Revise Spring Integration security in favor of Spring Security Messaging #3897
Description
The AbstractSecurityInterceptor (and supporting API) is deprecated in Spring Security now.
Consider to deprecate ChannelSecurityInterceptor in favor of AuthorizationChannelInterceptor from Spring Security Messaging.
With that move we probably will deprecate a @SecuredChannel and all the AOP infrastructure we have in spring-integration-security.
The fix depends on the spring-projects/spring-security#11915 which will bring for us a postReceive() security contract.
The current receive() AOP interceptor does not make too much sense since there might be just no a static SecurityContext to auth against.
The postReceive() phase may be already populated from the received message via SecurityContextPropagationChannelInterceptor.postReceive() where an Authentication can be propagated from the producer side.
Also: the migration to the AuthorizationChannelInterceptor and its infrastructure we will have a long time ago requested SpEL support for security: https://jira.spring.io/projects/INT/issues/INT-1479