* Removed VaadinManagedSecurity configuration from MgmtUiAutoConfiguration
* added SessionFixationProtectionStrategy for additional protection of UI session authentication
* added VaadinSessionClosingLogoutHandler to logout from all UI sessions
* added AccessDecisionManager to UI security configuration in order to support method security in UI in context of VaadinSharedSecurity
* Changed UI push transport from WEBSOCKET to WEBSOCKET_XHR to solve problems with Spring Security Context
* Suppressed atmosphere IOUtils false-positive warning
* Removed obsolete AsyncVaadinServletConfiguration
* Defined Vaadin4SpringServlet bean instead of plain SpringVaadinServlet for configuration flexibility
* Removed obsolete SpringSecurityAtmosphereInterceptor because the client does not communicate with the server using websocket protocol anymore
* Removed unit test for SpringSecurityAtmosphereInterceptor
* Removed obsolete AuthenticationManagerConfigurer coming from Vaadin Managed Security in InMemoryUserManagementAutoConfiguration
* Removed SessionFixationProtectionStrategy and VaadinSessionClosingLogoutHandler because all wrapper sessions are invalidated when the session managed by Spring gets invalidated together with configured HttpSessionEventPublisher events
* Added call to close the current session before logout redirect
* added comment why we used WEBSOCKET_XHR instead of WEBSOCKET
Signed-off-by: Bogdan Bondar <Bogdan.Bondar@bosch.io>
0e4b67895e