Spring Security Security Filter ConcurrentSessionFilter's registration is confusing

Summary

It's not very clear in which order the security filter ConcurrentSessionFilter is registered.

Actual Behavior

The different security filters are registered in org.springframework.security.config.annotation.web.builders.FilterComparator, each with a different order.

But ConcurrentSessionFilter is registered 3 times. As the filters are stored in a Map, only the last one is retained however.

Also in the documentation, at Security Filters it is written twice, which is not possible.

There's also a mistake in the javadoc for org.springframework.security.config.annotation.web.HttpSecurityBuilder#addFilter

Expected Behavior

ConcurrentSessionFilter should only be registered once.

Version

All versions including 5.3

Comment From: jzheaux

Good catch, @ghusta. I've removed the ambiguity and cleaned up the documentation.

Comment From: ghusta

Thanks !