Provide a way to customize the default RequestCache without replacing the entire implementation

[eric-creekside]

Spring Security 6.2.5 Without any customization, the default RequestCache is HttpSessionRequestCache (created by private methods in RequestCacheConfigurer). For some situations, it would be necessary to customize that cache. An example I have run into is needing to extend the cache's RequestMatcher to exclude certain requests from being cached (see this SO question for specifics). As far as I can see, the only customization option for a typical SecurityFilterChain bean is to completely replace the RequestCache object via RequestCacheConfigurer<HttpSecurity>.requestCache(). That's far from ideal as many applications will want the default configured cache with only minor changes. Since the configurer's methods that create or use the default are all private, that's not currently possible. It would be useful for RequestCacheConfigurer to expose a way to get to the default cache, so the application can customize it. Even if it required a cast, that would likely be a "lesser of 2 evils" choice for many developers.