2025dbad61
Setting security.basic.enabled=false in a secure app doesn't make a lot of sense. The sample has it set to true now (the default) so users can login (via the form that is sitting in front of the basic auth filter chain). Fixes gh-997