Spring Security Documentation : Spring security architecture guide describes old auto configuration from Spring Boot 1.x

Spring security architecture guide needs to be changed to reflect the simplification done to the security auto configuration in Spring Boot 2.x. Documentation says:

A vanilla Spring Boot application with no custom security configuration has a several (call it n) filter chains, where usually n=6. The first (n-1) chains are there just to ignore static resource patterns, like /css/ and /images/, and the error view: /error.

But SpringBootWebSecurityConfiguration no longer ignores them explicitly after the change in 2.6.0-M3 with this commit and every thing is secured by default in a vanilla setup with a single SecurityFilterChain.

Comment From: jzheaux

@aashaysaralkar I think you make some good points here. Will you please post this issue instead to https://github.com/spring-guides/top-spring-security-architecture/issues and we can take a look there?

Comment From: aashaysaralkar

@jzheaux sure! I will close the issue here.

Comment From: jzheaux

Thanks, @aashaysaralkar!

For folks who land here, the issue is moved to https://github.com/spring-guides/top-spring-security-architecture/issues/19