ELY-2789 OIDCSecurityContext deserialization issue

http/oidc/src/main/java/org/wildfly/security/http/oidc/OidcSecurityContext.java

@@ -76,8 +76,8 @@ public String getRealm() {
     private void readObject(ObjectInputStream in) throws IOException, ClassNotFoundException {
         in.defaultReadObject();
         try {
-            token = new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(tokenString));
-            idToken = new IDToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(idTokenString));
+            token = tokenString == null ? null : new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(tokenString));
+            idToken = idTokenString == null ? null : new IDToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(idTokenString));
         } catch (InvalidJwtException e) {
             throw log.unableToParseToken();
         }

http/oidc/src/test/java/org/wildfly/security/http/oidc/BearerTest.java

@@ -27,7 +27,10 @@
 import static org.wildfly.security.http.oidc.Oidc.OIDC_NAME;
 
 import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
 import java.net.URI;
 import java.nio.charset.StandardCharsets;
 import java.util.Collections;
@@ -36,6 +39,7 @@
 import java.util.Map;
 
 import org.apache.http.HttpStatus;
+import org.jose4j.jwt.consumer.JwtConsumerBuilder;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -146,6 +150,35 @@ public static void generalCleanup() throws Exception {
         }
     }
 
+    @Test
+    public void testOIDCSecurityContextDeserialization() throws Exception {
+        String accessTokenString = KeycloakConfiguration.getAccessToken(KEYCLOAK_CONTAINER.getAuthServerUrl(), TEST_REALM, KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD, CLIENT_ID, CLIENT_SECRET);
+        AccessToken accessToken = new AccessToken(new JwtConsumerBuilder().setSkipSignatureVerification().setSkipAllValidators().build().processToClaims(accessTokenString));
+        OidcSecurityContext oidcSecurityContext = new OidcSecurityContext(accessTokenString, accessToken, null, null);
+        OidcPrincipal oidcPrincipal = new OidcPrincipal("alice", oidcSecurityContext);
+
+        // Serialize
+        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
+        objectOutputStream.writeObject(oidcPrincipal);
+        objectOutputStream.close();
+
+        //deserialize
+        byte[] bytes = byteArrayOutputStream.toByteArray();
+        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
+        ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
+        OidcPrincipal deserializedOidcPrincipal = (OidcPrincipal)objectInputStream.readObject();
+        OidcSecurityContext deserializedOidcSecurityContext = deserializedOidcPrincipal.getOidcSecurityContext();
+        AccessToken deserializedAccessToken = deserializedOidcSecurityContext.getToken();
+
+        assertEquals(accessTokenString, deserializedOidcSecurityContext.getTokenString());
+        assertEquals(KeycloakConfiguration.ALICE, deserializedOidcPrincipal.getName());
+        assertEquals(KeycloakConfiguration.ALICE, deserializedAccessToken.getPreferredUsername());
+        assertEquals("[email protected]", deserializedAccessToken.getEmail());
+        assertEquals(TEST_REALM, deserializedOidcSecurityContext.getRealm());
+        objectInputStream.close();
+    }
+
     @Test
     public void testSucessfulAuthenticationWithAuthServerUrl() throws Exception {
         performBearerAuthentication(getOidcConfigurationInputStream(), SECURED_ENDPOINT, KeycloakConfiguration.ALICE, KeycloakConfiguration.ALICE_PASSWORD,