Spring Security Deprecate Authorization Logic that uses FilterInvocation

We should deprecate authorization logic that uses FilterInvocation in favor of using RequestAuthorizationContext. A few examples:

• SecurityExpressionHandler<FilterInvocation> in favor of SecurityExpressionHandler<RequestAuthorizationContext>
• FilterInvocationExpressionRoot (might change to HttpServletRequestExpressionRoot) in favor of WebSecurityExpressionRoot
• DefaultWebSecurityExpressionHandler in favor of DefaultHttpSecurityExpressionHandler

Related gh-17673

Comment From: therepanic

Hi, @rwinch. Can you assign me to this issue?

Comment From: rwinch

Thanks @therepanic! Yes please go ahead and do it. Please ensure to remove the deprecated usage within Spring Security in a passive way (e.g. adapt classes that use SecurityExpressionHandler<FilterInvocation> to use SecurityExpressionHandler<RequestAuthorizationContext>)