Spring Security MethodAuthorizationDeniedHandler should allow access to the returnObject on PostAuthorize

I think this could be done by ensuring that the AuthorizationResult for PostAuthorize has the returnObject on it. We should also try to make it so that the MethodAuthorizationDeniedHandler does not need to cast the AuthorizationResult

Comment From: rwinch

After speaking to @marcusdacoregio this was an error on my part, You need to use @PostAuthorize and override the default method in MethodAccessDeniedHandler.