diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerProperties.java
index 9a134d9a85a..1f70da5e172 100644
--- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerProperties.java
+++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/security/oauth2/authserver/AuthorizationServerProperties.java
@@ -27,10 +27,24 @@ import org.springframework.boot.context.properties.ConfigurationProperties;
 @ConfigurationProperties("security.oauth2.authorization")
 public class AuthorizationServerProperties {
 
+	/**
+	 * A Spring Security access rule for the check token endpoint (e.g. a SpEL expression
+	 * like "isAuthenticated()") . Default is empty, which is interpreted as "denyAll()"
+	 * (no access).
+	 */
 	private String checkTokenAccess;
 
+	/**
+	 * A Spring Security access rule for the token key endpoint (e.g. a SpEL expression
+	 * like "isAuthenticated()"). Default is empty, which is interpreted as "denyAll()"
+	 * (no access).
+	 */
 	private String tokenKeyAccess;
 
+	/**
+	 * The realm name for client authentication. If an unauthenticated request comes in to
+	 * the token endpoint, it will respond with a challenge including this name.
+	 */
 	private String realm;
 
 	public String getCheckTokenAccess() {