Skip to content

Commit b4c7795

Browse files
jzheauxjzheaux
committed
Support Serialization for Authorization Components
Closes gh-16544
1 parent 876f677 commit b4c7795

9 files changed

+23
-1
lines changed

config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java

+8
Original file line numberDiff line numberDiff line change
@@ -95,6 +95,9 @@
9595
import org.springframework.security.authentication.ott.InvalidOneTimeTokenException;
9696
import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken;
9797
import org.springframework.security.authentication.password.CompromisedPasswordException;
98+
import org.springframework.security.authorization.AuthorityAuthorizationDecision;
99+
import org.springframework.security.authorization.AuthorizationDecision;
100+
import org.springframework.security.authorization.AuthorizationDeniedException;
98101
import org.springframework.security.cas.authentication.CasAssertionAuthenticationToken;
99102
import org.springframework.security.cas.authentication.CasAuthenticationToken;
100103
import org.springframework.security.cas.authentication.CasServiceTicketAuthenticationToken;
@@ -454,6 +457,11 @@ class SpringSecurityCoreVersionSerializableTests {
454457
generatorByClassName.put(AbstractSessionEvent.class, (r) -> new AbstractSessionEvent(securityContext));
455458
generatorByClassName.put(SecurityConfig.class, (r) -> new SecurityConfig("value"));
456459
generatorByClassName.put(TransientSecurityContext.class, (r) -> new TransientSecurityContext(authentication));
460+
generatorByClassName.put(AuthorizationDeniedException.class,
461+
(r) -> new AuthorizationDeniedException("message", new AuthorizationDecision(false)));
462+
generatorByClassName.put(AuthorizationDecision.class, (r) -> new AuthorizationDecision(true));
463+
generatorByClassName.put(AuthorityAuthorizationDecision.class,
464+
(r) -> new AuthorityAuthorizationDecision(true, AuthorityUtils.createAuthorityList("ROLE_USER")));
457465

458466
// cas
459467
generatorByClassName.put(CasServiceTicketAuthenticationToken.class, (r) -> {

config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorityAuthorizationDecision.serialized

400 Bytes
Binary file not shown.

config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorizationDecision.serialized

96 Bytes
Binary file not shown.

config/src/test/resources/serialized/6.4.x/org.springframework.security.authorization.AuthorizationDeniedException.serialized

Whitespace-only changes.

core/src/main/java/org/springframework/security/authorization/AuthorityAuthorizationDecision.java

+4
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616

1717
package org.springframework.security.authorization;
1818

19+
import java.io.Serial;
1920
import java.util.Collection;
2021

2122
import org.springframework.security.core.GrantedAuthority;
@@ -28,6 +29,9 @@
2829
*/
2930
public class AuthorityAuthorizationDecision extends AuthorizationDecision {
3031

32+
@Serial
33+
private static final long serialVersionUID = -8338309042331376592L;
34+
3135
private final Collection<GrantedAuthority> authorities;
3236

3337
public AuthorityAuthorizationDecision(boolean granted, Collection<GrantedAuthority> authorities) {

core/src/main/java/org/springframework/security/authorization/AuthorizationDecision.java

+5
Original file line numberDiff line numberDiff line change
@@ -16,12 +16,17 @@
1616

1717
package org.springframework.security.authorization;
1818

19+
import java.io.Serial;
20+
1921
/**
2022
* @author Rob Winch
2123
* @since 5.0
2224
*/
2325
public class AuthorizationDecision implements AuthorizationResult {
2426

27+
@Serial
28+
private static final long serialVersionUID = -3226018324649244416L;
29+
2530
private final boolean granted;
2631

2732
public AuthorizationDecision(boolean granted) {

core/src/main/java/org/springframework/security/authorization/AuthorizationManagers.java

+2
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,7 @@ public static <T> AuthorizationManager<T> not(AuthorizationManager<T> manager) {
145145
private AuthorizationManagers() {
146146
}
147147

148+
@SuppressWarnings("serial")
148149
private static final class CompositeAuthorizationDecision extends AuthorizationDecision {
149150

150151
private final List<AuthorizationResult> results;
@@ -161,6 +162,7 @@ public String toString() {
161162

162163
}
163164

165+
@SuppressWarnings("serial")
164166
private static final class NotAuthorizationDecision extends AuthorizationDecision {
165167

166168
private final AuthorizationResult result;

core/src/main/java/org/springframework/security/authorization/AuthorizationResult.java

+3-1
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,15 @@
1616

1717
package org.springframework.security.authorization;
1818

19+
import java.io.Serializable;
20+
1921
/**
2022
* Represents an authorization result
2123
*
2224
* @author Marcus da Coregio
2325
* @since 6.3
2426
*/
25-
public interface AuthorizationResult {
27+
public interface AuthorizationResult extends Serializable {
2628

2729
/**
2830
* @return whether the access has been granted

core/src/main/java/org/springframework/security/authorization/ExpressionAuthorizationDecision.java

+1
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
* @author Marcus Da Coregio
2525
* @since 5.8
2626
*/
27+
@SuppressWarnings("serial")
2728
public class ExpressionAuthorizationDecision extends AuthorizationDecision {
2829

2930
private final Expression expression;

0 commit comments

Comments
 (0)