moved common authorization/authentication classes into their own module to better reflect their functionality; added checks for admin role name into principal retrievers