Spring Security Remove internal Optional usage in favor of null checks

Summary

While some prefer the readability of using the Optional API, the GC overhead of creating additional objects (including intermediate objects) can cause significant decrease in performance There are some simple benchmarks that illustrate the problem.

We should replace Optional usage with null checks throughout Spring Security's code base.

Related gh-7154

Comment From: eddumelendez

Hi @rwinch, do you think this is good for first-timers-only?

Comment From: rwinch

Thanks for asking @eddumelendez I think it is likely a lot of code to touch for a first timers.

Comment From: eleftherias

As mentioned in the PR, Optional is still being used in the following files: - org.springframework.security.oauth2.client.web.reactive.function.client.OAuth2AuthorizedClientResolver - org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientResolver - org.springframework.security.oauth2.client.web.reactive.function.client.ServerOAuth2AuthorizedClientExchangeFilterFunction Since an additional object needs to be created regardless, in this situation, it is reasonable to keep using Optionals instead of creating an object of a different type.