The abstract AuthToken class implements Serializable, so the AS serialization compatibility tests are monitoring it for incompatible changes. Per JBAS-7265 looks like one has crept in:

FAIL: serialVersionUID error for org.jgroups.auth.AuthToken, 500 3079597723572751028, current: -2876389454499198917

This is minor, since JGroups presumably uses Streamable to marshal/unmarshal these. But some tidy up would be good:

1) The AuthToken.auth field should be transient since AUTH is not serializable.

2) A serialVersionUid field should be added to AuthToken and all subclasses.

Do these classes need to be Serializable? If not, perhaps remove that in 3.0?