spring-projects
diff --git a/‎docs/manual/spring-security-docs-manual.gradle
Lines changed: 1 addition & 0 deletions b/‎docs/manual/spring-security-docs-manual.gradle
Lines changed: 1 addition & 0 deletions
diff --git a/‎docs/manual/src/docs/asciidoc/_includes/servlet/hello/boot.adoc
Lines changed: 0 additions & 67 deletions b/‎docs/manual/src/docs/asciidoc/_includes/servlet/hello/boot.adoc
Lines changed: 0 additions & 67 deletions
diff --git a/‎docs/manual/src/docs/asciidoc/_includes/servlet/hello/index.adoc
Lines changed: 71 additions & 5 deletions b/‎docs/manual/src/docs/asciidoc/_includes/servlet/hello/index.adoc
Lines changed: 71 additions & 5 deletions
diff --git a/‎docs/manual/src/docs/asciidoc/_includes/servlet/hello/java-configuration.adoc
Lines changed: 0 additions & 138 deletions b/‎docs/manual/src/docs/asciidoc/_includes/servlet/hello/java-configuration.adoc
Lines changed: 0 additions & 138 deletions
@@ -5,6 +5,7 @@ asciidoctor {
 	def ghUrl = "https://github.com/spring-projects/spring-security/tree/$ghTag"
 	attributes 'spring-security-version' : project.version,
 		'spring-version' : project(':spring-security-core').dependencyManagement.managedVersions['org.springframework:spring-core'],
+		'spring-boot-version' : springBootVersion,
 		revnumber : project.version,
 		'gh-url': ghUrl,
 		'gh-samples-url': "$ghUrl/samples"
 
@@ -1,8 +1,74 @@
+[[servlet-hello]]
 = Hello Spring Security
 
-This section covers a minimal Spring Security application that uses <<servlet-hello-boot,Spring Boot>>, <<servlet-hello-jc,Java Configuration>>, or <<servlet-hello-xml,XML Configuration>>.
-// FIXME add Spring Boot
+This section covers the minimum setup for how to use Spring Security with Spring Boot.
+
+[NOTE]
+====
+The completed application can be found at {gh-samples-url}/boot/helloworld[samples/boot/helloworld]
+For your convenience, you can download a minimal Spring Boot + Spring Security application by https://start.spring.io/starter.zip?type=maven-project&language=java&packaging=jar&jvmVersion=1.8&groupId=example&artifactId=hello-security&name=hello-security&description=Hello%20Security&packageName=example.hello-security&dependencies=web,security[clicking here].
+====
+
+[[servlet-hello-dependencies]]
+== Updating Dependencies
+
+The only step you need to do is update the dependencies by using <<getting-maven-boot,Maven>> or <<getting-gradle-boot,Gradle>>.
+
+[[servlet-hello-starting]]
+== Starting Hello Spring Security Boot
+
+You can now https://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#using-boot-running-with-the-maven-plugin[run the Spring Boot application] by using the Maven Plugin's `run` goal.
+The following example shows how to do so (and the beginning of the output from doing so):
+
+.Running Spring Boot Application
+====
+[source,bash]
+----
+$ ./mvn spring-boot:run
+...
+INFO 23689 --- [  restartedMain] .s.s.UserDetailsServiceAutoConfiguration :
+
+Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336
+
+...
+----
+====
+
+
+[[servlet-hello-auto-configuration]]
+== Spring Boot Auto Configuration
+
+// FIXME: Link to relevant portions of documentation
+// FIXME: Link to Spring Boot's Security Auto configuration classes
+// FIXME: Add a links for what user's should do next
+
+Spring Boot automatically:
+
+* Enables Spring Security's default configuration, which creates a servlet `Filter` as a bean named `springSecurityFilterChain`.
+This bean is responsible for all the security (protecting the application URLs, validating submitted username and passwords, redirecting to the log in form, and so on) within your application.
+* Creates a `UserDetailsService` bean with a username of `user` and a randomly generated password that is logged to the console.
+* Registers the `Filter` with a bean named `springSecurityFilterChain` with the Servlet container for every request.
+
+Spring Boot is not configuring much, but it does a lot.
+A summary of the features follows:
+
+* Require an authenticated user for any interaction with the application
+* Generate a default login form for you
+* Let the user with a username of `user` and a password that is logged to the console to authenticate with form-based authentication (in the preceding example, the password is `8e557245-73e2-4286-969a-ff57fe326336`)
+* Protects the password storage with BCrypt
+* Lets the user log out
+* https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
+* https://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
+* Security Header integration
+** https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
+** https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
+** Cache Control (can be overridden later by your application to allow caching of your static resources)
+** https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
+** X-Frame-Options integration to help prevent https://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
+* Integrate with the following Servlet API methods:
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[`HttpServletRequest#getRemoteUser()`]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[`HttpServletRequest.html#getUserPrincipal()`]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[`HttpServletRequest.html#isUserInRole(java.lang.String)`]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[`HttpServletRequest.html#login(java.lang.String, java.lang.String)`]
+** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[`HttpServletRequest.html#logout()`]
 
-include::boot.adoc[leveloffset=+1]
-include::java-configuration.adoc[leveloffset=+1]
-include::xml-configuration.adoc[leveloffset=+1]