Make OpenSamlAssertingPartyDetails Serializable

Closes gh-17622
4 months ago · 10948b5b7a
3 changed files with 12 additions and 1 deletions
--- a/config/src/test/java/org/springframework/security/SerializationSamples.java
+++ b/config/src/test/java/org/springframework/security/SerializationSamples.java
@ -171,12 +171,14 @@ import org.springframework.security.saml2.provider.service.authentication.Saml2A
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
 import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.TestOpenSamlObjects;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationTokens;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2LogoutRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.logout.Saml2LogoutRequest;
 import org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails;
 import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
 import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 import org.springframework.security.web.PortResolverImpl;
@ -522,6 +524,11 @@ final class SerializationSamples {
 			return token;
 		});
 		generatorByClassName.put(Saml2LogoutRequest.class, (r) -> TestSaml2LogoutRequests.create());
 		generatorByClassName.put(OpenSamlAssertingPartyDetails.class,
 				(r) -> OpenSamlAssertingPartyDetails
 					.withEntityDescriptor(
 							TestOpenSamlObjects.entityDescriptor(TestRelyingPartyRegistrations.full().build()))
 					.build());
 		// web
 		generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {
--- a/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.serialized
+++ b/config/src/test/resources/serialized/6.4.x/org.springframework.security.saml2.provider.service.registration.OpenSamlAssertingPartyDetails.serialized
--- a/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
+++ b/saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/registration/OpenSamlAssertingPartyDetails.java
@ -16,6 +16,7 @@
 package org.springframework.security.saml2.provider.service.registration;
 import java.io.Serial;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
@ -46,7 +47,10 @@ import org.springframework.security.saml2.core.Saml2X509Credential;
 */
 public final class OpenSamlAssertingPartyDetails extends RelyingPartyRegistration.AssertingPartyDetails {
-	private final EntityDescriptor descriptor;
+	@Serial
 	private static final long serialVersionUID = -2412785556799182734L;
 	private final transient EntityDescriptor descriptor;
 	OpenSamlAssertingPartyDetails(RelyingPartyRegistration.AssertingPartyDetails details, EntityDescriptor descriptor) {
 		super(details.getEntityId(), details.getWantAuthnRequestsSigned(), details.getSigningAlgorithms(),