Closed
Description
Semantically, it's sensible to have XYZAuthenticationToken and XYZAuthentication classes, where the first is the authentication request and the second the (successful) result.
BearerTokenAuthenticationFilter uses a BearerTokenAuthenticationToken (request) but not a BearerTokenAuthentication (result), so let's remedy that.