make XsuaaToken serializable (#1243)

* make XsuaaToken serializable #1209 Signed-off-by: Līga <72249435+liga-oz@users.noreply.github.com> --------- Signed-off-by: Līga <72249435+liga-oz@users.noreply.github.com>
SAP · Jul 21, 2023 · 0028ea8 · 0028ea8
1 parent ce93b66
commit 0028ea8
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,7 +15,7 @@ The `zone_uuid` claim in Identity service tokens has been deprecated and is now
     - `DefaultOAuth2TokenKeyService`
     - `OAuth2TokenKeyServiceWithCache` (java-security module)
     - `SpringOAuth2TokenKeyService`
-
+- [java-security] `AbstractToken` is serializable fixes #1209 
 
 #### Dependency upgrades
 - Bump spring.core.version from 6.0.9 to 6.0.11

diff --git a/env/src/main/java/com/sap/cloud/security/json/DefaultJsonObject.java b/env/src/main/java/com/sap/cloud/security/json/DefaultJsonObject.java
@@ -12,6 +12,7 @@
 import org.slf4j.LoggerFactory;
 
 import javax.annotation.Nullable;
+import java.io.Serial;
 import java.time.DateTimeException;
 import java.time.Instant;
 import java.util.*;
@@ -23,9 +24,12 @@
  */
 public class DefaultJsonObject implements JsonObject {
 
+	@Serial
+	private static final long serialVersionUID = 2204172045251807L;
+
 	private static final Logger LOGGER = LoggerFactory.getLogger(DefaultJsonObject.class);
 
-	private final JSONObject jsonObject;
+	private final transient JSONObject jsonObject;
 
 	/**
 	 * Create an instance

diff --git a/java-api/src/main/java/com/sap/cloud/security/json/JsonObject.java b/java-api/src/main/java/com/sap/cloud/security/json/JsonObject.java
@@ -6,14 +6,15 @@
 package com.sap.cloud.security.json;
 
 import javax.annotation.Nullable;
+import java.io.Serializable;
 import java.time.Instant;
 import java.util.List;
 import java.util.Map;
 
 /**
  * Interface used to expose JSON data.
  */
-public interface JsonObject {
+public interface JsonObject extends Serializable {
 
 	/**
 	 * @param name

diff --git a/java-security/src/main/java/com/sap/cloud/security/token/ScopeConverter.java b/java-security/src/main/java/com/sap/cloud/security/token/ScopeConverter.java
@@ -5,9 +5,10 @@
  */
 package com.sap.cloud.security.token;
 
+import java.io.Serializable;
 import java.util.Collection;
 import java.util.Set;
 
-public interface ScopeConverter {
+public interface ScopeConverter extends Serializable {
 	Set<String> convert(Collection<String> scopes);
 }
diff --git a/java-security/src/main/java/com/sap/cloud/security/token/XsuaaScopeConverter.java b/java-security/src/main/java/com/sap/cloud/security/token/XsuaaScopeConverter.java
@@ -7,6 +7,7 @@
 
 import com.sap.cloud.security.xsuaa.Assertions;
 
+import java.io.Serial;
 import java.util.Collection;
 import java.util.LinkedHashSet;
 import java.util.Set;
@@ -18,6 +19,10 @@
  * and prefixed with the "appId.", to local ones.
  */
 public class XsuaaScopeConverter implements ScopeConverter {
+
+	@Serial
+	private static final long serialVersionUID = 2204172290850251807L;
+
 	private final Pattern globalScopePattern;
 
 	/**

diff --git a/java-security/src/main/java/com/sap/cloud/security/token/XsuaaToken.java b/java-security/src/main/java/com/sap/cloud/security/token/XsuaaToken.java
@@ -13,6 +13,7 @@
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
+import java.io.Serial;
 import java.security.Principal;
 import java.util.LinkedHashSet;
 import java.util.Optional;
@@ -26,6 +27,9 @@
  * and provides access to token header parameters and claims.
  */
 public class XsuaaToken extends AbstractToken implements AccessToken {
+
+	@Serial
+	private static final long serialVersionUID = 3304172041930251807L;
 	static final String UNIQUE_USER_NAME_FORMAT = "user/%s/%s"; // user/<origin>/<logonName>
 	static final String UNIQUE_CLIENT_NAME_FORMAT = "client/%s"; // client/<clientid>
 	private static final Logger LOGGER = LoggerFactory.getLogger(XsuaaToken.class);
@@ -59,7 +63,7 @@ public XsuaaToken(@Nonnull String accessToken) {
 	 *            of the access token
 	 * @param userName
 	 *            of the access token
-	 * @return unique principal name or <code>null</code> if origin or user name is
+	 * @return unique principal name or <code>null</code> if origin or username is
 	 *         <code>null</code> or empty. Origin must also not contain a '/'
 	 *         character.
 	 */
@@ -100,8 +104,7 @@ public XsuaaToken withScopeConverter(@Nullable ScopeConverter converter) {
 
 	@Override
 	public Set<String> getScopes() {
-		LinkedHashSet<String> scopes = new LinkedHashSet<>(getClaimAsStringList(TokenClaims.XSUAA.SCOPES));
-		return scopes;
+		return new LinkedHashSet<>(getClaimAsStringList(TokenClaims.XSUAA.SCOPES));
 	}
 
 	@Override

diff --git a/token-client/src/main/java/com/sap/cloud/security/xsuaa/jwt/Base64JwtDecoder.java b/token-client/src/main/java/com/sap/cloud/security/xsuaa/jwt/Base64JwtDecoder.java
@@ -9,6 +9,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.Serial;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.regex.Pattern;
@@ -53,6 +54,9 @@ private String base64Decode(String encoded) {
 
 	static class DecodedJwtImpl implements DecodedJwt {
 
+		@Serial
+		private static final long serialVersionUID = 1454353454555430987L;
+
 		private final String header;
 		private final String payload;
 		private final String signature;

diff --git a/token-client/src/main/java/com/sap/cloud/security/xsuaa/jwt/DecodedJwt.java b/token-client/src/main/java/com/sap/cloud/security/xsuaa/jwt/DecodedJwt.java
@@ -5,6 +5,8 @@
  */
 package com.sap.cloud.security.xsuaa.jwt;
 
+import java.io.Serializable;
+
 /**
  * A Jwt token consists of three parts, separated by ".":
  * header.payload.signature
@@ -13,7 +15,7 @@
  * {@link DecodedJwt} instance.
  */
 
-public interface DecodedJwt {
+public interface DecodedJwt extends Serializable {
 
 	/**
 	 * Get the base64 decoded header of the jwt as UTF-8 String.