Clarify default authentication settings for shell access

spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java

@@ -83,7 +83,9 @@ import org.springframework.util.StringUtils;
  * <p>
  * This configuration will auto detect the existence of a Spring Security
  * {@link AuthenticationManager} and will delegate authentication requests for shell
- * access to this detected instance.
+ * access to this detected instance if <code>shell.auth: spring</code> is set in the
+ * application properties. Even in case Spring Security is detected, simple authentication
+ * is default.
  * 
  * <p>
  * To add customizations to the shell simply define beans of type {@link CRaSHPlugin} in