Make DefaultOneTimeToken Serializable

Closes gh-16617 Signed-off-by: Max Batischev <mblancer@mail.ru>
2025-07-08 19:42:48 +00:00 · 2025-02-20 15:17:13 +03:00 · 2025-02-20 15:17:13 +03:00 · fa35c5b4d8
commit fa35c5b4d8
parent 7df85a2ed9
4 changed files with 15 additions and 3 deletions
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@ -43,6 +43,7 @@ import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
 import java.util.stream.Stream;
 import jakarta.servlet.http.Cookie;
@ -98,6 +99,7 @@ import org.springframework.security.authentication.event.LogoutSuccessEvent;
 import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
 import org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent;
 import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent;
 import org.springframework.security.authentication.ott.DefaultOneTimeToken;
 import org.springframework.security.authentication.ott.InvalidOneTimeTokenException;
 import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken;
 import org.springframework.security.authentication.password.CompromisedPasswordException;
@ -667,6 +669,11 @@ class SpringSecurityCoreVersionSerializableTests {
 			return webAuthnAuthentication;
 		});
 		// @formatter:on
 		// One-Time Token
 		DefaultOneTimeToken oneTimeToken = new DefaultOneTimeToken(UUID.randomUUID().toString(), "user",
 				Instant.now().plusSeconds(300));
 		generatorByClassName.put(DefaultOneTimeToken.class, (t) -> oneTimeToken);
 	}
 	@ParameterizedTest
--- a/config/src/test/resources/serialized/6.5.x/org.springframework.security.authentication.ott.DefaultOneTimeToken.serialized
+++ b/config/src/test/resources/serialized/6.5.x/org.springframework.security.authentication.ott.DefaultOneTimeToken.serialized
--- a/core/src/main/java/org/springframework/security/authentication/ott/DefaultOneTimeToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/ott/DefaultOneTimeToken.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
 package org.springframework.security.authentication.ott;
 import java.io.Serial;
 import java.time.Instant;
 import org.springframework.util.Assert;
@ -28,6 +29,9 @@ import org.springframework.util.Assert;
 */
 public class DefaultOneTimeToken implements OneTimeToken {
 	@Serial
 	private static final long serialVersionUID = -1545822943352278549L;
 	private final String token;
 	private final String username;
--- a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeToken.java
+++ b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeToken.java
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -16,6 +16,7 @@
 package org.springframework.security.authentication.ott;
 import java.io.Serializable;
 import java.time.Instant;
 /**
@ -24,7 +25,7 @@ import java.time.Instant;
 * @author Marcus da Coregio
 * @since 6.4
 */
-public interface OneTimeToken {
+public interface OneTimeToken extends Serializable {
 	/**
 	 * @return the one-time token value, never {@code null}