Fix ThreadLocal leak with SecurityContextHolder

Use SecurityContextHolder.peekContext() so that it doesn't create
an empty object in ThreadLocal.

config/src/main/java/org/springframework/security/config/annotation/web/configuration/SecurityReactorContextConfiguration.java

@@ -36,6 +36,7 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.request.RequestAttributes;
 import org.springframework.web.context.request.RequestContextHolder;
@@ -94,7 +95,12 @@ <T> CoreSubscriber<T> createSubscriberIfNecessary(CoreSubscriber<T> delegate) {
 		}
 
 		private static boolean contextAttributesAvailable() {
-			return SecurityContextHolder.getContext().getAuthentication() != null
+			SecurityContext context = SecurityContextHolder.peekContext();
+			Authentication authentication = null;
+			if (context != null) {
+				authentication = context.getAuthentication();
+			}
+			return authentication != null
 					|| RequestContextHolder.getRequestAttributes() instanceof ServletRequestAttributes;
 		}
 
@@ -107,7 +113,11 @@ private static Map<Object, Object> getContextAttributes() {
 				servletRequest = servletRequestAttributes.getRequest();
 				servletResponse = servletRequestAttributes.getResponse(); // possible null
 			}
-			Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+			SecurityContext context = SecurityContextHolder.peekContext();
+			Authentication authentication = null;
+			if (context != null) {
+				authentication = context.getAuthentication();
+			}
 			if (authentication == null && servletRequest == null) {
 				return Collections.emptyMap();
 			}