The easiest approach is to use a tag <sec:authorize>and change the desired variable inside your body.
If you really want to evaluate the expressions manually, look at the source AuthorizeTag- it will get the first bean of the type WebSecurtyExpressionHandlerfrom the context of the web application and use it to get ExpressionParserand EvaluationContext.