wg&gJxQlI??btqT+|ldX`x+$xo?-Jp_`)(_cH)FpArtJO9gu;)N~#2A
za+oJyYbKY8z;b@BMk*COq;$_XQARpB%xUKu>SuBR*O26}AQ5t;s)huXCMT6LW!jaf
z+wpbqZ$}bF5_XAik8hq=R(Bs4!}ImH9UK7k$Mz5QUhch%+}1SR`o!MTmlv2Vg7z=P
C#&n1P

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeAuthenticationToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..261b9100f97f4b62074ba42f131e5452bc5f91b3
GIT binary patch
literal 1656
zcmcJP&rcIU6vt=VLir&U(U3@@(L{^~vl}^hkVGgbKav`VKukP{)7^m%On26qDQ!6r
z{Rg~z@JM2eS5BUc2M(Upn^!L$^ni)+V$}C$OSdJYo@~--XZOvU_df6Y-m7n<ODm$J
zT6cA%c(}f%Xqi=|+H^JZD~g-CD`~})#$d0um~wF=72l?Y%h2vvXt*D57xHL|OVeap
z1`Ho0R?Bjeg_Ac&u8$t<4y8z{Kr%iU88TGZpj*@vG+g(V3`R3vApMF3TruCQDE^4-
z5T~Yy{*Up_DjJ$&0{-H?{{H#T{$7ft3*-z90*(NvSfohIFr^L2#R*gl7v3EjLG;74
zm4)@aT#q2vd;xOsjxhHQnR_vF&zFjMZ8)1Qz<JIW9I!3|DW6AF7&6w`Ytvm)jB&s@
z+Yu*bkl4HVqBe^9$07Ro^2$y)8=M40_sKxZITk=28zc;8Kx(*!)U*@=>I*a>rz{A8
zasei-YFH?4fW>$%BB0jGs1g?;yU9^~X(cSnfUj{{6s*9t`IQ^Jw)gevV2U`PFab{t
z8Em;0Z7}<*|8|#Lb9Rb6e)r(#dF#~iQIOeM1VNonyyTUlb@X0)^5NXGefm62oOzPb
ze49Z6@Tq2St>NJu9G&Zkzsib7yX+n-q9&4}+=`i@S3*+4_SAr4WocMG2o%%Wc20rx
zYWNSJ=YzPFB15`kJJa$GVj4}-Ns@183<5vceev7;$WFyH%IGs~X`D)q&rw|h)2{5N
zH*bd@zE6|X4Cxb+1~VWcspd(qDM5rKDS}!wF=<n9sy&zpd>unh_!Vtrc{RdDOSW57
zR9Fo{o#=?KF}zUuE<$V0rDh}98!a`^Ntboogfr9-Z9MH(aZJIDGaYZlBS~r8Wso~e
zvi5@65g1=g99yn_ALbk$qrw)e2a1IQ*)}%D(_{70?bx?{c0GxZte8>|)l|o*EPzHf
zFw>WKITFk=U;)MkTui+UMMg=%nk2gKE);IB=Iy-~K{a+eWn;P!fsB%1&EYs7DH#*#
T8=fbmPen;;<H4^eQh)O=i0?tJ

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2AuthorizationCodeRequestAuthenticationException.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..df7b151a3c66bcbe1a5935971f541f9e9f013cf5
GIT binary patch
literal 13577
zcmeHOX^b4lb*`CRo+2rdI!TGt;Sr_C)+|X;)IrJ8au0IlC3n5MRAR~!)!S3M(`3(d
ztGi}7OWU#(M-Cvw2jWCd99Vx6C$?iJhND1Ako@o=+kjxe2Mi+)5(I$*2SM^9Fq{C1
zCFgsus=KRuj-8eC&*6{abk(bO*Q-}mZ@=&#VnZB>4+PP2H4Y=Mxx5rP4S6w$E>vUb
zwjxihRs*M{>WA?it;ncKA3@|@a+DV|`AasH=jzXyQ39nV1sMx!a!x+klCh%x40xjL
z%8-z}y7>AvfA{>)|FkSh)8ar5f6vKEyl)yzj}(|5NthndOyirF9?2o)uZ)k8^)S5<
zT#(IU?MO@xqB1v#WHm#d(M)Ck#OXha{&(Wsue0nMWE2IF5=RFTjgTAOCukmVb#Gs;
zn4KO*xPJKE2mkr9<ppNsD$-ZRtudbxhx;?e9Ody7Q+v-lD^AsSn#<L>7JQ{4Q}JIo
zxADZ*BOm&gvJe2gA_GhzzVq4*@7#Or`mc9DEYzdmqO<7BAAIAkTkpO2@~cB)cv@_5
zomMQBxN4ekjS$h16!O@#*j|&$@%&RVj-6$|?Y7|N6)k{ckBY6aa@-3Gk>dhl|D!pO
zWMIOV4QL1`uZ&w^7y+TIrCi5K?9|g*%JWC2y;vP<hoKUCPkC_+DmO-05?&;0H--+a
zI3=T2l+e<;nopTXXq6{#zyJQ%ZoZdv5egwbgQa_2rn8O-&X!j`b>QefJX;o<kBf~<
zLDX>6l-TNfO?kT2Sd`JUxZL%fIGzrinv70^k0-@bV(YZnQIi-Tb&S!t>D|2K`O<>g
z3cl+>E!Pv&S~-~Q4eohFMlqH;BWi~wAxb}1V#pzt9O~<{^D^=r--MfarxE%HBw|mu
z?kcGQiuawyV$G?*h=@y-yY2}?7GM{siX+6q6-wMgM7<_pnywe%7YxvJ{OYo7%E(bc
zRBd>%TRo9{j!QT<^(%2rXQ!dO+02$U#fJ^WclMxIcbYXH+NqvFteS@_`JSw$Bxa+)
zg=-PrxAg}wJnV*7r?cl|-13#p%~8Y6{cnhylbTm0ZtBX588)130Vkade8@0xpa%mf
z?~{%Tr&Qv~LJwmnB>Qc-&N5nRD%9Mf#I9v+J9!!#&?AoDvaM47IKwN^i;bzoH71(N
zST10r&|`$$o=_=L5Py?$^ego1b|tnYu(QGWz-IoBJ3-w@I!ewgo|kUUelHh5>2t)!
zb-n<g#I+jNTo5RYZ^}5kJ#Cby!O41<g?E_L{JZQ=qlv5Cpjq>1KX?2|gxHxT1KC74
zx?Dk&5|!*M@@9j-VtCr$gQwBZn?gK*V$HAAHF8V-#Z)8r(XV4lY}8b3TF)9<Cx})d
zsmL;+c}|h$O=2{L4cNrBG#p_+T0nq8h#DCj*l2J+0szN4Io66IY%T^lhhP~e?22FD
zAL8c7`Pzjna7A*-hp!|NOV&<tY#w!W_&9vm-I%h`Ypx)HNibm_5pSmm+!fQf^yM-_
zXmdG_O6&Zle#5CD#+BH@8`PphyK?!^-8vM5a`_%mzBb#v5&<+ZB`(uHGE`)tlhjP5
z;k^8}#%v>Gw)3r~r>ddvDB9|(ZqR51&A3WCaCJ_r2i|!GpD@prg&t#rZCXQ`cA_WR
zuKvqVI?{&{B?5@l7BPzF=uzV8jGXC91)H_Vh&v3KqZyg=t<b~nRFxcwstFOzVusep
zwYO`3N^IOF_JARFXHR0X4PWO(U!$FZ|L9a7DORz|sBlwAdzP%(l-_SB%?&^)qrriS
z4hcatR(HH+1wq!Uu}fw^O5Bir6lbJzpS8L9!vW-0vPlU`bph#W&{7j^(*e1QT}JLL
zoJ0`2Hm%=bTGX7Q<_Y8vDI7%#%3!r3?OBg^%(^Z&Ye6FLVT0(L`97Yh#Myx~4Zq?;
zSaW%TElu2zHZRDilDO6idJG)w;P?o*H>W*_4jnU%KCUu(Sg`a+;F)k#IcQ7i8D1ZH
zv%C_Xx)PTgiXKalr{x-2^8?XJygZdN@xZi0)-tan)Q?e<^RnZH;sbArVt3pljGLN}
z0hHL`(h3=EGFw@Qr=0iJ0x*5%;y^tGxIn-7GY7D^7Ql%DfD&7^5y<qm$^V`KmEinS
z2kb(8tI61nJX-TrS|8fO>DPEVpv1mjL&o>^<UAn*&ih1?nvZ4{N_US!w5@wM7DR3x
z7ae{zJy4DXK5e>uD(LJqylm1zG~IQ{BtJ~`wMxG(;nbq_m9c7T?b8Kt`uv~`Fu4}M
zml!~aW9t-^l4s&+!HF**r?x+hc-I+K8!6`~If}g%>91A}+bn8j6B{3(<|%4&GGtjW
zCu1L0q7UjrHtOe$aMnIHkR3@HBq;Qs5oV(k1+8YzWB-VeQ!@Ztx$w58#CjjHQSa{5
zqAjQ@@Is$C9rED^$J<|9r<rlEmT+L{)J|HCPKMXfJ&2Iuu6T4GQXLpJ(P`XTY<Tvj
zSlY&NDDlWT*|goSGA@@KoNmWgn@+=XZC(lchdXqmGdSx0RCj<Us2j?&QoMe#N$<dk
zekd<6n{v{{@^`RtjHyt=tNMiwH=hh5ocdQh+{jc?H>Xtn%Sf1abHdCi?F?U@I@pf4
zCqIqGw|GmlxRAmLg2)tdX0a{?Qimo6UIGJe&lrdm9HvnPzY~sIp9$ki`m-{#g!BPB
za@rFo-r(Rw5_T{~=wAW)10CprN8&K#%2_Xzbahp^vvNo$)cO8Y-JdT?t$C;3&r<U_
zYTh`|E4<}?fslN$7p9Hxfh@OWvW!NNvr4ysmGsv<E_#qw={uzzX}3|+&LyqYIoZIr
zjx38P*_MP%<^KVZTQefY9-Rt1iFM8FDzVAn?Sig!<$(IXyK;!JQPWk8gJ=lWruqHV
zI1td#Kjqb6DK^&XwtBFKSzp>IiH{elDd@NK8W7*qq2JL(DB5vV;*VJQ#V%vS&2A8`
zB4Z4?A^$1M{}megDi+Gc$O)0XjrE=(o(DU(bg+}Hux$Ae($67S$Q9gs;g~Q_?=QG{
zcl<7#h%YiH+0yt{H=uvZvAa3J+y%6}06uT-;IqRmX(}(Em%1Q<Gg9wgr9j;r4XcdC
zzf8?vP}9STG^7<xzrIFI(bTpzXq@k!3P3Ob4Skaujv-wYwQg+^x>u<wkb@qn_uJIG
zIXw-ujNUq+@^|0>yae>!OR_pR{>|YEIcVr>DQhKSUD{x2EdM35D4h-NC4=)VX_6o$
zSs|8sk{Q@pVYM)UK66<i`w<cweu5a}(3NB|lvLTrt{eC$VA7oYU}~`(<=ax$enP+g
zwS%=Ur2sm+rqAEBg?l&!81UFY@Xy&8o=Y+O7XA7NH6OJBiWxoueB1_DlZRp=PZ&O7
zW8i#;ZJLRhDhgZqhM!=`=;u$)?b39BFmY(>2$JL~x6?4AeV%@O5{DUmj2!iSn>??g
z0{LG~Et8slx;~{6^w0iZo1F(Leb^-RXz!z6zh^7z2=yTD@S{rMcD~>JO0P30?tOX<
zbq_!M-~$FG)_KnCpkf{Yuj@Y0op|zMU|n^kw-Ub7YPxk?>Ql)?RlhOnV<YaIXK>Gi
zz-x{MH})B2!Z`m)zPyzh(zd{l*aB!uJE_@)AhSeobCD+2Wd;Wu3KeDsAxI+?#T-r{
z`vK^C&kRHMB5&BtU&8SwXW_%q?xLsa)<x?)pEJ|<FJeMJS7tOixa7?OmOt3V@_FT(
zYlLZI5xfi)db(RTB9hGZK4N2k2M3R>1#pl7l<0PARb(-FiOaaWCVPKNI=eH<Pp#0z
zU2AG0RXL8E2~Lz+bn8w?m9DkDZI6-Y^qQpjNi%d*ebo1sn^Z_MR+sJti*QPnE>{n)
z3qD~^pu8j|mbmgGO+`w#ps#d*26B$A?LlKVQ}ebQ0DMloAA9tZB-(Q1pk$-!gkJXk
zs&GLXR~6PRgwRis>1u!Y3?3$D&ATL}O)O4Y+EFpr$k?>gK^f~6O43)>n9uU!6w2>z
zahyk!sDK1;LlW!`YO1)Qr<<5Kt{gm=Uh)vo<B*acN#0^94b|aTq4vSph3Gv9di+GP
zHof^4ZcI`YrTSCi`W_>RCzOsP6w7!!e;pL>==$V+8gGj$=20zqIoHqK`+5x-<!{n?
z7yD4*94Ah(+9|Cs@rE>xU&X^7-r=ctk{W(Y=>~)+a~gjaHPh5|0Fgo~5Rc!(jY7So
zwyEaDSaNRNdY>LQU3itm`JCP|u>T~TMzqbzyhMjY<XV>LAuv&*SX?@858eb0?zR?6
zCkJBzm}={Fpo`BEqIk~jJ($`vNAA5K$04Vuz;KoJYC>VO=7hL-t0do8uT$x>c3R@H
zr`w!_e)fEp6l3frf5HN6uO6;ec<NEs&=IV&Y{+u^Z-Hs9)?C}|sTvol0y+M#^3Teh
zxG>5-jh%*~R@1h^ZxpQ1CtP(<Ad}8uU6~yl7gMKj4T;LhrhX-$l0Tc)G7CG$)6isr
zm3-yFeuGp6!sk+>2k4NZQWjVZZ+Lq1Yt>P9P#qfKsahSVs_fdIS}P6n#LXoTe3#{%
z{Rz&m#!5CusVYy`J#gsOE}Kxlb!{MHqG7xqrUx@(<|M1;Ea~l0YTlbDm6DtZ(j<27
z`-}<(VEP2_Oqwyan7FFgm1w0jYtu@PxFsr6D4|SYm@b|H5{VnKyF9Z~LG^KEq7f>-
z)4ufbH80-(ColXX&av&VO*8lfC0?VRoKs(29L<$tqz_zb`(-gSEiOx*fkBGYfSS}T
zlB%4kBHVNgp*)>`wn>X(2NngQFqMd$qv~2L7i2GWrNa2WkrCPE+EJ<s8ev3WbCoo@
z7Mm!_LIrs>S3%BSbfNkN%HFwx{Kv2T;Hk$xIeTAOl+TJS%rmZOYtv#^jt&W{#9aTX
z>wcB)S?zhQ9-peRpLwf<Pwwq{(CS+I&r107cR%opy^}vg-Tx+3Q9HGydT=(Wh>l@V
ztBU%R6QbODXHG+Bj0;SQ%`OUOn`)|-xC^<T>xKHxdjnhw)z+xEc2zcKV~iVm_(_h;
zyrin`4OBj?Jq^n0UlvFlS>BK+WHi^!B7gt$w>{N7QQH9@KP$Fd^T_s>8OfAKEM09$
zo-I3Ywn>+;1H>*~*QK2(G8b@c>lH1V8duIVQH<>^c~s>?m$5&;{FXz1`R^ay$u<AO
zK6*%Z+aT{dx-WSfL56tGaq;x4kN@|6MpJTuqZDu$=ysvie&&1oe*c@!r-wvoN({%|
zCCR1i;^Hu^{x(fsp%7v{bYztBBETR1^E01)UHxp+aZS2GvwbGLD-+<P6W0N{VbhPk
z^0lj<`0kJ>Pof4M74N7pM(M_s*rM?A9oGZD)(#(hh}aO~;$}2E=~o*Mv`G;0QT*oD
zgIJ}1P=e)|Iv%*j4Q-!@V%ZyEjW={8A6?vp=;B`q;Q?-eYSkLKm*dlErW7I++P+;1
zS!>M_k4D_KFuTkuErYA$eYxT|oVea<b>5>Id+Zv>&}zgRB8OUKemFSeZ*+#Ez&A?+
zo9V{6ndymhqfGai<nuW5^fcA?XUt-w?$ji0iHrEFiotA-#rgEU-~R5${^02|wB3+C
qV$3X<8&H2e{_O8Q|ME*mhG<i|xDEX8G`1~)M_%`bU|PM*MfiW>DnelZ

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientCredentialsAuthenticationToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..b4b92f420aa689f8b2914bb23ba2e6ae54cd7113
GIT binary patch
literal 1741
zcmb`IO=uHA6vrnYP5NotDg_S}6e}JiON+N2YSP*dSZT2>f(PqlciL<_*<EKR&8CM^
z4_*}ng;G2UB3_H4C-KljPt}`OFCG-EAYO|4-fWsp(h@xw$dZ|T^WOjc=Dn8}UrCE6
zh;YPG+H-|vFD(jMU?oSaq&;R7g(b^rhZbdi2-aeii8L-8VXaYVIks9cTUti2oX()>
zD7Rp5R4@}?QSRYxXf@}oF#BMC>sxGdcRflXI!Snj<1$Z@l)g+?saBL0*Jha<_670&
zuQrrYl|Lb<EsqiRS$p&S)9;<_D2eIh6g5o?lcjuyA|1&@gVbx(9o9)7J>q+=>@rC*
zI^>`=@YN3aY5`x(a0Jti%0n06JY^`TGjK<S<x(!mP;;+UcOiJhInfj+W)Rw^GdWKR
zY8;2?!}E*l_Jnx?5ZxqQHRqVAla2}rY2l^z)m-YR!#OjMCghYfnWPp6lit9DQ+r99
z&Mkw*u<sJ6%nMi#X{?8Ic+@*TZx<ZXTC`}6Gu`s!L26)d`^)`qRZVdYJCbzQghd<7
z{?gywg<(!-$;R%jpJ$ZQh;fIklcev0sFR_Wj1aVp-u=7p`!{#!lNgCik+^5AF-QPD
zr8qu)Je-1~lTGoLSgx_7Zm=BIM0hD<0W<VUNR&rOR3}}66&%SjrYV@$fOA%2TLbMj
z58eUzDHFx?_^u?0;GC>^2O0;$^g<Z*%%R}-pFaB~e<ZU3odWudDLOsj@k#3C!L%j$
z@$I|5+j}t*9VhMFq2@Rgl_RD|o6Ljayu(f39l4@Xij-P0G5AI#=`@O-bP5YDHeR?~
zrM$>|kUG*7XJv3<C!`T#ecxkasfdaqOraL#whE^==(q(VoMRAiylKRmKEUZX2jvg&
z>n~7^zaTJ)sO#&f34!5T;j(ZTt43EFs(um?4;Ss~c>*D+;);T*Y*SSV07?S@FwbYL
zg3Fnjeax(Ik>xrRap7=QC6Ty3tzTWpsJQ2#YSc2TG@W&!j6$*hRy{D;H~Js$J=ofq
shkI6jI^kqP;egfav3rjmzj}E&23BsV6C`$5sw4_B)St%S;g2Ez51E5tjsO4v

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceCodeAuthenticationToken.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceCodeAuthenticationToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..db2b28832d815219e5089978a6a11a9d9e0315b1
GIT binary patch
literal 1640
zcmb`Hzi-n(6vxj=+w=!*3RIOCKp;`X(AuJ7DpZn|{*a7X(E<_!<zioxYcIArUlON7
z1^)m$10xbbteuz;LkA{cf`x$r1{gp>EC_h-T;imy!a}4(dG@<^-}iYxo_-<Sp(LBW
zESX^-xmQ}3w8HAX+%!YxR3%pp)2CHco&;Ogm^9JwCEuco`<}L#r??ZFOL=siWi{@w
z8Q*1SCa+ihO)y5@UwnK0<93P|HtBbpu8JJ9H)xGof_f!uMWL9fNRsgXYC}a$`SX%`
z>JW{etY_ao{NCM3k+e-lsOxe}mWpMHbQF`JBH37NRdHcmp}~|*M(KgrtBrsulD8oT
zYad_hFJCL>YdOAT)<Jm~0)l59!2#YfU~zarg(8!kqc+1O{1NATN1T{J;&0}Qp_0@&
z4AGk>=eNCicL)&OB!eyIm}`@PJrasDAT`=TYQ`6WIY<+7%D7BXF2JR=^h?DJ@R*7M
z13L2@wuFh0&E#l!_L^7mUB1p~Q81f_>SuQB!p`UW!@8-u1Uyk>xaC^(!R*KX9WJ@%
zM1kCWdF#h19n^5{kZqEQ0uXgPiISI+HZXd0@Ab(CyYyk27>lGU<XbEX2z=^Y_#5Hj
zEF4|vh`-K?`zPuKD`HP1MVXD6VN^m=B1KX*8I-KzE0%X%$-)rtg4yZ|;Xi<0boGNM
zP^2gJQ!Vd6(^!&Dl6*U3Xz;I(9{*C`GliH&1!JZ)jibr&1sayYwLA0f`HRupuhJwn
zNBV_N-8pC?UoMh9RR)D+U${{)eMzTa)O#@z_!^2FajK#6D{BD`T4L6ysImy8PItt&
zx2Ul5O@!7y=Qv3EMokR>b?dNAIOA36<v3I8IemMW)8TR@+z}HB4(H-!wdTNL11)nM
zwX{qG?#Wdc1XyV8rPTW{mP8C)$N@((7i&$0E@Lm05!bRFc~sh~JE_OeZ~OJ{5aQEq
zmI76Uj;b^olm=*Ev#;<<Aei2Q%-tiV8f}oeq%T;LQP0&S`|?^|-+Ko7Nt*?&>2v@M
OmWWkkAjUO;xc&gt=sunR

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationToken.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..8eefaebfefcb6dc1baf41f1d257fab91dd7526d4
GIT binary patch
literal 1767
zcmb`IO=uHA6vt<iv}tT>Qk8;-3W^mEnx(~C4>hs&16Er4f#AV9*_}4qPIlMXNwevp
z)Pq+Gf`W+PMG(<rspv@*dhk@edG+E!4+`Q%)b}P$Hc3nLU?5><_RahFz5l#C{X*J&
zK?<%|O#7a&oy7$~3#{ad<+RVtqOfH-?b4#m55iikFp<WEE9_M&ZP!sN=1AMDEGIK)
zI?WaY^YgRrGIMYvG*DZyjW^F8ZuR#>NW>srqRv>7L&g$ap*p9|qCO)rp&^5``=;wL
zUy@|yZBg1>pJ8$+5XAq#sbjje>c#|h<UR#_(qDf2_<MUZLZSvaLM_Wi7L-p>geRG3
zO7#-;po(6)$M<a6W0GVHs6lVSuUGNw75uvC3a0N(4_$!sq{(f-JO#u|+oN2P!PZ`D
z?!x9E&asv_v4YS(oyqx9P;);-@1LArbH=QLfanV8t~<vpgLLkakTy28x2~xdT+W$^
zG@+)r#U!;knAEFcGPeX4LxHD(a8IFH(x``Yc+@{R=M-GaUa)D7GsE`f&t(6==I2|f
z2+<4@<FF%1sxB<rVD)GI?k)^-G)vasUj1=QIn~VTWQ}wL9wc=*^pX*RmeG4~<6Ymq
zZTcWev<VXP?Nt_d1U{u0{swqB1xLqQ;xDmW^M$+2a;S;0DI*nT=#`KNS9h#iu!1XD
z#<JjA`WOo^Bz$-V&=Z#02s}yJD|WK(9puy>mJ=4=$QT6v_0i*B@_Rg6p;17eF-4;%
zJU&kSJean{KfHR~du=C5BBSI0cd0cBB67t9Nyt174wqYjH+)`|pp`nX5cq16beTn8
zx`lZUFIu=<p}fcfNOia+zTG*7%1<M-#(RzzNkvrD08pE9TZ01-)l{38IMyK8Xv<)A
zlE*nY3rdG!*4QgG4J$E;raIMW3T9z5DOY_;K%a0dt2>RUB$QO*ntI!*ev`;Y=_mqO
zWm{&YYRA-|c9`rlcERIJjX7rRB9Y|=3NhhwR)f$!J!xE=&#1U3Krm{VRXH8^KtW-$
zl2n16tpfW8A;C~z@4LOTaesXdTCV(dLs3l{0;?AzH}BkizI84NR$i$KQcmp(CIV@x
L|BHd@!(i|S*9~Tm

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeActor.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeActor.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..7fb91346d487a84332ff3f388572da3a6e131dbb
GIT binary patch
literal 315
zcmY+9Jx&8b428Yf02M+hffh<;CCVU*1W_ObQ2?UF878}v%pWt}WTD^))LZ~564ac5
z%TQ3HMa(P}jpgsj_IrN+g0<k`*7}kK=cOqp9<^9lKVw1g+Dm$17Hg^wBm24VEP?g%
z5lLFpk}xFsA6^X7=#`xbbK39<O(_PPtp8kfhA+q4(+*@KSmz3*4g_1HDbBH|Nvh%;
z-BIIWmi?r$q_GpLl;FuH>|Gme@8m?{Scy3M{kr_2)yA+rnCW|Xf~;Nd{a?Qn{^t4Z
zqrbcC<&d30PFOY$0P;mQ)-FLF>M_A4rkDq@pGL>1$`AwYR75WHiy~4Te-{mErv&3x
FH@`l!Zh-&*

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeAuthenticationToken.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeAuthenticationToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..ee60626a7c18f942225153fa69b4f4d5e66739e2
GIT binary patch
literal 2157
zcmb_dL1-Lh6#jR!X_6*s)+!Of2$oi~bZ2Psv^lgJ+oXY!6q6$4VElLHPj-^ond$$(
z$<9_N@!(ZKsUYG}5b;_RJ&A`NJXH^h;K_>zd#E5@M1AkgW@mOAwjK;**!TbMz5l)M
zeeb=`?u&7wMHuNF%f#9bceb@`t4^f%ETh~+`_Q!_nLz6T%6eaEi-bt~HzoK{$dU@d
zcQbLVL8=?ko(iv|ZcBzcicWG3zB={Bdz%aMm%3#!>4@Xfg-G)`h?CB)+?RHMhW0v8
zJd2Jvk!x&pV|7E^5+z4W$;9(j=qdwZE;CEO5A1aXXme7l8wp-1k3ARdv@%hm(T*II
z9dXRKQQVhiOw!y{F0fhescP}8?<&>8{J*#nRDEbyv<%@0@P4(w`u&%G?%pYjF-JTh
zJ<q2?$l#i!%7M~Dc)ToQ#A9AQ<eL%!(Qq&ad#LvIVeRd#_O=^oWj`Dqxj^T0Zh)15
zYgjMWk7WSj!f3C3cR4W@5zdv7a8d@jzSU?N(8!D<Ao~8(=Wm58-U)<gQ_L3Zl;?<P
zk`ZO_i8=EH=DZXI0ahN-#GEEP1=0^trO3%O=Eh<gm#}M|Bd%IRIx9Cdr>}?Y$n&>-
z*$kB98~AJP%=tUNy<II6YbybsfT$LpB^}EC+@sy)&pfpx4!(Wu&u7?a$t9vrrZEQf
zc<!a4wd|7j^v&-UKDaAC8WW{eQ8E5amBs@9Iu-h+WL!nlt0Up>sOE6Dzp9#p=wHq-
zBd<b~gEF<(tXAy^RKxSI@wn%xc@6$XpjSO^u`~v8EYpL+9maGfPbW`)5Mw0xgO5M?
z8~&JB%Ft+&&kCdQSZ;n*nii^#PyF=tH}kLG8x!SaaXg5mx6I>ZRZKw(BWy*1m&O+_
zaSEl*Bqf6XB@i=iVjya7#nfoIxG#f5r5NhPk?{3~C^6q6&<6XQ8i`+I)DWO?cH0NX
zPIOrJ6>Qh}byH_|^&OfKH9+G!(9Er=-q6KxmPdwDXbKwR8`ujtYzM2!BQT3fl(?4D
zu2vrPpbWT@Q&>sb8r=01>=ct}qQtk;{GB5NnQ3K=YH4Itj1GlH{n@qF{dOEE9)!y4
zfd<_HoGLmBvW>tTdS%VIven>sPa&mPT;iCXjgez{uz+)b_D+p)19AFjfHPDX;N1@V
zH$LJ5I#_u3-a8*2Tu0{c<Fjb_WKKoL5BHQughbsRgC90;|9loZS>O;DA}rp2dHJo|
z?|<?6i(_~ncV;mA>LEKpOdc-56h!TjDM%N$p4sB07^AcNJvZ$2=@vk2>b8BjDlL^t
dDuv}n?X+N78@9}L>3NK1wzo4gfQcI~{0nbJ<fi}t

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeCompositeAuthenticationToken.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.oauth2.server.authorization.authentication.OAuth2TokenExchangeCompositeAuthenticationToken.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..2417844ded4bd126ae0bb0a8bfc2e7c65fa1f3d4
GIT binary patch
literal 1803
zcmbtV&rcIU6rTQof`nfhG+^)q#)EbvM~H_O5lL1cl!gQob-Fv0f$h#ZGlc~s!ISZV
ziN*wDJem;oD*u8c9*lbSKahh5;>8%>n*!USsT%jN>Dztt_Iuy^-q+W=q(MotEMzgQ
z0?Ga2oTMcN@nTvrr!2W%Nef!m^8*meB_`7t2+3Ee=E64-^EG!W;Y0>gr^O=kM?z<w
z`b9P@N`X*ZGkg`Lnw*{oJMUxT<J)l(w@D*)w2(@Z4ts$vQLC)EXW3loA)BOBxv;<-
zt;v85Sgj*itplu<BP6qGzcds|GFrDmY$-yP&J>iE0H(H#0sQIZxix>(ZHtq{ENQJe
z$6TAVU<}k~&Y+8vRb31V&ja*881~{aO}Pgt$15ow&}2=R{)WOJ2J<+J1f-FGbaYhp
z<^7Uy`5dPOk0CMN+xsuR`LfXwCo!8OJ$Q1PtdSV>d;ZS_qQc!-vi|PIw=<?p%)uJT
zFaQ`QqAD3F=?Z=`y!Wy9>0A0dL1JShsrV`j142k_If-{Tl&woO&gVcvAgvrP1s)rf
z)Yr^KzLCBas03HstMny>$7;FCX;dn3rAhPDggtUIpBtG95qAp!xLOy$GAkSv?F=i_
zj{0(CKoJa3XRBl-0U~x?$&|uxwc4av!Ec!Am}?#&pvFobAUk|#vQy@M3~EMH-KvZ9
z|JE*p%e1o>&u(7oUNA&9Iv(XEkX?I~GOy79cm&q^qghAFsFfV#etog^L+_=s6{(c4
z>r>`<XYKJElQSEywg*pdbsC{0G%XsPB#cgynj~POHLMWAyl}YP39bNO&%D-w8ni5k
z%3wJxq$rcLBTAtea~A-fs7qeeYNAc$!MuDhwn?fKn46JWwDD%OYo^`eNakV!^~~HF
zVAg1l4iBh@T{jpUiP-OFiy3Vuqc1>m2kK%qJ5dIN`^I3<MsQNIq?0<1DEoR`fUO1`
zu+5T==$S2?MSRp%g}OR5#eB4kUo5Ix2sws6+Z5~*Wb_O%!b0Lq4CVya--!k4t@l3q
z@bKAsK2C_?q6tn`>10|m23emsCm%oAy?;FcS;*Cuf9I<2&^hqWhDr*Wiui-F6?3Xg
TMU%EWz7WCPgH|<3VwXPw4EAY<

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AuthenticatorAttestationResponse.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..b728aa265f81163ccc7ceefeb36e75e789c30362
GIT binary patch
literal 1056
zcmb`GUr19?9LLWllW7@hk)RLRijdTM@n4!NYMUa&)O4EWC_1}4+pgZ-dp-BJxe*mb
zh!6xu^dM4#TCfJmz#ySOA}OLm!%*`<dvj0_LiEr>=gvmaTYnzTJqPYNzt8#pzTXr7
zh)fzqEeiE>no334@1r<K1{B)IX+#K75u)4x@#q7GARu#C6*(JQ5g9}QgF<ZpL<0<>
zBDWJwRb-89_$nad%kBq8WOSlD{BuLAr<Vu-sK&{F{BJ-$4dfY2A1NTufV@4*7*;3B
z28w0Ipr8TDb@t*g=0hM#yi?S`8llMX4?@znpM5S)T}i?lBQiMA4nY!`)CLUrgsZis
zA6-O-h{{@4^=G7%f`!WukCn`g@vO2NnLN5EKt{JcqK2qG$2SYUW|}+Jj0i<kgwT!i
z7Kp0EQg2CjgA*vhKrCezA%G=`$bS8Af34*3daGQg+9F;@dALrM+igvaa)rIJxg2VH
z8Xa9H2OPFwpern}lL{66qRfs30937>=Sc(yRf%wtB48<?Xi#5QU0tO!sG@1DKeqd@
zq>&4n-T_lc|C-qi6XSv}2wqu{iJ$rGf*_0qbl>!bb>DnBADgZ2sT^I*nNBXQUNwYT
z=4QCJFAlAk^R``gmMooNCD6=Dr|(|u_@2kN8u3VHeh$j587^B-&P(e0(}}E&#As~N
zV9YpBY}ngfycR9JBNi3*o^D>rAdbGfBS%-0W45!eYipG8;cMnDOLy`8OYtGQ`QTE)
z^6ht1&x#DD>A`QE6X&vbZSMOp$v+xo-WBS>;q>5eHcD|++n<{B5G_v}dGcx~b0KAs
z0R!6U-in!oWk0`_Uu(**Cbu5qzkM|w=^$H`#Cvz?=fiDj(~azc4gaHZB5S+nQ@p7#
nm19#FOCbU%{}(kb&>uWg11K{P^-$59ayJi<S(JfL8B5;*+_;LU

literal 0
HcmV?d00001

diff --git a/core/src/main/java/org/springframework/security/authorization/FactorAuthorizationDecision.java b/core/src/main/java/org/springframework/security/authorization/FactorAuthorizationDecision.java
index 6a3c428834..b26e48a97f 100644
--- a/core/src/main/java/org/springframework/security/authorization/FactorAuthorizationDecision.java
+++ b/core/src/main/java/org/springframework/security/authorization/FactorAuthorizationDecision.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.authorization;
 
+import java.io.Serial;
 import java.util.Collections;
 import java.util.List;
 
@@ -29,6 +30,9 @@ import org.springframework.util.Assert;
  */
 public class FactorAuthorizationDecision implements AuthorizationResult {
 
+	@Serial
+	private static final long serialVersionUID = -245342816437885039L;
+
 	private final List<RequiredFactorError> factorErrors;
 
 	/**
diff --git a/core/src/main/java/org/springframework/security/authorization/RequiredFactor.java b/core/src/main/java/org/springframework/security/authorization/RequiredFactor.java
index b6ff187c78..d33a839e9f 100644
--- a/core/src/main/java/org/springframework/security/authorization/RequiredFactor.java
+++ b/core/src/main/java/org/springframework/security/authorization/RequiredFactor.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.authorization;
 
+import java.io.Serial;
+import java.io.Serializable;
 import java.time.Duration;
 import java.util.Objects;
 
@@ -40,7 +42,10 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @since 7.0
  */
-public final class RequiredFactor {
+public final class RequiredFactor implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = 295501208651764485L;
 
 	private final String authority;
 
diff --git a/core/src/main/java/org/springframework/security/authorization/RequiredFactorError.java b/core/src/main/java/org/springframework/security/authorization/RequiredFactorError.java
index 0d6cada187..d1580d92bb 100644
--- a/core/src/main/java/org/springframework/security/authorization/RequiredFactorError.java
+++ b/core/src/main/java/org/springframework/security/authorization/RequiredFactorError.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.authorization;
 
+import java.io.Serial;
+import java.io.Serializable;
 import java.util.Objects;
 
 import org.springframework.security.core.authority.FactorGrantedAuthority;
@@ -27,7 +29,10 @@ import org.springframework.util.Assert;
  * @author Rob Winch
  * @since 7.0
  */
-public class RequiredFactorError {
+public class RequiredFactorError implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = 1946221547278528901L;
 
 	private final RequiredFactor requiredFactor;
 
diff --git a/core/src/test/java/org/springframework/security/authentication/NonBuildableAuthenticationToken.java b/core/src/test/java/org/springframework/security/authentication/NonBuildableAuthenticationToken.java
index 8099b826f3..ef4e416158 100644
--- a/core/src/test/java/org/springframework/security/authentication/NonBuildableAuthenticationToken.java
+++ b/core/src/test/java/org/springframework/security/authentication/NonBuildableAuthenticationToken.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.authentication;
 
+@SuppressWarnings("serial")
 public class NonBuildableAuthenticationToken extends TestingAuthenticationToken {
 
 	public NonBuildableAuthenticationToken(String user, String password, String... authorities) {
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java
index a4fb51e2d7..1ec19f897c 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/InMemoryOAuth2AuthorizationService.java
@@ -226,6 +226,7 @@ public final class InMemoryOAuth2AuthorizationService implements OAuth2Authoriza
 		return userCode != null && userCode.getToken().getTokenValue().equals(token);
 	}
 
+	@SuppressWarnings("serial")
 	private static final class MaxSizeHashMap<K, V> extends LinkedHashMap<K, V> {
 
 		private final int maxSize;
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationCode.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationCode.java
index 56b8bb185a..2fce5ab24a 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationCode.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/OAuth2AuthorizationCode.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.server.authorization;
 
+import java.io.Serial;
 import java.time.Instant;
 
 import org.springframework.security.oauth2.core.AbstractOAuth2Token;
@@ -32,6 +33,9 @@ import org.springframework.security.oauth2.core.AbstractOAuth2Token;
  */
 public class OAuth2AuthorizationCode extends AbstractOAuth2Token {
 
+	@Serial
+	private static final long serialVersionUID = 3789328028057414501L;
+
 	/**
 	 * Constructs an {@code OAuth2AuthorizationCode} using the provided parameters.
 	 * @param tokenValue the token value
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
index 74e9825a0a..8ffdbb90f6 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.server.authorization.authentication;
 
+import java.io.Serial;
 import java.util.Map;
 
 import org.springframework.lang.Nullable;
@@ -36,6 +37,9 @@ import org.springframework.util.Assert;
  */
 public class OAuth2AuthorizationCodeAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 4629166286850598162L;
+
 	private final String code;
 
 	private final String redirectUri;
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationException.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationException.java
index 023f2a2bb0..0f65dbfb3a 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationException.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2AuthorizationCodeRequestAuthenticationException.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.oauth2.server.authorization.authentication;
 
+import java.io.Serial;
+
 import org.springframework.lang.Nullable;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
@@ -33,6 +35,9 @@ import org.springframework.security.oauth2.core.OAuth2Error;
  */
 public class OAuth2AuthorizationCodeRequestAuthenticationException extends OAuth2AuthenticationException {
 
+	@Serial
+	private static final long serialVersionUID = -3791188557904282453L;
+
 	private final OAuth2AuthorizationCodeRequestAuthenticationToken authorizationCodeRequestAuthentication;
 
 	/**
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationToken.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationToken.java
index f634cfa4f5..456f332b64 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationToken.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2ClientCredentialsAuthenticationToken.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.server.authorization.authentication;
 
+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
@@ -36,6 +37,9 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
  */
 public class OAuth2ClientCredentialsAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = -220223451609576578L;
+
 	private final Set<String> scopes;
 
 	/**
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceCodeAuthenticationToken.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceCodeAuthenticationToken.java
index 653ca0b62c..e2239b5389 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceCodeAuthenticationToken.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2DeviceCodeAuthenticationToken.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.server.authorization.authentication;
 
+import java.io.Serial;
 import java.util.Map;
 
 import org.springframework.lang.Nullable;
@@ -34,6 +35,9 @@ import org.springframework.util.Assert;
  */
 public class OAuth2DeviceCodeAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 8364555864666204030L;
+
 	private final String deviceCode;
 
 	/**
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationToken.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationToken.java
index 2cb8e6569b..f2a467b7e5 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationToken.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2RefreshTokenAuthenticationToken.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.server.authorization.authentication;
 
+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
@@ -36,6 +37,9 @@ import org.springframework.util.Assert;
  */
 public class OAuth2RefreshTokenAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 328697547826078993L;
+
 	private final String refreshToken;
 
 	private final Set<String> scopes;
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeActor.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeActor.java
index f2a6967d1c..3d2720462c 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeActor.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeActor.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.oauth2.server.authorization.authentication;
 
+import java.io.Serial;
+import java.io.Serializable;
 import java.util.Collections;
 import java.util.Map;
 import java.util.Objects;
@@ -33,7 +35,10 @@ import org.springframework.util.Assert;
  * @since 7.0
  * @see OAuth2TokenExchangeCompositeAuthenticationToken
  */
-public final class OAuth2TokenExchangeActor implements ClaimAccessor {
+public final class OAuth2TokenExchangeActor implements ClaimAccessor, Serializable {
+
+	@Serial
+	private static final long serialVersionUID = -3966261411784615574L;
 
 	private final Map<String, Object> claims;
 
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeAuthenticationToken.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeAuthenticationToken.java
index 0c320c56a2..dfd809b3f0 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeAuthenticationToken.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeAuthenticationToken.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.server.authorization.authentication;
 
+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
@@ -37,6 +38,9 @@ import org.springframework.util.Assert;
  */
 public class OAuth2TokenExchangeAuthenticationToken extends OAuth2AuthorizationGrantAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 2484741634669297785L;
+
 	private final String requestedTokenType;
 
 	private final String subjectToken;
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeCompositeAuthenticationToken.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeCompositeAuthenticationToken.java
index 35ebf79a41..d77629d689 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeCompositeAuthenticationToken.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/authentication/OAuth2TokenExchangeCompositeAuthenticationToken.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.oauth2.server.authorization.authentication;
 
+import java.io.Serial;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -35,6 +36,9 @@ import org.springframework.util.Assert;
  */
 public class OAuth2TokenExchangeCompositeAuthenticationToken extends AbstractAuthenticationToken {
 
+	@Serial
+	private static final long serialVersionUID = 1912280308201180854L;
+
 	private final Authentication subject;
 
 	private final List<OAuth2TokenExchangeActor> actors;
diff --git a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java
index 669247019f..bca0110561 100644
--- a/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java
+++ b/oauth2/oauth2-authorization-server/src/main/java/org/springframework/security/oauth2/server/authorization/token/OAuth2AccessTokenGenerator.java
@@ -154,6 +154,7 @@ public final class OAuth2AccessTokenGenerator implements OAuth2TokenGenerator<OA
 		this.clock = clock;
 	}
 
+	@SuppressWarnings("serial")
 	private static final class OAuth2AccessTokenClaims extends OAuth2AccessToken implements ClaimAccessor {
 
 		private final Map<String, Object> claims;
diff --git a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOidcAuthorizationRequest.java b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOidcAuthorizationRequest.java
index 54b14a2231..37aa3e557f 100644
--- a/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOidcAuthorizationRequest.java
+++ b/oauth2/oauth2-core/src/test/java/org/springframework/security/oauth2/core/endpoint/TestOidcAuthorizationRequest.java
@@ -23,6 +23,7 @@ import org.springframework.security.oauth2.core.oidc.endpoint.OidcParameterNames
 /**
  * @author Joe Grandja
  */
+@SuppressWarnings("serial")
 public class TestOidcAuthorizationRequest extends OAuth2AuthorizationRequest {
 
 	private final String nonce;
diff --git a/web/src/test/java/org/springframework/security/web/authentication/DefaultEqualsGrantedAuthority.java b/web/src/test/java/org/springframework/security/web/authentication/DefaultEqualsGrantedAuthority.java
index 1970ea2691..0220e66767 100644
--- a/web/src/test/java/org/springframework/security/web/authentication/DefaultEqualsGrantedAuthority.java
+++ b/web/src/test/java/org/springframework/security/web/authentication/DefaultEqualsGrantedAuthority.java
@@ -25,6 +25,7 @@ import org.springframework.security.core.GrantedAuthority;
  * @author Rob Winch
  * @since 7.0
  */
+@SuppressWarnings("serial")
 public class DefaultEqualsGrantedAuthority implements GrantedAuthority {
 
 	public static final String AUTHORITY = "CUSTOM_AUTHORITY";