It should also take OAuth2WebSecurityExpressionHandler

Currently WebExpressionAuthorizationManager support for OAuth2WebSecurityExpressionHandler as WebExpressionAuthorizationManager.setExpressionHandler(SecurityExpressHandler) but OAuth2WebSecurityExpressionHandler extends DefaultWebSecurityExpressionHandler which implements SecurityExpressHandler

Context