From e16e23230c4e934faa3a051f8bf645efd0a68b86 Mon Sep 17 00:00:00 2001
From: Christian Dupuis <cdupuis@gopivotal.com>
Date: Mon, 18 Nov 2013 17:48:21 +0100
Subject: [PATCH] Clarify default authentication settings for shell access

---
 .../boot/actuate/autoconfigure/CrshAutoConfiguration.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java
index d7dfbfb9060..dcb6d1dead4 100644
--- a/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java
+++ b/spring-boot-actuator/src/main/java/org/springframework/boot/actuate/autoconfigure/CrshAutoConfiguration.java
@@ -83,7 +83,9 @@ import org.springframework.util.StringUtils;
  * <p>
  * This configuration will auto detect the existence of a Spring Security
  * {@link AuthenticationManager} and will delegate authentication requests for shell
- * access to this detected instance.
+ * access to this detected instance if <code>shell.auth: spring</code> is set in the
+ * application properties. Even in case Spring Security is detected, simple authentication
+ * is default.
  * 
  * <p>
  * To add customizations to the shell simply define beans of type {@link CRaSHPlugin} in