Polish gh-18153

jgrandja · jgrandja · commit b130e728b776 · 2025-11-11T14:27:50.000-05:00
Issue gh-18144
diff --git a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/configuration-model.adoc
@@ -95,24 +95,6 @@ public JwtDecoder jwtDecoder(JWKSource<SecurityContext> jwkSource) {
 
 The main intent of `OAuth2AuthorizationServerConfiguration` is to provide a convenient method to apply the minimal default configuration for an OAuth2 authorization server. However, in most cases, customizing the configuration will be required.
 
-The following example shows how you can wire an authorization server with nothing more than an `HttpSecurity` builder while still re-using Spring Boot’s defaults for users and static resources:
-
-[source,java]
-----
-@Bean
-SecurityFilterChain springSecurity(HttpSecurity http) {
-    http
-        .authorizeHttpRequests(requests -> requests
-            .anyRequest().authenticated()
-        )
-        .authorizationServer(auth -> auth
-            .oidc(Customizer.withDefaults())
-        )
-        .formLogin(Customizer.withDefaults());
-    return http.build();
-}
-----
-
 [[oauth2AuthorizationServer-customizing-the-configuration]]
 == Customizing the configuration
 
diff --git a/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc b/docs/modules/ROOT/pages/servlet/oauth2/authorization-server/getting-started.adoc
@@ -108,6 +108,34 @@ spring:
             require-authorization-consent: true
 ----
 
+If you want to customize the default `HttpSecurity` configuration, you may override Spring Boot's auto-configuration with the following example:
+
+[[oauth2AuthorizationServer-minimal-sample-gettingstarted]]
+.SecurityConfig.java
+[source,java]
+----
+@Configuration
+@EnableWebSecurity
+public class SecurityConfig {
+
+	@Bean
+	public SecurityFilterChain securityFilterChain(HttpSecurity http) {
+		http
+			.authorizeHttpRequests((authorize) ->
+				authorize
+					.anyRequest().authenticated()
+			)
+			.formLogin(Customizer.withDefaults())
+			.oauth2AuthorizationServer((authorizationServer) ->
+				authorizationServer
+					.oidc(Customizer.withDefaults())	// Enable OpenID Connect 1.0
+			);
+		return http.build();
+	}
+
+}
+----
+
 TIP: Beyond the Getting Started experience, most users will want to customize the default configuration. The xref:servlet/oauth2/authorization-server/getting-started.adoc#oauth2AuthorizationServer-defining-required-components[next section] demonstrates providing all of the necessary beans yourself.
 
 [[oauth2AuthorizationServer-defining-required-components]]
