Merge pull request quarkusio#37165 from aloubyansky/3.2.9-backports-4

3.2.9 backports 4
aloubyansky · Nov 17, 2023 · d904f2d · d904f2d
2 parents ec8565b + 8b1f8a5
commit d904f2d
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 7 deletions.
diff --git a/docs/src/main/asciidoc/security-architecture.adoc b/docs/src/main/asciidoc/security-architecture.adoc
@@ -56,7 +56,10 @@ For more information, see the xref:security-customization.adoc#security-identity
 
 == Supported authentication mechanisms
 
-To learn more about security authentication in Quarkus and the supported mechanisms and protocols, see the Quarkus xref:security-authentication-mechanisms.adoc[Authentication mechanisms in Quarkus] guide.
+The Quarkus Security framework supports multiple authentication mechanisms, which can also be combined.
+Some supported authentication mechanisms are built into Quarkus, while others require you to add an extension. 
+
+To learn about security authentication in Quarkus and the supported mechanisms and protocols, see the Quarkus xref:security-authentication-mechanisms.adoc[Authentication mechanisms in Quarkus] guide.
 
 == Proactive authentication
 
@@ -66,7 +69,7 @@ For more information, see the Quarkus xref:security-proactive-authentication.ado
 
 == Quarkus Security customization
 
-Quarkus Security is also highly customizable.
+Quarkus Security is customizable.
 You can customize the following core security components of Quarkus:
 
 * `HttpAuthenticationMechanism`

diff --git a/docs/src/main/asciidoc/security-basic-authentication-howto.adoc b/docs/src/main/asciidoc/security-basic-authentication-howto.adoc
@@ -8,23 +8,39 @@ Enable xref:security-basic-authentication.adoc[Basic authentication] for your Qu
 
 == Prerequisites
 
-* You have installed at least one extension that provides an `IdentityProvider` based on username and password, such as xref:security-jdbc.adoc[Elytron JDBC].
+* You have installed at least one extension that provides an `IdentityProvider` based on username and password.
+For example:
+
+** xref:security-jpa.adoc[Quarkus Security Jakarta Persistence extensions (`security-jpa` or `security-jpa-reactive`)]
+** xref:security-properties.adoc[Elytron security properties file extension `(quarkus-elytron-security-properties-file)`]
+** xref:security-jdbc.adoc[Elytron security JDBC extension `(quarkus-elytron-security-jdbc)`]
+
+The following procedure outlines how you can enable Basic authentication for your application by using the `elytron-security-properties-file` extension.
 
 == Procedure
 
-. Enable Basic authentication by setting the `quarkus.http.auth.basic` property to `true`.
+. In the `application.properties` file, set the `quarkus.http.auth.basic` property to `true`.
 +
 [source,properties]
 ----
 quarkus.http.auth.basic=true
 ----
 
-. For testing purposes, you can configure the required user credentials, user name, secret, and roles, in the `application.properties` file.
+. **Optional:** In a non-production environment only and purely for testing Quarkus Security in your applications:
+.. To enable authentication for the embedded realm, set the `quarkus.security.users.embedded.enabled` property to `true`.
++
+[source,properties]
+----
+security.users.embedded.enabled=true
+----
+
+.. You can also configure the required user credentials, user name, secret, and roles.
 For example:
 +
 [source,properties]
 ----
 quarkus.http.auth.basic=true
+quarkus.security.users.embedded.enabled=true
 quarkus.security.users.embedded.plain-text=true
 quarkus.security.users.embedded.users.alice=alice <1>
 quarkus.security.users.embedded.users.bob=bob <2>

diff --git a/docs/src/main/asciidoc/security-proactive-authentication.adoc b/docs/src/main/asciidoc/security-proactive-authentication.adoc
@@ -21,7 +21,7 @@ To disable proactive authentication in Quarkus, set the following attribute in t
 
 [source,xml,options="nowrap",role="white-space-pre"]
 ----
-`quarkus.http.auth.proactive=false`
+quarkus.http.auth.proactive=false
 ----
 
 If you disable proactive authentication, the authentication process runs only when an identity is requested.
@@ -40,7 +40,7 @@ You can still access `SecurityIdentity` synchronously with `public SecurityIdent
 The same is also valid for xref:reactive-routes.adoc[Reactive routes] if a route response is synchronous.
 ====
 
-xref:security-authorization.adoc#standard-security-annotations[Standard security annotations] on CDI beans are not supported on an I/O thread if a non-void secured method returns a value synchronously and proactive authentication is disabled because they need to access `SecurityIdentity`.
+xref:security-authorize-web-endpoints-reference.adoc#standard-security-annotations[Standard security annotations] on CDI beans are not supported on an I/O thread if a non-void secured method returns a value synchronously and proactive authentication is disabled because they need to access `SecurityIdentity`.
 
 In the following example, `HelloResource` and `HelloService` are defined.
 Any GET request to `/hello` will run on the I/O thread and throw a `BlockingOperationNotAllowedException` exception.