Improve remote shell security documentation

Previous to this commit, the remote shell security configuration
described that a default password will be generated with no extra
configuration. Actually, when Spring Security is configured for the
application, the remote shell reuses that configuration by default.

It turns out that the default log message is confusing as it was
referring to "application endpoints". Updated that log to a more
generic log message and updated doc accordingly.

Fixes gh-779

spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/AuthenticationManagerConfiguration.java

@@ -128,7 +128,7 @@ public class AuthenticationManagerConfiguration extends
 
 			User user = AuthenticationManagerConfiguration.this.security.getUser();
 			if (user.isDefaultPassword()) {
-				logger.info("\n\nUsing default password for application endpoints: "
+				logger.info("\n\nUsing default security password: "
 						+ user.getPassword() + "\n\n");
 			}
 

spring-boot-docs/src/main/asciidoc/production-ready-features.adoc

@@ -256,9 +256,9 @@ protected. By default ``basic'' authentication will be used with the username `u
 and a generated password (which is printed on the console when the application starts).
 
 TIP: Generated passwords are logged as the application starts. Search for ``Using default
-password for application endpoints''.
+security password''.
 
-You can use Spring properties to change the username and passsword and to change the
+You can use Spring properties to change the username and password and to change the
 security role required to access the endpoints. For example, you might set the following
 in your `application.properties`:
 
@@ -453,7 +453,9 @@ on `org.crsh:crsh.shell.telnet`.
 === Connecting to the remote shell
 By default the remote shell will listen for connections on port `2000`. The default user
 is `user` and the default password will be randomly generated and displayed in the log
-output, you should see a message like this:
+output. If your application is using Spring Security, the shell will use
+<<boot-features-security, the same configuration>> by default. If not, a simple
+authentication will be applied and you should see a message like this:
 
 [indent=0]
 ----

spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -1089,9 +1089,16 @@ Additional information can be found in the {spring-security-reference}#jc-method
 Security Reference].
 
 The default `AuthenticationManager` has a single user (``user'' username and random
-password, printed at INFO level when the application starts up). You can change the
+password, printed at INFO level when the application starts up)
-password by providing a `security.user.password`. This and other useful properties are
+
-externalized via {sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
+[indent=0]
+----
+	Using default security password: 78fa095d-3f4c-48b1-ad50-e24c31d5cf35
+----
+
+You can change the password by providing a `security.user.password`. This and other
+useful properties are externalized via
+{sc-spring-boot-autoconfigure}/security/SecurityProperties.{sc-ext}[`SecurityProperties`]
 (properties prefix "security").
 
 The default security configuration is implemented in `SecurityAutoConfiguration` and in