From d043884e3209a91c7ea6910df5170a1471fae615 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 23 Jan 2025 16:41:24 -0700
Subject: [PATCH 1/5] Support Serialization

Issue gh-16276
---
 ...gSecurityCoreVersionSerializableTests.java |  21 ++++++++++++++++++
 ...savedrequest.SimpleSavedRequest.serialized | Bin 0 -> 1022 bytes
 .../web/savedrequest/SimpleSavedRequest.java  |   4 ++++
 3 files changed, 25 insertions(+)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.web.savedrequest.SimpleSavedRequest.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 443c6749c4..ecac0f4da5 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -36,11 +36,13 @@ import java.util.Collection;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import jakarta.servlet.http.Cookie;
 import org.apereo.cas.client.validation.AssertionImpl;
 import org.instancio.Instancio;
 import org.instancio.InstancioApi;
@@ -54,6 +56,7 @@ import org.junit.jupiter.params.provider.MethodSource;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
 import org.springframework.core.type.filter.AssignableTypeFilter;
+import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AuthorizationServiceException;
@@ -174,6 +177,7 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2R
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
+import org.springframework.security.web.PortResolverImpl;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedCredentialsNotFoundException;
@@ -189,8 +193,11 @@ import org.springframework.security.web.csrf.DefaultCsrfToken;
 import org.springframework.security.web.csrf.InvalidCsrfTokenException;
 import org.springframework.security.web.csrf.MissingCsrfTokenException;
 import org.springframework.security.web.firewall.RequestRejectedException;
+import org.springframework.security.web.savedrequest.DefaultSavedRequest;
+import org.springframework.security.web.savedrequest.SimpleSavedRequest;
 import org.springframework.security.web.server.firewall.ServerExchangeRejectedException;
 import org.springframework.security.web.session.HttpSessionCreatedEvent;
+import org.springframework.security.web.util.UrlUtils;
 import org.springframework.security.web.webauthn.api.Bytes;
 import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
@@ -514,6 +521,20 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new AuthenticationSwitchUserEvent(authentication, user));
 		generatorByClassName.put(HttpSessionCreatedEvent.class,
 				(r) -> new HttpSessionCreatedEvent(new MockHttpSession()));
+		generatorByClassName.put(SimpleSavedRequest.class, (r) -> {
+			MockHttpServletRequest request = new MockHttpServletRequest("GET", "/uri");
+			request.setQueryString("query=string");
+			request.setScheme("https");
+			request.setServerName("localhost");
+			request.setServerPort(80);
+			request.setRequestURI("/uri");
+			request.setCookies(new Cookie("name", "value"));
+			request.addHeader("header", "value");
+			request.addParameter("parameter", "value");
+			request.setPathInfo("/path");
+			request.addPreferredLocale(Locale.ENGLISH);
+			return new SimpleSavedRequest(new DefaultSavedRequest(request, new PortResolverImpl(), "continue"));
+		});
 
 		// webauthn
 		generatorByClassName.put(Bytes.class, (r) -> TestBytes.get());
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.savedrequest.SimpleSavedRequest.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.web.savedrequest.SimpleSavedRequest.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..58449b0e225938c89ba127cfa45d72b240900838
GIT binary patch
literal 1022
zcmYk5K~L0B5XXm>U0@-B)r5;dJ*Wqjt``qV5C{R>q$b8i6C(#6-C<kkw&lHPx2uuF
zkAcy<2R-Q*ARfG#$dRLo8WX*EFnZE?ubX9?^rbUzI`23CnfLl9l$3<UShgIM$RKKM
zOVP$oEO#A+UMd6XIvw0{l*q6taW6$hP9tb1AvUz@Uf~+Q{_t02<<$)f$}Ws}al9LF
zAWXSCA``Wgg0SWWispFJN6|#do09{ZcSNH1!q^ibsy*0;As5PRBtLEvoGKzi5w&U!
z(v%!rNrXlv&ZXlm7se$v1Bo8pm!WpqdBU}w)(DP9aF(PLUCog{JDNH8AYR%qREJ>|
zJjOf$fT7N?UiqgpJ7QNz5-ftuLL|p0N}Od=*Smw`x7p_N&lcEBA&7ytQYxsKVmM+d
zbG!?sOoVA+7?$b@%eqA5swWPA-<rL+^OZ?BnHRTpRTN8t=>d6``~EqT=d#J8^>7M3
zE-VX$^+;i)0tzxb`JrQPJl(ka<)a0VCq;b(<%aGp5|p+@s4%C3nr#D|vjPLCw}tW<
zwKQ^k_<nlxlMU7?RKi#^SB1x@br>UGqVnUgnI{X2EFr)|XO!0|er-Ok5YF_e#IBys
z1Qo5-d~qg+^+rRBHxQ=HDkDxVc^)P->vGwtXcdAF#Bl<QuAavz&-*7?recfhnL3f)
zHB+|#r@Hy#+TR~Gl<P3+bB$iyL^Hi<M6%m!VTIMvs>YE?$}Jz&x@&-5L|J(<NT_Fx
zWI_faD$G3j#}5JM&2t16M&`>bxn9q5VfNa}x=B9PZ_rqOxKp0sM`je9fqu`uIePHz
u`^=Ly(^f61PNr45q9;||tkuk2@?%9czQqfCab<U2nagv@iz5o66#oNNI6*J~

literal 0
HcmV?d00001

diff --git a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
index 08165eb0cd..e74e7fcb11 100644
--- a/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
+++ b/web/src/main/java/org/springframework/security/web/savedrequest/SimpleSavedRequest.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.web.savedrequest;
 
+import java.io.Serial;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
@@ -35,6 +36,9 @@ import org.springframework.util.Assert;
  */
 public class SimpleSavedRequest implements SavedRequest {
 
+	@Serial
+	private static final long serialVersionUID = 807650604272166969L;
+
 	private String redirectUrl;
 
 	private List<Cookie> cookies = new ArrayList<>();

From d7921daa13ccc33d025f8c5de851820121f93e1e Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 23 Jan 2025 16:44:10 -0700
Subject: [PATCH 2/5] Support Serialization for SecurityConfig

Issue gh-16276
---
 ...pringSecurityCoreVersionSerializableTests.java |   2 ++
 ...work.security.access.SecurityConfig.serialized | Bin 0 -> 109 bytes
 .../security/access/SecurityConfig.java           |   4 ++++
 .../access/annotation/Jsr250SecurityConfig.java   |   1 +
 4 files changed, 7 insertions(+)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.access.SecurityConfig.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index ecac0f4da5..49e800cae0 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -60,6 +60,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AuthorizationServiceException;
+import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.intercept.RunAsUserToken;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AccountExpiredException;
@@ -442,6 +443,7 @@ class SpringSecurityCoreVersionSerializableTests {
 		generatorByClassName.put(JaasAuthenticationSuccessEvent.class,
 				(r) -> new JaasAuthenticationSuccessEvent(authentication));
 		generatorByClassName.put(AbstractSessionEvent.class, (r) -> new AbstractSessionEvent(securityContext));
+		generatorByClassName.put(SecurityConfig.class, (r) -> new SecurityConfig("value"));
 
 		// cas
 		generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> {
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.access.SecurityConfig.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.access.SecurityConfig.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..ae659612d7304086cc379fafb84075a5e5d1f7db
GIT binary patch
literal 109
zcmZ4UmVvdnh`}hoC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qflF*!N4xL7Y3%6HDs
zOUq23^C9;|nf9jwCI&_y2DZeKlA_F{5(Xikti-ZJ{hY+Sbp2qUP+q!qML`JzYguAW
GX(|8>RVfkx

literal 0
HcmV?d00001

diff --git a/core/src/main/java/org/springframework/security/access/SecurityConfig.java b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
index 3079174e52..2cbc640b3a 100644
--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.access;
 
+import java.io.Serial;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -29,6 +30,9 @@ import org.springframework.util.StringUtils;
  */
 public class SecurityConfig implements ConfigAttribute {
 
+	@Serial
+	private static final long serialVersionUID = -7138084564199804304L;
+
 	private final String attrib;
 
 	public SecurityConfig(String config) {
diff --git a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
index 3a3ccdf91e..f129fdbe17 100644
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
@@ -30,6 +30,7 @@ import org.springframework.security.authorization.method.AuthorizationManagerBef
  * @deprecated Use {@link AuthorizationManagerBeforeMethodInterceptor#jsr250()} instead
  */
 @Deprecated
+@SuppressWarnings("serial")
 public class Jsr250SecurityConfig extends SecurityConfig {
 
 	public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());

From 3e4ba737e7a600eb9b90956d061e81a86c79b84d Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 23 Jan 2025 16:46:38 -0700
Subject: [PATCH 3/5] Don't Support Serialzation of Deprecated Access Classes

Issue gh-16276
---
 .../expression/method/PostInvocationExpressionAttribute.java     | 1 +
 .../expression/method/PreInvocationExpressionAttribute.java      | 1 +
 .../aopalliance/MethodSecurityMetadataSourceAdvisor.java         | 1 +
 3 files changed, 3 insertions(+)

diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
index 3dc86cc5a1..8642484a41 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PostInvocationExpressionAttribute.java
@@ -28,6 +28,7 @@ import org.springframework.security.access.prepost.PostInvocationAttribute;
  * instead
  */
 @Deprecated
+@SuppressWarnings("serial")
 class PostInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
 		implements PostInvocationAttribute {
 
diff --git a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
index 26af51a6f1..41ec280bc7 100644
--- a/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
+++ b/core/src/main/java/org/springframework/security/access/expression/method/PreInvocationExpressionAttribute.java
@@ -28,6 +28,7 @@ import org.springframework.security.access.prepost.PreInvocationAttribute;
  * instead
  */
 @Deprecated
+@SuppressWarnings("serial")
 class PreInvocationExpressionAttribute extends AbstractExpressionBasedMethodConfigAttribute
 		implements PreInvocationAttribute {
 
diff --git a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
index 4bc3d19b5b..58174d9d1a 100644
--- a/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
+++ b/core/src/main/java/org/springframework/security/access/intercept/aopalliance/MethodSecurityMetadataSourceAdvisor.java
@@ -54,6 +54,7 @@ import org.springframework.util.CollectionUtils;
  * @deprecated Use {@link EnableMethodSecurity} or publish interceptors directly
  */
 @Deprecated
+@SuppressWarnings("serial")
 public class MethodSecurityMetadataSourceAdvisor extends AbstractPointcutAdvisor implements BeanFactoryAware {
 
 	private transient MethodSecurityMetadataSource attributeSource;

From 36716d12ba36fe2535179009137fa366ecd264ec Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 23 Jan 2025 16:50:30 -0700
Subject: [PATCH 4/5] Serialization Support of Core Components

Issue gh-16276
---
 ...ringSecurityCoreVersionSerializableTests.java |   2 ++
 ...e.context.TransientSecurityContext.serialized | Bin 0 -> 1294 bytes
 .../security/core/ComparableVersion.java         |   1 +
 .../core/context/TransientSecurityContext.java   |   5 +++++
 4 files changed, 8 insertions(+)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.core.context.TransientSecurityContext.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 49e800cae0..0e1b23b646 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -104,6 +104,7 @@ import org.springframework.security.core.SpringSecurityCoreVersion;
 import org.springframework.security.core.authority.AuthorityUtils;
 import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.core.context.TransientSecurityContext;
 import org.springframework.security.core.session.AbstractSessionEvent;
 import org.springframework.security.core.session.ReactiveSessionInformation;
 import org.springframework.security.core.session.SessionInformation;
@@ -444,6 +445,7 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new JaasAuthenticationSuccessEvent(authentication));
 		generatorByClassName.put(AbstractSessionEvent.class, (r) -> new AbstractSessionEvent(securityContext));
 		generatorByClassName.put(SecurityConfig.class, (r) -> new SecurityConfig("value"));
+		generatorByClassName.put(TransientSecurityContext.class, (r) -> new TransientSecurityContext(authentication));
 
 		// cas
 		generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> {
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.core.context.TransientSecurityContext.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.core.context.TransientSecurityContext.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..5a4ccd07b4d0d97d12c13023f0eb3ea4b04079f6
GIT binary patch
literal 1294
zcmb7E&ubGw6n^<pVkxGHqTr#PTJa#e*lXw^Ej1JtQ<~%w!7|-U<20L@b!K8Wilu_!
zK~Sg&iuezR;K{$igD3Uue_+pEM0{_Put}BL?qOkO-+b?T-}lYFKZGfxVOi<6V?r%t
zdt0+E-&MNf81DD9uzkl@n&V4a9$BZZnKXh+TN{2}8GJZM|Nij!>E==zAkwgOa=;@v
zYuzw__(=z8NO_QFJ$ncH37=Vky<pKpaQ6sXcf{5uwr+XiOeqR+$m+42Cc8Kd!?i>u
z)|oM=Mr#tVt~y*MEYlv$_?owfB@2v&bKVZS$J~I)wp-oW;l3?-FiraUB4oi`*n=rl
zsd5@d<t<}1^X)&Fe0z6wPgYv_G-R4^c5D*fLT0p9Xr$oC?Bak~&x*iZQ9*#zP*h}>
zYjMj&U<Ta66bg2QhH$9VNlMLpLv~e5Yzwv(a8DTfYj)xK#~;rMv0K>ycPtdf+E7gi
zr@i)nxTMXcW!V3G`{(5tH02YkT<qfc1f{Gs>l1qP=<D3;PwZ_5QfrVk;y#Z;bSJf&
zrT5A5JyNOf)C5M5S1{+6$G($z{lsm|WLB$yPug6wbbByq7N$3<-s)zfwz?4!?|ew<
zTRhh5_=@!~b3+&6{3R`OO(-(oS3PNOD!Cek0@K!nLbB&6ze8IW#&S4bn&XoE`YR8!
zV@B0D#q>-#j688K;F@UBRfyM7n8F9=Sx9_HT$>CB;_c5Je0lz6zd?TmIzNLai^<8l
z<{YcOzgmCs^6<&63|5g=H%_nBJY9>}s1?->nPyh$L_dTbWPvyoBMbQlQmOFaXjBVX
Gn(_}s!NceP

literal 0
HcmV?d00001

diff --git a/core/src/main/java/org/springframework/security/core/ComparableVersion.java b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
index 347644734c..a517a4473d 100644
--- a/core/src/main/java/org/springframework/security/core/ComparableVersion.java
+++ b/core/src/main/java/org/springframework/security/core/ComparableVersion.java
@@ -405,6 +405,7 @@ class ComparableVersion implements Comparable<ComparableVersion> {
 	 * Represents a version list item. This class is used both for the global item list
 	 * and for sub-lists (which start with '-(number)' in the version specification).
 	 */
+	@SuppressWarnings("serial")
 	private static class ListItem extends ArrayList<Item> implements Item {
 
 		@Override
diff --git a/core/src/main/java/org/springframework/security/core/context/TransientSecurityContext.java b/core/src/main/java/org/springframework/security/core/context/TransientSecurityContext.java
index 0089ae455d..7a4b3d30fe 100644
--- a/core/src/main/java/org/springframework/security/core/context/TransientSecurityContext.java
+++ b/core/src/main/java/org/springframework/security/core/context/TransientSecurityContext.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.core.context;
 
+import java.io.Serial;
+
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.Transient;
 
@@ -30,6 +32,9 @@ import org.springframework.security.core.Transient;
 @Transient
 public class TransientSecurityContext extends SecurityContextImpl {
 
+	@Serial
+	private static final long serialVersionUID = -7925492364422193347L;
+
 	public TransientSecurityContext() {
 	}
 

From e1e5970a246b52083ddb7cc3587698280b31e557 Mon Sep 17 00:00:00 2001
From: Josh Cummings <3627351+jzheaux@users.noreply.github.com>
Date: Thu, 23 Jan 2025 16:55:30 -0700
Subject: [PATCH 5/5] Support Serialization for LDAP Components

Issue gh-16276
---
 ...pringSecurityCoreVersionSerializableTests.java |   7 +++++++
 ....ldap.ppolicy.PasswordPolicyControl.serialized | Bin 0 -> 96 bytes
 ...olicy.PasswordPolicyResponseControl.serialized | Bin 0 -> 512 bytes
 .../ldap/ppolicy/PasswordPolicyControl.java       |   5 +++++
 .../ppolicy/PasswordPolicyResponseControl.java    |   4 ++++
 5 files changed, 16 insertions(+)
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.ppolicy.PasswordPolicyControl.serialized
 create mode 100644 config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl.serialized

diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
index 0e1b23b646..85465f59d8 100644
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -110,8 +110,10 @@ import org.springframework.security.core.session.ReactiveSessionInformation;
 import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.security.ldap.ppolicy.PasswordPolicyControl;
 import org.springframework.security.ldap.ppolicy.PasswordPolicyErrorStatus;
 import org.springframework.security.ldap.ppolicy.PasswordPolicyException;
+import org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl;
 import org.springframework.security.ldap.userdetails.LdapAuthority;
 import org.springframework.security.oauth2.client.ClientAuthorizationException;
 import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
@@ -470,6 +472,11 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new LdapAuthority("USER", "username", Map.of("attribute", List.of("value1", "value2"))));
 		generatorByClassName.put(PasswordPolicyException.class,
 				(r) -> new PasswordPolicyException(PasswordPolicyErrorStatus.INSUFFICIENT_PASSWORD_QUALITY));
+		generatorByClassName.put(PasswordPolicyControl.class, (r) -> new PasswordPolicyControl(true));
+		generatorByClassName.put(PasswordPolicyResponseControl.class, (r) -> {
+			byte[] encodedResponse = { 0x30, 0x05, (byte) 0xA0, 0x03, (byte) 0xA0, 0x1, 0x21 };
+			return new PasswordPolicyResponseControl(encodedResponse);
+		});
 
 		// saml2-service-provider
 		generatorByClassName.put(Saml2AuthenticationException.class,
diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.ppolicy.PasswordPolicyControl.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.ppolicy.PasswordPolicyControl.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..51e783d58cf04c32fe63631115cce63f01a00412
GIT binary patch
literal 96
zcmZ4UmVvdnh`~O;C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qflCnd2!ub?15Co{QH
uFCekF7$}_*0OmU9=am%Y=ct!j>38*Q=3!!BjAGzO2I|U8PRyw&U<3gFp(BI<

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl.serialized b/config/src/test/resources/serialized/6.4.x/org.springframework.security.ldap.ppolicy.PasswordPolicyResponseControl.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..911742c9818701cb092cf886a0e0901295caf660
GIT binary patch
literal 512
zcmbV|ze)o^5QitH(SX511Z`8<-B~Ll`E!VHdLb7Km?A89n`8BEcbVPOOQYCY*x6VG
zY}5GyK7<e83s~9M#Z8D9Ei>KB4?e!%j6R^K5RL@Kwvxzr+((kqYk`-xqG5(i59}l&
z(w0&rEF9QPqLhiF=5%dQB?VWsF1SXKyw;zd@7^8{ELc8<%@|2YJrOgmS~Mk$8@xGd
zmeLyS3#4u?84}F|??RdKP((C3BS}UzSlyZjYZOsnpoz|u2G=u|&Ob}%$I_WtIx|b>
zuciBo+0PLU7i~Lhxs&ZV_YW^+3kv5@3eAsLNRnI@ZpY&>08}!Z_>VrfzE(=@cMBkw
z=DfOF94-wDl^cZmq6TwK3~@Re29L0QL9U3M5FXnu&(ir&YS?a8gP`NL8od+0(L43q
Ly{hN=9k=lf=w`Jj

literal 0
HcmV?d00001

diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
index 84eb48cdf9..629513cc8b 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyControl.java
@@ -16,6 +16,8 @@
 
 package org.springframework.security.ldap.ppolicy;
 
+import java.io.Serial;
+
 import javax.naming.ldap.Control;
 
 /**
@@ -37,6 +39,9 @@ public class PasswordPolicyControl implements Control {
 	 */
 	public static final String OID = "1.3.6.1.4.1.42.2.27.8.5.1";
 
+	@Serial
+	private static final long serialVersionUID = 2843242715616817932L;
+
 	private final boolean critical;
 
 	/**
diff --git a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
index 2aa2b330e0..a6ac94590d 100755
--- a/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
+++ b/ldap/src/main/java/org/springframework/security/ldap/ppolicy/PasswordPolicyResponseControl.java
@@ -19,6 +19,7 @@ package org.springframework.security.ldap.ppolicy;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.io.InputStream;
+import java.io.Serial;
 
 import netscape.ldap.ber.stream.BERChoice;
 import netscape.ldap.ber.stream.BERElement;
@@ -53,6 +54,9 @@ public class PasswordPolicyResponseControl extends PasswordPolicyControl {
 
 	private static final Log logger = LogFactory.getLog(PasswordPolicyResponseControl.class);
 
+	@Serial
+	private static final long serialVersionUID = -4592657167939234499L;
+
 	private final byte[] encodedValue;
 
 	private PasswordPolicyErrorStatus errorStatus;