Support Serialization for SecurityConfig

Issue gh-16276
11 months ago · d7921daa13
4 changed files with 7 additions and 0 deletions
--- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
+++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@ -60,6 +60,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
				@@ -60,6 +60,7 @@ import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.AuthorizationServiceException;
+import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.access.intercept.RunAsUserToken;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AccountExpiredException;
@ -442,6 +443,7 @@ class SpringSecurityCoreVersionSerializableTests {
				@@ -442,6 +443,7 @@ class SpringSecurityCoreVersionSerializableTests {
 		generatorByClassName.put(JaasAuthenticationSuccessEvent.class,
 				(r) -> new JaasAuthenticationSuccessEvent(authentication));
 		generatorByClassName.put(AbstractSessionEvent.class, (r) -> new AbstractSessionEvent(securityContext));
+		generatorByClassName.put(SecurityConfig.class, (r) -> new SecurityConfig("value"));

 		// cas
 		generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> {
--- a/config/src/test/resources/serialized/6.4.x/org.springframework.security.access.SecurityConfig.serialized
+++ b/config/src/test/resources/serialized/6.4.x/org.springframework.security.access.SecurityConfig.serialized
--- a/core/src/main/java/org/springframework/security/access/SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/SecurityConfig.java
@ -16,6 +16,7 @@
				@@ -16,6 +16,7 @@

 package org.springframework.security.access;

+import java.io.Serial;
 import java.util.ArrayList;
 import java.util.List;

@ -29,6 +30,9 @@ import org.springframework.util.StringUtils;
				@@ -29,6 +30,9 @@ import org.springframework.util.StringUtils;
 */
 public class SecurityConfig implements ConfigAttribute {

+	@Serial
+	private static final long serialVersionUID = -7138084564199804304L;
+
 	private final String attrib;

 	public SecurityConfig(String config) {
--- a/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
+++ b/core/src/main/java/org/springframework/security/access/annotation/Jsr250SecurityConfig.java
@ -30,6 +30,7 @@ import org.springframework.security.authorization.method.AuthorizationManagerBef
				@@ -30,6 +30,7 @@ import org.springframework.security.authorization.method.AuthorizationManagerBef
 * @deprecated Use {@link AuthorizationManagerBeforeMethodInterceptor#jsr250()} instead
 */
@Deprecated
+@SuppressWarnings("serial")
 public class Jsr250SecurityConfig extends SecurityConfig {

 	public static final Jsr250SecurityConfig PERMIT_ALL_ATTRIBUTE = new Jsr250SecurityConfig(PermitAll.class.getName());