Documentation : Spring security architecture guide describes old auto configuration from Spring Boot 1.x

[aashaysaralkar]

Spring security architecture guide needs to be changed to reflect the simplification done to the security auto configuration in Spring Boot 2.x. Documentation says:

A vanilla Spring Boot application with no custom security configuration has a several (call it n) filter chains, where usually n=6. The first (n-1) chains are there just to ignore static resource patterns, like /css/** and /images/**, and the error view: /error.

But SpringBootWebSecurityConfiguration no longer ignores them explicitly after the change in 2.6.0-M3 with this commit and every thing is secured by default in a vanilla setup with a single SecurityFilterChain.

[jzheaux]

@aashaysaralkar I think you make some good points here. Will you please post this issue instead to https://github.com/spring-guides/top-spring-security-architecture/issues and we can take a look there?

[aashaysaralkar]

@jzheaux sure! I will close the issue here.

[jzheaux]

Thanks, @aashaysaralkar!

For folks who land here, the issue is moved to spring-attic/top-spring-security-architecture#19