Extract Authentication Docs

Issue gh-8005

docs/manual/src/docs/asciidoc/_includes/servlet/authentication/architecture/authentication.adoc

@@ -0,0 +1,18 @@
+[[servlet-authentication-authentication]]
+= Authentication
+
+The {security-api-url}org/springframework/security/core/Authentication.html[`Authentication`] serves two main purposes within Spring Security:
+
+* An input to `AuthenticationManager` to provide the credentials a user has provided to authenticate.
+When used in this scenario, `isAuthenticated()` returns `false`.
+* Represents the currently authenticated user.
+The current `Authentication` can be obtained from the <<servlet-authentication-securitycontext>>.
+
+The `Authentication` contains:
+
+* `principal` - identifies the user.
+When authenticating with a username/password this is often an instance of `UserDetails`.
+* `credentials` - Often a password.
+In many cases this will be cleared after the user is authenticated to ensure it is not leaked.
+* `authorities` - the <<servlet-authentication-granted-authority,``GrantedAuthority``s>> are high level permissions the user is granted.
+A few examples are roles or scopes.

docs/manual/src/docs/asciidoc/_includes/servlet/authorization/architecture.adoc

@@ -6,7 +6,7 @@
 
 [[authz-authorities]]
 == Authorities
-As we saw in the <<tech-granted-authority,technical overview>>, all `Authentication` implementations store a list of `GrantedAuthority` objects.
+<<servlet-authentication-authentication,`Authentication`>>, discusses how all `Authentication` implementations store a list of `GrantedAuthority` objects.
 These represent the authorities that have been granted to the principal.
 the `GrantedAuthority` objects are inserted into the `Authentication` object by the `AuthenticationManager` and are later read by `AccessDecisionManager` s when making authorization decisions.