The <authorize/> tag is built for JSP pages. It extends from javax.servlet.jsp.tagext.TagSupport, has dependencies on javax.servlet.jsp.*, relies on the presence of javax.servlet.jsp.PageContext, etc.
The ability to use the <authorize/> tag in JSF applications has been a long standing and popular request
SWF-1333. With Facelets being the standard rendering technology in JSF 2, the need to make the tag usable in Facelets has only increased. Furthermore Facelets in JSF 1.2 uses different packages than Facelets in JSF 2 when Facelets became standard. Hence the re-usable parts of the code for AuthorizeTag need to be factored out and made independent of tag specific dependencies.