Document how to test secure mockmvc tests

See gh-14227

spring-boot-project/spring-boot-docs/src/main/asciidoc/howto.adoc

@@ -1417,6 +1417,31 @@ For more detail, see the following sections:
 
 
 
+[[howto-use-test-with-spring-security]]
+== Testing With Spring Security
+Spring Security provides support for running tests as a specific user.
+For example, the test in the snippet below will run with an authenticated user
+that has the `ADMIN` role.
+
+[source,java,indent=0]
+----
+	@Test
+	@WithMockUser(roles="ADMIN")
+	public void requestProtectedUrlWithUser() throws Exception {
+		mvc
+			.perform(get("/"))
+			...
+	}
+----
+
+Spring Security provides comprehensive integration with Spring MVC Test and
+this can also be used when testing controllers using the `@WebMvcTest` slice and `MockMvc`.
+
+For additional details on Spring Security's testing support, refer to Spring Security's
+https://docs.spring.io/spring-security/site/docs/current/reference/htmlsingle/#test[reference documentation]).
+
+
+
 [[howto-jersey]]
 == Jersey
 

spring-boot-project/spring-boot-docs/src/main/asciidoc/spring-boot-features.adoc

@@ -6886,6 +6886,11 @@ that the driver exits after each test and that a new instance is injected. If yo
 not want this behavior, you can add `@Scope("singleton")` to your `WebDriver` `@Bean`
 definition.
 
+If you have Spring Security on the classpath, `@WebMvcTest` will also scan `WebSecurityConfigurer`
+beans. Instead of disabling security completely for such tests, you can use Spring Security's test support.
+More details on how to use Spring Security's `MockMvc` support can be found in
+this _<<howto.adoc#howto-use-test-with-spring-security>>_ how-to section.
+
 TIP: Sometimes writing Spring MVC tests is not enough; Spring Boot can help you run
 <<boot-features-testing-spring-boot-applications-testing-with-running-server,
 full end-to-end tests with an actual server>>.