Yes, traditional JPA logic is still OK. Just don't use JDBC with JPA, Spring or not.
I'm not sure what your code fragment is supposed to represent, but here's all I need to set up a webapp with JPA in Spring Boot:
A Spring webapp not using Spring Boot would be a little different, and Spring Security is handled in its own @Configure'd file, but it's all pretty simple for the developer, if a bit magic.
Note that there are two scans defined here in the main class. @EntityScan tells JPA what the package path is to scan for JPA Entity classes. @ServletComponentScan has no path value, so the scan is done relative to the current (main class) package.
This might be a good article to read:
https://www.baeldung.com/spring-component-scanning
Finally, be careful when chasing documentation about Spring's web, security and JPA services. Some of this stuff has evolved a lot, but the Internet is a great place to find stale information. Fortunately, Spring is fairly good about backwards compatibility if you fail to use the latest and greatest config stuff.
Signs that you've got recent docs are that the examples are usually POJO-based with no "extends" or "implements" requirements for your Spring class, use of annotations, and lambda notation in place of chained method invocations.