diff --git a/docs/src/main/asciidoc/security-architecture.adoc b/docs/src/main/asciidoc/security-architecture.adoc index ef3bcebd2dffa..d7583e0a9ef2b 100644 --- a/docs/src/main/asciidoc/security-architecture.adoc +++ b/docs/src/main/asciidoc/security-architecture.adoc @@ -56,7 +56,10 @@ For more information, see the xref:security-customization.adoc#security-identity == Supported authentication mechanisms -To learn more about security authentication in Quarkus and the supported mechanisms and protocols, see the Quarkus xref:security-authentication-mechanisms.adoc[Authentication mechanisms in Quarkus] guide. +The Quarkus Security framework supports multiple authentication mechanisms, which can also be combined. +Some supported authentication mechanisms are built into Quarkus, while others require you to add an extension. + +To learn about security authentication in Quarkus and the supported mechanisms and protocols, see the Quarkus xref:security-authentication-mechanisms.adoc[Authentication mechanisms in Quarkus] guide. == Proactive authentication @@ -66,7 +69,7 @@ For more information, see the Quarkus xref:security-proactive-authentication.ado == Quarkus Security customization -Quarkus Security is also highly customizable. +Quarkus Security is customizable. You can customize the following core security components of Quarkus: * `HttpAuthenticationMechanism` diff --git a/docs/src/main/asciidoc/security-basic-authentication-howto.adoc b/docs/src/main/asciidoc/security-basic-authentication-howto.adoc index 2f620a217c871..57f36fc1c2acb 100644 --- a/docs/src/main/asciidoc/security-basic-authentication-howto.adoc +++ b/docs/src/main/asciidoc/security-basic-authentication-howto.adoc @@ -8,23 +8,39 @@ Enable xref:security-basic-authentication.adoc[Basic authentication] for your Qu == Prerequisites -* You have installed at least one extension that provides an `IdentityProvider` based on username and password, such as xref:security-jdbc.adoc[Elytron JDBC]. +* You have installed at least one extension that provides an `IdentityProvider` based on username and password. +For example: + +** xref:security-jpa.adoc[Quarkus Security Jakarta Persistence extensions (`security-jpa` or `security-jpa-reactive`)] +** xref:security-properties.adoc[Elytron security properties file extension `(quarkus-elytron-security-properties-file)`] +** xref:security-jdbc.adoc[Elytron security JDBC extension `(quarkus-elytron-security-jdbc)`] + +The following procedure outlines how you can enable Basic authentication for your application by using the `elytron-security-properties-file` extension. == Procedure -. Enable Basic authentication by setting the `quarkus.http.auth.basic` property to `true`. +. In the `application.properties` file, set the `quarkus.http.auth.basic` property to `true`. + [source,properties] ---- quarkus.http.auth.basic=true ---- -. For testing purposes, you can configure the required user credentials, user name, secret, and roles, in the `application.properties` file. +. **Optional:** In a non-production environment only and purely for testing Quarkus Security in your applications: +.. To enable authentication for the embedded realm, set the `quarkus.security.users.embedded.enabled` property to `true`. ++ +[source,properties] +---- +security.users.embedded.enabled=true +---- + +.. You can also configure the required user credentials, user name, secret, and roles. For example: + [source,properties] ---- quarkus.http.auth.basic=true +quarkus.security.users.embedded.enabled=true quarkus.security.users.embedded.plain-text=true quarkus.security.users.embedded.users.alice=alice <1> quarkus.security.users.embedded.users.bob=bob <2> diff --git a/docs/src/main/asciidoc/security-proactive-authentication.adoc b/docs/src/main/asciidoc/security-proactive-authentication.adoc index b924a493021d5..18cd1c3b167a2 100644 --- a/docs/src/main/asciidoc/security-proactive-authentication.adoc +++ b/docs/src/main/asciidoc/security-proactive-authentication.adoc @@ -21,7 +21,7 @@ To disable proactive authentication in Quarkus, set the following attribute in t [source,xml,options="nowrap",role="white-space-pre"] ---- -`quarkus.http.auth.proactive=false` +quarkus.http.auth.proactive=false ---- If you disable proactive authentication, the authentication process runs only when an identity is requested. @@ -40,7 +40,7 @@ You can still access `SecurityIdentity` synchronously with `public SecurityIdent The same is also valid for xref:reactive-routes.adoc[Reactive routes] if a route response is synchronous. ==== -xref:security-authorization.adoc#standard-security-annotations[Standard security annotations] on CDI beans are not supported on an I/O thread if a non-void secured method returns a value synchronously and proactive authentication is disabled because they need to access `SecurityIdentity`. +xref:security-authorize-web-endpoints-reference.adoc#standard-security-annotations[Standard security annotations] on CDI beans are not supported on an I/O thread if a non-void secured method returns a value synchronously and proactive authentication is disabled because they need to access `SecurityIdentity`. In the following example, `HelloResource` and `HelloService` are defined. Any GET request to `/hello` will run on the I/O thread and throw a `BlockingOperationNotAllowedException` exception.