diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java
index e79441c99c4..5872f561432 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SecurityFilterAutoConfiguration.java
@@ -52,7 +52,7 @@ import org.springframework.security.web.context.AbstractSecurityWebApplicationIn
@EnableConfigurationProperties
@ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class,
SessionCreationPolicy.class })
-@AutoConfigureAfter(SpringBootWebSecurityConfiguration.class)
+@AutoConfigureAfter(SecurityAutoConfiguration.class)
public class SecurityFilterAutoConfiguration {
private static final String DEFAULT_FILTER_NAME = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME;
diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java
index 1358495c63f..de9a3f7ee4f 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.java
@@ -53,8 +53,8 @@ import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;
/**
- * {@link EnableAutoConfiguration Auto-configuration} for security of a web application or
- * service. By default everything is secured with HTTP Basic authentication except the
+ * Configuration for security of a web application or service. By default everything is
+ * secured with HTTP Basic authentication except the
* {@link SecurityProperties#getIgnored() explicitly ignored} paths (defaults to
* /css/**, /js/**, /images/**, /**/favicon.ico
* ). Many aspects of the behavior can be controller with {@link SecurityProperties} via
@@ -66,9 +66,10 @@ import org.springframework.util.StringUtils;
* Some common simple customizations:
*
* - Switch off security completely and permanently: remove Spring Security from the
- * classpath or {@link EnableAutoConfiguration#exclude() exclude} this configuration.
+ * classpath or {@link EnableAutoConfiguration#exclude() exclude}
+ * {@link SecurityAutoConfiguration}.
* - Switch off security temporarily (e.g. for a dev environment): set
- * {@code security.basic.enabled: false}
+ * {@code security.basic.enabled=false}
* - Customize the user details: autowire an {@link AuthenticationManagerBuilder} into a
* method in one of your configuration classes or equivalently add a bean of type
* AuthenticationManager