diff --git a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java index 21f5961ed19..91dcddd9909 100644 --- a/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java +++ b/config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java @@ -43,6 +43,7 @@ import java.util.Locale; import java.util.Map; import java.util.Set; +import java.util.UUID; import java.util.stream.Stream; import jakarta.servlet.http.Cookie; @@ -98,6 +99,7 @@ import org.springframework.security.authentication.jaas.JaasAuthenticationToken; import org.springframework.security.authentication.jaas.event.JaasAuthenticationFailedEvent; import org.springframework.security.authentication.jaas.event.JaasAuthenticationSuccessEvent; +import org.springframework.security.authentication.ott.DefaultOneTimeToken; import org.springframework.security.authentication.ott.InvalidOneTimeTokenException; import org.springframework.security.authentication.ott.OneTimeTokenAuthenticationToken; import org.springframework.security.authentication.password.CompromisedPasswordException; @@ -667,6 +669,11 @@ class SpringSecurityCoreVersionSerializableTests { return webAuthnAuthentication; }); // @formatter:on + + // One-Time Token + DefaultOneTimeToken oneTimeToken = new DefaultOneTimeToken(UUID.randomUUID().toString(), "user", + Instant.now().plusSeconds(300)); + generatorByClassName.put(DefaultOneTimeToken.class, (t) -> oneTimeToken); } @ParameterizedTest diff --git a/config/src/test/resources/serialized/6.5.x/org.springframework.security.authentication.ott.DefaultOneTimeToken.serialized b/config/src/test/resources/serialized/6.5.x/org.springframework.security.authentication.ott.DefaultOneTimeToken.serialized new file mode 100644 index 00000000000..806fbdee7f9 Binary files /dev/null and b/config/src/test/resources/serialized/6.5.x/org.springframework.security.authentication.ott.DefaultOneTimeToken.serialized differ diff --git a/core/src/main/java/org/springframework/security/authentication/ott/DefaultOneTimeToken.java b/core/src/main/java/org/springframework/security/authentication/ott/DefaultOneTimeToken.java index 4133da396d9..3a5de0720e1 100644 --- a/core/src/main/java/org/springframework/security/authentication/ott/DefaultOneTimeToken.java +++ b/core/src/main/java/org/springframework/security/authentication/ott/DefaultOneTimeToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.authentication.ott; +import java.io.Serial; import java.time.Instant; import org.springframework.util.Assert; @@ -28,6 +29,9 @@ */ public class DefaultOneTimeToken implements OneTimeToken { + @Serial + private static final long serialVersionUID = -1545822943352278549L; + private final String token; private final String username; diff --git a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeToken.java b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeToken.java index b2def9ef242..1a6b518bb15 100644 --- a/core/src/main/java/org/springframework/security/authentication/ott/OneTimeToken.java +++ b/core/src/main/java/org/springframework/security/authentication/ott/OneTimeToken.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2024 the original author or authors. + * Copyright 2002-2025 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,6 +16,7 @@ package org.springframework.security.authentication.ott; +import java.io.Serializable; import java.time.Instant; /** @@ -24,7 +25,7 @@ * @author Marcus da Coregio * @since 6.4 */ -public interface OneTimeToken { +public interface OneTimeToken extends Serializable { /** * @return the one-time token value, never {@code null}