Delete WebSessionStoreReactiveSessionRegistry.java and gives the responsibility to remove the sessions from the WebSessionStore to the handler
Issue gh-6192
This commit changes the PreventLoginServerMaximumSessionsExceededHandler to invalidate the WebSession in addition to throwing the error, this is needed otherwise the session would still be saved with the security context. It also changes the SessionRegistryWebSession to first perform the operation on the delegate and then invoke the needed method on the ReactiveSessionRegistry
Issue gh-6192
In the `ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder` class the JavaDoc comments mention the wrong class name. This commit fixes this.
Observation itself does not protect against start and stop being called
multiple times. This commit aligns all observation instances to instead
use an implementation that does have these guards in place.
Closes gh-14082
This commit removes unnecessary main-branch merges starting from
8750608b5bca45525c99d0a41a20ed02de93d8c7 and adds the following
needed commit(s) that were made afterward:
- 5dce82c48bc0b174838501c5a111b2de70822914
Depending on when a request is cancelled, the before and after observation
starts and stops may be called out of order due to the order in
which their doOnCancel handlers are invoked.
To address this, the before filter-wrapper now always closes both the
before observation and the after observation. Since the before filter-
wrapper wraps the entire request, this ensures that either that was
started is stopped, and either that has not been started yet cannot
inadvertently be started by any unexpected ordering of events that
follows.
Closes gh-14031
Prior to this commit, the ServletRequest#getParameter method was used in order to verify if the matchingRequestParameterName was present in the request. That method has some side effects like interfering in the execution of the ServletRequest#getInputStream and ServletRequest#getReader method when the request is an HTTP POST (if those methods are invoked after getParameter, or vice-versa, the content won't be available). This commit makes that we only use the query string to check for the parameter, avoiding draining the request's input stream.
Closes gh-13731
ruabtmh
DingHao
Steve Riesenberg
Markus Heiden
Marcus Hert Da Coregio
Christian Becker
Rob Winch
Josh Cummings
Federico Herrera
Nermin Karapandzic
ahmd-nabil
sonallux
brunodmartins
Steve Riesenberg
Martin Lukas
Duje
Mark Chesney
Seongguk Jeong
Bjorn Harvold
Tim te Beek
Olivier Vanekem
Kevin2Jordan