diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
index 9ef600620a..578910c28e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/ServerHttpSecurityConfiguration.java
@@ -67,8 +67,6 @@ public class ServerHttpSecurityConfiguration implements WebFluxConfigurer {
 		return http()
 			.authenticationManager(authenticationManager())
 			.headers().and()
-			.httpBasic().and()
-			.formLogin().and()
 			.logout().and();
 	}
 
diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
index 5585f5e87a..695f18fb9f 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -65,7 +65,11 @@ public class WebFluxSecurityConfiguration {
 		ServerHttpSecurity http = context.getBean(ServerHttpSecurity.class);
 		http
 			.authorizeExchange()
-				.anyExchange().authenticated();
+				.anyExchange().authenticated()
+				.and()
+			.httpBasic().and()
+			.formLogin().and()
+			.build();
 		return Arrays.asList(http.build());
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java b/config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java
index 0b48eafc18..7fd688623f 100644
--- a/config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java
+++ b/config/src/test/java/org/springframework/security/config/web/server/LogoutBuilderTests.java
@@ -43,6 +43,7 @@ public class LogoutBuilderTests {
 			.authorizeExchange()
 				.anyExchange().authenticated()
 				.and()
+			.formLogin().and()
 			.build();
 
 		WebTestClient webTestClient = WebTestClientBuilder
@@ -82,6 +83,7 @@ public class LogoutBuilderTests {
 			.authorizeExchange()
 				.anyExchange().authenticated()
 				.and()
+			.formLogin().and()
 			.logout()
 				.logoutUrl("/custom-logout")
 				.and()
diff --git a/samples/javaconfig/hellowebflux-method/src/main/java/sample/SecurityConfig.java b/samples/javaconfig/hellowebflux-method/src/main/java/sample/SecurityConfig.java
index 706bcafe5f..acaefc3c8a 100644
--- a/samples/javaconfig/hellowebflux-method/src/main/java/sample/SecurityConfig.java
+++ b/samples/javaconfig/hellowebflux-method/src/main/java/sample/SecurityConfig.java
@@ -36,10 +36,12 @@ public class SecurityConfig {
 	@Bean
 	SecurityWebFilterChain springWebFilterChain(ServerHttpSecurity http) throws Exception {
 		return http
-			// we rely on method security
+			// Demonstrate that method security works
+			// Best practice to use both for defense in depth
 			.authorizeExchange()
 				.anyExchange().permitAll()
 				.and()
+			.httpBasic().and()
 			.build();
 	}