auto-config="true"is equivalent to:

auto-config="true"相当于：

<http>
    <form-login />
    <http-basic />
    <logout />
</http>

so it gives you a very basic security configuration to boot.

所以它为您提供了一个非常基本的安全配置来启动。

Source: https://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-auto-config

来源：https: //docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-auto-config

This is one of the cases where we use auto-config = true:

这是我们使用的情况之一auto-config = true：

<http auto-config='true'>
  <intercept-url pattern="/**" access="ROLE_USER" />
</http>

This declaration means we want all URLs within our application to be secured, requiring the role ROLE_USER to access them. The element is the parent for all web-related namespace functionality. The element defines a pattern which is matched against the URLs of incoming requests using an ant path style syntax

这个声明意味着我们希望应用程序中的所有 URL 都受到保护，需要角色 ROLE_USER 来访问它们。该元素是所有与 Web 相关的命名空间功能的父元素。该元素定义了一个模式，该模式使用 ant 路径样式语法与传入请求的 URL 匹配

auto-config='true' means for the intercept-url pattern the spring security provides the default login screen

auto-config='true' 表示对于intercept-url 模式，spring security 提供默认登录屏幕

Spring Security Reference:

Spring 安全参考：

"Use of this attribute is not recommended. Use explicit configuration elements instead to avoid confusion."

“不建议使用此属性。使用显式配置元素来避免混淆。”

Source: https://docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/html5/#nsa-http-attributes

来源：https: //docs.spring.io/spring-security/site/docs/3.2.x/reference/htmlsingle/html5/#nsa-http-attributes