SEC-1965: DefaultWebSecurityExpressionHandler is now passive from 3.0.x releases

There were two issues that needed resolved

 - Since DefaultWebSecurityExpressionHandler no longer implemented WebSecurityExpressionHandler a bean lookup by
   type would not work. This caused failures in the JSF support.

 - The method createEvaluationContext needed to be explicitly defined on WebSecurityExpressionHandler since the
   parameterized type from the super interface is not preserved at compile time. Without explicitly defining the
   method any class compiled against a previous version would cause a NoSuchMethodException.

web/src/main/java/org/springframework/security/web/access/expression/DefaultWebSecurityExpressionHandler.java

@@ -12,7 +12,8 @@ import org.springframework.security.web.FilterInvocation;
  * @author Luke Taylor
  * @since 3.0
  */
-public class DefaultWebSecurityExpressionHandler extends AbstractSecurityExpressionHandler<FilterInvocation> {
+@SuppressWarnings("deprecation")
+public class DefaultWebSecurityExpressionHandler extends AbstractSecurityExpressionHandler<FilterInvocation> implements WebSecurityExpressionHandler {
 
     private final AuthenticationTrustResolver trustResolver = new AuthenticationTrustResolverImpl();
 

web/src/main/java/org/springframework/security/web/access/expression/WebSecurityExpressionHandler.java

@@ -1,8 +1,12 @@
 package org.springframework.security.web.access.expression;
 
+import org.springframework.expression.EvaluationContext;
 import org.springframework.security.access.expression.SecurityExpressionHandler;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.web.FilterInvocation;
 
 @Deprecated
 public interface WebSecurityExpressionHandler extends SecurityExpressionHandler<FilterInvocation> {
+
+    EvaluationContext createEvaluationContext(Authentication authentication, FilterInvocation invocation);
 }