Document in the reference how to migrate to lambda

Closes gh-12628

Author: marcusdacoregio

docs/modules/ROOT/nav.adoc

@@ -2,6 +2,8 @@
 * xref:prerequisites.adoc[Prerequisites]
 * xref:community.adoc[Community]
 * xref:whats-new.adoc[What's New]
+* xref:migration-7/index.adoc[Preparing for 7.0]
+** xref:migration-7/configuration.adoc[Configuration]
 * xref:migration/index.adoc[Migrating to 6.0]
 ** xref:migration/servlet/index.adoc[Servlet Migrations]
 *** xref:migration/servlet/session-management.adoc[Session Management]

docs/modules/ROOT/pages/migration-7/configuration.adoc

@@ -0,0 +1,116 @@
+= Configuration Migrations
+
+The following steps relate to changes around how to configure `HttpSecurity`, `WebSecurity` and related components.
+
+== Use the Lambda DSL
+
+The Lambda DSL is present in Spring Security since version 5.2, and it allows HTTP security to be configured using lambdas.
+
+The prior configuration style will not be valid in Spring Security 7 where the usage of the Lambda DSL will be required.
+
+You may have seen this style of configuration in the Spring Security documentation or samples.
+Let us take a look at how a lambda configuration of HTTP security compares to the previous configuration style.
+
+====
+[source,java]
+.Configuration using lambdas
+----
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .authorizeHttpRequests(authorize -> authorize
+                .requestMatchers("/blog/**").permitAll()
+                .anyRequest().authenticated()
+            )
+            .formLogin(formLogin -> formLogin
+                .loginPage("/login")
+                .permitAll()
+            )
+            .rememberMe(Customizer.withDefaults());
+
+        return http.build();
+    }
+}
+----
+====
+
+====
+[source,java]
+.Equivalent configuration without using lambdas
+----
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+        http
+            .authorizeHttpRequests()
+                .requestMatchers("/blog/**").permitAll()
+                .anyRequest().authenticated()
+                .and()
+            .formLogin()
+                .loginPage("/login")
+                .permitAll()
+                .and()
+            .rememberMe();
+
+        return http.build();
+    }
+}
+----
+====
+
+=== Lambda DSL Configuration Tips
+
+When comparing the two samples above, you will notice some key differences:
+
+- In the Lambda DSL there is no need to chain configuration options using the `.and()` method.
+The `HttpSecurity` instance is automatically returned for further configuration after the call to the lambda method.
+
+- `Customizer.withDefaults()` enables a security feature using the defaults provided by Spring Security.
+This is a shortcut for the lambda expression `it -> {}`.
+
+=== WebFlux Security
+
+You may also configure WebFlux security using lambdas in a similar manner.
+Below is an example configuration using lambdas.
+
+====
+[source,java]
+.WebFlux configuration using lambdas
+----
+@Configuration
+@EnableWebFluxSecurity
+public class SecurityConfig {
+
+    @Bean
+    public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
+        http
+            .authorizeExchange(exchanges -> exchanges
+                .pathMatchers("/blog/**").permitAll()
+                .anyExchange().authenticated()
+            )
+            .httpBasic(Customizer.withDefaults())
+            .formLogin(formLogin -> formLogin
+                .loginPage("/login")
+            );
+
+        return http.build();
+    }
+
+}
+----
+====
+
+=== Goals of the Lambda DSL
+
+The Lambda DSL was created to accomplish to following goals:
+
+- Automatic indentation makes the configuration more readable.
+- The is no need to chain configuration options using `.and()`
+- The Spring Security DSL has a similar configuration style to other Spring DSLs such as Spring Integration and Spring Cloud Gateway.

docs/modules/ROOT/pages/migration-7/index.adoc

@@ -0,0 +1,8 @@
+[[preparing]]
+= Preparing for 7.0
+
+While Spring Security 7.0 does not have a release date yet, it is important to start preparing for it now.
+
+This preparation guide is designed to summarize the biggest changes in Spring Security 7.0 and provide steps to prepare for them.
+
+It is important to keep your application up to date with the latest Spring Security 6 and Spring Boot 3 releases.