Spring Security SecurityExpressionHandler#createEvaluationContext should defer lookup of Authentication

Like AuthorizationManager, it would be nice to be able to defer the looking up Authentication in SecurityExpressionHandler.

A default createEvaluationContext method could be added:

default EvaluationContext createEvaluationContext(Supplier<Authentication> authentication, T invocation) {
    return createEvaluationContext(authentication.get(), invocation);
}

And then DefaultXXXSecurityExpressionHandlers would be updated to defer evaluation until the authentication was inspected.

Comment From: evgeniycheban

@jzheaux I can take this.

Comment From: evgeniycheban

@jzheaux I've opened the PR, please take a look.

Comment From: jzheaux

In order to accommodate changing to Supplier<Authentication> in SecurityExpressionRoot, the protected Authentication authentication member variable is changed to private Supplier<Authentication> authentication.

Classes that extend SecurityExpressionRoot and access the protected member variable should instead call getAuthentication().