@Bean signals this method as a bean definition to be picked up and added to the application context.

SecurityFilterChain is the bean type needed to define a Spring Security policy.

To define such a policy, we ask for a Spring Security HttpSecurity bean. This gives us a handle on defining rules that will govern our application.

authorizeRequests defines exactly how we will, you know, authorize requests. In this case, any request is allowed if the user is authenticated and that is the only rule applied.

In addition to that, the formLogin and httpBasic directives are switched on, enabling both HTTP Form and HTTP Basic, two standard authentication mechanisms.

The HttpSecurity builder, with these settings, is then used to render SecurityFilterChain through which all servlet requests will be routed.