Delete WebSessionStoreReactiveSessionRegistry.java and gives the responsibility to remove the sessions from the WebSessionStore to the handler
Issue gh-6192
This commit changes the PreventLoginServerMaximumSessionsExceededHandler to invalidate the WebSession in addition to throwing the error, this is needed otherwise the session would still be saved with the security context. It also changes the SessionRegistryWebSession to first perform the operation on the delegate and then invoke the needed method on the ReactiveSessionRegistry
Issue gh-6192
In the `ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.Builder` class the JavaDoc comments mention the wrong class name. This commit fixes this.
Observation itself does not protect against start and stop being called
multiple times. This commit aligns all observation instances to instead
use an implementation that does have these guards in place.
Closes gh-14082
This commit removes unnecessary main-branch merges starting from
9f8db22b774fe78fef3598c07e184c371892c1c7 and adds the following
needed commit(s) that were made afterward:
- 4d6ff49b9d663d0f25454f3704a45c83b35da689
- ed6ff670d102736eea0ac360921c9015151ac630
- c823b007942a04a27d02c0a28bc2ad85e8790084
- 44fad21363bef1b06422be28c9bbfadde5e44804
This commit removes unnecessary main-branch merges starting from
8750608b5bca45525c99d0a41a20ed02de93d8c7 and adds the following
needed commit(s) that were made afterward:
- 5dce82c48bc0b174838501c5a111b2de70822914
Depending on when a request is cancelled, the before and after observation
starts and stops may be called out of order due to the order in
which their doOnCancel handlers are invoked.
To address this, the before filter-wrapper now always closes both the
before observation and the after observation. Since the before filter-
wrapper wraps the entire request, this ensures that either that was
started is stopped, and either that has not been started yet cannot
inadvertently be started by any unexpected ordering of events that
follows.
Closes gh-14031
