In the guide it is not clear that Spring Boot enables Basic Authentication by default on all HTTP endpoints with a default username/password that can be changed using specific properties.

In order for someone to be become aware of these features they would need to either see http://docs.spring.io/spring-boot/docs/1.0.2.RELEASE/reference/htmlsingle/#boot-features-security.

Perhaps some specific mention of the default features would help users