Skip to content

Commit cc2cfc6

Browse files
jzheauxjzheaux
committed
Add Test Requiring serialVersionUID
Issue gh-16276
1 parent 3456a8e commit cc2cfc6

File tree

1 file changed

+9
-12
lines changed

1 file changed

+9
-12
lines changed

config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java

Lines changed: 9 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -32,14 +32,14 @@
3232
import java.nio.file.Paths;
3333
import java.time.Instant;
3434
import java.util.ArrayList;
35+
import java.util.Arrays;
3536
import java.util.Collection;
3637
import java.util.Date;
3738
import java.util.HashMap;
3839
import java.util.List;
3940
import java.util.Locale;
4041
import java.util.Map;
4142
import java.util.Set;
42-
import java.util.stream.Collectors;
4343
import java.util.stream.Stream;
4444

4545
import jakarta.servlet.http.Cookie;
@@ -717,18 +717,14 @@ static Stream<Path> getFilesToDeserialize() throws IOException {
717717
}
718718

719719
@Test
720-
void listClassesMissingSerialVersion() throws Exception {
720+
void allSerializableClassesShouldHaveSerialVersionOrSuppressWarnings() throws Exception {
721721
ClassPathScanningCandidateComponentProvider provider = new ClassPathScanningCandidateComponentProvider(false);
722722
provider.addIncludeFilter(new AssignableTypeFilter(Serializable.class));
723723
List<Class<?>> classes = new ArrayList<>();
724724

725725
Set<BeanDefinition> components = provider.findCandidateComponents("org/springframework/security");
726726
for (BeanDefinition component : components) {
727727
Class<?> clazz = Class.forName(component.getBeanClassName());
728-
boolean isAbstract = Modifier.isAbstract(clazz.getModifiers());
729-
if (isAbstract) {
730-
continue;
731-
}
732728
if (clazz.isEnum()) {
733729
continue;
734730
}
@@ -738,15 +734,16 @@ void listClassesMissingSerialVersion() throws Exception {
738734
boolean hasSerialVersion = Stream.of(clazz.getDeclaredFields())
739735
.map(Field::getName)
740736
.anyMatch((n) -> n.equals("serialVersionUID"));
741-
if (!hasSerialVersion) {
737+
SuppressWarnings suppressWarnings = clazz.getAnnotation(SuppressWarnings.class);
738+
boolean hasSerialIgnore = suppressWarnings == null
739+
|| Arrays.asList(suppressWarnings.value()).contains("Serial");
740+
if (!hasSerialVersion && !hasSerialIgnore) {
742741
classes.add(clazz);
743742
}
744743
}
745-
if (!classes.isEmpty()) {
746-
System.out
747-
.println("Found " + classes.size() + " Serializable classes that don't declare a seriallVersionUID");
748-
System.out.println(classes.stream().map(Class::getName).collect(Collectors.joining("\r\n")));
749-
}
744+
assertThat(classes)
745+
.describedAs("Found Serializable classes that are either missing a serialVersionUID or a @SuppressWarnings")
746+
.isEmpty();
750747
}
751748

752749
static Stream<Class<?>> getClassesToSerialize() throws Exception {

0 commit comments

Comments
 (0)