spring-boot-security

# Spring Security 7 for Spring Boot 4

Implements authentication and authorization with Spring Security 7's mandatory Lambda DSL.

## Critical Breaking Changes

| Removed API | Replacement | Status |
|-------------|-------------|--------|
| `and()` method | Lambda DSL closures | **Required** |
| `authorizeRequests()` | `authorizeHttpRequests()` | **Required** |
| `antMatchers()` | `requestMatchers()` | **Required** |
| `WebSecurityConfigurerAdapter` | `SecurityFilterChain` bean | **Required** |
| `@EnableGlobalMethodSecurity` | `@EnableMethodSecurity` | **Required** |

## Core Workflow

1. **Create SecurityFilterChain bean** → Configure with Lambda DSL
2. **Define authorization rules** → `authorizeHttpRequests()` with `requestMatchers()`
3. **Configure authentication** → Form login, HTTP Basic, or OAuth2
4. **Add method security** → `@EnableMethodSecurity` + `@PreAuthorize`
5. **Handle CORS/CSRF** → Configure for REST APIs

## Quick Patterns

See [EXAMPLES.md](EXAMPLES.md) for complete working examples including:
- **REST API Security** with JWT/OAuth2 (Java + Kotlin)
- **Form Login with Session Security** and CSRF
- **Method Security** with @PreAuthorize and SpEL
- **CORS Configuration** for cross-origin APIs
- **Password Encoder** (Argon2 for Security 7)

## Spring Boot 4 Specifics

- **Lambda DSL** is mandatory (no `and()` chaining)
- **Argon2** password encoder: `Argon2PasswordEncoder.defaultsForSpring7()`
- **CSRF for SPAs**: `CookieCsrfTokenRepository.withHttpOnlyFalse()`
- **@EnableMethodSecurity** replaces `@EnableGlobalMethodSecurity`

## Detailed References

- **Examples**: See [EXAMPLES.md](EXAMPLES.md) for complete working code examples
- **Troubleshooting**: See [TROUBLESHOOTING.md](TROUBLESHOOTING.md) for common issues and Boot 4 migration
- **Security Configuration**: See [references/SECURITY-CONFIG.md](references/SECURITY-CONFIG.md) for complete SecurityFilterChain patterns
- **Authentication**: See [references/AUTHENTICATION.md](references/AUTHENTIC