Add Serializable to Csrf Components

Issue gh-16276

Author: jzheaux

config/src/test/java/org/springframework/security/SpringSecurityCoreVersionSerializableTests.java

@@ -134,6 +134,10 @@
 import org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationException;
 import org.springframework.security.web.authentication.session.SessionAuthenticationException;
 import org.springframework.security.web.authentication.www.NonceExpiredException;
+import org.springframework.security.web.csrf.CsrfException;
+import org.springframework.security.web.csrf.DefaultCsrfToken;
+import org.springframework.security.web.csrf.InvalidCsrfTokenException;
+import org.springframework.security.web.csrf.MissingCsrfTokenException;
 
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assertions.fail;
@@ -344,6 +348,13 @@ class SpringSecurityCoreVersionSerializableTests {
 				(r) -> new SessionAuthenticationException("message"));
 		generatorByClassName.put(NonceExpiredException.class,
 				(r) -> new NonceExpiredException("message", new IOException("fail")));
+		generatorByClassName.put(CsrfException.class, (r) -> new CsrfException("message"));
+		generatorByClassName.put(org.springframework.security.web.server.csrf.CsrfException.class, (r) -> new org.springframework.security.web.server.csrf.CsrfException("message"));
+		generatorByClassName.put(InvalidCsrfTokenException.class, (r) -> new InvalidCsrfTokenException(new DefaultCsrfToken("header", "parameter", "token"), "token"));
+		generatorByClassName.put(MissingCsrfTokenException.class, (r) -> new MissingCsrfTokenException("token"));
+		generatorByClassName.put(DefaultCsrfToken.class, (r) -> new DefaultCsrfToken("header", "parameter", "token"));
+		generatorByClassName.put(org.springframework.security.web.server.csrf.DefaultCsrfToken.class, (r) -> new org.springframework.security.web.server.csrf.DefaultCsrfToken("header", "parameter", "token"));
+
 	}
 
 	@ParameterizedTest

config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.CsrfException.serialized

@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
+import java.io.Serial;
+
 import org.springframework.security.access.AccessDeniedException;
 
 /**
@@ -24,9 +26,11 @@
  * @author Rob Winch
  * @since 3.2
  */
-@SuppressWarnings("serial")
 public class CsrfException extends AccessDeniedException {
 
+	@Serial
+	private static final long serialVersionUID = 7802567627837252670L;
+
 	public CsrfException(String message) {
 		super(message);
 	}

config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.DefaultCsrfToken.serialized

@@ -62,6 +62,7 @@ public void handle(HttpServletRequest request, HttpServletResponse response,
 		request.setAttribute(csrfAttrName, csrfToken);
 	}
 
+	@SuppressWarnings("serial")
 	private static final class SupplierCsrfToken implements CsrfToken {
 
 		private final Supplier<CsrfToken> csrfTokenSupplier;

config/src/test/resources/serialized/6.4.x/org.springframework.security.web.csrf.InvalidCsrfTokenException.serialized

@@ -16,6 +16,8 @@
 
 package org.springframework.security.web.csrf;
 
+import java.io.Serial;
+
 import org.springframework.util.Assert;
 
 /**
@@ -24,9 +26,11 @@
  * @author Rob Winch
  * @since 3.2
  */
-@SuppressWarnings("serial")
 public final class DefaultCsrfToken implements CsrfToken {
 
+	@Serial
+	private static final long serialVersionUID = 6552658053267913685L;
+
 	private final String token;
 
 	private final String parameterName;