diff --git a/spring-boot-docs/src/main/asciidoc/howto.adoc b/spring-boot-docs/src/main/asciidoc/howto.adoc index 6bb505bd9e..42cdf84943 100644 --- a/spring-boot-docs/src/main/asciidoc/howto.adoc +++ b/spring-boot-docs/src/main/asciidoc/howto.adoc @@ -2134,8 +2134,9 @@ will be available under `/system`. [[howto-switch-off-spring-boot-security-configuration]] === Switch off the Spring Boot security configuration If you define a `@Configuration` with `@EnableWebSecurity` anywhere in your application -it will switch off the default webapp security settings in Spring Boot. To tweak the -defaults try setting properties in `+security.*+` (see +it will switch off the default webapp security settings in Spring Boot (but leave the +Actuator's security enabled). To tweak the defaults try setting properties in +`+security.*+` (see {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`] for details of available settings) and `SECURITY` section of <>. diff --git a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc index dc0a9a39ae..a25663f643 100644 --- a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc +++ b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc @@ -2290,9 +2290,9 @@ properties are externalized via The default security configuration is implemented in `SecurityAutoConfiguration` and in the classes imported from there (`SpringBootWebSecurityConfiguration` for web security and `AuthenticationManagerConfiguration` for authentication configuration which is also -relevant in non-web applications). To switch off the default web security configuration -completely you can add a bean with `@EnableWebSecurity` (this does not disable the -authentication manager configuration). To customize +relevant in non-web applications). To switch off the default web application security +configuration completely you can add a bean with `@EnableWebSecurity` (this does not +disable the authentication manager configuration or Actuator's security). To customize it you normally use external properties and beans of type `WebSecurityConfigurerAdapter` (e.g. to add form-based login). To also switch off the authentication manager configuration you can add a bean of type `AuthenticationManager`, or else configure the