diff --git a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
index 0cfdf4f8d6..1a95d1d93e 100644
--- a/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
+++ b/config/src/main/java/org/springframework/security/config/annotation/web/reactive/WebFluxSecurityConfiguration.java
@@ -19,11 +19,15 @@
 package org.springframework.security.config.annotation.web.reactive;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.web.server.HttpSecurity;
 import org.springframework.security.web.server.SecurityWebFilterChain;
 import org.springframework.security.web.server.WebFilterChainFilter;
+import org.springframework.util.ObjectUtils;
 
+import java.util.Arrays;
 import java.util.List;
 
 /**
@@ -36,8 +40,27 @@ public class WebFluxSecurityConfiguration {
 	@Autowired(required = false)
 	private List<SecurityWebFilterChain> securityWebFilterChains;
 
+	@Autowired
+	ApplicationContext context;
+
 	@Bean
 	public WebFilterChainFilter springSecurityFilterChain() {
-		return WebFilterChainFilter.fromSecurityWebFilterChainsList(securityWebFilterChains);
+		return WebFilterChainFilter.fromSecurityWebFilterChainsList(getSecurityWebFilterChains());
+	}
+
+	private List<SecurityWebFilterChain> getSecurityWebFilterChains() {
+		List<SecurityWebFilterChain> result = securityWebFilterChains;
+		if(ObjectUtils.isEmpty(result)) {
+			return defaultSecurityWebFilterChains();
+		}
+		return result;
+	}
+
+	private List<SecurityWebFilterChain> defaultSecurityWebFilterChains() {
+		HttpSecurity http = context.getBean(HttpSecurity.class);
+		http
+			.authorizeExchange()
+				.anyExchange().authenticated();
+		return Arrays.asList(http.build());
 	}
 }
diff --git a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
index 0159db1601..440f6044a5 100644
--- a/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
+++ b/config/src/test/java/org/springframework/security/config/annotation/web/reactive/EnableWebFluxSecurityTests.java
@@ -45,7 +45,34 @@ import static org.mockito.Mockito.mock;
  */
 @RunWith(Enclosed.class)
 public class EnableWebFluxSecurityTests {
+	@RunWith(SpringRunner.class)
+	public static class Defaults {
+		@Autowired
+		WebFilterChainFilter springSecurityFilterChain;
+
+		@Test
+		public void defaultRequiresAuthentication() {
+			WebTestClient client = WebTestClientBuilder.bindToWebFilters(springSecurityFilterChain).build();
+
+			client.get()
+				.uri("/")
+				.exchange()
+				.expectStatus().isUnauthorized()
+				.expectBody().isEmpty();
+		}
 
+		@EnableWebFluxSecurity
+		static class Config {
+			@Bean
+			public UserDetailsRepository userDetailsRepository() {
+				return new MapUserDetailsRepository(User.withUsername("user")
+					.password("password")
+					.roles("USER")
+					.build()
+				);
+			}
+		}
+	}
 
 	@RunWith(SpringRunner.class)
 	public static class MultiHttpSecurity {