Address SessionLimitStrategy

Closes gh-16206

Author: claudenirmachado

config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java

@@ -120,7 +120,7 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 
 	private SessionInformationExpiredStrategy expiredSessionStrategy;
 
-	private SessionLimitStrategy sessionLimitStrategy;
+	private SessionLimitStrategy sessionLimit;
 
 	private List<SessionAuthenticationStrategy> sessionAuthenticationStrategies = new ArrayList<>();
 
@@ -330,7 +330,7 @@ public SessionManagementConfigurer<H> sessionFixation(
 	 * @return the {@link SessionManagementConfigurer} for further customizations
 	 */
 	public ConcurrencyControlConfigurer maximumSessions(int maximumSessions) {
-		this.sessionLimitStrategy = SessionLimitStrategy.of(maximumSessions);
+		this.sessionLimit = SessionLimitStrategy.of(maximumSessions);
 		this.propertiesThatRequireImplicitAuthentication.add("maximumSessions = " + maximumSessions);
 		return new ConcurrencyControlConfigurer();
 	}
@@ -571,8 +571,8 @@ private SessionAuthenticationStrategy getSessionAuthenticationStrategy(H http) {
 			SessionRegistry sessionRegistry = getSessionRegistry(http);
 			ConcurrentSessionControlAuthenticationStrategy concurrentSessionControlStrategy = new ConcurrentSessionControlAuthenticationStrategy(
 					sessionRegistry);
-			if (this.sessionLimitStrategy != null) {
-				concurrentSessionControlStrategy.setMaximumSessions(this.sessionLimitStrategy);
+			if (this.sessionLimit != null) {
+				concurrentSessionControlStrategy.setMaximumSessions(this.sessionLimit);
 			}
 			concurrentSessionControlStrategy.setExceptionIfMaximumExceeded(this.maxSessionsPreventsLogin);
 			concurrentSessionControlStrategy = postProcess(concurrentSessionControlStrategy);
@@ -617,7 +617,7 @@ private void registerDelegateApplicationListener(H http, ApplicationListener<?>
 	 * @return
 	 */
 	private boolean isConcurrentSessionControlEnabled() {
-		return this.sessionLimitStrategy != null;
+		return this.sessionLimit != null;
 	}
 
 	/**
@@ -709,7 +709,7 @@ private ConcurrencyControlConfigurer() {
 		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
 		 */
 		public ConcurrencyControlConfigurer maximumSessions(int maximumSessions) {
-			SessionManagementConfigurer.this.sessionLimitStrategy = SessionLimitStrategy.of(maximumSessions);
+			SessionManagementConfigurer.this.sessionLimit = SessionLimitStrategy.of(maximumSessions);
 			return this;
 		}
 
@@ -719,8 +719,8 @@ public ConcurrencyControlConfigurer maximumSessions(int maximumSessions) {
 		 * maximum number of sessions for a user
 		 * @return the {@link ConcurrencyControlConfigurer} for further customizations
 		 */
-		public ConcurrencyControlConfigurer sessionLimitStrategy(SessionLimitStrategy sessionLimitStrategy) {
-			SessionManagementConfigurer.this.sessionLimitStrategy = sessionLimitStrategy;
+		public ConcurrencyControlConfigurer maximumSessions(SessionLimitStrategy sessionLimitStrategy) {
+			SessionManagementConfigurer.this.sessionLimit = sessionLimitStrategy;
 			return this;
 		}
 

config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java

@@ -493,11 +493,11 @@ else if (StringUtils.hasText(sessionAuthStratRef)) {
 			if (StringUtils.hasText(maxSessions)) {
 				concurrentSessionStrategy.addPropertyValue("maximumSessions", maxSessions);
 			}
-			String sessionLimitStrategyRef = this.pc.getReaderContext()
+			String maxSessionsRef = this.pc.getReaderContext()
 				.getEnvironment()
 				.resolvePlaceholders(sessionCtrlElt.getAttribute(ATT_MAX_SESSIONS_REF));
-			if (StringUtils.hasText(sessionLimitStrategyRef)) {
-				concurrentSessionStrategy.addPropertyReference("sessionLimitStrategy", sessionLimitStrategyRef);
+			if (StringUtils.hasText(maxSessionsRef)) {
+				concurrentSessionStrategy.addPropertyReference("maximumSessions", maxSessionsRef);
 			}
 			String exceptionIfMaximumExceeded = sessionCtrlElt.getAttribute("error-if-maximum-exceeded");
 			if (StringUtils.hasText(exceptionIfMaximumExceeded)) {

config/src/test/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurerTests.java

@@ -713,7 +713,7 @@ SecurityFilterChain filterChain(HttpSecurity http, SessionLimitStrategy sessionL
 					.formLogin(withDefaults())
 					.sessionManagement((sessionManagement) -> sessionManagement
 									.sessionConcurrency((sessionConcurrency) -> sessionConcurrency
-													.sessionLimitStrategy(sessionLimitStrategy)
+													.maximumSessions(sessionLimitStrategy)
 													.maxSessionsPreventsLogin(true)
 									)
 					);

web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlAuthenticationStrategy.java

@@ -186,6 +186,7 @@ public void setMaximumSessions(int maximumSessions) {
 	 * Sets the <tt>sessionLimitStrategy</tt> property. The default value is 1. Use -1 for
 	 * unlimited sessions.
 	 * @param sessionLimitStrategy the session limit strategy
+	 * @since 6.5
 	 */
 	public void setMaximumSessions(SessionLimitStrategy sessionLimitStrategy) {
 		Assert.notNull(sessionLimitStrategy, "sessionLimitStrategy cannot be null");