Describe the bug When a AuthenticationServiceException is thrown from AuthenticationProviders say JwtAuthenticationProvider is throwing this exception at this line and the security filter chain is not able to capture this exception in accessDeniedHandler or authenticationEntryPoint though it is configured with proper exceptionHandling but it works when an instance of OAuth2AuthenticationException is thrown

To Reproduce Configure httpsecurity filter chain with proper exceptionHandling

Expected behavior Exception thrown of type AuthenticationServiceException should be handled same like OAuth2AuthenticationException

Sample

@Bean
    AuthenticationManagerResolver<HttpServletRequest> multitenantPasAuthenticationManager(JwtAuthenticationProvider jwtAuthenticationProvider) {
        // AuthenticationServiceException if thrown by JwtAuthenticationProvider
        return (request) -> new ProviderManager(jwtAuthenticationProvider);
    }

    @Bean
    public Customizer<HttpSecurity> securityCustomizer(AuthenticationManagerResolver<HttpServletRequest> authenticationManagerResolver,
                                                       ObjectMapper objectMapper) {
        return http -> {
            try {
                http.oauth2ResourceServer(oauth2 -> {
                    oauth2.authenticationManagerResolver(authenticationManagerResolver);
                    oauth2.accessDeniedHandler(new MyCustomHandler(objectMapper));
                    oauth2.authenticationEntryPoint(new MyCustomEntryPoint(objectMapper));
                });
            } catch (Exception exception) {
                log.error("Failed to configure OAuth2 resource server", exception);
                throw new IllegalStateException(exception);
            }
        };
    }

    @Bean
    public SecurityFilterChain securityFilterChain(final HttpSecurity http,
                                                   final MvcRequestMatcher.Builder mvc,
                                                   Customizer<HttpSecurity> securityCustomizer) throws Exception {
        securityCustomizer.customize(http);
        http
                .csrf(AbstractHttpConfigurer::disable)
                .httpBasic(AbstractHttpConfigurer::disable)
                .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
                .cors(AbstractHttpConfigurer::disable)
                .formLogin(AbstractHttpConfigurer::disable)
                .requestCache(RequestCacheConfigurer::disable)
                .logout(AbstractHttpConfigurer::disable)
                .headers(getHeadersConfigurerCustomizer())
                .authorizeHttpRequests(auth -> {
                    // https://spring.io/security/cve-2023-34035
                    // https://github.com/jzheaux/cve-2023-34035-mitigations/tree/main
                    EXCLUDED_RESOURCES.forEach(s -> {
                        // Use ant matcher for permitting the access
                        auth.requestMatchers(antMatcher(s)).permitAll();
                    });
                    // Dispatcher servlet
                    if (h2ConsoleEnabled) {
                        auth.requestMatchers(antMatcher("/h2-console/**")).permitAll();
                    }

                    appProperties.resourceBasePaths().forEach(basePath -> {
                        auth.requestMatchers(mvc.pattern(basePath + "/**")).access(AuthorizationManagers.allOf(
                                new WebExpressionAuthorizationManager("hasRole('CLIENT')")
                        ));
                    });
                    auth.anyRequest().denyAll();
                })
                .exceptionHandling(httpSecurityExceptionHandlingConfigurer -> {
                    httpSecurityExceptionHandlingConfigurer.accessDeniedHandler(new MyCustomHandler(objectMapper));
                    httpSecurityExceptionHandlingConfigurer.authenticationEntryPoint(new MyCustomEntryPoint(objectMapper));
                });
        return http.build();
    }