Revert "Address SessionLimitStrategy"

This reverts commit 67d40a1.

Author: ClaudenirFreitas

config/src/main/java/org/springframework/security/config/SecurityNamespaceHandler.java

@@ -96,7 +96,7 @@ public BeanDefinition parse(Element element, ParserContext pc) {
 			pc.getReaderContext()
 				.fatal("You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or "
 						+ "spring-security-3.1.xsd schema or spring-security-3.2.xsd schema or spring-security-4.0.xsd schema "
-						+ "with Spring Security 6.5. Please update your schema declarations to the 6.5 schema.",
+						+ "with Spring Security 6.4. Please update your schema declarations to the 6.4 schema.",
 						element);
 		}
 		String name = pc.getDelegate().getLocalName(element);
@@ -221,7 +221,7 @@ private boolean namespaceMatchesVersion(Element element) {
 
 	private boolean matchesVersionInternal(Element element) {
 		String schemaLocation = element.getAttributeNS("http://www.w3.org/2001/XMLSchema-instance", "schemaLocation");
-		return schemaLocation.matches("(?m).*spring-security-6\\.5.*.xsd.*")
+		return schemaLocation.matches("(?m).*spring-security-6\\.4.*.xsd.*")
 				|| schemaLocation.matches("(?m).*spring-security.xsd.*")
 				|| !schemaLocation.matches("(?m).*spring-security.*");
 	}

config/src/main/resources/META-INF/spring.schemas

@@ -14,8 +14,7 @@
 # limitations under the License.
 #
 
-http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.5.xsd
-http\://www.springframework.org/schema/security/spring-security-6.5.xsd=org/springframework/security/config/spring-security-6.5.xsd
+http\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.4.xsd
 http\://www.springframework.org/schema/security/spring-security-6.4.xsd=org/springframework/security/config/spring-security-6.4.xsd
 http\://www.springframework.org/schema/security/spring-security-6.3.xsd=org/springframework/security/config/spring-security-6.3.xsd
 http\://www.springframework.org/schema/security/spring-security-6.2.xsd=org/springframework/security/config/spring-security-6.2.xsd
@@ -41,8 +40,7 @@ http\://www.springframework.org/schema/security/spring-security-2.0.xsd=org/spri
 http\://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd
 http\://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd
 http\://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd
-https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.5.xsd
-https\://www.springframework.org/schema/security/spring-security-6.5.xsd=org/springframework/security/config/spring-security-6.5.xsd
+https\://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-6.4.xsd
 https\://www.springframework.org/schema/security/spring-security-6.4.xsd=org/springframework/security/config/spring-security-6.4.xsd
 https\://www.springframework.org/schema/security/spring-security-6.3.xsd=org/springframework/security/config/spring-security-6.3.xsd
 https\://www.springframework.org/schema/security/spring-security-6.2.xsd=org/springframework/security/config/spring-security-6.2.xsd

config/src/test/java/org/springframework/security/config/http/HttpHeadersConfigTests.java

@@ -34,8 +34,6 @@
 import org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException;
 import org.springframework.security.config.test.SpringTestContext;
 import org.springframework.security.config.test.SpringTestContextExtension;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.web.session.SessionLimitStrategy;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.ResultMatcher;
 import org.springframework.test.web.servlet.request.MockHttpServletRequestBuilder;
@@ -842,69 +840,6 @@ public void requestWhenSessionManagementConcurrencyControlMaxSessionIsUnlimited(
 		assertThat(firstSession.getId()).isNotEqualTo(secondSession.getId());
 	}
 
-	@Test
-	public void requestWhenSessionManagementConcurrencyControlMaxSessionRefIsOneForNonAdminUsers() throws Exception {
-		this.spring.configLocations(this.xml("DefaultsSessionManagementConcurrencyControlMaxSessionsRef")).autowire();
-		// @formatter:off
-		MockHttpServletRequestBuilder requestBuilder = post("/login")
-				.with(csrf())
-				.param("username", "user")
-				.param("password", "password");
-		HttpSession firstSession = this.mvc.perform(requestBuilder)
-				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("/"))
-				.andReturn()
-				.getRequest()
-				.getSession(false);
-		// @formatter:on
-		assertThat(firstSession).isNotNull();
-		// @formatter:off
-		this.mvc.perform(requestBuilder)
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?error"));
-		// @formatter:on
-	}
-
-	@Test
-	public void requestWhenSessionManagementConcurrencyControlMaxSessionRefIsTwoForAdminUsers() throws Exception {
-		this.spring.configLocations(this.xml("DefaultsSessionManagementConcurrencyControlMaxSessionsRef")).autowire();
-		// @formatter:off
-		MockHttpServletRequestBuilder requestBuilder = post("/login")
-				.with(csrf())
-				.param("username", "admin")
-				.param("password", "password");
-		HttpSession firstSession = this.mvc.perform(requestBuilder)
-				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("/"))
-				.andReturn()
-				.getRequest()
-				.getSession(false);
-		assertThat(firstSession).isNotNull();
-		HttpSession secondSession = this.mvc.perform(requestBuilder)
-				.andExpect(status().is3xxRedirection())
-				.andExpect(redirectedUrl("/"))
-				.andReturn()
-				.getRequest()
-				.getSession(false);
-		assertThat(secondSession).isNotNull();
-		// @formatter:on
-		assertThat(firstSession.getId()).isNotEqualTo(secondSession.getId());
-		// @formatter:off
-		this.mvc.perform(requestBuilder)
-				.andExpect(status().isFound())
-				.andExpect(redirectedUrl("/login?error"));
-		// @formatter:on
-	}
-
-	@Test
-	public void requestWhenSessionManagementConcurrencyControlWithInvalidMaxSessionConfig() {
-		assertThatExceptionOfType(BeanDefinitionParsingException.class)
-			.isThrownBy(() -> this.spring
-				.configLocations(this.xml("DefaultsSessionManagementConcurrencyControlWithInvalidMaxSessionsConfig"))
-				.autowire())
-			.withMessageContaining("Cannot use 'max-sessions' attribute and 'max-sessions-ref' attribute together.");
-	}
-
 	private static ResultMatcher includesDefaults() {
 		return includes(defaultHeaders);
 	}
@@ -955,16 +890,4 @@ public String ok() {
 
 	}
 
-	public static class CustomSessionLimit implements SessionLimitStrategy {
-
-		@Override
-		public Integer apply(Authentication authentication) {
-			if ("admin".equals(authentication.getName())) {
-				return 2;
-			}
-			return 1;
-		}
-
-	}
-
 }

config/src/test/resources/org/springframework/security/config/http/HttpHeadersConfigTests-DefaultsSessionManagementConcurrencyControlMaxSessionsRef.xml

@@ -22,7 +22,7 @@
 	xmlns:tx="http://www.springframework.org/schema/tx"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans-3.0.xsd
 		http://www.springframework.org/schema/tx https://www.springframework.org/schema/tx/spring-tx.xsd
-		http://www.springframework.org/schema/security org/springframework/security/config/spring-security-6.5.xsd">
+		http://www.springframework.org/schema/security org/springframework/security/config/spring-security-6.4.xsd">
 
 	<tx:annotation-driven />