Add AuthenticationTrustResolver#isFullyAuthenticated

Closes gh-11510

core/src/main/java/org/springframework/security/access/expression/SecurityExpressionRoot.java

@@ -153,7 +153,7 @@ public abstract class SecurityExpressionRoot implements SecurityExpressionOperat
 	@Override
 	public final boolean isFullyAuthenticated() {
 		Authentication authentication = getAuthentication();
-		return !this.trustResolver.isAnonymous(authentication) && !this.trustResolver.isRememberMe(authentication);
+		return this.trustResolver.isFullyAuthenticated(authentication);
 	}
 
 	/**

core/src/main/java/org/springframework/security/authentication/AuthenticationTrustResolver.java

@@ -53,4 +53,21 @@ public interface AuthenticationTrustResolver {
 	 */
 	boolean isRememberMe(Authentication authentication);
 
+	/**
+	 * Indicates whether the passed <code>Authentication</code> token represents a fully
+	 * authenticated user (that is, neither anonymous or remember-me). This is a
+	 * composition of <code>isAnonymous</code> and <code>isRememberMe</code>
+	 * implementation
+	 * <p>
+	 * @param authentication to test (may be <code>null</code> in which case the method
+	 * will always return <code>false</code>)
+	 * @return <code>true</code> the passed authentication token represented an anonymous
+	 * principal & is authenticated using a remember-me token, <code>false</code>
+	 * otherwise
+	 * @since 5.8
+	 */
+	default boolean isFullyAuthenticated(Authentication authentication) {
+		return !isAnonymous(authentication) && !isRememberMe(authentication);
+	}
+
 }

core/src/main/java/org/springframework/security/authorization/AuthenticatedAuthorizationManager.java

@@ -143,7 +143,7 @@ public final class AuthenticatedAuthorizationManager<T> implements Authorization
 
 		@Override
 		boolean isGranted(Authentication authentication) {
-			return super.isGranted(authentication) && !this.trustResolver.isRememberMe(authentication);
+			return authentication != null && this.trustResolver.isFullyAuthenticated(authentication);
 		}
 
 	}