Merge pull request #34060 from michelle-purcell/SECURITY-DOCS-OVERVIEW

Style n grammar edits to security overview doc

Author: gsmet

docs/src/main/asciidoc/security-authentication-mechanisms-concept.adoc

@@ -17,8 +17,8 @@ Before you choose an authentication mechanism for securing your Quarkus applicat
 Some supported authentication mechanisms are built into Quarkus, while others require you to add an extension.
 All of these mechanisms are detailed in the following sections:
 
-* xref:built-in-authentication-mechanisms[Built-in authentication mechanisms]
-* xref:other-supported-authentication-mechanisms[Other supported authentication mechanisms]
+* <<built-in-authentication-mechanisms>>
+* <<other-supported-authentication-mechanisms>>
 
 The following table maps specific authentication requirements to a supported mechanism that you can use in Quarkus:
 
@@ -27,29 +27,29 @@ The following table maps specific authentication requirements to a supported mec
 |====
 |Authentication requirement |Authentication mechanism
 
-|Username and password |xref:security-basic-authentication-concept.adoc[Basic], xref:security-authentication-mechanisms-concept.adoc#form-auth[Form]
+|Username and password |xref:security-basic-authentication-concept.adoc[Basic], <<form-auth>>
 
 |Bearer access token |xref:security-oidc-bearer-token-authentication-concept.adoc[OIDC Bearer token authentication], xref:security-jwt.adoc[JWT], xref:security-oauth2.adoc[OAuth2]
 
-|Single sign-on (SSO) |xref:security-oidc-code-flow-authentication-concept.adoc[OIDC Code Flow], xref:security-authentication-mechanisms-concept.adoc#form-auth[Form]
+|Single sign-on (SSO) |xref:security-oidc-code-flow-authentication-concept.adoc[OIDC Code Flow], <<form-auth>>
 
-|Client certificate |xref:security-authentication-mechanisms-concept.adoc#mutual-tls[mutual TLS (mTLS)]
+|Client certificate |<<mutual-tls>>
 
 |WebAuthn |xref:security-webauthn-concept.adoc[WebAuthn]
 
 |Kerberos ticket |link:https://quarkiverse.github.io/quarkiverse-docs/quarkus-kerberos/dev/index.html[Kerberos]
 |====
 
-For more information, see the following xref:table[Token authentication mechanism comparison] table.
+For more information, see the following <<table>> table.
 
 [[built-in-authentication-mechanisms]]
 == Built-in authentication mechanisms
 
 Quarkus Security provides the following built-in authentication support:
 
 * xref:security-basic-authentication-concept.adoc[Basic authentication]
-* xref:form-auth[Form-based authentication]
-* xref:mutual-tls[mutual TLS authentication]
+* <<form-auth>>
+* <<mutual-tls>>
 
 === Basic authentication
 
@@ -157,10 +157,10 @@ For more information about customizing `SecurityIdentity`, see the link:{url-qua
 
 Quarkus Security also supports the following authentication mechanisms through extensions:
 
-* xref:webauthn-authentication[WebAuthn authentication]
-* xref:openid-connect-authentication[OpenID Connect authentication]
-* xref:smallrye-jwt-authentication[SmallRye JWT authentication]
-* xref:oauth2-authentication[OAuth2 authentication]
+* <<webauthn-authentication>>
+* <<openid-connect-authentication>>
+* <<smallrye-jwt-authentication>>
+* <<oauth2-authentication>>
 
 [[webauthn-authentication]]
 === WebAuthn authentication
@@ -185,7 +185,7 @@ However, opaque, also known as binary tokens, can only be introspected remotely.
 
 [NOTE]
 ====
-Using the Quarkus OIDC extension, both the Bearer token and Authorization Code Flow authentication mechanisms use xref:smallrye-jwt-authentication[SmallRye JWT authentication] to represent JWT tokens as MicroProfile JWT `org.eclipse.microprofile.jwt.JsonWebToken`.
+Using the Quarkus OIDC extension, both the Bearer token and Authorization Code Flow authentication mechanisms use <<smallrye-jwt-authentication>> to represent JWT tokens as MicroProfile JWT `org.eclipse.microprofile.jwt.JsonWebToken`.
 ====
 
 ==== Additional Quarkus resources for OIDC authentication

docs/src/main/asciidoc/security-overview-concept.adoc

@@ -6,17 +6,17 @@ include::_attributes.adoc[]
 
 Quarkus Security is a framework that provides the architecture, multiple authentication and authorization mechanisms, and other tools for you to build secure and production-quality Java applications.
 
-Before you start building security into your Quarkus applications, learn about the xref:security-architecture-concept.adoc[Quarkus Security architecture] and the different authentication mechanisms and features that you can use.
+Before building security into your Quarkus applications, learn about the xref:security-architecture-concept.adoc[Quarkus Security architecture] and the different authentication mechanisms and features that you can use.
 
 == Key features of Quarkus Security
 
-The Quarkus Security framework provides built-in security authentication mechanisms for Basic, Form-based, and mutual TLS (mTLS) authentication. 
-You can also use other well-known xref:security-authentication-mechanisms-concept.adoc#other-supported-authentication-mechanisms[authentication mechanisms], such as OpenId Connect (OIDC) and WebAuthn.
+The Quarkus Security framework provides built-in security authentication mechanisms for Basic, Form-based, and mutual TLS (mTLS) authentication.
+You can also use other well-known xref:security-authentication-mechanisms-concept.adoc#other-supported-authentication-mechanisms[authentication mechanisms], such as OpenID Connect (OIDC) and WebAuthn.
 
 Authentication mechanisms depend on xref:security-identity-providers-concept.adoc[Identity providers] to verify the authentication credentials and map them to a `SecurityIdentity` instance, which has the username, roles, original authentication credentials, and other attributes.
 
-{project-name} also includes built-in security to allow for role-based access control (RBAC) based on the common security annotations @RolesAllowed, @DenyAll, @PermitAll on REST endpoints, and CDI beans. 
-For more information, see xref:security-authorize-web-endpoints-reference.adoc[Authorization of web endpoints].
+{project-name} also includes built-in security to allow for role-based access control (RBAC) based on the common security annotations @RolesAllowed, @DenyAll, @PermitAll on REST endpoints, and CDI beans.
+For more information, see the Quarkus xref:security-authorize-web-endpoints-reference.adoc[Authorization of web endpoints] guide.
 
 Quarkus Security also supports the following features:
 
@@ -26,44 +26,43 @@ Quarkus Security also supports the following features:
 * <<csrf-prevention>>
 * <<samesite-cookies>>
 * <<secrets-engines>>
-* <<secure-serialization>>
 * <<rest-data-panache>>
+* <<secure-serialization>>
 * xref:security-vulnerability-detection-concept.adoc[Security vulnerability detection and National Vulnerability Database (NVD) registration]
 
-Quarkus Security is also highly customizable. For more information, see xref:security-customization.adoc[Security customization].
+Quarkus Security is also highly customizable.
+For more information, see the Quarkus xref:security-customization.adoc[Security tips and tricks] guide.
 
 == Getting started with Quarkus Security
 
-To get started with security in Quarkus, we recommend you combine the Quarkus built-in xref:security-basic-authentication-concept.adoc[Basic authentication] with the Jakarta Persistence identity provider to enable role-based access control (RBAC).
+To get started with security in Quarkus, consider combining the Quarkus built-in xref:security-basic-authentication-concept.adoc[Basic authentication] with the Jakarta Persistence identity provider to enable role-based access control (RBAC).
 Complete the steps in the xref:security-basic-authentication-tutorial.adoc[Secure a Quarkus application with Basic authentication] tutorial.
 
-After you have successfully secured your Quarkus application with Basic authentication, you can increase the security further by adding more advanced authentication mechanisms, for example, OpenID Connect (OIDC) authentication.
-
-//Add a link to the recomposed OIDC intro concept here.
+After successfully securing your Quarkus application with Basic authentication, you can increase the security further by adding more advanced authentication mechanisms, for example, the xref:security-oidc-code-flow-authentication-concept.adoc[OpenID Connect (OIDC) authorization code flow mechanism].
 
 == Quarkus Security testing
 
-Guidance for testing Quarkus Security features and ensuring that your Quarkus applications are securely protected is provided in xref:security-testing.adoc[Security Testing].
+Guidance for testing Quarkus Security features and ensuring that your Quarkus applications are securely protected is provided in the Quarkus xref:security-testing.adoc[Security testing] guide.
 
 == More about security features in Quarkus
 
 [[cross-origin-resource-sharing]]
 === Cross-origin resource sharing
 
 To make your Quarkus application accessible to another application running on a different domain, you need to configure cross-origin resource sharing (CORS).
-For more information about the CORS filter that is provided by Quarkus, see the xref:http-reference.adoc#cors-filter[HTTP reference] information.
+For more information about the CORS filter that Quarkus provides, see the Quarkus xref:http-reference.adoc#cors-filter[CORS filter] section of the "HTTP reference" guide.
 
 [[csrf-prevention]]
-=== Cross-site Request Forgery (CSRF) prevention
+=== Cross-Site Request Forgery (CSRF) prevention
 
 Quarkus Security provides a RESTEasy Reactive filter that can protect your applications against a https://owasp.org/www-community/attacks/csrf[Cross-Site Request Forgery] attack.
-For more information, see xref:security-csrf-prevention.adoc[Cross-Site Request Forgery Prevention].
+For more information, see the Quarkus xref:security-csrf-prevention.adoc[Cross-Site Request Forgery Prevention] guide.
 
 [[samesite-cookies]]
 === SameSite cookies
 
 You can add a link:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite[SameSite] cookie property to any of the cookies set by a Quarkus endpoint.
-For more information, see xref:http-reference.adoc#same-site-cookie[SameSite cookies].
+For more information, see the Quarkus xref:http-reference.adoc#same-site-cookie[SameSite cookies] guide.
 
 [[secrets-engines]]
 === Secrets engines
@@ -76,19 +75,18 @@ For more information, see the link:{vault-guide}[Quarkus and HashiCorp Vault] do
 === Secure serialization
 
 If your Quarkus Security architecture includes RESTEasy Reactive and Jackson, Quarkus can limit the fields that are included in JSON serialization based on the configured security.
-For more information, see xref:resteasy-reactive.adoc#secure-serialization[Writing REST services with RESTEasy Reactive].
+For more information, see the Quarkus xref:resteasy-reactive.adoc#secure-serialization[Writing REST services with RESTEasy Reactive] guide.
 
 [[rest-data-panache]]
 === Secure auto-generated resources by REST Data with Panache
 
-If you are using the REST Data with Panache extension to auto-generate your resources, you can still use the Security annotations within the package `jakarta.annotation.security`.
-For more information, see xref:rest-data-panache.adoc#securing-endpoints[Securing auto-generated resources].
- 
-== Security vulnerability detection 
+If you use the REST Data with Panache extension to auto-generate your resources, you can still use security annotations within the package `jakarta.annotation.security`.
+For more information, see the xref:rest-data-panache.adoc#securing-endpoints[Securing auto-generated resources] section of the Quarkus "Generating Jakarta REST resources with Panache" guide.
 
-Most of the Quarkus tags are reported in the US link:https://nvd.nist.gov[National Vulnerability Database (NVD)]. 
-For information about security vulnerabilities, see xref:security-vulnerability-detection-concept.adoc[Security vulnerability detection and reporting in Quarkus].
+== Security vulnerability detection
 
+Most Quarkus tags get reported in the US link:https://nvd.nist.gov[National Vulnerability Database (NVD)].
+For information about security vulnerabilities, see the xref:security-vulnerability-detection-concept.adoc[Security vulnerability detection and reporting in Quarkus] guide.
 
 == References