SEC-1229: Refactoring to remove package cycles.

config/src/main/java/org/springframework/security/config/http/HttpConfigurationBuilder.java

@@ -38,11 +38,11 @@ import org.springframework.security.web.access.intercept.DefaultFilterInvocation
 import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
 import org.springframework.security.web.access.intercept.RequestKey;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
-import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
+import org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy;
+import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
-import org.springframework.security.web.session.ConcurrentSessionControlStrategy;
-import org.springframework.security.web.session.SessionFixationProtectionStrategy;
+import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.security.web.util.AntUrlPathMatcher;
 import org.springframework.security.web.util.UrlMatcher;

config/src/test/java/org/springframework/security/config/http/HttpSecurityBeanDefinitionParserTests.java

@@ -55,7 +55,6 @@ import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
-import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
 import org.springframework.security.web.authentication.logout.LogoutFilter;
 import org.springframework.security.web.authentication.logout.LogoutHandler;
 import org.springframework.security.web.authentication.preauth.x509.SubjectDnX509PrincipalExtractor;
@@ -70,6 +69,7 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
 import org.springframework.security.web.context.SecurityContextPersistenceFilter;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.RequestCacheAwareFilter;
+import org.springframework.security.web.session.ConcurrentSessionFilter;
 import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.security.web.wrapper.SecurityContextHolderAwareRequestFilter;
 import org.springframework.util.ReflectionUtils;

web/src/main/java/org/springframework/security/web/authentication/AbstractAuthenticationProcessingFilter.java

@@ -37,8 +37,8 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.SpringSecurityMessageSource;
 import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.session.NullAuthenticatedSessionStrategy;
-import org.springframework.security.web.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 import org.springframework.security.web.util.UrlUtils;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;

web/src/main/java/org/springframework/security/web/session/ConcurrentSessionControlStrategy.java → web/src/main/java/org/springframework/security/web/authentication/session/ConcurrentSessionControlStrategy.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.session;
+package org.springframework.security.web.authentication.session;
 
 import java.util.List;
 
@@ -16,7 +16,8 @@ import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter;
-import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
+import org.springframework.security.web.session.ConcurrentSessionFilter;
+import org.springframework.security.web.session.SessionManagementFilter;
 import org.springframework.util.Assert;
 
 /**

web/src/main/java/org/springframework/security/web/session/NullAuthenticatedSessionStrategy.java → web/src/main/java/org/springframework/security/web/authentication/session/NullAuthenticatedSessionStrategy.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.session;
+package org.springframework.security.web.authentication.session;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

web/src/main/java/org/springframework/security/web/session/SessionAuthenticationException.java → web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationException.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.session;
+package org.springframework.security.web.authentication.session;
 
 import org.springframework.security.core.AuthenticationException;
 

web/src/main/java/org/springframework/security/web/session/SessionAuthenticationStrategy.java → web/src/main/java/org/springframework/security/web/authentication/session/SessionAuthenticationStrategy.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.session;
+package org.springframework.security.web.authentication.session;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

web/src/main/java/org/springframework/security/web/session/SessionFixationProtectionStrategy.java → web/src/main/java/org/springframework/security/web/authentication/session/SessionFixationProtectionStrategy.java

@@ -1,4 +1,4 @@
-package org.springframework.security.web.session;
+package org.springframework.security.web.authentication.session;
 
 import java.util.Arrays;
 import java.util.Enumeration;

web/src/main/java/org/springframework/security/web/authentication/concurrent/ConcurrentSessionFilter.java → web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java

@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-package org.springframework.security.web.authentication.concurrent;
+package org.springframework.security.web.session;
 
 import java.io.IOException;
 

web/src/main/java/org/springframework/security/web/session/SessionManagementFilter.java

@@ -17,6 +17,9 @@ import org.springframework.security.web.DefaultRedirectStrategy;
 import org.springframework.security.web.RedirectStrategy;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
+import org.springframework.security.web.authentication.session.SessionAuthenticationException;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
+import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 import org.springframework.security.web.context.SecurityContextRepository;
 import org.springframework.util.Assert;
 import org.springframework.web.filter.GenericFilterBean;

web/src/test/java/org/springframework/security/web/authentication/AbstractProcessingFilterTests.java

@@ -49,8 +49,8 @@ import org.springframework.security.web.authentication.ExceptionMappingAuthentic
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 import org.springframework.security.web.savedrequest.DefaultSavedRequest;
-import org.springframework.security.web.session.SessionAuthenticationStrategy;
 
 
 /**

web/src/test/java/org/springframework/security/web/concurrent/ConcurrentSessionFilterTests.java

@@ -22,7 +22,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.mock.web.MockHttpSession;
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.core.session.SessionRegistryImpl;
-import org.springframework.security.web.authentication.concurrent.ConcurrentSessionFilter;
+import org.springframework.security.web.session.ConcurrentSessionFilter;
 
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
@@ -41,11 +41,6 @@ import java.util.Date;
  * @version $Id$
  */
 public class ConcurrentSessionFilterTests extends TestCase {
-    //~ Constructors ===================================================================================================
-
-    public ConcurrentSessionFilterTests(String arg0) {
-        super(arg0);
-    }
 
     //~ Methods ========================================================================================================
 

web/src/test/java/org/springframework/security/web/session/DefaultSessionAuthenticationStrategyTests.java

@@ -10,6 +10,7 @@ import org.junit.Test;
 import org.springframework.mock.web.MockHttpServletRequest;
 import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy;
 import org.springframework.security.web.savedrequest.DefaultSavedRequest;
 
 /**

web/src/test/java/org/springframework/security/web/session/SessionManagementFilterTests.java

@@ -15,6 +15,7 @@ import org.springframework.mock.web.MockHttpServletResponse;
 import org.springframework.security.authentication.TestingAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
 import org.springframework.security.web.context.SecurityContextRepository;
 
 /**