Luke Taylor (Migrated from SEC-1197) said:
With the introduction of the internal authentication manager for use by the generated beans, it would make more sense if the use of a custom concurrency controller was also set there via the standard element.
Luke Taylor said:
This should remove the need for SessionRegistryInjectionBeanPostProcessor which injects the SessionRegistry into the form, openid and session-fixation filters. The reference can be injected during the block parsing.
session-controller-ref has been moved to the element concurrent-session-control. It also requires that session-registry-ref be set.