Remove Redundant ConcurrentSessionFilter Refs

Fixes gh-8105

Author: jzheaux

config/src/main/java/org/springframework/security/config/annotation/web/HttpSecurityBuilder.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -136,14 +136,12 @@ <C extends SecurityConfigurer<DefaultSecurityFilterChain, H>> C removeConfigurer
 	 *
 	 * <ul>
 	 * <li>{@link ChannelProcessingFilter}</li>
-	 * <li>{@link ConcurrentSessionFilter}</li>
 	 * <li>{@link SecurityContextPersistenceFilter}</li>
 	 * <li>{@link LogoutFilter}</li>
 	 * <li>{@link X509AuthenticationFilter}</li>
 	 * <li>{@link AbstractPreAuthenticatedProcessingFilter}</li>
 	 * <li><a href="{@docRoot}/org/springframework/security/cas/web/CasAuthenticationFilter.html">CasAuthenticationFilter</a></li>
 	 * <li>{@link UsernamePasswordAuthenticationFilter}</li>
-	 * <li>{@link ConcurrentSessionFilter}</li>
 	 * <li>{@link OpenIDAuthenticationFilter}</li>
 	 * <li>{@link org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter}</li>
 	 * <li>{@link org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter}</li>

config/src/main/java/org/springframework/security/config/annotation/web/builders/FilterComparator.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2020 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -63,7 +63,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 	FilterComparator() {
 		Step order = new Step(INITIAL_ORDER, ORDER_STEP);
 		put(ChannelProcessingFilter.class, order.next());
-		put(ConcurrentSessionFilter.class, order.next());
+		order.next(); // gh-8105
 		put(WebAsyncManagerIntegrationFilter.class, order.next());
 		put(SecurityContextPersistenceFilter.class, order.next());
 		put(HeaderWriterFilter.class, order.next());
@@ -87,7 +87,7 @@ final class FilterComparator implements Comparator<Filter>, Serializable {
 				"org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter",
 				order.next());
 		put(UsernamePasswordAuthenticationFilter.class, order.next());
-		put(ConcurrentSessionFilter.class, order.next());
+		order.next(); // gh-8105
 		filterToOrder.put(
 				"org.springframework.security.openid.OpenIDAuthenticationFilter", order.next());
 		put(DefaultLoginPageGeneratingFilter.class, order.next());

docs/manual/src/docs/asciidoc/_includes/servlet/architecture/security-filters.adoc

@@ -9,7 +9,6 @@ However, there are times that it is beneficial to know the ordering
 Below is a comprehensive list of Spring Security Filter ordering:
 
 * ChannelProcessingFilter
-* ConcurrentSessionFilter
 * WebAsyncManagerIntegrationFilter
 * SecurityContextPersistenceFilter
 * HeaderWriterFilter
@@ -24,10 +23,10 @@ Below is a comprehensive list of Spring Security Filter ordering:
 * OAuth2LoginAuthenticationFilter
 * Saml2WebSsoAuthenticationFilter
 * <<servlet-authentication-usernamepasswordauthenticationfilter,`UsernamePasswordAuthenticationFilter`>>
-* ConcurrentSessionFilter
 * OpenIDAuthenticationFilter
 * DefaultLoginPageGeneratingFilter
 * DefaultLogoutPageGeneratingFilter
+* ConcurrentSessionFilter
 * <<servlet-authentication-digest,`DigestAuthenticationFilter`>>
 * BearerTokenAuthenticationFilter
 * <<servlet-authentication-basic,`BasicAuthenticationFilter`>>