By default @HandleAuthorizationDenied uses an exception-throwing implementation. Another useful implementation would be to return null.

It would go in the same package as MethodAuthorizationDeniedHandler.