- Fixed session fixation vulnerability in RestAuthenticationFilter
- Added session creation policy "ALWAYS" to default auto-config
- RestAuthenticationFilter is now configured by a custom security configurer to be able to make use of shared objects in the HttpSecurity config.