Skip to content

serialVersionUID values not randomly generated #17772

New issue
New issue
Open
Open
serialVersionUID values not randomly generated#17772
Assignees
jzheaux
Labels
in: coreAn issue in spring-security-coretype: breaks-passivityA change that breaks passivity with the previous releasetype: bugA general bug
@rwinch

Description

@rwinch
rwinch
opened on Aug 19, 2025

It appears there are quite a few serialVersionUID that are not randomly generated. We should fix that. Here is a quick search:

$ rg "serialVersionUID = \d{1,5}L"
core/src/main/java/org/springframework/security/authentication/jaas/JaasGrantedAuthority.java
33:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/authentication/jaas/JaasAuthenticationToken.java
36:	private static final long serialVersionUID = 620L;

ldap/src/main/java/org/springframework/security/ldap/userdetails/LdapUserDetailsImpl.java
51:	private static final long serialVersionUID = 620L;

ldap/src/main/java/org/springframework/security/ldap/userdetails/Person.java
37:	private static final long serialVersionUID = 620L;

ldap/src/main/java/org/springframework/security/ldap/userdetails/InetOrgPerson.java
33:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/authentication/AnonymousAuthenticationToken.java
32:	private static final long serialVersionUID = 1L;

core/src/main/java/org/springframework/security/authentication/TestingAuthenticationToken.java
35:	private static final long serialVersionUID = 1L;

core/src/main/java/org/springframework/security/authentication/RememberMeAuthenticationToken.java
34:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/authentication/UsernamePasswordAuthenticationToken.java
40:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/provisioning/MutableUser.java
32:	private static final long serialVersionUID = 620L;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/provider/service/authentication/AbstractSaml2AuthenticationRequest.java
41:	private static final long serialVersionUID = 620L;

cas/src/main/java/org/springframework/security/cas/authentication/CasServiceTicketAuthenticationToken.java
40:	private static final long serialVersionUID = 620L;

cas/src/main/java/org/springframework/security/cas/authentication/CasAssertionAuthenticationToken.java
33:	private static final long serialVersionUID = 620L;

cas/src/main/java/org/springframework/security/cas/authentication/CasAuthenticationToken.java
38:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/access/intercept/RunAsUserToken.java
37:	private static final long serialVersionUID = 620L;

web/src/main/java/org/springframework/security/web/UnreachableFilterChainException.java
27:	private static final long serialVersionUID = 620L;

web/src/main/java/org/springframework/security/web/savedrequest/SavedCookie.java
30:	private static final long serialVersionUID = 620L;

web/src/main/java/org/springframework/security/web/savedrequest/DefaultSavedRequest.java
64:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/core/session/SessionInformation.java
41:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/core/session/ReactiveSessionInformation.java
30:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/core/authority/SimpleGrantedAuthority.java
33:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/core/userdetails/User.java
65:	private static final long serialVersionUID = 620L;
306:		private static final long serialVersionUID = 620L;

saml2/saml2-service-provider/src/main/java/org/springframework/security/saml2/core/Saml2Error.java
36:	private static final long serialVersionUID = 620L;

core/src/main/java/org/springframework/security/core/context/SecurityContextImpl.java
33:	private static final long serialVersionUID = 620L;

web/src/main/java/org/springframework/security/web/authentication/WebAuthenticationDetails.java
33:	private static final long serialVersionUID = 620L;

web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedAuthenticationToken.java
33:	private static final long serialVersionUID = 620L;

web/src/main/java/org/springframework/security/web/authentication/preauth/PreAuthenticatedGrantedAuthoritiesWebAuthenticationDetails.java
41:	private static final long serialVersionUID = 620L;

web/src/main/java/org/springframework/security/web/authentication/switchuser/SwitchUserGrantedAuthority.java
35:	private static final long serialVersionUID = 620L;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthenticationToken.java
45:	private static final long serialVersionUID = 620L;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2LoginAuthenticationToken.java
48:	private static final long serialVersionUID = 620L;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationToken.java
45:	private static final long serialVersionUID = 620L;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/registration/ClientRegistration.java
55:	private static final long serialVersionUID = 620L;
221:		private static final long serialVersionUID = 620L;
295:			private static final long serialVersionUID = 620L;
342:		private static final long serialVersionUID = 620L;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClientId.java
35:	private static final long serialVersionUID = 620L;

oauth2/oauth2-client/src/main/java/org/springframework/security/oauth2/client/OAuth2AuthorizedClient.java
45:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2Error.java
40:	private static final long serialVersionUID = 620L;

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/JwtAuthenticationToken.java
38:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponseType.java
39:	private static final long serialVersionUID = 620L;

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthenticationToken.java
39:	private static final long serialVersionUID = 620L;

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/BearerTokenAuthentication.java
40:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationExchange.java
36:	private static final long serialVersionUID = 620L;

oauth2/oauth2-resource-server/src/main/java/org/springframework/security/oauth2/server/resource/authentication/AbstractOAuth2TokenAuthenticationToken.java
50:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/OAuth2AccessToken.java
105:		private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationRequest.java
56:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/endpoint/OAuth2AuthorizationResponse.java
40:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/ClientAuthenticationMethod.java
35:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthenticationMethod.java
34:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AuthorizationGrantType.java
41:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/OAuth2UserAuthority.java
38:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/user/DefaultOAuth2User.java
52:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/AbstractOAuth2Token.java
36:	private static final long serialVersionUID = 620L;

oauth2/oauth2-core/src/main/java/org/springframework/security/oauth2/core/oidc/OidcUserInfo.java
50:	private static final long serialVersionUID = 620L;

Metadata

Metadata

Assignees

Labels

in: coreAn issue in spring-security-coretype: breaks-passivityA change that breaks passivity with the previous releasetype: bugA general bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions