Deprecate AbstractConfiguredSecurityBuilder#apply

Closes gh-13436

config/src/main/java/org/springframework/security/config/annotation/AbstractConfiguredSecurityBuilder.java

@@ -118,7 +118,10 @@ public abstract class AbstractConfiguredSecurityBuilder<O, B extends SecurityBui
 	 * @param configurer
 	 * @return the {@link SecurityConfigurerAdapter} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use
+	 * {@link #with(SecurityConfigurerAdapter, Customizer)} instead.
 	 */
+	@Deprecated(since = "6.2", forRemoval = true)
 	@SuppressWarnings("unchecked")
 	public <C extends SecurityConfigurerAdapter<O, B>> C apply(C configurer) throws Exception {
 		configurer.addObjectPostProcessor(this.objectPostProcessor);

docs/modules/ROOT/pages/migration-7/configuration.adoc

@@ -116,3 +116,10 @@ The Lambda DSL was created to accomplish to following goals:
 - Automatic indentation makes the configuration more readable.
 - The is no need to chain configuration options using `.and()`
 - The Spring Security DSL has a similar configuration style to other Spring DSLs such as Spring Integration and Spring Cloud Gateway.
+
+== Use `.with()` instead of `.apply()` for Custom DSLs
+
+In versions prior to 6.2, if you had a xref:servlet/configuration/java.adoc#jc-custom-dsls[custom DSL], you would apply it to the `HttpSecurity` using the `HttpSecurity#apply(...)` method.
+However, starting from version 6.2, this method is deprecated and will be removed in 7.0 because it will no longer be possible to chain configurations using `.and()` once `.and()` is removed (see https://github.com/spring-projects/spring-security/issues/13067).
+Instead, it is recommended to use the new `.with(...)` method.
+For more information about how to use `.with(...)` please refer to the xref:servlet/configuration/java.adoc#jc-custom-dsls[Custom DSLs section].