Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

SEC-1700: Add fixed serializationVersionUID values to security contex…

…t, authentication tokens and related classes
  • Loading branch information...
commit 8178371927b8d42787b5fd321b3784d9193aa2b8 1 parent ac96f27
@tekul tekul authored
Showing with 107 additions and 7 deletions.
  1. +3 −0  cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
  2. +4 −2 cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
  3. +4 −0 core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
  4. +5 −0 core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java
  5. +4 −0 core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
  6. +4 −0 core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
  7. +4 −0 core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
  8. +3 −3 core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
  9. +4 −0 core/src/main/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
  10. +8 −1 core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
  11. +4 −0 core/src/main/java/org/springframework/security/core/authority/GrantedAuthoritiesContainerImpl.java
  12. +4 −0 core/src/main/java/org/springframework/security/core/authority/GrantedAuthorityImpl.java
  13. +4 −0 core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
  14. +4 −0 core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
  15. +4 −0 core/src/main/java/org/springframework/security/core/session/SessionInformation.java
  16. +6 −0 core/src/main/java/org/springframework/security/core/userdetails/User.java
  17. +4 −0 core/src/main/java/org/springframework/security/provisioning/MutableUser.java
  18. +3 −1 core/src/main/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
  19. +4 −0 ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
  20. +3 −0  ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
  21. +4 −0 ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
  22. +4 −0 openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
  23. +5 −0 web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
  24. +4 −0 .../main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
  25. +3 −0  ...amework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
  26. +4 −0 web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
View
3  ...java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
@@ -19,6 +19,7 @@
import org.jasig.cas.client.validation.Assertion;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
* Temporary authentication object needed to load the user details service.
@@ -28,6 +29,8 @@
*/
public final class CasAssertionAuthenticationToken extends AbstractAuthenticationToken {
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
private final Assertion assertion;
private final String ticket;
View
6 ...src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
@@ -21,6 +21,7 @@
import org.jasig.cas.client.validation.Assertion;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.userdetails.UserDetails;
/**
@@ -30,9 +31,10 @@
* @author Scott Battaglia
*/
public class CasAuthenticationToken extends AbstractAuthenticationToken implements Serializable {
- //~ Instance fields ================================================================================================
- private static final long serialVersionUID = 1L;
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
+ //~ Instance fields ================================================================================================
private final Object credentials;
private final Object principal;
private final UserDetails userDetails;
View
4 core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
@@ -21,6 +21,7 @@
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
@@ -29,6 +30,9 @@
* @author Ben Alex
*/
public class RunAsUserToken extends AbstractAuthenticationToken {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final Class<? extends Authentication> originalAuthentication;
View
5 core/src/main/java/org/springframework/security/authentication/AuthenticationDetails.java
@@ -1,5 +1,7 @@
package org.springframework.security.authentication;
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
import java.io.Serializable;
/**
@@ -10,6 +12,9 @@
*/
@Deprecated
public class AuthenticationDetails implements Serializable {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final String context;
View
4 .../main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
@@ -18,6 +18,7 @@
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
@@ -30,6 +31,9 @@
* @author Luke Taylor
*/
public class RememberMeAuthenticationToken extends AbstractAuthenticationToken {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final Object principal;
View
4 ...java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
@@ -18,6 +18,7 @@
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
@@ -31,6 +32,9 @@
* @author Ben Alex
*/
public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationToken {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final Object principal;
View
4 ...c/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
@@ -20,6 +20,7 @@
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import javax.security.auth.login.LoginContext;
@@ -30,6 +31,9 @@
* @author Ray Krueger
*/
public class JaasAuthenticationToken extends UsernamePasswordAuthenticationToken {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final transient LoginContext loginContext;
View
6 .../src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
@@ -16,6 +16,7 @@
package org.springframework.security.authentication.jaas;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import java.security.Principal;
@@ -29,13 +30,12 @@
* @see AuthorityGranter
*/
public final class JaasGrantedAuthority implements GrantedAuthority {
- //~ Instance fields ================================================================================================
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
private final String role;
private final Principal principal;
- //~ Constructors ===================================================================================================
-
public JaasGrantedAuthority(String role, Principal principal) {
this.role = role;
this.principal = principal;
View
4 ...n/java/org/springframework/security/authentication/rcp/RemoteAuthenticationException.java
@@ -16,6 +16,7 @@
package org.springframework.security.authentication.rcp;
import org.springframework.core.NestedRuntimeException;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
* Thrown if a <code>RemoteAuthenticationManager</code> cannot validate the presented authentication request.
@@ -27,6 +28,9 @@
* @author Ben Alex
*/
public class RemoteAuthenticationException extends NestedRuntimeException {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Constructors ===================================================================================================
/**
View
9 core/src/main/java/org/springframework/security/core/SpringSecurityCoreVersion.java
@@ -12,13 +12,20 @@
public class SpringSecurityCoreVersion {
private static final Log logger = LogFactory.getLog(SpringSecurityCoreVersion.class);
+ /**
+ * Global Serialization value for Spring Security classes.
+ *
+ * N.B. Classes are not intended to be serializable between different versions.
+ * See SEC-1709 for why we still need a serial version.
+ */
+ public static final long SERIAL_VERSION_UID = 310L;
+
static {
// Check Spring Compatibility
String springVersion = SpringVersion.getVersion();
String version = getVersion();
if (springVersion != null) {
- // TODO: Generate version class and information dynamically from a template in the build file
logger.info("You are running with Spring Security Core " + version);
if (!springVersion.startsWith("3")) {
logger.error("Spring Major version '3' expected, but you are running with version: "
View
4 ...ain/java/org/springframework/security/core/authority/GrantedAuthoritiesContainerImpl.java
@@ -3,10 +3,14 @@
import java.util.*;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.util.Assert;
@Deprecated
public class GrantedAuthoritiesContainerImpl implements MutableGrantedAuthoritiesContainer {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
private List<GrantedAuthority> authorities;
public void setGrantedAuthorities(Collection<? extends GrantedAuthority> newAuthorities) {
View
4 core/src/main/java/org/springframework/security/core/authority/GrantedAuthorityImpl.java
@@ -17,6 +17,7 @@
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.util.Assert;
@@ -31,6 +32,9 @@
*/
@Deprecated
public class GrantedAuthorityImpl implements GrantedAuthority {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final String role;
View
4 core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
@@ -1,6 +1,7 @@
package org.springframework.security.core.authority;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.util.Assert;
/**
@@ -13,6 +14,9 @@
* @author Luke Taylor
*/
public final class SimpleGrantedAuthority implements GrantedAuthority {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
private final String role;
public SimpleGrantedAuthority(String role) {
View
4 core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
@@ -16,6 +16,7 @@
package org.springframework.security.core.context;
import org.springframework.security.core.Authentication;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
@@ -26,6 +27,9 @@
* @author Ben Alex
*/
public class SecurityContextImpl implements SecurityContext {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private Authentication authentication;
View
4 core/src/main/java/org/springframework/security/core/session/SessionInformation.java
@@ -15,6 +15,7 @@
package org.springframework.security.core.session;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.util.Assert;
import java.util.Date;
@@ -35,6 +36,9 @@
* @author Ben Alex
*/
public class SessionInformation implements Serializable {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private Date lastRequest;
View
6 core/src/main/java/org/springframework/security/core/userdetails/User.java
@@ -25,6 +25,7 @@
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.CredentialsContainer;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.util.Assert;
/**
@@ -43,6 +44,9 @@
* @author Luke Taylor
*/
public class User implements UserDetails, CredentialsContainer {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private String password;
private final String username;
@@ -149,6 +153,8 @@ public void eraseCredentials() {
}
private static class AuthorityComparator implements Comparator<GrantedAuthority>, Serializable {
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
public int compare(GrantedAuthority g1, GrantedAuthority g2) {
// Neither should ever be null as each entry is checked before adding it to the set.
// If the authority is null, it is a custom authority and should precede others.
View
4 core/src/main/java/org/springframework/security/provisioning/MutableUser.java
@@ -3,6 +3,7 @@
import java.util.Collection;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.userdetails.UserDetails;
/**
@@ -11,6 +12,9 @@
* @since 3.1
*/
class MutableUser implements MutableUserDetails {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
private String password;
private final UserDetails delegate;
View
4 ...in/java/org/springframework/security/remoting/rmi/ContextPropagatingRemoteInvocation.java
@@ -15,6 +15,7 @@
package org.springframework.security.remoting.rmi;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
@@ -43,7 +44,8 @@
* @author Ben Alex
*/
public class ContextPropagatingRemoteInvocation extends RemoteInvocation {
- //~ Static fields/initializers =====================================================================================
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
private static final Log logger = LogFactory.getLog(ContextPropagatingRemoteInvocation.class);
View
4 ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
@@ -16,6 +16,7 @@
import org.springframework.ldap.core.DirContextAdapter;
import org.springframework.ldap.core.DirContextOperations;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
@@ -28,6 +29,9 @@
* @author Luke
*/
public class InetOrgPerson extends Person {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
private String carLicense;
// Person.cn
private String destinationIndicator;
View
3  ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
@@ -24,6 +24,7 @@
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.ldap.ppolicy.PasswordPolicyData;
import org.springframework.util.Assert;
@@ -46,6 +47,8 @@
*/
public class LdapUserDetailsImpl implements LdapUserDetails, PasswordPolicyData {
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private String dn;
View
4 ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
@@ -15,6 +15,7 @@
package org.springframework.security.ldap.userdetails;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.util.Assert;
import org.springframework.ldap.core.DirContextAdapter;
@@ -33,6 +34,9 @@
* @since 2.0
*/
public class Person extends LdapUserDetailsImpl {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
private String sn;
private String description;
private String telephoneNumber;
View
4 openid/src/main/java/org/springframework/security/openid/OpenIDAuthenticationToken.java
@@ -20,6 +20,7 @@
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
* OpenID Authentication Token
@@ -27,6 +28,9 @@
* @author Robin Bramley
*/
public class OpenIDAuthenticationToken extends AbstractAuthenticationToken {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final OpenIDAuthenticationStatus status;
View
5 ...c/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
@@ -15,6 +15,8 @@
package org.springframework.security.web.authentication;
+import org.springframework.security.core.SpringSecurityCoreVersion;
+
import java.io.Serializable;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
@@ -27,6 +29,9 @@
* @author Luke Taylor
*/
public class WebAuthenticationDetails implements Serializable {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final String remoteAddress;
View
4 ...ingframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
@@ -4,6 +4,7 @@
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
@@ -14,6 +15,9 @@
* @since 2.0
*/
public class PreAuthenticatedAuthenticationToken extends AbstractAuthenticationToken {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
private final Object principal;
private final Object credentials;
View
3  ...eb/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
@@ -1,6 +1,7 @@
package org.springframework.security.web.authentication.preauth;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
import org.springframework.security.core.authority.GrantedAuthoritiesContainer;
import org.springframework.security.web.authentication.WebAuthenticationDetails;
@@ -18,6 +19,8 @@
public class PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails extends WebAuthenticationDetails implements
GrantedAuthoritiesContainer {
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
private final List<GrantedAuthority> authorities;
public PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails(HttpServletRequest request,
View
4 ...rg/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
@@ -17,6 +17,7 @@
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.SpringSecurityCoreVersion;
/**
@@ -30,6 +31,9 @@
* @see org.springframework.security.web.authentication.switchuser.SwitchUserFilter
*/
public final class SwitchUserGrantedAuthority implements GrantedAuthority {
+
+ private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;
+
//~ Instance fields ================================================================================================
private final String role;
private final Authentication source;
Please sign in to comment.
Something went wrong with that request. Please try again.