spring-projects · jzheaux · Jan 31, 2025 · Dec 21, 2024 · Jan 31, 2025 · Jan 31, 2025
diff --git a/...rc/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java b/...rc/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java
@@ -178,14 +178,21 @@
 import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
 import org.springframework.security.saml2.Saml2Exception;
 import org.springframework.security.saml2.core.Saml2Error;
+import org.springframework.security.saml2.core.Saml2X509Credential;
+import org.springframework.security.saml2.credentials.TestSaml2X509Credentials;
 import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
 import org.springframework.security.saml2.provider.service.authentication.Saml2Authentication;
 import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationException;
+import org.springframework.security.saml2.provider.service.authentication.Saml2AuthenticationToken;
 import org.springframework.security.saml2.provider.service.authentication.Saml2PostAuthenticationRequest;
 import org.springframework.security.saml2.provider.service.authentication.Saml2RedirectAuthenticationRequest;
+import org.springframework.security.saml2.provider.service.authentication.TestSaml2AuthenticationTokens;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2Authentications;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2PostAuthenticationRequests;
 import org.springframework.security.saml2.provider.service.authentication.TestSaml2RedirectAuthenticationRequests;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration;
+import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration.AssertingPartyDetails;
+import org.springframework.security.saml2.provider.service.registration.TestRelyingPartyRegistrations;
 import org.springframework.security.web.PortResolverImpl;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
@@ -507,6 +514,16 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> TestSaml2PostAuthenticationRequests.create());
 		generatorByClassName.put(Saml2RedirectAuthenticationRequest.class,
 				(r) -> TestSaml2RedirectAuthenticationRequests.create());
+		generatorByClassName.put(Saml2X509Credential.class,
+				(r) -> TestSaml2X509Credentials.relyingPartyVerifyingCredential());
+		generatorByClassName.put(AssertingPartyDetails.class,
+				(r) -> TestRelyingPartyRegistrations.full().build().getAssertingPartyMetadata());
+		generatorByClassName.put(RelyingPartyRegistration.class, (r) -> TestRelyingPartyRegistrations.full().build());
+		generatorByClassName.put(Saml2AuthenticationToken.class, (r) -> {
+			Saml2AuthenticationToken token = TestSaml2AuthenticationTokens.tokenRequested();
+			token.setDetails(details);
+			return token;
+		});
 
 		// web
 		generatorByClassName.put(AnonymousAuthenticationToken.class, (r) -> {

diff --git a/...s/serialized/6.4.x/org.springframework.security.saml2.core.Saml2X509Credential.serialized b/...s/serialized/6.4.x/org.springframework.security.saml2.core.Saml2X509Credential.serialized
diff --git a/...mework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized b/...mework.security.saml2.provider.service.authentication.Saml2AuthenticationToken.serialized
diff --git a/...2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.serialized b/...2.provider.service.registration.RelyingPartyRegistration$AssertingPartyDetails.serialized
diff --git a/...ramework.security.saml2.provider.service.registration.RelyingPartyRegistration.serialized b/...ramework.security.saml2.provider.service.registration.RelyingPartyRegistration.serialized
diff --git a/...e-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java b/...e-provider/src/main/java/org/springframework/security/saml2/core/Saml2X509Credential.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2020 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.core;
 
+import java.io.Serializable;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
@@ -35,7 +36,9 @@
  * @author Josh Cummings
  * @since 5.4
  */
-public final class Saml2X509Credential {
+public final class Saml2X509Credential implements Serializable {
+
+	private static final long serialVersionUID = -1015853414272603517L;
 
 	private final PrivateKey privateKey;
 

diff --git a/.../springframework/security/saml2/provider/service/registration/AssertingPartyMetadata.java b/.../springframework/security/saml2/provider/service/registration/AssertingPartyMetadata.java
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.registration;
 
+import java.io.Serializable;
 import java.util.Collection;
 import java.util.List;
 import java.util.function.Consumer;
@@ -28,7 +29,7 @@
  * @author Josh Cummings
  * @since 6.4
  */
-public interface AssertingPartyMetadata {
+public interface AssertingPartyMetadata extends Serializable {
 
 	/**
 	 * Get the asserting party's <a href=

diff --git a/...pringframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java b/...pringframework/security/saml2/provider/service/registration/RelyingPartyRegistration.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 the original author or authors.
+ * Copyright 2002-2024 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,7 @@
 
 package org.springframework.security.saml2.provider.service.registration;
 
+import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -66,7 +67,9 @@
  * @author Josh Cummings
  * @since 5.2
  */
-public class RelyingPartyRegistration {
+public class RelyingPartyRegistration implements Serializable {
+
+	private static final long serialVersionUID = -2718908121120942813L;
 
 	private final String registrationId;
 
@@ -456,6 +459,8 @@ public static Builder withRelyingPartyRegistration(RelyingPartyRegistration regi
 	 */
 	public static class AssertingPartyDetails implements AssertingPartyMetadata {
 
+		private static final long serialVersionUID = 8728930758311995475L;
+
 		private final String entityId;
 
 		private final boolean wantAuthnRequestsSigned;

diff --git a/...amework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java b/...amework/security/saml2/provider/service/authentication/TestSaml2AuthenticationTokens.java
@@ -35,4 +35,11 @@ public static Saml2AuthenticationToken token() {
 		return new Saml2AuthenticationToken(relyingPartyRegistration, "saml2-xml-response-object");
 	}
 
+	public static Saml2AuthenticationToken tokenRequested() {
+		RelyingPartyRegistration relyingPartyRegistration = TestRelyingPartyRegistrations.relyingPartyRegistration()
+			.build();
+		return new Saml2AuthenticationToken(relyingPartyRegistration, "saml2-xml-response-object",
+				TestSaml2PostAuthenticationRequests.create());
+	}
+
 }