diff --git a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
index fd25c16d123..7703c974bd5 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/SecurityConfigurerAdapter.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2013 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -53,7 +53,9 @@ public void configure(B builder) throws Exception {
 	 * Return the {@link SecurityBuilder} when done using the {@link SecurityConfigurer}.
 	 * This is useful for method chaining.
 	 * @return the {@link SecurityBuilder} for further customizations
+	 * @deprecated For removal in 7.0. Use the lambda based configuration instead.
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public B and() {
 		return getBuilder();
 	}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
index 338e1ef6bf9..13bd565c09f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/builders/HttpSecurity.java
@@ -285,8 +285,10 @@ private ApplicationContext getContext() {
 	 * </pre>
 	 * @return the {@link HeadersConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
 	 * @see HeadersConfigurer
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public HeadersConfigurer<HttpSecurity> headers() throws Exception {
 		return getOrApply(new HeadersConfigurer<>());
 	}
@@ -399,7 +401,9 @@ public HttpSecurity headers(Customizer<HeadersConfigurer<HttpSecurity>> headersC
 	 * on the classpath a {@link HandlerMappingIntrospector} is used.
 	 * @return the {@link CorsConfigurer} for customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public CorsConfigurer<HttpSecurity> cors() throws Exception {
 		return getOrApply(new CorsConfigurer<>());
 	}
@@ -486,7 +490,9 @@ public HttpSecurity cors(Customizer<CorsConfigurer<HttpSecurity>> corsCustomizer
 	 * could return true.
 	 * @return the {@link SessionManagementConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #sessionManagement(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public SessionManagementConfigurer<HttpSecurity> sessionManagement() throws Exception {
 		return getOrApply(new SessionManagementConfigurer<>());
 	}
@@ -608,8 +614,10 @@ public HttpSecurity sessionManagement(
 	 * </pre>
 	 * @return the {@link PortMapperConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #portMapper(Customizer)} instead
 	 * @see #requiresChannel()
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public PortMapperConfigurer<HttpSecurity> portMapper() throws Exception {
 		return getOrApply(new PortMapperConfigurer<>());
 	}
@@ -739,7 +747,9 @@ public HttpSecurity portMapper(Customizer<PortMapperConfigurer<HttpSecurity>> po
 	 * Servlet Container's documentation.
 	 * @return the {@link JeeConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #jee(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public JeeConfigurer<HttpSecurity> jee() throws Exception {
 		return getOrApply(new JeeConfigurer<>());
 	}
@@ -850,7 +860,9 @@ public HttpSecurity jee(Customizer<JeeConfigurer<HttpSecurity>> jeeCustomizer) t
 	 * </pre>
 	 * @return the {@link X509Configurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public X509Configurer<HttpSecurity> x509() throws Exception {
 		return getOrApply(new X509Configurer<>());
 	}
@@ -928,7 +940,9 @@ public HttpSecurity x509(Customizer<X509Configurer<HttpSecurity>> x509Customizer
 	 * </pre>
 	 * @return the {@link RememberMeConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #rememberMe(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public RememberMeConfigurer<HttpSecurity> rememberMe() throws Exception {
 		return getOrApply(new RememberMeConfigurer<>());
 	}
@@ -1072,7 +1086,7 @@ public HttpSecurity rememberMe(Customizer<RememberMeConfigurer<HttpSecurity>> re
 	 * </pre>
 	 * @return the {@link ExpressionUrlAuthorizationConfigurer} for further customizations
 	 * @throws Exception
-	 * @deprecated Use {@link #authorizeHttpRequests()} instead
+	 * @deprecated For removal in 7.0. Use {@link #authorizeHttpRequests()} instead
 	 */
 	@Deprecated
 	public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry authorizeRequests()
@@ -1187,7 +1201,7 @@ public ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrl
 	 * for the {@link ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry}
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
-	 * @deprecated Use {@link #authorizeHttpRequests} instead
+	 * @deprecated For removal in 7.0. Use {@link #authorizeHttpRequests} instead
 	 */
 	@Deprecated
 	public HttpSecurity authorizeRequests(
@@ -1302,7 +1316,10 @@ public HttpSecurity authorizeRequests(
 	 * @return the {@link HttpSecurity} for further customizations
 	 * @throws Exception
 	 * @since 5.6
+	 * @deprecated For removal in 7.0. Use {@link #authorizeHttpRequests(Customizer)}
+	 * instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public AuthorizeHttpRequestsConfigurer<HttpSecurity>.AuthorizationManagerRequestMatcherRegistry authorizeHttpRequests()
 			throws Exception {
 		ApplicationContext context = getContext();
@@ -1434,7 +1451,9 @@ public HttpSecurity authorizeHttpRequests(
 	 * when using {@link EnableWebSecurity}.
 	 * @return the {@link RequestCacheConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public RequestCacheConfigurer<HttpSecurity> requestCache() throws Exception {
 		return getOrApply(new RequestCacheConfigurer<>());
 	}
@@ -1485,7 +1504,9 @@ public HttpSecurity requestCache(Customizer<RequestCacheConfigurer<HttpSecurity>
 	 * {@link EnableWebSecurity}.
 	 * @return the {@link ExceptionHandlingConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public ExceptionHandlingConfigurer<HttpSecurity> exceptionHandling() throws Exception {
 		return getOrApply(new ExceptionHandlingConfigurer<>());
 	}
@@ -1537,7 +1558,9 @@ public HttpSecurity exceptionHandling(
 	 * automatically applied when using {@link EnableWebSecurity}.
 	 * @return the {@link SecurityContextConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #securityContext(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public SecurityContextConfigurer<HttpSecurity> securityContext() throws Exception {
 		return getOrApply(new SecurityContextConfigurer<>());
 	}
@@ -1582,7 +1605,9 @@ public HttpSecurity securityContext(Customizer<SecurityContextConfigurer<HttpSec
 	 * {@link EnableWebSecurity}.
 	 * @return the {@link ServletApiConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #servletApi(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public ServletApiConfigurer<HttpSecurity> servletApi() throws Exception {
 		return getOrApply(new ServletApiConfigurer<>());
 	}
@@ -1638,7 +1663,9 @@ public HttpSecurity servletApi(Customizer<ServletApiConfigurer<HttpSecurity>> se
 	 * </pre>
 	 * @return the {@link CsrfConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public CsrfConfigurer<HttpSecurity> csrf() throws Exception {
 		ApplicationContext context = getContext();
 		return getOrApply(new CsrfConfigurer<>(context));
@@ -1713,7 +1740,9 @@ public HttpSecurity csrf(Customizer<CsrfConfigurer<HttpSecurity>> csrfCustomizer
 	 * </pre>
 	 * @return the {@link LogoutConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public LogoutConfigurer<HttpSecurity> logout() throws Exception {
 		return getOrApply(new LogoutConfigurer<>());
 	}
@@ -1852,7 +1881,9 @@ public HttpSecurity logout(Customizer<LogoutConfigurer<HttpSecurity>> logoutCust
 	 * </pre>
 	 * @return the {@link AnonymousConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public AnonymousConfigurer<HttpSecurity> anonymous() throws Exception {
 		return getOrApply(new AnonymousConfigurer<>());
 	}
@@ -2015,8 +2046,10 @@ public HttpSecurity anonymous(Customizer<AnonymousConfigurer<HttpSecurity>> anon
 	 * </pre>
 	 * @return the {@link FormLoginConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
 	 * @see FormLoginConfigurer#loginPage(String)
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public FormLoginConfigurer<HttpSecurity> formLogin() throws Exception {
 		return getOrApply(new FormLoginConfigurer<>());
 	}
@@ -2191,7 +2224,9 @@ public HttpSecurity formLogin(Customizer<FormLoginConfigurer<HttpSecurity>> form
 	 * @return the {@link Saml2LoginConfigurer} for further customizations
 	 * @throws Exception
 	 * @since 5.2
+	 * @deprecated For removal in 7.0. Use {@link #saml2Login(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public Saml2LoginConfigurer<HttpSecurity> saml2Login() throws Exception {
 		return getOrApply(new Saml2LoginConfigurer<>());
 	}
@@ -2421,7 +2456,9 @@ public HttpSecurity saml2Logout(Customizer<Saml2LogoutConfigurer<HttpSecurity>>
 	 * @return the {@link Saml2LoginConfigurer} for further customizations
 	 * @throws Exception
 	 * @since 5.6
+	 * @deprecated For removal in 7.0. Use {@link #saml2Logout(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public Saml2LogoutConfigurer<HttpSecurity> saml2Logout() throws Exception {
 		return getOrApply(new Saml2LogoutConfigurer<>(getContext()));
 	}
@@ -2517,7 +2554,9 @@ public HttpSecurity saml2Metadata(Customizer<Saml2MetadataConfigurer<HttpSecurit
 	 * @return the {@link Saml2MetadataConfigurer} for further customizations
 	 * @throws Exception
 	 * @since 6.1
+	 * @deprecated For removal in 7.0. Use {@link #saml2Metadata(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public Saml2MetadataConfigurer<HttpSecurity> saml2Metadata() throws Exception {
 		return getOrApply(new Saml2MetadataConfigurer<>(getContext()));
 	}
@@ -2608,6 +2647,7 @@ public Saml2MetadataConfigurer<HttpSecurity> saml2Metadata() throws Exception {
 	 * @return the {@link OAuth2LoginConfigurer} for further customizations
 	 * @throws Exception
 	 * @since 5.0
+	 * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-4.1">Section 4.1 Authorization Code
 	 * Grant</a>
@@ -2617,6 +2657,7 @@ public Saml2MetadataConfigurer<HttpSecurity> saml2Metadata() throws Exception {
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistration
 	 * @see org.springframework.security.oauth2.client.registration.ClientRegistrationRepository
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public OAuth2LoginConfigurer<HttpSecurity> oauth2Login() throws Exception {
 		return getOrApply(new OAuth2LoginConfigurer<>());
 	}
@@ -2729,10 +2770,12 @@ public HttpSecurity oauth2Login(Customizer<OAuth2LoginConfigurer<HttpSecurity>>
 	 * @return the {@link OAuth2ClientConfigurer} for further customizations
 	 * @throws Exception
 	 * @since 5.1
+	 * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
 	 * Framework</a>
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public OAuth2ClientConfigurer<HttpSecurity> oauth2Client() throws Exception {
 		OAuth2ClientConfigurer<HttpSecurity> configurer = getOrApply(new OAuth2ClientConfigurer<>());
 		this.postProcess(configurer);
@@ -2783,10 +2826,13 @@ public HttpSecurity oauth2Client(Customizer<OAuth2ClientConfigurer<HttpSecurity>
 	 * @return the {@link OAuth2ResourceServerConfigurer} for further customizations
 	 * @throws Exception
 	 * @since 5.1
+	 * @deprecated For removal in 7.0. Use {@link #oauth2ResourceServer(Customizer)}
+	 * instead
 	 * @see <a target="_blank" href=
 	 * "https://tools.ietf.org/html/rfc6749#section-1.1">OAuth 2.0 Authorization
 	 * Framework</a>
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public OAuth2ResourceServerConfigurer<HttpSecurity> oauth2ResourceServer() throws Exception {
 		OAuth2ResourceServerConfigurer<HttpSecurity> configurer = getOrApply(
 				new OAuth2ResourceServerConfigurer<>(getContext()));
@@ -2884,7 +2930,9 @@ public HttpSecurity oauth2ResourceServer(
 	 * </pre>
 	 * @return the {@link ChannelSecurityConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #requiresChannel(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public ChannelSecurityConfigurer<HttpSecurity>.ChannelRequestMatcherRegistry requiresChannel() throws Exception {
 		ApplicationContext context = getContext();
 		return getOrApply(new ChannelSecurityConfigurer<>(context)).getRegistry();
@@ -2979,7 +3027,9 @@ public HttpSecurity requiresChannel(
 	 * </pre>
 	 * @return the {@link HttpBasicConfigurer} for further customizations
 	 * @throws Exception
+	 * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public HttpBasicConfigurer<HttpSecurity> httpBasic() throws Exception {
 		return getOrApply(new HttpBasicConfigurer<>());
 	}
@@ -3308,7 +3358,9 @@ public HttpSecurity addFilterAt(Filter filter, Class<? extends Filter> atFilter)
 	 * }
 	 * </pre>
 	 * @return the {@link RequestMatcherConfigurer} for further customizations
+	 * @deprecated For removal in 7.0. Use {@link #securityMatchers(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public RequestMatcherConfigurer securityMatchers() {
 		return this.requestMatcherConfigurer;
 	}
@@ -3566,7 +3618,28 @@ private void setMatchers(List<? extends RequestMatcher> requestMatchers) {
 		/**
 		 * Return the {@link HttpSecurity} for further customizations
 		 * @return the {@link HttpSecurity} for further customizations
+		 * @deprecated Use the lambda based configuration instead. For example: <pre>
+		 * &#064;Configuration
+		 * &#064;EnableWebSecurity
+		 * public class SecurityConfig {
+		 *
+		 *     &#064;Bean
+		 *     public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		 *         http
+		 *             .securityMatchers((matchers) -&gt; matchers
+		 *                 .requestMatchers(&quot;/api/**&quot;)
+		 *             )
+		 *             .authorizeHttpRequests((authorize) -&gt; authorize
+		 *                 .anyRequest().hasRole(&quot;USER&quot;)
+		 *             )
+		 *             .httpBasic(Customizer.withDefaults());
+		 *         return http.build();
+		 *     }
+		 *
+		 * }
+		 * </pre>
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HttpSecurity and() {
 			return HttpSecurity.this;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
index a416c1b1b34..5fa2947e909 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/AuthorizeHttpRequestsConfigurer.java
@@ -204,7 +204,9 @@ public AuthorizationManagerRequestMatcherRegistry shouldFilterAllDispatcherTypes
 		 * Return the {@link HttpSecurityBuilder} when done using the
 		 * {@link AuthorizeHttpRequestsConfigurer}. This is useful for method chaining.
 		 * @return the {@link HttpSecurityBuilder} for further customizations
+		 * @deprecated For removal in 7.0. Use the lambda based configuration instead.
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public H and() {
 			return AuthorizeHttpRequestsConfigurer.this.and();
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
index 56aa8f4d0f0..241ef194763 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/ChannelSecurityConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -24,6 +24,7 @@
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.config.Customizer;
 import org.springframework.security.config.annotation.ObjectPostProcessor;
 import org.springframework.security.config.annotation.SecurityBuilder;
 import org.springframework.security.config.annotation.SecurityConfigurer;
@@ -194,7 +195,10 @@ public ChannelRequestMatcherRegistry redirectStrategy(RedirectStrategy redirectS
 		 * Return the {@link SecurityBuilder} when done using the
 		 * {@link SecurityConfigurer}. This is useful for method chaining.
 		 * @return the type of {@link HttpSecurityBuilder} that is being configured
+		 * @deprecated For removal in 7.0. Use
+		 * {@link HttpSecurity#requiresChannel(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public H and() {
 			return ChannelSecurityConfigurer.this.and();
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
index 54009892e2e..7288fd486ab 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/CsrfConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
index abcdf331d3c..98fa467f8b2 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/HeadersConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -135,7 +135,9 @@ public HeadersConfigurer<H> addHeaderWriter(HeaderWriter headerWriter) {
 	 * X-Content-Type-Options: nosniff
 	 * </pre>
 	 * @return the {@link ContentTypeOptionsConfig} for additional customizations
+	 * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public ContentTypeOptionsConfig contentTypeOptions() {
 		return this.contentTypeOptions.enable();
 	}
@@ -166,7 +168,9 @@ public HeadersConfigurer<H> contentTypeOptions(Customizer<ContentTypeOptionsConf
 	 * >X-XSS-Protection header</a>
 	 * </p>
 	 * @return the {@link XXssConfig} for additional customizations
+	 * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public XXssConfig xssProtection() {
 		return this.xssProtection.enable();
 	}
@@ -197,7 +201,9 @@ public HeadersConfigurer<H> xssProtection(Customizer<XXssConfig> xssCustomizer)
 	 * <li>Expires: 0</li>
 	 * </ul>
 	 * @return the {@link CacheControlConfig} for additional customizations
+	 * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public CacheControlConfig cacheControl() {
 		return this.cacheControl.enable();
 	}
@@ -224,7 +230,10 @@ public HeadersConfigurer<H> cacheControl(Customizer<CacheControlConfig> cacheCon
 	 * <a href="https://tools.ietf.org/html/rfc6797">HTTP Strict Transport Security
 	 * (HSTS)</a>.
 	 * @return the {@link HstsConfig} for additional customizations
+	 * @deprecated For removal in 7.0. Use
+	 * {@link #httpStrictTransportSecurity(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public HstsConfig httpStrictTransportSecurity() {
 		return this.hsts.enable();
 	}
@@ -245,7 +254,9 @@ public HeadersConfigurer<H> httpStrictTransportSecurity(Customizer<HstsConfig> h
 	/**
 	 * Allows customizing the {@link XFrameOptionsHeaderWriter}.
 	 * @return the {@link FrameOptionsConfig} for additional customizations
+	 * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public FrameOptionsConfig frameOptions() {
 		return this.frameOptions.enable();
 	}
@@ -315,8 +326,11 @@ public HeadersConfigurer<H> httpPublicKeyPinning(Customizer<HpkpConfig> hpkpCust
 	 * @return the {@link ContentSecurityPolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policyDirectives is null or empty
 	 * @since 4.1
+	 * @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)}
+	 * instead
 	 * @see ContentSecurityPolicyHeaderWriter
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public ContentSecurityPolicyConfig contentSecurityPolicy(String policyDirectives) {
 		this.contentSecurityPolicy.writer = new ContentSecurityPolicyHeaderWriter(policyDirectives);
 		return this.contentSecurityPolicy;
@@ -446,8 +460,10 @@ private <T> void addIfNotNull(List<T> values, T value) {
 	 * </pre>
 	 * @return the {@link ReferrerPolicyConfig} for additional configuration
 	 * @since 4.2
+	 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
 	 * @see ReferrerPolicyHeaderWriter
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public ReferrerPolicyConfig referrerPolicy() {
 		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter();
 		return this.referrerPolicy;
@@ -469,8 +485,10 @@ public ReferrerPolicyConfig referrerPolicy() {
 	 * @return the {@link ReferrerPolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policy is null or empty
 	 * @since 4.2
+	 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
 	 * @see ReferrerPolicyHeaderWriter
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public ReferrerPolicyConfig referrerPolicy(ReferrerPolicy policy) {
 		this.referrerPolicy.writer = new ReferrerPolicyHeaderWriter(policy);
 		return this.referrerPolicy;
@@ -512,7 +530,7 @@ public HeadersConfigurer<H> referrerPolicy(Customizer<ReferrerPolicyConfig> refe
 	 * @return the {@link FeaturePolicyConfig} for additional configuration
 	 * @throws IllegalArgumentException if policyDirectives is {@code null} or empty
 	 * @since 5.1
-	 * @deprecated Use {@link #permissionsPolicy(Customizer)} instead.
+	 * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead.
 	 * @seeObjectPostProcessorConfiguration FeaturePolicyHeaderWriter
 	 */
 	@Deprecated
@@ -537,8 +555,10 @@ public FeaturePolicyConfig featurePolicy(String policyDirectives) {
 	 * </ul>
 	 * @return the {@link PermissionsPolicyConfig} for additional configuration
 	 * @since 5.5
+	 * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)} instead
 	 * @see PermissionsPolicyHeaderWriter
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public PermissionsPolicyConfig permissionsPolicy() {
 		this.permissionsPolicy.writer = new PermissionsPolicyHeaderWriter();
 		return this.permissionsPolicy;
@@ -575,8 +595,11 @@ public PermissionsPolicyConfig permissionsPolicy(Customizer<PermissionsPolicyCon
 	 * </p>
 	 * @return the {@link CrossOriginOpenerPolicyConfig} for additional confniguration
 	 * @since 5.7
+	 * @deprecated For removal in 7.0. Use {@link #crossOriginOpenerPolicy(Customizer)}
+	 * instead
 	 * @see CrossOriginOpenerPolicyHeaderWriter
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public CrossOriginOpenerPolicyConfig crossOriginOpenerPolicy() {
 		this.crossOriginOpenerPolicy.writer = new CrossOriginOpenerPolicyHeaderWriter();
 		return this.crossOriginOpenerPolicy;
@@ -616,8 +639,11 @@ public HeadersConfigurer<H> crossOriginOpenerPolicy(
 	 * </p>
 	 * @return the {@link CrossOriginEmbedderPolicyConfig} for additional customizations
 	 * @since 5.7
+	 * @deprecated For removal in 7.0. Use {@link #crossOriginEmbedderPolicy(Customizer)}
+	 * instead
 	 * @see CrossOriginEmbedderPolicyHeaderWriter
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public CrossOriginEmbedderPolicyConfig crossOriginEmbedderPolicy() {
 		this.crossOriginEmbedderPolicy.writer = new CrossOriginEmbedderPolicyHeaderWriter();
 		return this.crossOriginEmbedderPolicy;
@@ -657,8 +683,11 @@ public HeadersConfigurer<H> crossOriginEmbedderPolicy(
 	 * </p>
 	 * @return the {@link HeadersConfigurer} for additional customizations
 	 * @since 5.7
+	 * @deprecated For removal in 7.0. Use {@link #crossOriginResourcePolicy(Customizer)}
+	 * instead
 	 * @see CrossOriginResourcePolicyHeaderWriter
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public CrossOriginResourcePolicyConfig crossOriginResourcePolicy() {
 		this.crossOriginResourcePolicy.writer = new CrossOriginResourcePolicyHeaderWriter();
 		return this.crossOriginResourcePolicy;
@@ -708,7 +737,10 @@ public HeadersConfigurer<H> disable() {
 		/**
 		 * Allows customizing the {@link HeadersConfigurer}
 		 * @return the {@link HeadersConfigurer} for additional customization
+		 * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -781,7 +813,9 @@ public HeadersConfigurer<H> disable() {
 		 * Allows completing configuration of X-XSS-Protection and continuing
 		 * configuration of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -820,7 +854,9 @@ public HeadersConfigurer<H> disable() {
 		 * Allows completing configuration of Cache Control and continuing configuration
 		 * of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use {@link #cacheControl(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -926,7 +962,10 @@ public HeadersConfigurer<H> disable() {
 		 * Allows completing configuration of Strict Transport Security and continuing
 		 * configuration of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use
+		 * {@link #httpStrictTransportSecurity(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -987,7 +1026,9 @@ public HeadersConfigurer<H> disable() {
 		/**
 		 * Allows continuing customizing the headers configuration.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -1210,7 +1251,10 @@ public ContentSecurityPolicyConfig reportOnly() {
 		 * Allows completing configuration of Content Security Policy and continuing
 		 * configuration of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -1235,6 +1279,10 @@ public ReferrerPolicyConfig policy(ReferrerPolicy policy) {
 			return this;
 		}
 
+		/**
+		 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)} instead
+		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -1281,7 +1329,10 @@ public PermissionsPolicyConfig policy(String policy) {
 		 * Allows completing configuration of Permissions Policy and continuing
 		 * configuration of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -1311,7 +1362,10 @@ public CrossOriginOpenerPolicyConfig policy(
 		 * Allows completing configuration of Cross Origin Opener Policy and continuing
 		 * configuration of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use
+		 * {@link #crossOriginOpenerPolicy(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -1342,7 +1396,10 @@ public CrossOriginEmbedderPolicyConfig policy(
 		 * Allows completing configuration of Cross-Origin-Embedder-Policy and continuing
 		 * configuration of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use
+		 * {@link #crossOriginEmbedderPolicy(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
@@ -1373,7 +1430,10 @@ public CrossOriginResourcePolicyConfig policy(
 		 * Allows completing configuration of Cross-Origin-Resource-Policy and continuing
 		 * configuration of headers.
 		 * @return the {@link HeadersConfigurer} for additional configuration
+		 * @deprecated For removal in 7.0. Use
+		 * {@link #crossOriginResourcePolicy(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HeadersConfigurer<H> and() {
 			return HeadersConfigurer.this;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
index f536ef00319..aecc4506904 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/SessionManagementConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -769,7 +769,10 @@ public ConcurrencyControlConfigurer sessionRegistry(SessionRegistry sessionRegis
 		/**
 		 * Used to chain back to the {@link SessionManagementConfigurer}
 		 * @return the {@link SessionManagementConfigurer} for further customizations
+		 * @deprecated For removal in 7.0. Use {@link #sessionConcurrency(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public SessionManagementConfigurer<H> and() {
 			return SessionManagementConfigurer.this;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
index b583b4b5b74..dfd84bcab83 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2ClientConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -136,7 +136,10 @@ public OAuth2ClientConfigurer<B> authorizedClientService(OAuth2AuthorizedClientS
 	 * Returns the {@link AuthorizationCodeGrantConfigurer} for configuring the OAuth 2.0
 	 * Authorization Code Grant.
 	 * @return the {@link AuthorizationCodeGrantConfigurer}
+	 * @deprecated For removal in 7.0. Use {@link #authorizationCodeGrant(Customizer)}
+	 * instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public AuthorizationCodeGrantConfigurer authorizationCodeGrant() {
 		return this.authorizationCodeGrantConfigurer;
 	}
@@ -233,7 +236,10 @@ public AuthorizationCodeGrantConfigurer accessTokenResponseClient(
 		/**
 		 * Returns the {@link OAuth2ClientConfigurer} for further configuration.
 		 * @return the {@link OAuth2ClientConfigurer}
+		 * @deprecated For removal in 7.0. Use {@link #authorizationCodeGrant(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public OAuth2ClientConfigurer<B> and() {
 			return OAuth2ClientConfigurer.this;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
index e1bb0b67404..4d02a170aca 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/client/OAuth2LoginConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -206,7 +206,10 @@ public OAuth2LoginConfigurer<B> loginProcessingUrl(String loginProcessingUrl) {
 	 * Returns the {@link AuthorizationEndpointConfig} for configuring the Authorization
 	 * Server's Authorization Endpoint.
 	 * @return the {@link AuthorizationEndpointConfig}
+	 * @deprecated For removal in 7.0. Use {@link #authorizationEndpoint(Customizer)}
+	 * instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public AuthorizationEndpointConfig authorizationEndpoint() {
 		return this.authorizationEndpointConfig;
 	}
@@ -227,7 +230,9 @@ public OAuth2LoginConfigurer<B> authorizationEndpoint(
 	 * Returns the {@link TokenEndpointConfig} for configuring the Authorization Server's
 	 * Token Endpoint.
 	 * @return the {@link TokenEndpointConfig}
+	 * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public TokenEndpointConfig tokenEndpoint() {
 		return this.tokenEndpointConfig;
 	}
@@ -248,7 +253,10 @@ public OAuth2LoginConfigurer<B> tokenEndpoint(Customizer<TokenEndpointConfig> to
 	 * Returns the {@link RedirectionEndpointConfig} for configuring the Client's
 	 * Redirection Endpoint.
 	 * @return the {@link RedirectionEndpointConfig}
+	 * @deprecated For removal in 7.0. Use {@link #redirectionEndpoint(Customizer)}
+	 * instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public RedirectionEndpointConfig redirectionEndpoint() {
 		return this.redirectionEndpointConfig;
 	}
@@ -269,7 +277,9 @@ public OAuth2LoginConfigurer<B> redirectionEndpoint(
 	 * Returns the {@link UserInfoEndpointConfig} for configuring the Authorization
 	 * Server's UserInfo Endpoint.
 	 * @return the {@link UserInfoEndpointConfig}
+	 * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public UserInfoEndpointConfig userInfoEndpoint() {
 		return this.userInfoEndpointConfig;
 	}
@@ -590,7 +600,10 @@ public AuthorizationEndpointConfig authorizationRedirectStrategy(
 		/**
 		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
 		 * @return the {@link OAuth2LoginConfigurer}
+		 * @deprecated For removal in 7.0. Use {@link #authorizationEndpoint(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public OAuth2LoginConfigurer<B> and() {
 			return OAuth2LoginConfigurer.this;
 		}
@@ -624,7 +637,9 @@ public TokenEndpointConfig accessTokenResponseClient(
 		/**
 		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
 		 * @return the {@link OAuth2LoginConfigurer}
+		 * @deprecated For removal in 7.0. Use {@link #tokenEndpoint(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public OAuth2LoginConfigurer<B> and() {
 			return OAuth2LoginConfigurer.this;
 		}
@@ -656,7 +671,10 @@ public RedirectionEndpointConfig baseUri(String authorizationResponseBaseUri) {
 		/**
 		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
 		 * @return the {@link OAuth2LoginConfigurer}
+		 * @deprecated For removal in 7.0. Use {@link #redirectionEndpoint(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public OAuth2LoginConfigurer<B> and() {
 			return OAuth2LoginConfigurer.this;
 		}
@@ -718,7 +736,10 @@ public UserInfoEndpointConfig userAuthoritiesMapper(GrantedAuthoritiesMapper use
 		/**
 		 * Returns the {@link OAuth2LoginConfigurer} for further configuration.
 		 * @return the {@link OAuth2LoginConfigurer}
+		 * @deprecated For removal in 7.0. Use {@link #userInfoEndpoint(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public OAuth2LoginConfigurer<B> and() {
 			return OAuth2LoginConfigurer.this;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
index d1cee54096f..fead2bc24ca 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/oauth2/server/resource/OAuth2ResourceServerConfigurer.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -198,6 +198,10 @@ public OAuth2ResourceServerConfigurer<H> bearerTokenResolver(BearerTokenResolver
 		return this;
 	}
 
+	/**
+	 * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
+	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public JwtConfigurer jwt() {
 		if (this.jwtConfigurer == null) {
 			this.jwtConfigurer = new JwtConfigurer(this.context);
@@ -219,6 +223,10 @@ public OAuth2ResourceServerConfigurer<H> jwt(Customizer<JwtConfigurer> jwtCustom
 		return this;
 	}
 
+	/**
+	 * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} instead
+	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public OpaqueTokenConfigurer opaqueToken() {
 		if (this.opaqueTokenConfigurer == null) {
 			this.opaqueTokenConfigurer = new OpaqueTokenConfigurer(this.context);
@@ -394,6 +402,10 @@ public JwtConfigurer jwtAuthenticationConverter(
 			return this;
 		}
 
+		/**
+		 * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
+		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public OAuth2ResourceServerConfigurer<H> and() {
 			return OAuth2ResourceServerConfigurer.this;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
index cb020631e2c..5430afc217e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/configurers/saml2/Saml2LogoutConfigurer.java
@@ -168,7 +168,9 @@ public Saml2LogoutConfigurer<H> relyingPartyRegistrationRepository(RelyingPartyR
 	/**
 	 * Get configurer for SAML 2.0 Logout Request components
 	 * @return the {@link LogoutRequestConfigurer} for further customizations
+	 * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public LogoutRequestConfigurer logoutRequest() {
 		return this.logoutRequestConfigurer;
 	}
@@ -188,13 +190,15 @@ public Saml2LogoutConfigurer<H> logoutRequest(
 	/**
 	 * Get configurer for SAML 2.0 Logout Response components
 	 * @return the {@link LogoutResponseConfigurer} for further customizations
+	 * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public LogoutResponseConfigurer logoutResponse() {
 		return this.logoutResponseConfigurer;
 	}
 
 	/**
-	 * Configures SAML 2.0 Logout Request components
+	 * Configures SAML 2.0 Logout Response components
 	 * @param logoutResponseConfigurerCustomizer the {@link Customizer} to provide more
 	 * options for the {@link LogoutResponseConfigurer}
 	 * @return the {@link Saml2LogoutConfigurer} for further customizations
@@ -371,6 +375,10 @@ public LogoutRequestConfigurer logoutRequestRepository(Saml2LogoutRequestReposit
 			return this;
 		}
 
+		/**
+		 * @deprecated For removal in 7.0. Use {@link #logoutRequest(Customizer)} instead
+		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public Saml2LogoutConfigurer<H> and() {
 			return Saml2LogoutConfigurer.this;
 		}
@@ -439,6 +447,10 @@ public LogoutResponseConfigurer logoutResponseResolver(Saml2LogoutResponseResolv
 			return this;
 		}
 
+		/**
+		 * @deprecated For removal in 7.0. Use {@link #logoutResponse(Customizer)} instead
+		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public Saml2LogoutConfigurer<H> and() {
 			return Saml2LogoutConfigurer.this;
 		}
diff --git a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
index 11e7a716a63..92e456ec942 100644
--- a/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
+++ b/config/src/main/java/org/springframework/security/config/web/server/ServerHttpSecurity.java
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 the original author or authors.
+ * Copyright 2002-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -421,7 +421,9 @@ public ServerHttpSecurity securityContextRepository(ServerSecurityContextReposit
 	 * 	}
 	 * </pre>
 	 * @return the {@link HttpsRedirectSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #redirectToHttps(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public HttpsRedirectSpec redirectToHttps() {
 		this.httpsRedirectSpec = new HttpsRedirectSpec();
 		return this.httpsRedirectSpec;
@@ -502,7 +504,9 @@ public ServerHttpSecurity redirectToHttps(Customizer<HttpsRedirectSpec> httpsRed
 	 *  }
 	 * </pre>
 	 * @return the {@link CsrfSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public CsrfSpec csrf() {
 		if (this.csrf == null) {
 			this.csrf = new CsrfSpec();
@@ -566,7 +570,9 @@ public ServerHttpSecurity csrf(Customizer<CsrfSpec> csrfCustomizer) {
 	 * used instead. If neither has been configured, the Cors configuration will do
 	 * nothing.
 	 * @return the {@link CorsSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public CorsSpec cors() {
 		if (this.cors == null) {
 			this.cors = new CorsSpec();
@@ -608,7 +614,9 @@ public ServerHttpSecurity cors(Customizer<CorsSpec> corsCustomizer) {
 	 * </pre>
 	 * @return the {@link AnonymousSpec} to customize
 	 * @since 5.2.0
+	 * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public AnonymousSpec anonymous() {
 		if (this.anonymous == null) {
 			this.anonymous = new AnonymousSpec();
@@ -662,7 +670,9 @@ public ServerHttpSecurity anonymous(Customizer<AnonymousSpec> anonymousCustomize
 	 *  }
 	 * </pre>
 	 * @return the {@link HttpBasicSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public HttpBasicSpec httpBasic() {
 		if (this.httpBasic == null) {
 			this.httpBasic = new HttpBasicSpec();
@@ -714,7 +724,9 @@ public ServerHttpSecurity httpBasic(Customizer<HttpBasicSpec> httpBasicCustomize
 	 * </pre>
 	 * @return the {@link PasswordManagementSpec} to customize
 	 * @since 5.6
+	 * @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public PasswordManagementSpec passwordManagement() {
 		if (this.passwordManagement == null) {
 			this.passwordManagement = new PasswordManagementSpec();
@@ -771,7 +783,9 @@ public ServerHttpSecurity passwordManagement(Customizer<PasswordManagementSpec>
 	 *  }
 	 * </pre>
 	 * @return the {@link FormLoginSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public FormLoginSpec formLogin() {
 		if (this.formLogin == null) {
 			this.formLogin = new FormLoginSpec();
@@ -832,7 +846,9 @@ public ServerHttpSecurity formLogin(Customizer<FormLoginSpec> formLoginCustomize
 	 * {@link ReactivePreAuthenticatedAuthenticationManager} will be used.
 	 * @return the {@link X509Spec} to customize
 	 * @since 5.2
+	 * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public X509Spec x509() {
 		if (this.x509 == null) {
 			this.x509 = new X509Spec();
@@ -889,7 +905,9 @@ public ServerHttpSecurity x509(Customizer<X509Spec> x509Customizer) {
 	 *  }
 	 * </pre>
 	 * @return the {@link OAuth2LoginSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public OAuth2LoginSpec oauth2Login() {
 		if (this.oauth2Login == null) {
 			this.oauth2Login = new OAuth2LoginSpec();
@@ -941,7 +959,9 @@ public ServerHttpSecurity oauth2Login(Customizer<OAuth2LoginSpec> oauth2LoginCus
 	 *  }
 	 * </pre>
 	 * @return the {@link OAuth2ClientSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public OAuth2ClientSpec oauth2Client() {
 		if (this.client == null) {
 			this.client = new OAuth2ClientSpec();
@@ -992,7 +1012,10 @@ public ServerHttpSecurity oauth2Client(Customizer<OAuth2ClientSpec> oauth2Client
 	 *  }
 	 * </pre>
 	 * @return the {@link OAuth2ResourceServerSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #oauth2ResourceServer(Customizer)}
+	 * instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public OAuth2ResourceServerSpec oauth2ResourceServer() {
 		if (this.resourceServer == null) {
 			this.resourceServer = new OAuth2ResourceServerSpec();
@@ -1064,7 +1087,9 @@ public ServerHttpSecurity oauth2ResourceServer(
 	 *  }
 	 * </pre>
 	 * @return the {@link HeaderSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public HeaderSpec headers() {
 		if (this.headers == null) {
 			this.headers = new HeaderSpec();
@@ -1138,7 +1163,9 @@ public ServerHttpSecurity headers(Customizer<HeaderSpec> headerCustomizer) {
 	 *  }
 	 * </pre>
 	 * @return the {@link ExceptionHandlingSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public ExceptionHandlingSpec exceptionHandling() {
 		if (this.exceptionHandling == null) {
 			this.exceptionHandling = new ExceptionHandlingSpec();
@@ -1204,7 +1231,9 @@ public ServerHttpSecurity exceptionHandling(Customizer<ExceptionHandlingSpec> ex
 	 *  }
 	 * </pre>
 	 * @return the {@link AuthorizeExchangeSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public AuthorizeExchangeSpec authorizeExchange() {
 		if (this.authorizeExchange == null) {
 			this.authorizeExchange = new AuthorizeExchangeSpec();
@@ -1273,7 +1302,9 @@ public ServerHttpSecurity authorizeExchange(Customizer<AuthorizeExchangeSpec> au
 	 *  }
 	 * </pre>
 	 * @return the {@link LogoutSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public LogoutSpec logout() {
 		if (this.logout == null) {
 			this.logout = new LogoutSpec();
@@ -1330,7 +1361,9 @@ public ServerHttpSecurity logout(Customizer<LogoutSpec> logoutCustomizer) {
 	 *  }
 	 * </pre>
 	 * @return the {@link RequestCacheSpec} to customize
+	 * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead
 	 */
+	@Deprecated(since = "6.1", forRemoval = true)
 	public RequestCacheSpec requestCache() {
 		return this.requestCache;
 	}
@@ -1603,7 +1636,10 @@ public class AuthorizeExchangeSpec extends AbstractServerWebExchangeMatcherRegis
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #authorizeExchange(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -1801,7 +1837,9 @@ protected void configure(ServerHttpSecurity http) {
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated use {@link #redirectToHttps(Customizer)}
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -1879,7 +1917,9 @@ public CsrfSpec csrfTokenRequestHandler(ServerCsrfTokenRequestHandler requestHan
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #csrf(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -1945,7 +1985,10 @@ public ExceptionHandlingSpec accessDeniedHandler(ServerAccessDeniedHandler acces
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #exceptionHandling(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -1987,7 +2030,9 @@ protected void configure(ServerHttpSecurity http) {
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #requestCache(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -2083,7 +2128,9 @@ public HttpBasicSpec authenticationFailureHandler(
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #httpBasic(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -2156,7 +2203,10 @@ public PasswordManagementSpec changePasswordPage(String changePasswordPage) {
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}.
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #passwordManagement(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -2314,7 +2364,9 @@ public FormLoginSpec securityContextRepository(ServerSecurityContextRepository s
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #formLogin(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -2438,7 +2490,9 @@ private HeaderSpec() {
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #headers(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -2455,7 +2509,9 @@ public ServerHttpSecurity disable() {
 		/**
 		 * Configures cache control headers
 		 * @return the {@link CacheSpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #cache(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public CacheSpec cache() {
 			return new CacheSpec();
 		}
@@ -2474,7 +2530,10 @@ public HeaderSpec cache(Customizer<CacheSpec> cacheCustomizer) {
 		/**
 		 * Configures content type response headers
 		 * @return the {@link ContentTypeOptionsSpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #contentTypeOptions(Customizer)}
+		 * instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ContentTypeOptionsSpec contentTypeOptions() {
 			return new ContentTypeOptionsSpec();
 		}
@@ -2493,7 +2552,9 @@ public HeaderSpec contentTypeOptions(Customizer<ContentTypeOptionsSpec> contentT
 		/**
 		 * Configures frame options response headers
 		 * @return the {@link FrameOptionsSpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public FrameOptionsSpec frameOptions() {
 			return new FrameOptionsSpec();
 		}
@@ -2525,7 +2586,9 @@ public HeaderSpec writer(ServerHttpHeadersWriter serverHttpHeadersWriter) {
 		/**
 		 * Configures the Strict Transport Security response headers
 		 * @return the {@link HstsSpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public HstsSpec hsts() {
 			return new HstsSpec();
 		}
@@ -2550,7 +2613,9 @@ protected void configure(ServerHttpSecurity http) {
 		/**
 		 * Configures x-xss-protection response header.
 		 * @return the {@link XssProtectionSpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #xssProtection(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public XssProtectionSpec xssProtection() {
 			return new XssProtectionSpec();
 		}
@@ -2570,7 +2635,10 @@ public HeaderSpec xssProtection(Customizer<XssProtectionSpec> xssProtectionCusto
 		 * Configures {@code Content-Security-Policy} response header.
 		 * @param policyDirectives the policy directive(s)
 		 * @return the {@link ContentSecurityPolicySpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #contentSecurityPolicy(Customizer)}
+		 * instead.
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ContentSecurityPolicySpec contentSecurityPolicy(String policyDirectives) {
 			return new ContentSecurityPolicySpec(policyDirectives);
 		}
@@ -2590,7 +2658,8 @@ public HeaderSpec contentSecurityPolicy(Customizer<ContentSecurityPolicySpec> co
 		 * Configures {@code Feature-Policy} response header.
 		 * @param policyDirectives the policy
 		 * @return the {@link FeaturePolicySpec} to configure
-		 * @deprecated Use {@link #permissionsPolicy(Customizer)} instead.
+		 * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
+		 * instead.
 		 */
 		@Deprecated
 		public FeaturePolicySpec featurePolicy(String policyDirectives) {
@@ -2600,7 +2669,10 @@ public FeaturePolicySpec featurePolicy(String policyDirectives) {
 		/**
 		 * Configures {@code Permissions-Policy} response header.
 		 * @return the {@link PermissionsPolicySpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
+		 * instead.
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public PermissionsPolicySpec permissionsPolicy() {
 			return new PermissionsPolicySpec();
 		}
@@ -2620,7 +2692,10 @@ public HeaderSpec permissionsPolicy(Customizer<PermissionsPolicySpec> permission
 		 * Configures {@code Referrer-Policy} response header.
 		 * @param referrerPolicy the policy to use
 		 * @return the {@link ReferrerPolicySpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)}
+		 * instead.
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ReferrerPolicySpec referrerPolicy(ReferrerPolicy referrerPolicy) {
 			return new ReferrerPolicySpec(referrerPolicy);
 		}
@@ -2628,7 +2703,10 @@ public ReferrerPolicySpec referrerPolicy(ReferrerPolicy referrerPolicy) {
 		/**
 		 * Configures {@code Referrer-Policy} response header.
 		 * @return the {@link ReferrerPolicySpec} to configure
+		 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)}
+		 * instead.
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ReferrerPolicySpec referrerPolicy() {
 			return new ReferrerPolicySpec();
 		}
@@ -2650,8 +2728,11 @@ public HeaderSpec referrerPolicy(Customizer<ReferrerPolicySpec> referrerPolicyCu
 		 * Cross-Origin-Opener-Policy</a> header.
 		 * @return the {@link CrossOriginOpenerPolicySpec} to configure
 		 * @since 5.7
+		 * @deprecated For removal in 7.0. Use
+		 * {@link #crossOriginOpenerPolicy(Customizer)} instead.
 		 * @see CrossOriginOpenerPolicyServerHttpHeadersWriter
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public CrossOriginOpenerPolicySpec crossOriginOpenerPolicy() {
 			return new CrossOriginOpenerPolicySpec();
 		}
@@ -2676,8 +2757,11 @@ public HeaderSpec crossOriginOpenerPolicy(
 		 * Cross-Origin-Embedder-Policy</a> header.
 		 * @return the {@link CrossOriginEmbedderPolicySpec} to configure
 		 * @since 5.7
+		 * @deprecated For removal in 7.0. Use
+		 * {@link #crossOriginEmbedderPolicy(Customizer)} instead.
 		 * @see CrossOriginEmbedderPolicyServerHttpHeadersWriter
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public CrossOriginEmbedderPolicySpec crossOriginEmbedderPolicy() {
 			return new CrossOriginEmbedderPolicySpec();
 		}
@@ -2702,8 +2786,11 @@ public HeaderSpec crossOriginEmbedderPolicy(
 		 * Cross-Origin-Resource-Policy</a> header.
 		 * @return the {@link CrossOriginResourcePolicySpec} to configure
 		 * @since 5.7
+		 * @deprecated For removal in 7.0. Use
+		 * {@link #crossOriginResourcePolicy(Customizer)} instead.
 		 * @see CrossOriginResourcePolicyServerHttpHeadersWriter
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public CrossOriginResourcePolicySpec crossOriginResourcePolicy() {
 			return new CrossOriginResourcePolicySpec();
 		}
@@ -2789,7 +2876,10 @@ public HeaderSpec mode(XFrameOptionsServerHttpHeadersWriter.Mode mode) {
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use {@link #frameOptions(Customizer)}
+			 * instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			private HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -2857,7 +2947,9 @@ public HstsSpec preload(boolean preload) {
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use {@link #hsts(Customizer)} instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -2946,7 +3038,10 @@ public HeaderSpec policyDirectives(String policyDirectives) {
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}.
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use
+			 * {@link #contentSecurityPolicy(Customizer)} instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -2973,7 +3068,10 @@ private FeaturePolicySpec(String policyDirectives) {
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}.
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use {@link #featurePolicy(Customizer)}
+			 * instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -3005,7 +3103,10 @@ public PermissionsPolicySpec policy(String policy) {
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}.
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use {@link #permissionsPolicy(Customizer)}
+			 * instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -3042,7 +3143,10 @@ public ReferrerPolicySpec policy(ReferrerPolicy referrerPolicy) {
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}.
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use {@link #referrerPolicy(Customizer)}
+			 * instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -3073,7 +3177,10 @@ public CrossOriginOpenerPolicySpec policy(CrossOriginOpenerPolicy openerPolicy)
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}.
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use
+			 * {@link #crossOriginOpenerPolicy(Customizer)} instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -3104,7 +3211,10 @@ public CrossOriginEmbedderPolicySpec policy(CrossOriginEmbedderPolicy embedderPo
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}.
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use
+			 * {@link #crossOriginEmbedderPolicy(Customizer)} instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -3135,7 +3245,10 @@ public CrossOriginResourcePolicySpec policy(CrossOriginResourcePolicy resourcePo
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}.
 			 * @return the {@link HeaderSpec} to continue configuring
+			 * @deprecated For removal in 7.0. Use
+			 * {@link #crossOriginResourcePolicy(Customizer)} instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public HeaderSpec and() {
 				return HeaderSpec.this;
 			}
@@ -3211,7 +3324,9 @@ public LogoutSpec logoutSuccessHandler(ServerLogoutSuccessHandler handler) {
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #logout(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -3322,7 +3437,9 @@ public ServerHttpSecurity disable() {
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #cors(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -3378,6 +3495,10 @@ public X509Spec authenticationManager(ReactiveAuthenticationManager authenticati
 			return this;
 		}
 
+		/**
+		 * @deprecated For removal in 7.0. Use {@link #x509(Customizer)} instead
+		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -3630,7 +3751,9 @@ private ServerWebExchangeMatcher getAuthenticationMatcher() {
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #oauth2Login(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -3965,7 +4088,9 @@ private ServerRedirectStrategy getAuthorizationRedirectStrategy() {
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #oauth2Client(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -4113,7 +4238,9 @@ public OAuth2ResourceServerSpec authenticationManagerResolver(
 		/**
 		 * Enables JWT Resource Server support.
 		 * @return the {@link JwtSpec} for additional configuration
+		 * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public JwtSpec jwt() {
 			if (this.jwt == null) {
 				this.jwt = new JwtSpec();
@@ -4138,7 +4265,9 @@ public OAuth2ResourceServerSpec jwt(Customizer<JwtSpec> jwtCustomizer) {
 		/**
 		 * Enables Opaque Token Resource Server support.
 		 * @return the {@link OpaqueTokenSpec} for additional configuration
+		 * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public OpaqueTokenSpec opaqueToken() {
 			if (this.opaqueToken == null) {
 				this.opaqueToken = new OpaqueTokenSpec();
@@ -4230,6 +4359,11 @@ private ServerAuthenticationFailureHandler authenticationFailureHandler() {
 			return new ServerAuthenticationEntryPointFailureHandler(this.entryPoint);
 		}
 
+		/**
+		 * @deprecated For removal in 7.0. Use {@link #oauth2ResourceServer(Customizer)}
+		 * instead
+		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
@@ -4303,6 +4437,10 @@ public JwtSpec jwkSetUri(String jwkSetUri) {
 				return this;
 			}
 
+			/**
+			 * @deprecated For removal in 7.0. Use {@link #jwt(Customizer)} instead
+			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public OAuth2ResourceServerSpec and() {
 				return OAuth2ResourceServerSpec.this;
 			}
@@ -4413,7 +4551,10 @@ public OpaqueTokenSpec authenticationConverter(
 			 * Allows method chaining to continue configuring the
 			 * {@link ServerHttpSecurity}
 			 * @return the {@link ServerHttpSecurity} to continue configuring
+			 * @deprecated For removal in 7.0. Use {@link #opaqueToken(Customizer)}
+			 * instead
 			 */
+			@Deprecated(since = "6.1", forRemoval = true)
 			public OAuth2ResourceServerSpec and() {
 				return OAuth2ResourceServerSpec.this;
 			}
@@ -4539,7 +4680,9 @@ public AnonymousSpec authenticationFilter(AnonymousAuthenticationWebFilter authe
 		/**
 		 * Allows method chaining to continue configuring the {@link ServerHttpSecurity}
 		 * @return the {@link ServerHttpSecurity} to continue configuring
+		 * @deprecated For removal in 7.0. Use {@link #anonymous(Customizer)} instead
 		 */
+		@Deprecated(since = "6.1", forRemoval = true)
 		public ServerHttpSecurity and() {
 			return ServerHttpSecurity.this;
 		}
diff --git a/docs/modules/ROOT/nav.adoc b/docs/modules/ROOT/nav.adoc
index cb4559cc313..c5db68ab81d 100644
--- a/docs/modules/ROOT/nav.adoc
+++ b/docs/modules/ROOT/nav.adoc
@@ -2,6 +2,8 @@
 * xref:prerequisites.adoc[Prerequisites]
 * xref:community.adoc[Community]
 * xref:whats-new.adoc[What's New]
+* xref:migration-7/index.adoc[Preparing for 7.0]
+** xref:migration-7/configuration.adoc[Configuration]
 * xref:migration/index.adoc[Migrating to 6.0]
 ** xref:migration/servlet/index.adoc[Servlet Migrations]
 *** xref:migration/servlet/session-management.adoc[Session Management]
diff --git a/docs/modules/ROOT/pages/migration-7/configuration.adoc b/docs/modules/ROOT/pages/migration-7/configuration.adoc
new file mode 100644
index 00000000000..acff2002703
--- /dev/null
+++ b/docs/modules/ROOT/pages/migration-7/configuration.adoc
@@ -0,0 +1,116 @@
+= Configuration Migrations
+
+The following steps relate to changes around how to configure `HttpSecurity`, `WebSecurity` and related components.
+
+== Use the Lambda DSL
+
+The Lambda DSL is present in Spring Security since version 5.2, and it allows HTTP security to be configured using lambdas.
+
+The prior configuration style will not be valid in Spring Security 7 where the usage of the Lambda DSL will be required.
+
+You may have seen this style of configuration in the Spring Security documentation or samples.
+Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style.
+
+====
+[source,java]
+.Configuration using lambdas
+----
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .authorizeHttpRequests(authorize -> authorize
+                .requestMatchers("/blog/**").permitAll()
+                .anyRequest().authenticated()
+            )
+            .formLogin(formLogin -> formLogin
+                .loginPage("/login")
+                .permitAll()
+            )
+            .rememberMe(Customizer.withDefaults());
+
+        return http.build();
+    }
+}
+----
+====
+
+====
+[source,java]
+.Equivalent configuration without using lambdas
+----
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .authorizeHttpRequests()
+                .requestMatchers("/blog/**").permitAll()
+                .anyRequest().authenticated()
+                .and()
+            .formLogin()
+                .loginPage("/login")
+                .permitAll()
+                .and()
+            .rememberMe();
+
+        return http.build();
+    }
+}
+----
+====
+
+=== Lambda DSL Configuration Tips
+
+When comparing the two samples above, you will notice some key differences:
+
+- In the Lambda DSL there is no need to chain configuration options using the `.and()` method.
+The `HttpSecurity` instance is automatically returned for further configuration after the call to the lambda method.
+
+- `Customizer.withDefaults()` enables a security feature using the defaults provided by Spring Security.
+This is a shortcut for the lambda expression `it -> {}`.
+
+=== WebFlux Security
+
+You may also configure WebFlux security using lambdas in a similar manner.
+Below is an example configuration using lambdas.
+
+====
+[source,java]
+.WebFlux configuration using lambdas
+----
+@Configuration
+@EnableWebFluxSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+        http
+            .authorizeExchange(exchanges -> exchanges
+                .pathMatchers("/blog/**").permitAll()
+                .anyExchange().authenticated()
+            )
+            .httpBasic(Customizer.withDefaults())
+            .formLogin(formLogin -> formLogin
+                .loginPage("/login")
+            );
+
+        return http.build();
+    }
+
+}
+----
+====
+
+=== Goals of the Lambda DSL
+
+The Lambda DSL was created to accomplish to following goals:
+
+- Automatic indentation makes the configuration more readable.
+- The is no need to chain configuration options using `.and()`
+- The Spring Security DSL has a similar configuration style to other Spring DSLs such as Spring Integration and Spring Cloud Gateway.
diff --git a/docs/modules/ROOT/pages/migration-7/index.adoc b/docs/modules/ROOT/pages/migration-7/index.adoc
new file mode 100644
index 00000000000..ac2ef5f5e06
--- /dev/null
+++ b/docs/modules/ROOT/pages/migration-7/index.adoc
@@ -0,0 +1,8 @@
+[[preparing]]
+= Preparing for 7.0
+
+While Spring Security 7.0 does not have a release date yet, it is important to start preparing for it now.
+
+This preparation guide is designed to summarize the biggest changes in Spring Security 7.0 and provide steps to prepare for them.
+
+It is important to keep your application up to date with the latest Spring Security 6 and Spring Boot 3 releases.