Reviewing the log helps us to understand what's happening behind the screens. The following snippets are some of the important extracts from the log when you enable debug logging. You can see that SecurityAutoConfiguration is kicked off, and that SecurityFilterAutoConfiguration auto-configures SecurityFilter:

SecurityAutoConfiguration matched:
 - @ConditionalOnClass found required class 'org.springframework.security.authentication.DefaultAuthenticationEventPublisher'; @ConditionalOnMissingClass did not find unwanted class (OnClassCondition)
SecurityFilterAutoConfiguration matched:
 - @ConditionalOnClass found required classes 'org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer', 'org.springframework.security.config.http.SessionCreationPolicy'; @ConditionalOnMissingClass did not find unwanted class (OnClassCondition)
 - found ConfigurableWebEnvironment (OnWebApplicationCondition)

You can also see that a security filter chain is being configured. Also, in the log, is a list of filters that are part of the chain:

SecurityFilterAutoConfiguration#securityFilterChainRegistration matched:
 - @ConditionalOnBean (names: springSecurityFilterChain; SearchStrategy: all) found bean 'springSecurityFilterChain' (OnBeanCondition)
2019-05-02 14:11:44.257 INFO 5053 - [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@47e122e9, org.springframework.security.web.context.SecurityContextPersistenceFilter@5df6d952, org.springframework.security.web.header.HeaderWriterFilter@2cf48198, org.springframework.security.web.csrf.CsrfFilter@1a6342c0, org.springframework.security.web.authentication.logout.LogoutFilter@4e8861fe, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@50951d86, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@6a8113f8, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@4dda8e9d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@6a6c21f8, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@766e8466, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@55b96e7b, org.springframework.security.web.session.SessionManagementFilter@1dd7e56d, org.springframework.security.web.access.ExceptionTranslationFilter@489b0280, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6bd7b76c]