From a22071724a1c0b87fc50ae789e24def69454646e Mon Sep 17 00:00:00 2001
From: Andy Wilkinson <awilkinson@pivotal.io>
Date: Tue, 19 Jul 2016 12:07:45 +0100
Subject: [PATCH] Make it clearer that unconfigured WebSecConfigAdapter matches
 any path

Closes gh-5046
---
 .../src/main/asciidoc/spring-boot-features.adoc             | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
index 6544db644a7..796137ba904 100644
--- a/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
+++ b/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc
@@ -2033,7 +2033,11 @@ The basic features you get out of the box in a web application are:
 All of the above can be switched on and off or modified using external properties
 (`+security.*+`). To override the access rules without changing any other auto-configured
 features add a `@Bean` of type `WebSecurityConfigurerAdapter` with
-`@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)`.
+`@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER)` and configure it to meet your needs.
+
+NOTE: By default, a `WebSecurityConfigurerAdapter` will match any path. If you don't want
+to completely override Spring Boot's auto-configured access rules, your adapter must
+explicitly configure the paths that you do want to override.