This functionality adds a lot of unnecessary complication to the implementation and in both cases there are cleaner alternatives. The context maintenance classes are crucial to the framework so the simpler we can keep them the better.
The use of a different SecurityContext implementation is now supported through the SecurityContextHolderStrategy.createEmptyContext() method, making the securityContextClass property redundant.
A better alternative to cloning would be to override the loadContext() method and copy the default context it creates. Since the Authentication should be considered to be immutable, something like:
SecurityContext context = SecurityContextHolder.createEmptyContext();