Add serialVersionUID to Authentication classes

Issue gh-16276
This commit is contained in:
Josh Cummings
2024-12-12 11:43:42 -07:00
parent e3cd4339b2
commit b9911fd522
45 changed files with 199 additions and 20 deletions

View File

@@ -32,6 +32,7 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
@@ -54,26 +55,42 @@ import org.springframework.beans.factory.config.BeanDefinition;
import org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider;
import org.springframework.core.type.filter.AssignableTypeFilter;
import org.springframework.security.access.intercept.RunAsUserToken;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.RememberMeAuthenticationToken;
import org.springframework.security.authentication.TestAuthentication;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.jaas.JaasAuthenticationToken;
import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken;
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
import org.springframework.security.cas.authentication.CasAuthenticationToken;
import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.session.ReactiveSessionInformation;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.userdetails.LdapAuthority;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.OAuth2LoginAuthenticationToken;
import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthenticationTokens;
import org.springframework.security.oauth2.client.authentication.TestOAuth2AuthorizationCodeAuthenticationTokens;
import org.springframework.security.oauth2.client.oidc.authentication.logout.OidcLogoutToken;
import org.springframework.security.oauth2.client.oidc.authentication.logout.TestOidcLogoutTokens;
import org.springframework.security.oauth2.client.oidc.session.OidcSessionInformation;
import org.springframework.security.oauth2.client.oidc.session.TestOidcSessionInformations;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.TestClientRegistrations;
import org.springframework.security.oauth2.core.DefaultOAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.OAuth2DeviceCode;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2UserCode;
import org.springframework.security.oauth2.core.TestOAuth2AccessTokens;
import org.springframework.security.oauth2.core.TestOAuth2AuthenticatedPrincipals;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
@@ -82,16 +99,30 @@ import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResp
import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationExchanges;
import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationRequests;
import org.springframework.security.oauth2.core.endpoint.TestOAuth2AuthorizationResponses;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.TestOidcIdTokens;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.security.oauth2.core.oidc.user.TestOidcUsers;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.security.oauth2.core.user.TestOAuth2Users;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.TestJwts;
import org.springframework.security.oauth2.server.resource.BearerTokenError;
import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
@@ -138,6 +169,17 @@ class SpringSecurityCoreVersionSerializableTests {
(r) -> new SessionInformation(user, r.alphanumeric(4), new Date(1704378933936L)));
generatorByClassName.put(ReactiveSessionInformation.class,
(r) -> new ReactiveSessionInformation(user, r.alphanumeric(4), Instant.ofEpochMilli(1704378933936L)));
generatorByClassName.put(OAuth2AccessToken.class, (r) -> TestOAuth2AccessTokens.scopes("scope"));
generatorByClassName.put(OAuth2DeviceCode.class,
(r) -> new OAuth2DeviceCode("token", Instant.now(), Instant.now()));
generatorByClassName.put(OAuth2RefreshToken.class,
(r) -> new OAuth2RefreshToken("refreshToken", Instant.now(), Instant.now()));
generatorByClassName.put(OAuth2UserCode.class,
(r) -> new OAuth2UserCode("token", Instant.now(), Instant.now()));
generatorByClassName.put(DefaultOidcUser.class, (r) -> TestOidcUsers.create());
generatorByClassName.put(OidcUserAuthority.class,
(r) -> new OidcUserAuthority(TestOidcIdTokens.idToken().build(),
new OidcUserInfo(Map.of("claim", "value")), "claim"));
// oauth2-client
ClientRegistration.Builder clientRegistrationBuilder = TestClientRegistrations.clientRegistration();
@@ -167,6 +209,18 @@ class SpringSecurityCoreVersionSerializableTests {
token.setDetails(details);
return token;
});
generatorByClassName.put(OidcIdToken.class, (r) -> TestOidcIdTokens.idToken().build());
generatorByClassName.put(OidcLogoutToken.class,
(r) -> TestOidcLogoutTokens.withSessionId("issuer", "sessionId").issuedAt(Instant.now()).build());
generatorByClassName.put(OidcSessionInformation.class, (r) -> TestOidcSessionInformations.create());
generatorByClassName.put(DefaultOAuth2AuthenticatedPrincipal.class, (r) -> {
OAuth2AuthenticatedPrincipal principal = TestOAuth2AuthenticatedPrincipals.active();
return new DefaultOAuth2AuthenticatedPrincipal(principal.getName(), principal.getAttributes(),
(Collection<GrantedAuthority>) principal.getAuthorities());
});
// oauth2-jwt
generatorByClassName.put(Jwt.class, (r) -> TestJwts.user());
// oauth2-resource-server
generatorByClassName
@@ -192,6 +246,9 @@ class SpringSecurityCoreVersionSerializableTests {
token.setDetails(details);
return token;
});
generatorByClassName.put(BearerTokenError.class, (r) -> BearerTokenErrors.invalidToken("invalid token"));
generatorByClassName.put(OAuth2IntrospectionAuthenticatedPrincipal.class,
(r) -> TestOAuth2AuthenticatedPrincipals.active());
// core
generatorByClassName.put(RunAsUserToken.class, (r) -> {
@@ -215,6 +272,11 @@ class SpringSecurityCoreVersionSerializableTests {
token.setDetails(details);
return token;
});
generatorByClassName.put(OneTimeTokenAuthenticationToken.class,
(r) -> applyDetails(new OneTimeTokenAuthenticationToken("username", "token")));
generatorByClassName.put(TestingAuthenticationToken.class,
(r) -> applyDetails(new TestingAuthenticationToken("username", "password")));
// cas
generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> {
@@ -234,11 +296,25 @@ class SpringSecurityCoreVersionSerializableTests {
return token;
});
// ldap
generatorByClassName.put(LdapAuthority.class,
(r) -> new LdapAuthority("USER", "username", Map.of("attribute", List.of("value1", "value2"))));
// saml2-service-provider
generatorByClassName.put(DefaultSaml2AuthenticatedPrincipal.class,
(r) -> TestSaml2Authentications.authentication().getPrincipal());
generatorByClassName.put(Saml2Authentication.class,
(r) -> applyDetails(TestSaml2Authentications.authentication()));
generatorByClassName.put(Saml2PostAuthenticationRequest.class,
(r) -> TestSaml2PostAuthenticationRequests.create());
generatorByClassName.put(Saml2RedirectAuthenticationRequest.class,
(r) -> TestSaml2RedirectAuthenticationRequests.create());
// web
generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {
Collection<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_USER");
return applyDetails(new AnonymousAuthenticationToken("key", "username", authorities));
});
generatorByClassName.put(PreAuthenticatedAuthenticationToken.class, (r) -> {
PreAuthenticatedAuthenticationToken token = new PreAuthenticatedAuthenticationToken(user, "creds",
user.getAuthorities());
@@ -361,6 +437,12 @@ class SpringSecurityCoreVersionSerializableTests {
return instancio;
}
private static <T extends AbstractAuthenticationToken> T applyDetails(T authentication) {
WebAuthenticationDetails details = new WebAuthenticationDetails("remote", "sessionId");
authentication.setDetails(details);
return authentication;
}
private static String getCurrentVersion() {
String version = System.getProperty("springSecurityVersion");
String[] parts = version.split("\\.");