Coverity static analysis found, there is couple of *Callback classes, which are mark as Serializable, and contains non-serializable fields.

• CredentialCallback
• CredentialUpdateCallback
• MechanismInformationCallback
• SSLCallback
• SecurityIdentityCallback
• ServerCredentialCallback
• TrustedAuthoritiesCallback

Either mark fields as transient or Serializable.

https://scan7.coverity.com/reports.htm#v23632/p11778/fileInstanceId=8490519&defectInstanceId=2123214&mergedDefectId=1377493