Throw AuthorizationDeniedException when AuthorizationResult is available

Closes gh-15706

core/src/main/java/org/springframework/security/authorization/AuthorizationManager.java

@@ -41,7 +41,7 @@ public interface AuthorizationManager<T> {
 	default void verify(Supplier<Authentication> authentication, T object) {
 		AuthorizationDecision decision = check(authentication, object);
 		if (decision != null && !decision.isGranted()) {
-			throw new AccessDeniedException("Access Denied");
+			throw new AuthorizationDeniedException("Access Denied", decision);
 		}
 	}
 

web/src/main/java/org/springframework/security/web/access/intercept/AuthorizationFilter.java

@@ -28,9 +28,9 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 
 import org.springframework.context.ApplicationEventPublisher;
-import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
 import org.springframework.security.authorization.AuthorizationDecision;
+import org.springframework.security.authorization.AuthorizationDeniedException;
 import org.springframework.security.authorization.AuthorizationEventPublisher;
 import org.springframework.security.authorization.AuthorizationManager;
 import org.springframework.security.authorization.event.AuthorizationDeniedEvent;
@@ -95,7 +95,7 @@ public class AuthorizationFilter extends GenericFilterBean {
 			AuthorizationDecision decision = this.authorizationManager.check(this::getAuthentication, request);
 			this.eventPublisher.publishAuthorizationEvent(this::getAuthentication, request, decision);
 			if (decision != null && !decision.isGranted()) {
-				throw new AccessDeniedException("Access Denied");
+				throw new AuthorizationDeniedException("Access Denied", decision);
 			}
 			chain.doFilter(request, response);
 		}