I have a pretty basic server set up:
ExceptionHandler -> Security Handlers * -> PathTemplateHandler -> my routes
* The security handlers are set up as shown in the examples  and I'm also using the same `IdentityManager` for my tinkering.
What I'm seeing is that in ExceptionHandler  the request is just passed directly onto the next handler, which in this case, is the start of the security handlers.
The request is passed through each handler until it hits `AuthenticationCallHandler` and is moved off the IO thread . The call then returns, and all the invocations to the next handler finish back up the stack until `ExceptionHandler`, where the call completes successfully.
Trouble is, the request was malformed and the route handling it threw an exception and it wasn't handled as expected.
I guess the correct answer is that I shouldn't have allowed it to get thrown out of the handler for the route; catch it there and send the expected error response.
But, I'm curious if there was a way to do this with the handlers, or perhaps, more generally, what are the expectations along the call chain of handlers when some may move off the initial IO thread.