Spring Security Add serialVersionUID to DefaultSavedRequest and SavedCookie

Describe the bug the class org.springframework.security.web.savedrequest.DefaultSavedRequest and org.springframework.security.web.savedrequest.SavedCookie had implements Serializable , but did't added serialVersionUID, lead a deserialization exception

To Reproduce use spring-session-data-redis and SkyWalking would got exception

Expected behavior please add serialVersionUID to those class

Sample

Comment From: marcusdacoregio

Hi, thanks for reaching out.

The absence of the serialVersionUID property alone should not cause a deserialization exception, because the serialVersionUID is calculated based on many aspects of the class.

Can you elaborate more on your configuration? Are you upgrading from another version?

Also, if you can provide a minimal reproducible sample, it would be even better for us to analyze further.

Comment From: xhh1314

I am using Spring OAuth2, Spring-Session-Data-Redis and SkyWalking APM which is a java agent that enhances DefaultSavedRequest object

You can reference this issue: https://github.com/spring-projects/spring-security-oauth/issues/1684

Please Declare serialVersionUID on those classes

Thanks

Comment From: marcusdacoregio

@xhh1314 are you interested in submitting a PR to fix this? One way to do this is by using SpringSecurityCoreVersion:

private static final long serialVersionUID = SpringSecurityCoreVersion.SERIAL_VERSION_UID;

Comment From: jakspok

Hello everyone, this is the contribution mentioned in previous threads, I hope it will be useful