JSR 28's TCK already expects javax.security.sasl.RealmCallback and javax.security.sasl.RealmChoiceCallback to be serializable, but JSR 28's specification does not declare them to be serializable. The proposal is to fix the specification (javadocs) to match the JSR 28 TCK and J2SE 1.4.
/** * The (authenticated) authentication id to check. * @serial */ private String authenticationID; /** * The authorization id to check. * @serial */ private String authorizationID; /** * The id of the authorized entity. If null, the id of * the authorized entity is authorizationID. * @serial */ private String authorizedID; /** * A flag indicating whether the authentication id is allowed to * act on behalf of the authorization id. * @serial */ private boolean authorized;