Remove HttpSecurity and() DSL Methods

This commit removes all and() methods that have been
deprecated in the HttpSecurity DSL with the exception
of featurePolicy, which will be removed when that
feature is removed. Note that since featurePolicy
does not have a lambda equivalent, the and support
needs to remain for the moment.

Issue gh-13067

config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java

@@ -50,17 +50,6 @@ public abstract class SecurityConfigurerAdapter<O, B extends SecurityBuilder<O>>
 	public void configure(B builder) throws Exception {
 	}
 
-	/**
-	 * Return the {@link SecurityBuilder} when done using the {@link SecurityConfigurer}.
-	 * This is useful for method chaining.
-	 * @return the {@link SecurityBuilder} for further customizations
-	 * @deprecated For removal in 7.0. Use the lambda based configuration instead.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public B and() {
-		return getBuilder();
-	}
-
 	/**
 	 * Gets the {@link SecurityBuilder}. Cannot be null.
 	 * @return the {@link SecurityBuilder}

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/ldap/LdapAuthenticationProviderConfigurer.java

@@ -386,6 +386,10 @@ public class LdapAuthenticationProviderConfigurer<B extends ProviderManagerBuild
 		return this;
 	}
 
+	public B and() {
+		return getBuilder();
+	}
+
 	@Override
 	public void configure(B builder) throws Exception {
 		LdapAuthenticationProvider provider = postProcess(build());

config/src/main/java/org/springframework/security/config/annotation/authentication/configurers/provisioning/InMemoryUserDetailsManagerConfigurer.java

@@ -41,4 +41,8 @@ public class InMemoryUserDetailsManagerConfigurer<B extends ProviderManagerBuild
 		super(new InMemoryUserDetailsManager(new ArrayList<>()));
 	}
 
+	public B and() {
+		return getBuilder();
+	}
+
 }

config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java

@@ -231,17 +231,6 @@ public final class AuthorizeHttpRequestsConfigurer<H extends HttpSecurityBuilder
 			return this;
 		}
 
-		/**
-		 * Return the {@link HttpSecurityBuilder} when done using the
-		 * {@link AuthorizeHttpRequestsConfigurer}. This is useful for method chaining.
-		 * @return the {@link HttpSecurityBuilder} for further customizations
-		 * @deprecated For removal in 7.0. Use the lambda based configuration instead.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public H and() {
-			return AuthorizeHttpRequestsConfigurer.this.and();
-		}
-
 	}
 
 	/**

config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java

@@ -24,10 +24,7 @@ import java.util.List;
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
-import org.springframework.security.config.Customizer;
 import org.springframework.security.config.ObjectPostProcessor;
-import org.springframework.security.config.annotation.SecurityBuilder;
-import org.springframework.security.config.annotation.SecurityConfigurer;
 import org.springframework.security.config.annotation.web.HttpSecurityBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.web.DefaultRedirectStrategy;
@@ -43,8 +40,6 @@ import org.springframework.security.web.access.channel.SecureChannelProcessor;
 import org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 /**
  * Adds channel security (i.e. requires HTTPS or HTTP) to an application. In order for
  * {@link ChannelSecurityConfigurer} to be useful, at least one {@link RequestMatcher}
@@ -209,18 +204,6 @@ public final class ChannelSecurityConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * Return the {@link SecurityBuilder} when done using the
-		 * {@link SecurityConfigurer}. This is useful for method chaining.
-		 * @return the type of {@link HttpSecurityBuilder} that is being configured
-		 * @deprecated For removal in 7.0. Use
-		 * {@link HttpSecurity#requiresChannel(Customizer)} instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public H and() {
-			return ChannelSecurityConfigurer.this.and();
-		}
-
 	}
 
 	/**

config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java

@@ -57,8 +57,6 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 /**
  * Adds
  * <a href="https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)" >CSRF</a>
@@ -174,7 +172,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @since 5.1
 	 */
 	public CsrfConfigurer<H> ignoringRequestMatchers(RequestMatcher... requestMatchers) {
-		return new IgnoreCsrfProtectionRegistry(this.context).requestMatchers(requestMatchers).and();
+		new IgnoreCsrfProtectionRegistry(this.context).requestMatchers(requestMatchers);
+		return this;
 	}
 
 	/**
@@ -202,7 +201,8 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 	 * @see AbstractRequestMatcherRegistry#requestMatchers(String...)
 	 */
 	public CsrfConfigurer<H> ignoringRequestMatchers(String... patterns) {
-		return new IgnoreCsrfProtectionRegistry(this.context).requestMatchers(patterns).and();
+		new IgnoreCsrfProtectionRegistry(this.context).requestMatchers(patterns);
+		return this;
 	}
 
 	/**
@@ -386,10 +386,6 @@ public final class CsrfConfigurer<H extends HttpSecurityBuilder<H>>
 			setApplicationContext(context);
 		}
 
-		CsrfConfigurer<H> and() {
-			return CsrfConfigurer.this;
-		}
-
 		@Override
 		protected IgnoreCsrfProtectionRegistry chainRequestMatchers(List<RequestMatcher> requestMatchers) {
 			CsrfConfigurer.this.ignoredCsrfProtectionMatchers.addAll(requestMatchers);

config/src/main/java/org/springframework/security/config/annotation/web/configurers/ExpressionUrlAuthorizationConfigurer.java

@@ -42,8 +42,6 @@ import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 /**
  * Adds URL based authorization based upon SpEL expressions to an application. At least
  * one {@link org.springframework.web.bind.annotation.RequestMapping} needs to be mapped
@@ -253,7 +251,7 @@ public final class ExpressionUrlAuthorizationConfigurer<H extends HttpSecurityBu
 		}
 
 		public H and() {
-			return ExpressionUrlAuthorizationConfigurer.this.and();
+			return ExpressionUrlAuthorizationConfigurer.this.getBuilder();
 		}
 
 	}

config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java

@@ -48,8 +48,6 @@ import org.springframework.security.web.header.writers.frameoptions.XFrameOption
 import org.springframework.security.web.util.matcher.RequestMatcher;
 import org.springframework.util.Assert;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 /**
  * <p>
  * Adds the Security HTTP headers to the response. Security HTTP headers is activated by
@@ -129,26 +127,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return this;
 	}
 
-	/**
-	 * Configures the {@link XContentTypeOptionsHeaderWriter} which inserts the
-	 * <a href= "https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx"
-	 * >X-Content-Type-Options</a>:
-	 *
-	 * <pre>
-	 * X-Content-Type-Options: nosniff
-	 * </pre>
-	 * @return the {@link ContentTypeOptionsConfig} for additional customizations
-	 * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} or
-	 * {@code contentTypeOptions(Customizer.withDefaults())} to stick with defaults. See
-	 * the <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public ContentTypeOptionsConfig contentTypeOptions() {
-		return this.contentTypeOptions.enable();
-	}
-
 	/**
 	 * Configures the {@link XContentTypeOptionsHeaderWriter} which inserts the
 	 * <a href= "https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx"
@@ -166,26 +144,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
-	/**
-	 * <strong>Note this is not comprehensive XSS protection!</strong>
-	 *
-	 * <p>
-	 * Allows customizing the {@link XXssProtectionHeaderWriter} which adds the <a href=
-	 * "https://web.archive.org/web/20160201174302/https://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx"
-	 * >X-XSS-Protection header</a>
-	 * </p>
-	 * @return the {@link XXssConfig} for additional customizations
-	 * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} or
-	 * {@code xssProtection(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public XXssConfig xssProtection() {
-		return this.xssProtection.enable();
-	}
-
 	/**
 	 * <strong>Note this is not comprehensive XSS protection!</strong>
 	 *
@@ -203,26 +161,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
-	/**
-	 * Allows customizing the {@link CacheControlHeadersWriter}. Specifically it adds the
-	 * following headers:
-	 * <ul>
-	 * <li>Cache-Control: no-cache, no-store, max-age=0, must-revalidate</li>
-	 * <li>Pragma: no-cache</li>
-	 * <li>Expires: 0</li>
-	 * </ul>
-	 * @return the {@link CacheControlConfig} for additional customizations
-	 * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} or
-	 * {@code cacheControl(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public CacheControlConfig cacheControl() {
-		return this.cacheControl.enable();
-	}
-
 	/**
 	 * Allows customizing the {@link CacheControlHeadersWriter}. Specifically it adds the
 	 * following headers:
@@ -240,19 +178,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
-	/**
-	 * Allows customizing the {@link HstsHeaderWriter} which provides support for
-	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
-	 * (HSTS)</a>.
-	 * @return the {@link HstsConfig} for additional customizations
-	 * @deprecated For removal in 7.0. Use
-	 * {@link #httpStrictTransportSecurity(Customizer)} instead
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public HstsConfig httpStrictTransportSecurity() {
-		return this.hsts.enable();
-	}
-
 	/**
 	 * Allows customizing the {@link HstsHeaderWriter} which provides support for
 	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
@@ -266,20 +191,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
-	/**
-	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
-	 * @return the {@link FrameOptionsConfig} for additional customizations
-	 * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} or
-	 * {@code frameOptions(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public FrameOptionsConfig frameOptions() {
-		return this.frameOptions.enable();
-	}
-
 	/**
 	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
 	 * @param frameOptionsCustomizer the {@link Customizer} to provide more options for
@@ -291,21 +202,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
-	/**
-	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for
-	 * <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
-	 * @return the {@link HpkpConfig} for additional customizations
-	 *
-	 * @since 4.1
-	 * @deprecated see <a href=
-	 * "https://owasp.org/www-community/controls/Certificate_and_Public_Key_Pinning">Certificate
-	 * and Public Key Pinning</a> for more context
-	 */
-	@Deprecated
-	public HpkpConfig httpPublicKeyPinning() {
-		return this.hpkp.enable();
-	}
-
 	/**
 	 * Allows customizing the {@link HpkpHeaderWriter} which provides support for
 	 * <a href="https://tools.ietf.org/html/rfc7469">HTTP Public Key Pinning (HPKP)</a>.
@@ -322,39 +218,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
-	/**
-	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
-	 * Policy (CSP) Level 2</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Calling this method automatically enables (includes) the Content-Security-Policy
-	 * header in the response using the supplied security policy directive(s).
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link ContentSecurityPolicyHeaderWriter} which
-	 * supports the writing of the two headers as detailed in the W3C Candidate
-	 * Recommendation:
-	 * </p>
-	 * <ul>
-	 * <li>Content-Security-Policy</li>
-	 * <li>Content-Security-Policy-Report-Only</li>
-	 * </ul>
-	 * @return the {@link ContentSecurityPolicyConfig} for additional configuration
-	 * @throws IllegalArgumentException if policyDirectives is null or empty
-	 * @since 4.1
-	 * @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)}
-	 * instead
-	 * @see ContentSecurityPolicyHeaderWriter
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
-		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
-		return this.contentSecurityPolicy;
-	}
-
 	/**
 	 * <p>
 	 * Allows configuration for <a href="https://www.w3.org/TR/CSP2/">Content Security
@@ -456,71 +319,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 	}
 
-	/**
-	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
-	 * Policy</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
-	 * the writing of the header as detailed in the W3C Technical Report:
-	 * </p>
-	 * <ul>
-	 * <li>Referrer-Policy</li>
-	 * </ul>
-	 *
-	 * <p>
-	 * Default value is:
-	 * </p>
-	 *
-	 * <pre>
-	 * Referrer-Policy: no-referrer
-	 * </pre>
-	 * @return the {@link ReferrerPolicyConfig} for additional configuration
-	 * @since 4.2
-	 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or
-	 * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 * @see ReferrerPolicyHeaderWriter
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public ReferrerPolicyConfig referrerPolicy() {
-		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
-		return this.referrerPolicy;
-	}
-
-	/**
-	 * <p>
-	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
-	 * Policy</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link ReferrerPolicyHeaderWriter} which support
-	 * the writing of the header as detailed in the W3C Technical Report:
-	 * </p>
-	 * <ul>
-	 * <li>Referrer-Policy</li>
-	 * </ul>
-	 * @return the {@link ReferrerPolicyConfig} for additional configuration
-	 * @throws IllegalArgumentException if policy is null or empty
-	 * @since 4.2
-	 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or
-	 * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 * @see ReferrerPolicyHeaderWriter
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) {
-		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(policy);
-		return this.referrerPolicy;
-	}
-
 	/**
 	 * <p>
 	 * Allows configuration for <a href="https://www.w3.org/TR/referrer-policy/">Referrer
@@ -570,35 +368,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return this.featurePolicy;
 	}
 
-	/**
-	 * <p>
-	 * Allows configuration for
-	 * <a href="https://w3c.github.io/webappsec-permissions-policy/">Permissions
-	 * Policy</a>.
-	 * </p>
-	 *
-	 * <p>
-	 * Configuration is provided to the {@link PermissionsPolicyHeaderWriter} which
-	 * support the writing of the header as detailed in the W3C Technical Report:
-	 * </p>
-	 * <ul>
-	 * <li>Permissions-Policy</li>
-	 * </ul>
-	 * @return the {@link PermissionsPolicyConfig} for additional configuration
-	 * @since 5.5
-	 * @deprecated For removal in 7.0. Use {@link #permissionsPolicyHeader(Customizer)} or
-	 * {@code permissionsPolicy(Customizer.withDefaults())} to stick with defaults. See
-	 * the <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 * @see PermissionsPolicyHeaderWriter
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public PermissionsPolicyConfig permissionsPolicy() {
-		this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter();
-		return this.permissionsPolicy;
-	}
-
 	/**
 	 * Allows configuration for
 	 * <a href="https://w3c.github.io/webappsec-permissions-policy/"> Permissions
@@ -645,26 +414,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return this;
 	}
 
-	/**
-	 * Allows configuration for <a href=
-	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy">
-	 * Cross-Origin-Opener-Policy</a> header.
-	 * <p>
-	 * Configuration is provided to the {@link CrossOriginOpenerPolicyHeaderWriter} which
-	 * responsible for writing the header.
-	 * </p>
-	 * @return the {@link CrossOriginOpenerPolicyConfig} for additional confniguration
-	 * @since 5.7
-	 * @deprecated For removal in 7.0. Use {@link #crossOriginOpenerPolicy(Customizer)}
-	 * instead
-	 * @see CrossOriginOpenerPolicyHeaderWriter
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public CrossOriginOpenerPolicyConfig crossOriginOpenerPolicy() {
-		this.crossOriginOpenerPolicy.writer = new CrossOriginOpenerPolicyHeaderWriter();
-		return this.crossOriginOpenerPolicy;
-	}
-
 	/**
 	 * Allows configuration for <a href=
 	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy">
@@ -689,26 +438,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
-	/**
-	 * Allows configuration for <a href=
-	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy">
-	 * Cross-Origin-Embedder-Policy</a> header.
-	 * <p>
-	 * Configuration is provided to the {@link CrossOriginEmbedderPolicyHeaderWriter}
-	 * which is responsible for writing the header.
-	 * </p>
-	 * @return the {@link CrossOriginEmbedderPolicyConfig} for additional customizations
-	 * @since 5.7
-	 * @deprecated For removal in 7.0. Use {@link #crossOriginEmbedderPolicy(Customizer)}
-	 * instead
-	 * @see CrossOriginEmbedderPolicyHeaderWriter
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public CrossOriginEmbedderPolicyConfig crossOriginEmbedderPolicy() {
-		this.crossOriginEmbedderPolicy.writer = new CrossOriginEmbedderPolicyHeaderWriter();
-		return this.crossOriginEmbedderPolicy;
-	}
-
 	/**
 	 * Allows configuration for <a href=
 	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy">
@@ -733,26 +462,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		return HeadersConfigurer.this;
 	}
 
-	/**
-	 * Allows configuration for <a href=
-	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy">
-	 * Cross-Origin-Resource-Policy</a> header.
-	 * <p>
-	 * Configuration is provided to the {@link CrossOriginResourcePolicyHeaderWriter}
-	 * which is responsible for writing the header:
-	 * </p>
-	 * @return the {@link HeadersConfigurer} for additional customizations
-	 * @since 5.7
-	 * @deprecated For removal in 7.0. Use {@link #crossOriginResourcePolicy(Customizer)}
-	 * instead
-	 * @see CrossOriginResourcePolicyHeaderWriter
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public CrossOriginResourcePolicyConfig crossOriginResourcePolicy() {
-		this.crossOriginResourcePolicy.writer = new CrossOriginResourcePolicyHeaderWriter();
-		return this.crossOriginResourcePolicy;
-	}
-
 	/**
 	 * Allows configuration for <a href=
 	 * "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy">
@@ -791,17 +500,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 */
 		public HeadersConfigurer<H> disable() {
 			this.writer = null;
-			return and();
-		}
-
-		/**
-		 * Allows customizing the {@link HeadersConfigurer}
-		 * @return the {@link HeadersConfigurer} for additional customization
-		 * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)}
-		 * instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
 
@@ -866,21 +564,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 */
 		public HeadersConfigurer<H> disable() {
 			this.writer = null;
-			return and();
-		}
-
-		/**
-		 * Allows completing configuration of X-XSS-Protection and continuing
-		 * configuration of headers.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} or
-		 * {@code xssProtection(Customizer.withDefaults())} to stick with defaults. See
-		 * the <a href=
-		 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-		 * for more details.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
 
@@ -914,21 +597,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			return HeadersConfigurer.this;
 		}
 
-		/**
-		 * Allows completing configuration of Cache Control and continuing configuration
-		 * of headers.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} or
-		 * {@code cacheControl(Customizer.withDefaults())} to stick with defaults. See the
-		 * <a href=
-		 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-		 * for more details.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
-			return HeadersConfigurer.this;
-		}
-
 		/**
 		 * Ensures the Cache Control headers are enabled if they are not already.
 		 * @return the {@link CacheControlConfig} for additional customization
@@ -1026,18 +694,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			return HeadersConfigurer.this;
 		}
 
-		/**
-		 * Allows completing configuration of Strict Transport Security and continuing
-		 * configuration of headers.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use
-		 * {@link #httpStrictTransportSecurity(Customizer)} instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
-			return HeadersConfigurer.this;
-		}
-
 		/**
 		 * Ensures that Strict-Transport-Security is enabled if it is not already
 		 * @return the {@link HstsConfig} for additional customization
@@ -1065,7 +721,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 */
 		public HeadersConfigurer<H> deny() {
 			this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.DENY);
-			return and();
+			return HeadersConfigurer.this;
 		}
 
 		/**
@@ -1079,7 +735,7 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 */
 		public HeadersConfigurer<H> sameOrigin() {
 			this.writer = new XFrameOptionsHeaderWriter(XFrameOptionsMode.SAMEORIGIN);
-			return and();
+			return HeadersConfigurer.this;
 		}
 
 		/**
@@ -1088,20 +744,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 		 */
 		public HeadersConfigurer<H> disable() {
 			this.writer = null;
-			return and();
-		}
-
-		/**
-		 * Allows continuing customizing the headers configuration.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} or
-		 * {@code frameOptions(Customizer.withDefaults())} to stick with defaults. See the
-		 * <a href=
-		 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-		 * for more details.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
 
@@ -1319,18 +961,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * Allows completing configuration of Content Security Policy and continuing
-		 * configuration of headers.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)}
-		 * instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
-			return HeadersConfigurer.this;
-		}
-
 	}
 
 	public final class ReferrerPolicyConfig {
@@ -1351,18 +981,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} or
-		 * {@code referrerPolicy(Customizer.withDefaults())} to stick with defaults. See
-		 * the <a href=
-		 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-		 * for more details.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
-			return HeadersConfigurer.this;
-		}
-
 	}
 
 	public final class FeaturePolicyConfig {
@@ -1401,18 +1019,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * Allows completing configuration of Permissions Policy and continuing
-		 * configuration of headers.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
-		 * instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
-			return HeadersConfigurer.this;
-		}
-
 	}
 
 	public final class CrossOriginOpenerPolicyConfig {
@@ -1434,18 +1040,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * Allows completing configuration of Cross Origin Opener Policy and continuing
-		 * configuration of headers.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use
-		 * {@link #crossOriginOpenerPolicy(Customizer)} instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
-			return HeadersConfigurer.this;
-		}
-
 	}
 
 	public final class CrossOriginEmbedderPolicyConfig {
@@ -1468,18 +1062,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * Allows completing configuration of Cross-Origin-Embedder-Policy and continuing
-		 * configuration of headers.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use
-		 * {@link #crossOriginEmbedderPolicy(Customizer)} instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
-			return HeadersConfigurer.this;
-		}
-
 	}
 
 	public final class CrossOriginResourcePolicyConfig {
@@ -1502,18 +1084,6 @@ public class HeadersConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * Allows completing configuration of Cross-Origin-Resource-Policy and continuing
-		 * configuration of headers.
-		 * @return the {@link HeadersConfigurer} for additional configuration
-		 * @deprecated For removal in 7.0. Use
-		 * {@link #crossOriginResourcePolicy(Customizer)} instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public HeadersConfigurer<H> and() {
-			return HeadersConfigurer.this;
-		}
-
 	}
 
 }

config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java

@@ -66,8 +66,6 @@ import org.springframework.security.web.session.SimpleRedirectSessionInformation
 import org.springframework.util.Assert;
 import org.springframework.util.CollectionUtils;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 /**
  * Allows configuring session management.
  *
@@ -777,17 +775,6 @@ public final class SessionManagementConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * Used to chain back to the {@link SessionManagementConfigurer}
-		 * @return the {@link SessionManagementConfigurer} for further customizations
-		 * @deprecated For removal in 7.0. Use {@link #sessionConcurrency(Customizer)}
-		 * instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public SessionManagementConfigurer<H> and() {
-			return SessionManagementConfigurer.this;
-		}
-
 	}
 
 }

config/src/main/java/org/springframework/security/config/annotation/web/configurers/UrlAuthorizationConfigurer.java

@@ -248,7 +248,7 @@ public final class UrlAuthorizationConfigurer<H extends HttpSecurityBuilder<H>>
 		}
 
 		public H and() {
-			return UrlAuthorizationConfigurer.this.and();
+			return UrlAuthorizationConfigurer.this.getBuilder();
 		}
 
 	}

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java

@@ -141,18 +141,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Returns the {@link AuthorizationCodeGrantConfigurer} for configuring the OAuth 2.0
-	 * Authorization Code Grant.
-	 * @return the {@link AuthorizationCodeGrantConfigurer}
-	 * @deprecated For removal in 7.0. Use {@link #authorizationCodeGrant(Customizer)}
-	 * instead
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public AuthorizationCodeGrantConfigurer authorizationCodeGrant() {
-		return this.authorizationCodeGrantConfigurer;
-	}
-
 	/**
 	 * Configures the OAuth 2.0 Authorization Code Grant.
 	 * @param authorizationCodeGrantCustomizer the {@link Customizer} to provide more
@@ -242,17 +230,6 @@ public final class OAuth2ClientConfigurer<B extends HttpSecurityBuilder<B>>
 			return this;
 		}
 
-		/**
-		 * Returns the {@link OAuth2ClientConfigurer} for further configuration.
-		 * @return the {@link OAuth2ClientConfigurer}
-		 * @deprecated For removal in 7.0. Use {@link #authorizationCodeGrant(Customizer)}
-		 * instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public OAuth2ClientConfigurer<B> and() {
-			return OAuth2ClientConfigurer.this;
-		}
-
 		private void init(B builder) {
 			OAuth2AuthorizationCodeAuthenticationProvider authorizationCodeAuthenticationProvider = new OAuth2AuthorizationCodeAuthenticationProvider(
 					getAccessTokenResponseClient());

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java

@@ -104,8 +104,6 @@ import org.springframework.util.Assert;
 import org.springframework.util.ClassUtils;
 import org.springframework.util.ReflectionUtils;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 /**
  * An {@link AbstractHttpConfigurer} for OAuth 2.0 Login, which leverages the OAuth 2.0
  * Authorization Code Grant Flow.
@@ -248,18 +246,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization
-	 * Server's Authorization Endpoint.
-	 * @return the {@link AuthorizationEndpointConfig}
-	 * @deprecated For removal in 7.0. Use {@link #authorizationEndpoint(Customizer)}
-	 * instead
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public AuthorizationEndpointConfig authorizationEndpoint() {
-		return this.authorizationEndpointConfig;
-	}
-
 	/**
 	 * Configures the Authorization Server's Authorization Endpoint.
 	 * @param authorizationEndpointCustomizer the {@link Customizer} to provide more
@@ -272,21 +258,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's
-	 * Token Endpoint.
-	 * @return the {@link TokenEndpointConfig}
-	 * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} or
-	 * {@code tokenEndpoint(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public TokenEndpointConfig tokenEndpoint() {
-		return this.tokenEndpointConfig;
-	}
-
 	/**
 	 * Configures the Authorization Server's Token Endpoint.
 	 * @param tokenEndpointCustomizer the {@link Customizer} to provide more options for
@@ -299,18 +270,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Returns the {@link RedirectionEndpointConfig} for configuring the Client's
-	 * Redirection Endpoint.
-	 * @return the {@link RedirectionEndpointConfig}
-	 * @deprecated For removal in 7.0. Use {@link #redirectionEndpoint(Customizer)}
-	 * instead
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public RedirectionEndpointConfig redirectionEndpoint() {
-		return this.redirectionEndpointConfig;
-	}
-
 	/**
 	 * Configures the Client's Redirection Endpoint.
 	 * @param redirectionEndpointCustomizer the {@link Customizer} to provide more options
@@ -323,21 +282,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	/**
-	 * Returns the {@link UserInfoEndpointConfig} for configuring the Authorization
-	 * Server's UserInfo Endpoint.
-	 * @return the {@link UserInfoEndpointConfig}
-	 * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} or
-	 * {@code userInfoEndpoint(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public UserInfoEndpointConfig userInfoEndpoint() {
-		return this.userInfoEndpointConfig;
-	}
-
 	/**
 	 * Configures the Authorization Server's UserInfo Endpoint.
 	 * @param userInfoEndpointCustomizer the {@link Customizer} to provide more options
@@ -726,17 +670,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			return this;
 		}
 
-		/**
-		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 * @return the {@link OAuth2LoginConfigurer}
-		 * @deprecated For removal in 7.0. Use {@link #authorizationEndpoint(Customizer)}
-		 * instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public OAuth2LoginConfigurer<B> and() {
-			return OAuth2LoginConfigurer.this;
-		}
-
 	}
 
 	/**
@@ -763,20 +696,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			return this;
 		}
 
-		/**
-		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 * @return the {@link OAuth2LoginConfigurer}
-		 * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} or
-		 * {@code tokenEndpoint(Customizer.withDefaults())} to stick with defaults. See
-		 * the <a href=
-		 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-		 * for more details.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public OAuth2LoginConfigurer<B> and() {
-			return OAuth2LoginConfigurer.this;
-		}
-
 	}
 
 	/**
@@ -801,17 +720,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			return this;
 		}
 
-		/**
-		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 * @return the {@link OAuth2LoginConfigurer}
-		 * @deprecated For removal in 7.0. Use {@link #redirectionEndpoint(Customizer)}
-		 * instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public OAuth2LoginConfigurer<B> and() {
-			return OAuth2LoginConfigurer.this;
-		}
-
 	}
 
 	/**
@@ -866,17 +774,6 @@ public final class OAuth2LoginConfigurer<B extends HttpSecurityBuilder<B>>
 			return this;
 		}
 
-		/**
-		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
-		 * @return the {@link OAuth2LoginConfigurer}
-		 * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)}
-		 * instead
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public OAuth2LoginConfigurer<B> and() {
-			return OAuth2LoginConfigurer.this;
-		}
-
 	}
 
 	private static class OidcAuthenticationRequestChecker implements AuthenticationProvider {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OidcLogoutConfigurer.java

@@ -111,11 +111,6 @@ public final class OidcLogoutConfigurer<B extends HttpSecurityBuilder<B>>
 		return this;
 	}
 
-	@Deprecated(forRemoval = true, since = "6.2")
-	public B and() {
-		return getBuilder();
-	}
-
 	@Override
 	public void configure(B builder) throws Exception {
 		if (this.backChannel != null) {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java

@@ -214,20 +214,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		return this;
 	}
 
-	/**
-	 * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} or
-	 * {@code jwt(Customizer.withDefaults())} to stick with defaults. See the <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public JwtConfigurer jwt() {
-		if (this.jwtConfigurer == null) {
-			this.jwtConfigurer = new JwtConfigurer(this.context);
-		}
-		return this.jwtConfigurer;
-	}
-
 	/**
 	 * Enables Jwt-encoded bearer token support.
 	 * @param jwtCustomizer the {@link Customizer} to provide more options for the
@@ -242,21 +228,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 		return this;
 	}
 
-	/**
-	 * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} or
-	 * {@code opaqueToken(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public OpaqueTokenConfigurer opaqueToken() {
-		if (this.opaqueTokenConfigurer == null) {
-			this.opaqueTokenConfigurer = new OpaqueTokenConfigurer(this.context);
-		}
-		return this.opaqueTokenConfigurer;
-	}
-
 	/**
 	 * Enables opaque bearer token support.
 	 * @param opaqueTokenCustomizer the {@link Customizer} to provide more options for the
@@ -441,17 +412,6 @@ public final class OAuth2ResourceServerConfigurer<H extends HttpSecurityBuilder<
 			return this;
 		}
 
-		/**
-		 * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} or
-		 * {@code jwt(Customizer.withDefaults())} to stick with defaults. See the <a href=
-		 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-		 * for more details.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public OAuth2ResourceServerConfigurer<H> and() {
-			return OAuth2ResourceServerConfigurer.this;
-		}
-
 		Converter<Jwt, ? extends AbstractAuthenticationToken> getJwtAuthenticationConverter() {
 			if (this.jwtAuthenticationConverter == null) {
 				if (this.context.getBeanNamesForType(JwtAuthenticationConverter.class).length > 0) {

config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java

@@ -71,8 +71,6 @@ import org.springframework.security.web.util.matcher.AndRequestMatcher;
 import org.springframework.security.web.util.matcher.ParameterRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
 
-import static org.springframework.security.config.Customizer.withDefaults;
-
 /**
  * Adds SAML 2.0 logout support.
  *
@@ -179,20 +177,6 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 		return this;
 	}
 
-	/**
-	 * Get configurer for SAML 2.0 Logout Request components
-	 * @return the {@link LogoutRequestConfigurer} for further customizations
-	 * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} or
-	 * {@code logoutRequest(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public LogoutRequestConfigurer logoutRequest() {
-		return this.logoutRequestConfigurer;
-	}
-
 	/**
 	 * Configures SAML 2.0 Logout Request components
 	 * @param logoutRequestConfigurerCustomizer the {@link Customizer} to provide more
@@ -205,20 +189,6 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 		return this;
 	}
 
-	/**
-	 * Get configurer for SAML 2.0 Logout Response components
-	 * @return the {@link LogoutResponseConfigurer} for further customizations
-	 * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} or
-	 * {@code logoutResponse(Customizer.withDefaults())} to stick with defaults. See the
-	 * <a href=
-	 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-	 * for more details.
-	 */
-	@Deprecated(since = "6.1", forRemoval = true)
-	public LogoutResponseConfigurer logoutResponse() {
-		return this.logoutResponseConfigurer;
-	}
-
 	/**
 	 * Configures SAML 2.0 Logout Response components
 	 * @param logoutResponseConfigurerCustomizer the {@link Customizer} to provide more
@@ -408,18 +378,6 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} or
-		 * {@code logoutRequest(Customizer.withDefaults())} to stick with defaults. See
-		 * the <a href=
-		 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-		 * for more details.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public Saml2LogoutConfigurer<H> and() {
-			return Saml2LogoutConfigurer.this;
-		}
-
 		private Saml2LogoutRequestValidator logoutRequestValidator() {
 			if (this.logoutRequestValidator != null) {
 				return this.logoutRequestValidator;
@@ -490,18 +448,6 @@ public final class Saml2LogoutConfigurer<H extends HttpSecurityBuilder<H>>
 			return this;
 		}
 
-		/**
-		 * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} or
-		 * {@code logoutResponse(Customizer.withDefaults())} to stick with defaults. See
-		 * the <a href=
-		 * "https://docs.spring.io/spring-security/reference/migration-7/configuration.html#_use_the_lambda_dsl">documentation</a>
-		 * for more details.
-		 */
-		@Deprecated(since = "6.1", forRemoval = true)
-		public Saml2LogoutConfigurer<H> and() {
-			return Saml2LogoutConfigurer.this;
-		}
-
 		private Saml2LogoutResponseValidator logoutResponseValidator() {
 			if (this.logoutResponseValidator != null) {
 				return this.logoutResponseValidator;