AuthorizationWebFilter handles null Authentication

If the AuthorizationManager used the Authentication and the Authentication
was null the AuthorizationWebFilter would produce a NullPointerException

This commit fixes the test to ensure that Authentication is subscribed to
and ensures that the Authentication is not null

Fixes: gh-4966

web/src/main/java/org/springframework/security/web/server/authorization/AuthorizationWebFilter.java

@@ -40,6 +40,7 @@ public class AuthorizationWebFilter implements WebFilter {
 	@Override
 	public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
 		return ReactiveSecurityContextHolder.getContext()
+			.filter(c -> c.getAuthentication() != null)
 			.map(SecurityContext::getAuthentication)
 			.as(authentication -> this.accessDecisionManager.verify(authentication, exchange))
 			.switchIfEmpty(chain.filter(exchange));

web/src/test/java/org/springframework/security/web/server/authorization/AuthorizationWebFilterTests.java

@@ -63,7 +63,7 @@ public class AuthorizationWebFilterTests {
 	@Test
 	public void filterWhenNoAuthenticationThenThrowsAccessDenied() {
 		when(this.chain.filter(this.exchange)).thenReturn(this.chainResult.mono());
-		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> Mono.error(new AccessDeniedException("Denied")));
+		AuthorizationWebFilter filter = new AuthorizationWebFilter((a, e) -> a.flatMap(auth -> Mono.error(new AccessDeniedException("Denied"))));
 
 		Mono<Void> result = filter
 			.filter(this.exchange, this.chain)