Update AuthorizeReturnObject Jackson Docs

Now instructs to use MethodAuthorizationDeniedHandler

Issue gh-14601

Author: jzheaux

docs/modules/ROOT/pages/servlet/authorization/method-security.adoc

@@ -2200,10 +2200,10 @@ Java::
 ----
 @RestController
 public class UserController {
-	@Autowired
+    @Autowired
     AuthorizationProxyFactory proxyFactory;
 
-	@GetMapping
+    @GetMapping
     User currentUser(@AuthenticationPrincipal User user) {
         return this.proxyFactory.proxy(user);
     }
@@ -2227,7 +2227,7 @@ class UserController  {
 ----
 ======
 
-Finally, you will need to publish a <<custom_advice, custom interceptor>> to catch the `AccessDeniedException` thrown for each field, which you can do like so:
+You will need to <<fallback-values-authorization-denied,add a `MethodAuthorizationDeniedHandler`>> like this one:
 
 [tabs]
 ======
@@ -2236,32 +2236,18 @@ Java::
 [source,java,role="primary"]
 ----
 @Component
-public class AccessDeniedExceptionInterceptor implements AuthorizationAdvisor {
-    private final AuthorizationAdvisor advisor = AuthorizationManagerBeforeMethodInterceptor.preAuthorize();
-
-	@Override
-	public Object invoke(MethodInvocation invocation) throws Throwable {
-		try {
-			return invocation.proceed();
-		} catch (AccessDeniedException ex) {
-			return null;
-		}
-	}
-
-	@Override
-	public Pointcut getPointcut() {
-		return this.advisor.getPointcut();
-	}
+public class Null implements MethodAuthorizationDeniedHandler {
+    @Override
+    public Object handleDeniedInvocation(MethodInvocation methodInvocation, AuthorizationResult authorizationResult) {
+        return null;
+    }
+}
 
-	@Override
-	public Advice getAdvice() {
-		return this;
-	}
+// ...
 
-	@Override
-	public int getOrder() {
-		return this.advisor.getOrder() - 1;
-	}
+@HandleAuthorizationDenied(handlerClass = Null.class)
+public class User {
+	...
 }
 ----
 
@@ -2270,26 +2256,17 @@ Kotlin::
 [source,kotlin,role="secondary"]
 ----
 @Component
-class AccessDeniedExceptionInterceptor: AuthorizationAdvisor {
-    var advisor: AuthorizationAdvisor = AuthorizationManagerBeforeMethodInterceptor.preAuthorize()
-
-    @Throws(Throwable::class)
-    fun invoke(invocation: MethodInvocation): Any? {
-        return try  {
-            invocation.proceed()
-        } catch (ex:AccessDeniedException) {
-            null
-        }
+class Null : MethodAuthorizationDeniedHandler {
+    override fun handleDeniedInvocation(methodInvocation: MethodInvocation?, authorizationResult: AuthorizationResult?): Any? {
+        return null
     }
+}
 
-     val pointcut: Pointcut
-     get() = advisor.getPointcut()
-
-     val advice: Advice
-     get() = this
+// ...
 
-     val order: Int
-     get() = advisor.getOrder() - 1
+@HandleAuthorizationDenied(handlerClass = Null.class)
+open class User {
+	...
 }
 ----
 ======
@@ -2317,7 +2294,7 @@ And if they do have that authority, they'll see:
 
 [TIP]
 ====
-You can also add the Spring Boot property `spring.jackson.default-property-inclusion=non_null` to exclude the null value, if you also don't want to reveal the JSON key to an unauthorized user.
+You can also add the Spring Boot property `spring.jackson.default-property-inclusion=non_null` to exclude the null value from serialization, if you also don't want to reveal the JSON key to an unauthorized user.
 ====
 
 [[fallback-values-authorization-denied]]