Deprecate spring-integration-security module

The `SecurityContextPropagationChannelInterceptor` has been migrated to `spring-security-messaging`.
Since it was only the class in the `spring-integration-security`, it is now fully considered
as deprecated
* Remove all the tests from `spring-integration-security`
* Modify `HttpDslTests` to demonstrate the `spring-security-messaging` in action
which has been replaced with whatever there was in `spring-integration-security`
* Remove redundant `exclude group: 'org.springframework'` for security
dependencies in `build.gradle` since all of them rely on the same SF deps
as SI

Author: artembilan

build.gradle

@@ -702,14 +702,10 @@ project('spring-integration-http') {
         optionalApi "com.rometools:rome:$romeToolsVersion"
         optionalApi 'org.springframework:spring-webflux'
 
-        testImplementation project(':spring-integration-security')
         testImplementation "org.hamcrest:hamcrest-core:$hamcrestVersion"
-        testImplementation('org.springframework.security:spring-security-config') {
-            exclude group: 'org.springframework'
-        }
-        testImplementation('org.springframework.security:spring-security-test') {
-            exclude group: 'org.springframework'
-        }
+        testImplementation 'org.springframework.security:spring-security-messaging'
+        testImplementation 'org.springframework.security:spring-security-config'
+        testImplementation 'org.springframework.security:spring-security-test'
         testImplementation 'com.fasterxml.jackson.core:jackson-databind'
 
         testRuntimeOnly "com.jayway.jsonpath:json-path:$jsonpathVersion"
@@ -916,13 +912,9 @@ project('spring-integration-security') {
     description = 'Spring Integration Security Support'
     dependencies {
         api project(':spring-integration-core')
-        api('org.springframework.security:spring-security-messaging') {
-            exclude group: 'org.springframework'
-        }
+        api 'org.springframework.security:spring-security-messaging'
 
-        testImplementation('org.springframework.security:spring-security-config') {
-            exclude group: 'org.springframework'
-        }
+        testImplementation 'org.springframework.security:spring-security-config'
     }
 }
 
@@ -1017,12 +1009,8 @@ project('spring-integration-webflux') {
         testImplementation "jakarta.servlet:jakarta.servlet-api:$servletApiVersion"
         testImplementation "org.hamcrest:hamcrest-core:$hamcrestVersion"
         testImplementation 'org.springframework:spring-webmvc'
-        testImplementation('org.springframework.security:spring-security-config') {
-            exclude group: 'org.springframework'
-        }
-        testImplementation('org.springframework.security:spring-security-test') {
-            exclude group: 'org.springframework'
-        }
+        testImplementation 'org.springframework.security:spring-security-config'
+        testImplementation 'org.springframework.security:spring-security-test'
         testImplementation 'com.fasterxml.jackson.core:jackson-databind'
         testImplementation 'io.micrometer:micrometer-observation-test'
         testImplementation('io.micrometer:micrometer-tracing-integration-test') {

spring-integration-http/src/test/java/org/springframework/integration/http/dsl/HttpDslTests.java

@@ -36,14 +36,18 @@
 import org.springframework.http.client.ClientHttpResponse;
 import org.springframework.integration.channel.DirectChannel;
 import org.springframework.integration.channel.FixedSubscriberChannel;
+import org.springframework.integration.channel.QueueChannel;
 import org.springframework.integration.config.EnableIntegration;
+import org.springframework.integration.dsl.DirectChannelSpec;
 import org.springframework.integration.dsl.IntegrationFlow;
+import org.springframework.integration.dsl.MessageChannels;
+import org.springframework.integration.dsl.QueueChannelSpec;
 import org.springframework.integration.dsl.context.IntegrationFlowContext;
 import org.springframework.integration.handler.AbstractReplyProducingMessageHandler;
 import org.springframework.integration.http.multipart.UploadedMultipartFile;
 import org.springframework.integration.http.outbound.HttpRequestExecutingMessageHandler;
+import org.springframework.integration.scheduling.PollerMetadata;
 import org.springframework.messaging.Message;
-import org.springframework.messaging.MessageChannel;
 import org.springframework.messaging.PollableChannel;
 import org.springframework.messaging.support.ErrorMessage;
 import org.springframework.mock.web.MockPart;
@@ -56,6 +60,7 @@
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 import org.springframework.security.messaging.access.intercept.AuthorizationChannelInterceptor;
+import org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor;
 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
@@ -330,21 +335,33 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
 					.build();
 		}
 
+		@Bean(PollerMetadata.DEFAULT_POLLER)
+		PollerMetadata pollerMetadata() {
+			return new PollerMetadata();
+		}
+
+		@Bean
+		public QueueChannelSpec securityPropagationChannel() {
+			return MessageChannels.queue()
+					.interceptor(new SecurityContextPropagationChannelInterceptor());
+		}
+
 		@Bean
-		public MessageChannel transformSecuredChannel() {
-			DirectChannel directChannel = new DirectChannel();
-			directChannel.addInterceptor(
-					new AuthorizationChannelInterceptor(AuthorityAuthorizationManager.hasRole("ADMIN")));
-			return directChannel;
+		public DirectChannelSpec transformSecuredChannel() {
+			return MessageChannels.direct()
+					.interceptor(new AuthorizationChannelInterceptor(AuthorityAuthorizationManager.hasRole("ADMIN")));
 		}
 
 		@Bean
-		public IntegrationFlow httpInternalServiceFlow() {
+		public IntegrationFlow httpInternalServiceFlow(QueueChannel securityPropagationChannel,
+				DirectChannel transformSecuredChannel) {
+
 			return IntegrationFlow
 					.from(Http.inboundGateway("/service/internal")
 							.requestMapping(r -> r.params("name"))
 							.payloadExpression("#requestParams.name"))
-					.channel(transformSecuredChannel())
+					.channel(securityPropagationChannel)
+					.channel(transformSecuredChannel)
 					.<List<String>, String>transform(p -> p.get(0).toUpperCase())
 					.get();
 		}

spring-integration-security/src/main/java/org/springframework/integration/security/channel/SecurityContextPropagationChannelInterceptor.java

@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2019 the original author or authors.
+ * Copyright 2015-2023 the original author or authors.
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -43,7 +43,10 @@
  * @since 4.2
  *
  * @see ThreadStatePropagationChannelInterceptor
+ *
+ * @deprecated since 6.2 in favor of {@link org.springframework.security.messaging.context.SecurityContextPropagationChannelInterceptor}
  */
+@Deprecated(since = "6.2", forRemoval = true)
 public class SecurityContextPropagationChannelInterceptor
 		extends ThreadStatePropagationChannelInterceptor<Authentication> {