Spring Security @DeniedHandler should not require an ApplicationContext to function

The given test:

public class HandleTests {

    @Test
    public void test() {
       AuthorizationProxyFactory proxyFactory = AuthorizationAdvisorProxyFactory.withDefaults();
       Account account = (Account) proxyFactory.proxy(new Account());
       assertThat(account.getAccountNumber()).isNull();
    }

    public static class Account {
       @PreAuthorize("denyAll")
       @HandleAuthorizationDenied(handlerClass = NullMethodAuthorizationDeniedHandler.class)
       public String getAccountNumber() {
          return "123";
       }
    }

    public class NullMethodAuthorizationDeniedHandler implements MethodAuthorizationDeniedHandler {
       @Override
       public Object handleDeniedInvocation(MethodInvocation methodInvocation, AuthorizationResult authorizationResult) {
          return null;
       }
    }
}

fails because PreAuthorizeAuthenticiationManager -- and other related managers -- resolve handlerClass by looking it up as a @Bean. The main concern here is that it is failing silently to load the handlerClass.

It would be nice if, by default, it tried to construct the value. That behavior would be replaced if an ApplicationContext is specified.