Ensure serializable classes do not share serialVersionUID

Closes gh-2100
2026-05-02 19:29:14 +01:00 · 2025-07-17 06:38:38 -04:00
parent a1588de462
commit c53a092e86
32 changed files with 129 additions and 121 deletions
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package sample.jpa.entity.authorizationconsent;

+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Objects;

@@ -62,6 +63,10 @@ public class AuthorizationConsent {
 	// @fold:off

 	public static class AuthorizationConsentId implements Serializable {
+
+		@Serial
+		private static final long serialVersionUID = -8507564681220621744L;
+
 		private String registeredClientId;
 		private String principalName;

@@ -4,7 +4,6 @@
 		"https://checkstyle.org/dtds/suppressions_1_2.dtd">
 <suppressions>
 	<suppress files=".*" checks="JavadocStyle" />
-	<suppress files="SpringAuthorizationServerVersion\.java" checks="HideUtilityClassConstructor"/>
 	<suppress files="[\\/]src[\\/]test[\\/]" checks="RegexpSinglelineJava" id="toLowerCaseWithoutLocale"/>
 	<suppress files="[\\/]src[\\/]test[\\/]" checks="RegexpSinglelineJava" id="toUpperCaseWithoutLocale"/>
 	<suppress files="AbstractOAuth2AuthorizationCodeRequestAuthenticationToken\.java" checks="SpringMethodVisibility"/>
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization;

+import java.io.Serial;
 import java.io.Serializable;
 import java.net.URI;
 import java.net.URL;
@@ -26,7 +27,6 @@ import java.util.Map;
 import java.util.function.Consumer;

 import org.springframework.security.oauth2.jose.jws.JwsAlgorithms;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -59,7 +59,8 @@ import org.springframework.util.Assert;
 public abstract class AbstractOAuth2AuthorizationServerMetadata
 		implements OAuth2AuthorizationServerMetadataClaimAccessor, Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -8817963285912690443L;

 	private final Map<String, Object> claims;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization;

+import java.io.Serial;
 import java.io.Serializable;
 import java.time.Instant;
 import java.util.Collections;
@@ -32,7 +33,6 @@ import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.security.oauth2.core.OAuth2Token;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
@@ -54,7 +54,8 @@ import org.springframework.util.StringUtils;
 */
 public class OAuth2Authorization implements Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = 880363144799377926L;

 	private String id;

@@ -246,7 +247,8 @@ public class OAuth2Authorization implements Serializable {
 	 */
 	public static class Token<T extends OAuth2Token> implements Serializable {

-		private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+		@Serial
+		private static final long serialVersionUID = -5931125502413497522L;

 		protected static final String TOKEN_METADATA_NAMESPACE = "metadata.token.";

@@ -377,9 +379,7 @@ public class OAuth2Authorization implements Serializable {
 	/**
 	 * A builder for {@link OAuth2Authorization}.
 	 */
-	public static class Builder implements Serializable {
-
-		private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	public static class Builder {

 		private String id;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization;

+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.HashSet;
@@ -26,7 +27,6 @@ import org.springframework.lang.NonNull;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;

@@ -46,7 +46,8 @@ import org.springframework.util.CollectionUtils;
 */
 public final class OAuth2AuthorizationConsent implements Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -1950648027021276018L;

 	private static final String AUTHORITIES_SCOPE_PREFIX = "SCOPE_";

@@ -153,9 +154,7 @@ public final class OAuth2AuthorizationConsent implements Serializable {
 	/**
 	 * A builder for {@link OAuth2AuthorizationConsent}.
 	 */
-	public static final class Builder implements Serializable {
-
-		private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	public static final class Builder {

 		private final String registeredClientId;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization;

+import java.io.Serial;
 import java.util.Map;

 import org.springframework.util.Assert;
@@ -33,6 +34,9 @@ import org.springframework.util.Assert;
 */
 public final class OAuth2AuthorizationServerMetadata extends AbstractOAuth2AuthorizationServerMetadata {

+	@Serial
+	private static final long serialVersionUID = 3993358339217009284L;
+
 	private OAuth2AuthorizationServerMetadata(Map<String, Object> claims) {
 		super(claims);
 	}
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@

 package org.springframework.security.oauth2.server.authorization;

+import java.io.Serial;
 import java.io.Serializable;
 import java.net.URI;
 import java.net.URL;
@@ -29,7 +30,6 @@ import java.util.function.Consumer;

 import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimAccessor;
 import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -44,7 +44,8 @@ import org.springframework.util.Assert;
 */
 public final class OAuth2TokenIntrospection implements OAuth2TokenIntrospectionClaimAccessor, Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -8846164058150912395L;

 	private final Map<String, Object> claims;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,9 +15,9 @@
 */
 package org.springframework.security.oauth2.server.authorization;

+import java.io.Serial;
 import java.io.Serializable;

-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -30,7 +30,8 @@ import org.springframework.util.Assert;
 */
 public final class OAuth2TokenType implements Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -9015673781220922768L;

 	/**
 	 * {@code access_token} token type.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -24,7 +25,6 @@ import java.util.Set;
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -38,7 +38,8 @@ import org.springframework.util.Assert;
 */
 abstract class AbstractOAuth2AuthorizationCodeRequestAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -5813797478091794517L;

 	private final String authorizationUri;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.Map;

@@ -24,7 +25,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2AccessToken;
 import org.springframework.security.oauth2.core.OAuth2RefreshToken;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -42,7 +42,8 @@ import org.springframework.util.Assert;
 */
 public class OAuth2AccessTokenAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = 2773767853287774441L;

 	private final RegisteredClient registeredClient;

@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Map;
 import java.util.Set;

@@ -35,6 +36,9 @@ import org.springframework.util.Assert;
 public class OAuth2AuthorizationCodeRequestAuthenticationToken
 		extends AbstractOAuth2AuthorizationCodeRequestAuthenticationToken {

+	@Serial
+	private static final long serialVersionUID = -1946164725241393094L;
+
 	private final OAuth2AuthorizationCode authorizationCode;

 	/**
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -24,7 +25,6 @@ import java.util.Set;
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -38,7 +38,8 @@ import org.springframework.util.Assert;
 */
 public class OAuth2AuthorizationConsentAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -2111287271882598208L;

 	private final String authorizationUri;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -23,7 +24,6 @@ import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.AuthorizationGrantType;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -40,7 +40,8 @@ import org.springframework.util.Assert;
 */
 public class OAuth2AuthorizationGrantAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -1715946281123199051L;

 	private final AuthorizationGrantType authorizationGrantType;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.Map;

@@ -24,7 +25,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.Transient;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -43,7 +43,8 @@ import org.springframework.util.Assert;
@Transient
 public class OAuth2ClientAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -7150784632941221304L;

 	private final String clientId;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.Map;
@@ -23,7 +24,6 @@ import java.util.Set;
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -37,7 +37,8 @@ import org.springframework.util.Assert;
 */
 public class OAuth2DeviceAuthorizationConsentAuthenticationToken extends OAuth2AuthorizationConsentAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = 3789252233721827596L;

 	private final String userCode;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -26,7 +27,6 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2DeviceCode;
 import org.springframework.security.oauth2.core.OAuth2UserCode;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -41,7 +41,8 @@ import org.springframework.util.Assert;
 */
 public class OAuth2DeviceAuthorizationRequestAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -561059025431630645L;

 	private final Authentication clientPrincipal;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -22,7 +23,6 @@ import java.util.Map;
 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -36,7 +36,8 @@ import org.springframework.util.Assert;
 */
 public class OAuth2DeviceVerificationAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -2164261941629756913L;

 	private final Authentication principal;

@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.time.Instant;
 import java.util.Map;
 import java.util.Set;
@@ -34,6 +35,9 @@ import org.springframework.util.Assert;
 public class OAuth2PushedAuthorizationRequestAuthenticationToken
 		extends AbstractOAuth2AuthorizationCodeRequestAuthenticationToken {

+	@Serial
+	private static final long serialVersionUID = 7330534287786569644L;
+
 	private final String requestUri;

 	private final Instant requestUriExpiresAt;
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
@@ -23,7 +24,6 @@ import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.server.authorization.OAuth2TokenIntrospection;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -38,7 +38,8 @@ import org.springframework.util.Assert;
 */
 public class OAuth2TokenIntrospectionAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = 9003173975452760956L;

 	private final String token;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,13 +15,13 @@
 */
 package org.springframework.security.oauth2.server.authorization.authentication;

+import java.io.Serial;
 import java.util.Collections;

 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.OAuth2Token;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -35,7 +35,8 @@ import org.springframework.util.Assert;
 */
 public class OAuth2TokenRevocationAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -880609099230203249L;

 	private final String token;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.client;

+import java.io.Serial;
 import java.io.Serializable;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -30,7 +31,6 @@ import org.springframework.security.oauth2.core.AuthorizationGrantType;
 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
 import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
 import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
@@ -46,7 +46,8 @@ import org.springframework.util.StringUtils;
 */
 public class RegisteredClient implements Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -717282636175335081L;

 	private String id;

@@ -258,9 +259,7 @@ public class RegisteredClient implements Serializable {
 	/**
 	 * A builder for {@link RegisteredClient}.
 	 */
-	public static class Builder implements Serializable {
-
-		private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	public static class Builder {

 		private String id;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.oidc;

+import java.io.Serial;
 import java.io.Serializable;
 import java.net.URI;
 import java.net.URL;
@@ -31,7 +32,6 @@ import org.springframework.security.oauth2.core.oidc.OidcIdToken;
 import org.springframework.security.oauth2.jose.jws.JwsAlgorithm;
 import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
 import org.springframework.security.oauth2.jwt.Jwt;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -56,7 +56,8 @@ import org.springframework.util.Assert;
 */
 public final class OidcClientRegistration implements OidcClientMetadataClaimAccessor, Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = 6518710174552040014L;

 	private final Map<String, Object> claims;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.oidc;

+import java.io.Serial;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@@ -43,6 +44,9 @@ import org.springframework.util.Assert;
 public final class OidcProviderConfiguration extends AbstractOAuth2AuthorizationServerMetadata
 		implements OidcProviderMetadataClaimAccessor {

+	@Serial
+	private static final long serialVersionUID = -2130128410911549024L;
+
 	private OidcProviderConfiguration(Map<String, Object> claims) {
 		super(claims);
 	}
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,13 +15,13 @@
 */
 package org.springframework.security.oauth2.server.authorization.oidc.authentication;

+import java.io.Serial;
 import java.util.Collections;

 import org.springframework.lang.Nullable;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.server.authorization.oidc.OidcClientRegistration;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -38,7 +38,8 @@ import org.springframework.util.Assert;
 */
 public class OidcClientRegistrationAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -6198261907690781217L;

 	private final Authentication principal;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.oidc.authentication;

+import java.io.Serial;
 import java.util.Collections;

 import org.springframework.lang.Nullable;
@@ -22,7 +23,6 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AnonymousAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.oidc.OidcIdToken;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -36,7 +36,8 @@ import org.springframework.util.Assert;
 */
 public class OidcLogoutAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = 4001993612314913888L;

 	private final String idTokenHint;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,12 +15,12 @@
 */
 package org.springframework.security.oauth2.server.authorization.oidc.authentication;

+import java.io.Serial;
 import java.util.Collections;

 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -34,7 +34,8 @@ import org.springframework.util.Assert;
 */
 public class OidcUserInfoAuthenticationToken extends AbstractAuthenticationToken {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -3463488286180103730L;

 	private final Authentication principal;

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.settings;

+import java.io.Serial;
 import java.io.Serializable;
 import java.util.Collections;
 import java.util.HashMap;
@@ -22,7 +23,6 @@ import java.util.Map;
 import java.util.Objects;
 import java.util.function.Consumer;

-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -33,7 +33,8 @@ import org.springframework.util.Assert;
 */
 public abstract class AbstractSettings implements Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = 7434920549178503670L;

 	private final Map<String, Object> settings;

@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.settings;

+import java.io.Serial;
 import java.util.Map;

 import org.springframework.security.oauth2.server.authorization.context.AuthorizationServerContext;
@@ -31,6 +32,9 @@ import org.springframework.util.Assert;
 */
 public final class AuthorizationServerSettings extends AbstractSettings {

+	@Serial
+	private static final long serialVersionUID = 2719834789442554660L;
+
 	private AuthorizationServerSettings(Map<String, Object> settings) {
 		super(settings);
 	}
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.settings;

+import java.io.Serial;
 import java.util.Map;

 import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
@@ -32,6 +33,9 @@ import org.springframework.util.Assert;
 */
 public final class ClientSettings extends AbstractSettings {

+	@Serial
+	private static final long serialVersionUID = 9015034829752473931L;
+
 	private ClientSettings(Map<String, Object> settings) {
 		super(settings);
 	}
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2022 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,9 +15,9 @@
 */
 package org.springframework.security.oauth2.server.authorization.settings;

+import java.io.Serial;
 import java.io.Serializable;

-import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
 import org.springframework.util.Assert;

 /**
@@ -28,7 +28,8 @@ import org.springframework.util.Assert;
 */
 public final class OAuth2TokenFormat implements Serializable {

-	private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
+	@Serial
+	private static final long serialVersionUID = -3808658977410337294L;

 	/**
 	 * Self-contained tokens use a protected, time-limited data structure that contains
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 the original author or authors.
+ * Copyright 2020-2025 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@@ -15,6 +15,7 @@
 */
 package org.springframework.security.oauth2.server.authorization.settings;

+import java.io.Serial;
 import java.time.Duration;
 import java.util.Map;

@@ -32,6 +33,9 @@ import org.springframework.util.Assert;
 */
 public final class TokenSettings extends AbstractSettings {

+	@Serial
+	private static final long serialVersionUID = -2551292126445781141L;
+
 	private TokenSettings(Map<String, Object> settings) {
 		super(settings);
 	}
@@ -1,41 +0,0 @@
-/*
- * Copyright 2020-2025 the original author or authors.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *      https://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.springframework.security.oauth2.server.authorization.util;
-
-/**
- * Internal class used for serialization across Spring Authorization Server classes.
- *
- * @author Anoop Garlapati
- * @since 0.0.1
- */
-public final class SpringAuthorizationServerVersion {
-
-	private static final int MAJOR = 2;
-
-	private static final int MINOR = 0;
-
-	private static final int PATCH = 0;
-
-	/**
-	 * Global Serialization value for Spring Authorization Server classes.
-	 */
-	public static final long SERIAL_VERSION_UID = getVersion().hashCode();
-
-	public static String getVersion() {
-		return MAJOR + "." + MINOR + "." + PATCH;
-	}
-
-}