A handy AccessDeniedHandler implementation would be one that allows an authority like FACTOR_PASSWORD to be bound to an entry point, like new LoginUrlAuthenticationEntryPoint("/login").
With a map of factors to entry points, this access denied handler could allow an already authenticated user to obtain more authorities.
Comment From: jzheaux
Closed in 9f31775