SpringSecurity upgrade token serialization exception stepping on the pit

Stepping on the pit scene:

The company has recently renovated the technical architecture and upgraded the original SpringBoot 1.5.6 version to 2.0.6, and gradually converted the internal service call dubbo protocol into SpringCloud's Feign call. In the early stage, the SpringBoot version was mainly upgraded.
by

<dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>org.springframework.cloud</groupId>
        <artifactId>spring-cloud-dependencies</artifactId>
        <version>${spring-cloud.version}</version>
        <type>pom</type>
        <scope>import</scope>
      </dependency>
    </dependencies>
 </dependencyManagement>

Automatically maintain SpringBoot reference version dependent loading. We used a database to record tokens. The original SpringSecurityOauth reference version is also the same, 2.0.14.RELEASEbut the tokens generated by the original lower version have compatibility issues during deserialization.

java.lang.IllegalArgumentException:
 java.io.InvalidClassException: org.springframework.security.core.authority.SimpleGrantedAuthority; 
local class incompatible: stream classdesc serialVersionUID = 420, local class serialVersionUID = 500

It can be found SimpleGrantedAuthoritythat serialVersionUID401 is now 500 and there is a serialization compatibility problem.

Troubleshooting process:

By checking the spring-security-oauth2jar package dependency, when the SpringBoot is version 1.5.6, the dependent spring-security-coresum spring-security-configis version 4.2.3. When upgrading to version 2.0.6, the dependent version is version 5.0.9.
Version 5.0.9 of the SimpleGrantedAuthoritysource code serialVersionUID=500, when version 4.2.3 serialVersionUID=420results in deserialization of the object null.

<dependency>
      <groupId>org.springframework.security.oauth</groupId>
      <artifactId>spring-security-oauth2</artifactId>
      <version>2.0.14.RELEASE</version>
      <exclusions>
        <exclusion>
          <groupId>org.slf4j</groupId>
          <artifactId>slf4j-api</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>

solution:

In order to be compatible with the low version of the token problem, the security version is downgraded.
Exclude spring-security-oauth2automatic dependencies, custom loading dependencies4.2.3.RELEASE

<dependency>
      <groupId>org.springframework.security.oauth</groupId>
      <artifactId>spring-security-oauth2</artifactId>
      <version>2.0.14.RELEASE</version>
      <exclusions>
        <exclusion>
          <groupId>org.slf4j</groupId>
          <artifactId>slf4j-api</artifactId>
        </exclusion>
        <exclusion>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-core</artifactId>
        </exclusion>
        <exclusion>
          <groupId>org.springframework.security</groupId>
          <artifactId>spring-security-config</artifactId>
        </exclusion>
      </exclusions>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-core</artifactId>
      <version>4.2.3.RELEASE</version>
    </dependency>
    <dependency>
      <groupId>org.springframework.security</groupId>
      <artifactId>spring-security-config</artifactId>
      <version>4.2.3.RELEASE</version>
    </dependency>