From d119336f70b048d2d6037ee7d8965624de23bb76 Mon Sep 17 00:00:00 2001
From: Dave Syer <dsyer@gopivotal.com>
Date: Thu, 3 Apr 2014 14:42:40 +0100
Subject: [PATCH] Explcitly state in docs that Spring Security is required

... if you use management.security.* properties

Fixes gh-595
---
 .../src/main/asciidoc/production-ready-features.adoc       | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc b/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
index 7b9dcb102b6..783bade6a85 100644
--- a/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
+++ b/spring-boot-docs/src/main/asciidoc/production-ready-features.adoc
@@ -294,8 +294,8 @@ based deployments. If, however, your application runs inside your own data cente
 may prefer to expose endpoints using a different HTTP port.
 
 The `management.port` property can be used to change the HTTP port. Since your management
-port is often protected by a firewall, and not exposed to the public, you might also
-want to disable management security:
+port is often protected by a firewall, and not exposed to the public. If you have Spring
+Security on the classpath, you might also want to disable management security:
 
 [source,properties,indent=0]
 ----
@@ -303,7 +303,8 @@ want to disable management security:
 	management.security.enabled=false
 ----
 
-
+(If you don't have Spring Security on the classpath then there is no need to explicitly
+disable the management security in this way, and it might even break the application.)
 
 [[production-ready-customizing-management-server-address]]
 === Customizing the management server address