From ed1a596b549f0f985962dc246bd212372fe36caf Mon Sep 17 00:00:00 2001
From: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
Date: Wed, 23 Jul 2025 23:23:06 +0700
Subject: [PATCH 1/2] Implement Serial for PublicKeyCredentialCreationOptions

Signed-off-by: Tran Ngoc Nhan <ngocnhan.tran1996@gmail.com>
---
 .../security/SerializationSamples.java        |  25 ++++++++++++++++++
 ...AttestationConveyancePreference.serialized | Bin 0 -> 138 bytes
 ....AuthenticatorSelectionCriteria.serialized | Bin 0 -> 731 bytes
 ...thn.api.COSEAlgorithmIdentifier.serialized | Bin 0 -> 106 bytes
 ...licKeyCredentialCreationOptions.serialized | Bin 0 -> 3218 bytes
 ...i.PublicKeyCredentialParameters.serialized | Bin 0 -> 487 bytes
 ...api.PublicKeyCredentialRpEntity.serialized | Bin 0 -> 184 bytes
 ...uthn.api.ResidentKeyRequirement.serialized | Bin 0 -> 129 bytes
 .../api/AttestationConveyancePreference.java  |  10 +++++--
 .../api/AuthenticatorSelectionCriteria.java   |  10 +++++--
 .../webauthn/api/COSEAlgorithmIdentifier.java |  10 +++++--
 .../PublicKeyCredentialCreationOptions.java   |   9 +++++--
 .../api/PublicKeyCredentialParameters.java    |  10 +++++--
 .../api/PublicKeyCredentialRpEntity.java      |  10 +++++--
 .../webauthn/api/ResidentKeyRequirement.java  |  10 +++++--
 15 files changed, 80 insertions(+), 14 deletions(-)
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AttestationConveyancePreference.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.serialized
 create mode 100644 config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.ResidentKeyRequirement.serialized

diff --git a/config/src/test/java/org/springframework/security/SerializationSamples.java b/config/src/test/java/org/springframework/security/SerializationSamples.java
index fe9f75cd50f..d4a17eef08f 100644
--- a/config/src/test/java/org/springframework/security/SerializationSamples.java
+++ b/config/src/test/java/org/springframework/security/SerializationSamples.java
@@ -207,12 +207,15 @@
 import org.springframework.security.web.server.firewall.ServerExchangeRejectedException;
 import org.springframework.security.web.session.HttpSessionCreatedEvent;
 import org.springframework.security.web.session.HttpSessionIdChangedEvent;
+import org.springframework.security.web.webauthn.api.AttestationConveyancePreference;
 import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientInputs;
 import org.springframework.security.web.webauthn.api.AuthenticationExtensionsClientOutputs;
 import org.springframework.security.web.webauthn.api.AuthenticatorAssertionResponse;
 import org.springframework.security.web.webauthn.api.AuthenticatorAttachment;
+import org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria;
 import org.springframework.security.web.webauthn.api.AuthenticatorTransport;
 import org.springframework.security.web.webauthn.api.Bytes;
+import org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier;
 import org.springframework.security.web.webauthn.api.CredProtectAuthenticationExtensionsClientInput;
 import org.springframework.security.web.webauthn.api.CredentialPropertiesOutput;
 import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientInput;
@@ -220,12 +223,17 @@
 import org.springframework.security.web.webauthn.api.ImmutableAuthenticationExtensionsClientOutputs;
 import org.springframework.security.web.webauthn.api.ImmutablePublicKeyCredentialUserEntity;
 import org.springframework.security.web.webauthn.api.PublicKeyCredential;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialDescriptor;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialRequestOptions;
+import org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialType;
 import org.springframework.security.web.webauthn.api.PublicKeyCredentialUserEntity;
+import org.springframework.security.web.webauthn.api.ResidentKeyRequirement;
 import org.springframework.security.web.webauthn.api.TestAuthenticationAssertionResponses;
 import org.springframework.security.web.webauthn.api.TestBytes;
+import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialCreationOptions;
 import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialRequestOptions;
 import org.springframework.security.web.webauthn.api.TestPublicKeyCredentialUserEntities;
 import org.springframework.security.web.webauthn.api.TestPublicKeyCredentials;
@@ -233,6 +241,7 @@
 import org.springframework.security.web.webauthn.authentication.WebAuthnAuthentication;
 import org.springframework.security.web.webauthn.authentication.WebAuthnAuthenticationRequestToken;
 import org.springframework.security.web.webauthn.management.RelyingPartyAuthenticationRequest;
+import org.springframework.security.web.webauthn.management.TestPublicKeyCredentialRpEntities;
 import org.springframework.util.ReflectionUtils;
 
 final class SerializationSamples {
@@ -668,6 +677,22 @@ final class SerializationSamples {
 		});
 		// @formatter:on
 
+		generatorByClassName.put(AttestationConveyancePreference.class,
+				(r) -> AttestationConveyancePreference.INDIRECT);
+		generatorByClassName.put(AuthenticatorSelectionCriteria.class,
+				(r) -> AuthenticatorSelectionCriteria.builder()
+					.userVerification(UserVerificationRequirement.REQUIRED)
+					.build());
+		generatorByClassName.put(COSEAlgorithmIdentifier.class, (r) -> COSEAlgorithmIdentifier.ES256);
+		generatorByClassName.put(PublicKeyCredentialParameters.class, (r) -> PublicKeyCredentialParameters.ES256);
+		generatorByClassName.put(PublicKeyCredentialRpEntity.class,
+				(r) -> TestPublicKeyCredentialRpEntities.createRpEntity().build());
+		generatorByClassName.put(ResidentKeyRequirement.class, (r) -> ResidentKeyRequirement.REQUIRED);
+		generatorByClassName.put(PublicKeyCredentialCreationOptions.class,
+				(r) -> TestPublicKeyCredentialCreationOptions.createPublicKeyCredentialCreationOptions()
+					.rp(TestPublicKeyCredentialRpEntities.createRpEntity().build())
+					.build());
+
 		generatorByClassName.put(CredentialPropertiesOutput.ExtensionOutput.class,
 				(r) -> new CredentialPropertiesOutput(true).getOutput());
 
diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AttestationConveyancePreference.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AttestationConveyancePreference.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..f024863b39523ffec55a1a48327a893d2dd523f6
GIT binary patch
literal 138
zcmWm7u?@m75I|9b6p5OGF&ug-K%xo~5)&Ne5)P8Hbv`?!qh%LXfQ{GzQhe!k|MfLR
z6tnlz*cgPksRcUhz1(a>mxOe%J)XuO>4hx>vTIe03QC^0o-+=>4iADg3jXz8Ja)^^
i<~cQ!$`l#eglgv16*819a8n+2Jgx3Q&5Za=f=+)(1Tz%?

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.AuthenticatorSelectionCriteria.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..5562d8d620843d289154aa97579d6d4c73db6dd2
GIT binary patch
literal 731
zcmbu+yG{Z@6b9fU1~u3i8#`lVxzi~L)kZGSoeC7N9G3$-xa=;oXSp==ya$!B;T`OJ
z0V#a|-@w8dje>-jY%C_(O=kXY&OeWDkc}1aP<5<0QZneYmFVFxRQFblZlWZOts&l-
zB@*%iOGMJL^%n*tT|uF$p^q-fFu2g0QAzPMpG404=|cv#IUJc&KYMK=;d(v&Pf#%^
zTSM75$~0)!C(1O+exb{t0*8Htv25v32gd~El)2UA;VSkMsnFa{#~vgxs=A)2Z3fi?
z5;!TdZ`Kl4fl;K3Fa4wVWe3UG+<O&aE(2Q}vIF5KNN~uzVj!3=f)1;ZdD_A#BFHsM
zx7@B@*$uA!Vmg0wSBq(Pc>HY7R`@<lV8?K~O{Y;QUl+A?na=v7yT!>%J~*G{H-UTV
H>k(TYNcs}>

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.COSEAlgorithmIdentifier.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..cb13b5404fbf3f410c636f59cb17f4f3b136d6f5
GIT binary patch
literal 106
zcmZ4UmVvdnh`}|#C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5
zGWDGOgIyhS(({3`8M&S*sd*)tX_=`-8WpWZ>o;C3XJTOVVqh&x%qdN+DEJQnKLL_-
BEbssT

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialCreationOptions.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..09395fe91a8daeb13c956265c1bb918f32803c22
GIT binary patch
literal 3218
zcmcImYiJZ#6u!IJJk~Y%DzOhETPaqG-A!K@*wQAOtm!su60&PsvZQc#a<iE@J2Sa+
zCp%M0P*7A_XrYw0prR10)PU#@MWOzX(uc)jQlthd1pgFTltL-hR!q;mn|(w#mfO<6
z&Tg2Q^L_U_=X~c(-9WV#MSTX%hAfk+dUlxN9LXDWN5~?IO;zTG@+8AQ*k&Vo2%BoC
z&(3J7(oNhBN`{EeRII@-%v3|~HTl)Lyzyf6`t<IjUgS@p0A`F>Ox$OvHvwSbd%(g)
zurL7ej{pk;Sh&6Xa)+Uh6Bp|W>7!(rPy)Xq3Dm?N<}?({44NbwQ8)>PdSs!h#_0eN
z2vsp4`IQl@X++NwhF*{i9(6$kh_RYDie?XyvUV0jD-)x59EWYDYT<-xF?ennaTw7p
zt|mh%NwD_vNgzP16sbc~L8!QH+Kh8qY1)~EH1=Ugyfua<kS~F})MThz60=HG^qVnA
z3v&Ugo~b!v*o>iv3TNg2hdXU5$^stn*%qM;ZTs)2+ab^bu46)VZ<DL;e<--mn|5w(
zIUn8cMV<tz9mkpt#jv_?CJpP^aFX#piZ~#lPd9V|4EUKO`l}*)74=-K!!J%wnB8|a
ze&$6r3AA=m?E`hJjN~B240TBgxd^lz2r?6(#8P>mL#Z&dRWfdW`Q?5xW~-ENe!Td2
z!e4{V8s?2F8dkRCc%~~OR023A&wZzy^3}=C?jOys|F(UyBIUeM0zAbHv~Z{)0E^3k
zJ%Ige@M^2RWwNyzqTdwe2i6Oa&&fdw6Pnp|`sGbu9u7nBG^)*TUt-9cjyk4I`S;Xs
zYj4#xq~^Q`IVM6Vc>HYCzBaRc`C#CeJ4adD!|~tim6y((?({3aHu#SW`~f`HaQ_N%
z{|dEJid}AE&aRo}PrkwjYmg_7e3tqa5#dnY2SJeoZ>8nf$8$NG;fzKqYISLQ8~pLj
zzYc$TRY+K;3d<ArCOqNMd-z&UlxWXRzIgu9zPcG9j|VffCSB3py_r!MFVNkfRVw}O
z8+$3<k(*zy7^DO1juqASfKCJdpH4r`{jle*Z|)5*@<OMVW=?!aR5&=CP;Rlql{8>5
z5upzIs9{<_bCnR4n_wtv7#hL)r6ApT<-ngeLCb*!vvf?47&99{z#drvtIQZNxCl&W
zD{|)hr&^9BU)PJ$)c~h%Iq4n<@bmQO)Heq&ye+h<!CF?{WjlJ4v34zMz)mrei;LxH
zSS6ItKjxY+Nn~xi3gHw4f&zuZ$K(#b1i4Mlo@Y;-oX$fMUo9nZzVLTT9%Tu}cw)Zo
zT=O+U^lM?RmP~e;DK^fhcMw<9PK&rczrf)(e{ReDH}1|CZb%z*6^6x4=A*8rnk$VT
z9}p$rRf}EX(_w2a(OpFxoHI2N(hLP_BZdXzxH&1->tJ$Ws}A-P&4oQ72=&WcP_a=o
z58sMHNkTsy+<oq`4X>P9&OJEa=;4lukY_W$a_3CRWwzv;RgP9(mo9hpthnB~eoSl@
zfg#m0HSG2jPX=pY;k>YREIw}&pX6=#9a?1M5u3}h4rm9DWODBxI`QP~v&MIU`u8s0
Z@P6Qbre*WK3wz&*wLHEz@-BZc_BS}pwgmtH

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialParameters.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..7b5272e3f27447789f5a8a0212603aac324d2853
GIT binary patch
literal 487
zcmZ4UmVvdnh`~F*C|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5
zGW7yVlX5bXy;Ccli&9fk^GY%ka{>}U`btuZieFvKT61#lp&BLzCLado#GLdJ26rEz
z`TA()>%+{~2bvASVDt5X=IcBA2fI4vq~`-|&&c%z+mM!-T4e3Rz*16KkV?9NSR5Pz
zG|0N50O)yF(mapDaT*n^M(a0TEN5b1^kQHwOUx-vttj{p0Y6E%1&50h>;60JlD(S`
ow8aN%O9_LJPgY`CqJB<dUb=p82`CbQ9xGwsDgZ~5Zgy%V008~H<NyEw

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.PublicKeyCredentialRpEntity.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..918ec8599877eac8cff60bc382d182b0655e74bf
GIT binary patch
literal 184
zcmXYrK@!105Jg+Cv|wSUDkm5RuvAJZS)`H^v}nmNnT$>cvvCa;j^H|u;SNGs{CcZj
z?>*npuNhVq=c;zBZN6hH>0I$a)s!`?#j7)IzQaZetI%l`Hyfj~HTgNymaJ$riCeT3
ze_M{bufhEhKoCKow*sSRk0+cOwD~lZuVNNK&$gB$T%mJu0z<lB=?p1TWoU}37J*6n
S%L&teMVOHB?KzB*#eV=mtU<#7

literal 0
HcmV?d00001

diff --git a/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.ResidentKeyRequirement.serialized b/config/src/test/resources/serialized/7.0.x/org.springframework.security.web.webauthn.api.ResidentKeyRequirement.serialized
new file mode 100644
index 0000000000000000000000000000000000000000..a03eb3ed6c9f6dabcce3a610eb52a1e586a48899
GIT binary patch
literal 129
zcmZ4UmVvdnh`}YlC|$3(peQphJ*_A)H?=&!C|j>MHMz7Xv!qh5JT(b~6H7}n^7Il5
zGWCK|i!)PF^Gdu^D}z!COEZg7bAh~@omu5_ryZ9tF);ctu$Cp}l%|$22>E0smL=-v
XB<7{-2bX{>u&yX5Vc;l&=t}_ri7zlX

literal 0
HcmV?d00001

diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/AttestationConveyancePreference.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/AttestationConveyancePreference.java
index 41164faf491..23739e75247 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/AttestationConveyancePreference.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/AttestationConveyancePreference.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,9 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 /**
  * <a href="https://www.w3.org/TR/webauthn-3/#webauthn-relying-party">WebAuthn Relying
  * Parties</a> may use <a href=
@@ -26,7 +29,10 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class AttestationConveyancePreference {
+public final class AttestationConveyancePreference implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = -4821525312099695991L;
 
 	/**
 	 * The <a href=
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorSelectionCriteria.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorSelectionCriteria.java
index 011e539d826..08151799525 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorSelectionCriteria.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/AuthenticatorSelectionCriteria.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,9 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 /**
  * <a href=
  * "https://www.w3.org/TR/webauthn-3/#dictdef-authenticatorselectioncriteria">AuthenticatorAttachment</a>
@@ -31,7 +34,10 @@
  * @since 6.4
  * @see PublicKeyCredentialCreationOptions#getAuthenticatorSelection()
  */
-public final class AuthenticatorSelectionCriteria {
+public final class AuthenticatorSelectionCriteria implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = -4273495550621636950L;
 
 	private final AuthenticatorAttachment authenticatorAttachment;
 
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/COSEAlgorithmIdentifier.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/COSEAlgorithmIdentifier.java
index 0cafd9309bd..7acae91188e 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/COSEAlgorithmIdentifier.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/COSEAlgorithmIdentifier.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,9 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 /**
  * <a href=
  * "https://www.w3.org/TR/webauthn-3/#sctn-alg-identifier">COSEAlgorithmIdentifier</a> is
@@ -25,7 +28,10 @@
  * @since 6.4
  * @see PublicKeyCredentialParameters#getAlg()
  */
-public final class COSEAlgorithmIdentifier {
+public final class COSEAlgorithmIdentifier implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = 2916227211464921463L;
 
 	public static final COSEAlgorithmIdentifier EdDSA = new COSEAlgorithmIdentifier(-8);
 
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java
index 2bbdcb9b2b0..2dabd440784 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialCreationOptions.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
+import java.io.Serializable;
 import java.time.Duration;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -32,7 +34,10 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class PublicKeyCredentialCreationOptions {
+public final class PublicKeyCredentialCreationOptions implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = -3447846076083501914L;
 
 	private final PublicKeyCredentialRpEntity rp;
 
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialParameters.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialParameters.java
index abb8c028330..6185b4e9983 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialParameters.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialParameters.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,9 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 /**
  * The <a href=
  * "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialparameters">PublicKeyCredentialParameters</a>
@@ -25,7 +28,10 @@
  * @since 6.4
  * @see PublicKeyCredentialCreationOptions#getPubKeyCredParams()
  */
-public final class PublicKeyCredentialParameters {
+public final class PublicKeyCredentialParameters implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = -1526321508352408964L;
 
 	public static final PublicKeyCredentialParameters EdDSA = new PublicKeyCredentialParameters(
 			COSEAlgorithmIdentifier.EdDSA);
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRpEntity.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRpEntity.java
index d8e7de80141..a34ce5819b9 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRpEntity.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/PublicKeyCredentialRpEntity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,9 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 /**
  * The <a href=
  * "https://www.w3.org/TR/webauthn-3/#dictdef-publickeycredentialrpentity">PublicKeyCredentialRpEntity</a>
@@ -25,7 +28,10 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class PublicKeyCredentialRpEntity {
+public final class PublicKeyCredentialRpEntity implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = -7546038444920825700L;
 
 	private final String name;
 
diff --git a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java
index 082df8c675e..f308dc605b9 100644
--- a/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/api/ResidentKeyRequirement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 the original author or authors.
+ * Copyright 2002-2025 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,6 +16,9 @@
 
 package org.springframework.security.web.webauthn.api;
 
+import java.io.Serial;
+import java.io.Serializable;
+
 /**
  * The <a href=
  * "https://www.w3.org/TR/webauthn-3/#enumdef-residentkeyrequirement">ResidentKeyRequirement</a>
@@ -24,7 +27,10 @@
  * @author Rob Winch
  * @since 6.4
  */
-public final class ResidentKeyRequirement {
+public final class ResidentKeyRequirement implements Serializable {
+
+	@Serial
+	private static final long serialVersionUID = -2771567035819540060L;
 
 	/**
 	 * The <a href=

From 28cbf4ff097e6d141c550cfd63552f7ea5c77a7b Mon Sep 17 00:00:00 2001
From: Rob Winch <362503+rwinch@users.noreply.github.com>
Date: Wed, 23 Jul 2025 13:32:34 -0500
Subject: [PATCH 2/2] Reapply "Move webauthn runtimehints to
 spring-security-webauthn"

This reverts commit 9489ab48abcbd192d87e5535f2459804d9826a80.
---
 web/src/main/resources/META-INF/spring/aot.factories          | 4 +---
 .../aot}/PublicKeyCredentialUserEntityRuntimeHints.java       | 2 +-
 .../web/webauthn/aot}/UserCredentialRuntimeHints.java         | 2 +-
 webauthn/src/main/resources/META-INF/spring/aot.factories     | 3 +++
 .../aot}/PublicKeyCredentialUserEntityRuntimeHintsTests.java  | 2 +-
 .../web/webauthn/aot}/UserCredentialRuntimeHintsTests.java    | 2 +-
 6 files changed, 8 insertions(+), 7 deletions(-)
 rename {web/src/main/java/org/springframework/security/web/aot/hint => webauthn/src/main/java/org/springframework/security/web/webauthn/aot}/PublicKeyCredentialUserEntityRuntimeHints.java (96%)
 rename {web/src/main/java/org/springframework/security/web/aot/hint => webauthn/src/main/java/org/springframework/security/web/webauthn/aot}/UserCredentialRuntimeHints.java (96%)
 create mode 100644 webauthn/src/main/resources/META-INF/spring/aot.factories
 rename {web/src/test/java/org/springframework/security/web/aot/hint => webauthn/src/test/java/org/springframework/security/web/webauthn/aot}/PublicKeyCredentialUserEntityRuntimeHintsTests.java (97%)
 rename {web/src/test/java/org/springframework/security/web/aot/hint => webauthn/src/test/java/org/springframework/security/web/webauthn/aot}/UserCredentialRuntimeHintsTests.java (97%)

diff --git a/web/src/main/resources/META-INF/spring/aot.factories b/web/src/main/resources/META-INF/spring/aot.factories
index 2a3c8ad7681..dcc4be6a067 100644
--- a/web/src/main/resources/META-INF/spring/aot.factories
+++ b/web/src/main/resources/META-INF/spring/aot.factories
@@ -1,4 +1,2 @@
 org.springframework.aot.hint.RuntimeHintsRegistrar=\
-org.springframework.security.web.aot.hint.WebMvcSecurityRuntimeHints,\
-org.springframework.security.web.aot.hint.UserCredentialRuntimeHints,\
-org.springframework.security.web.aot.hint.PublicKeyCredentialUserEntityRuntimeHints
+org.springframework.security.web.aot.hint.WebMvcSecurityRuntimeHints
diff --git a/web/src/main/java/org/springframework/security/web/aot/hint/PublicKeyCredentialUserEntityRuntimeHints.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/aot/PublicKeyCredentialUserEntityRuntimeHints.java
similarity index 96%
rename from web/src/main/java/org/springframework/security/web/aot/hint/PublicKeyCredentialUserEntityRuntimeHints.java
rename to webauthn/src/main/java/org/springframework/security/web/webauthn/aot/PublicKeyCredentialUserEntityRuntimeHints.java
index c35cf5b81c6..f178c1f2ec9 100644
--- a/web/src/main/java/org/springframework/security/web/aot/hint/PublicKeyCredentialUserEntityRuntimeHints.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/aot/PublicKeyCredentialUserEntityRuntimeHints.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.aot.hint;
+package org.springframework.security.web.webauthn.aot;
 
 import org.springframework.aot.hint.RuntimeHints;
 import org.springframework.aot.hint.RuntimeHintsRegistrar;
diff --git a/web/src/main/java/org/springframework/security/web/aot/hint/UserCredentialRuntimeHints.java b/webauthn/src/main/java/org/springframework/security/web/webauthn/aot/UserCredentialRuntimeHints.java
similarity index 96%
rename from web/src/main/java/org/springframework/security/web/aot/hint/UserCredentialRuntimeHints.java
rename to webauthn/src/main/java/org/springframework/security/web/webauthn/aot/UserCredentialRuntimeHints.java
index 96700568725..ade9a4f5d8a 100644
--- a/web/src/main/java/org/springframework/security/web/aot/hint/UserCredentialRuntimeHints.java
+++ b/webauthn/src/main/java/org/springframework/security/web/webauthn/aot/UserCredentialRuntimeHints.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.aot.hint;
+package org.springframework.security.web.webauthn.aot;
 
 import org.springframework.aot.hint.RuntimeHints;
 import org.springframework.aot.hint.RuntimeHintsRegistrar;
diff --git a/webauthn/src/main/resources/META-INF/spring/aot.factories b/webauthn/src/main/resources/META-INF/spring/aot.factories
new file mode 100644
index 00000000000..1e8588ce4d7
--- /dev/null
+++ b/webauthn/src/main/resources/META-INF/spring/aot.factories
@@ -0,0 +1,3 @@
+org.springframework.aot.hint.RuntimeHintsRegistrar=\
+org.springframework.security.web.webauthn.aot.UserCredentialRuntimeHints,\
+org.springframework.security.web.webauthn.aot.PublicKeyCredentialUserEntityRuntimeHints
diff --git a/web/src/test/java/org/springframework/security/web/aot/hint/PublicKeyCredentialUserEntityRuntimeHintsTests.java b/webauthn/src/test/java/org/springframework/security/web/webauthn/aot/PublicKeyCredentialUserEntityRuntimeHintsTests.java
similarity index 97%
rename from web/src/test/java/org/springframework/security/web/aot/hint/PublicKeyCredentialUserEntityRuntimeHintsTests.java
rename to webauthn/src/test/java/org/springframework/security/web/webauthn/aot/PublicKeyCredentialUserEntityRuntimeHintsTests.java
index 4909a643030..d8d016a0706 100644
--- a/web/src/test/java/org/springframework/security/web/aot/hint/PublicKeyCredentialUserEntityRuntimeHintsTests.java
+++ b/webauthn/src/test/java/org/springframework/security/web/webauthn/aot/PublicKeyCredentialUserEntityRuntimeHintsTests.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.aot.hint;
+package org.springframework.security.web.webauthn.aot;
 
 import java.util.stream.Stream;
 
diff --git a/web/src/test/java/org/springframework/security/web/aot/hint/UserCredentialRuntimeHintsTests.java b/webauthn/src/test/java/org/springframework/security/web/webauthn/aot/UserCredentialRuntimeHintsTests.java
similarity index 97%
rename from web/src/test/java/org/springframework/security/web/aot/hint/UserCredentialRuntimeHintsTests.java
rename to webauthn/src/test/java/org/springframework/security/web/webauthn/aot/UserCredentialRuntimeHintsTests.java
index ed44b4cb268..1683beb2b69 100644
--- a/web/src/test/java/org/springframework/security/web/aot/hint/UserCredentialRuntimeHintsTests.java
+++ b/webauthn/src/test/java/org/springframework/security/web/webauthn/aot/UserCredentialRuntimeHintsTests.java
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.aot.hint;
+package org.springframework.security.web.webauthn.aot;
 
 import java.util.stream.Stream;