Sync documentation of main branch

Author: actions-user

_generated-doc/main/config/quarkus-all-config.adoc

@@ -14346,27 +14346,6 @@ endif::add-copy-button-to-env-var[]
 |boolean
 |`false`
 
-a|icon:lock[title=Fixed at build time] [[quarkus-vertx-http_quarkus-http-auth-form-post-location]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth-form-post-location[`quarkus.http.auth.form.post-location`]##
-ifdef::add-copy-button-to-config-props[]
-config_property_copy_button:+++quarkus.http.auth.form.post-location+++[]
-endif::add-copy-button-to-config-props[]
-
-
-[.description]
---
-The post location.
-
-
-ifdef::add-copy-button-to-env-var[]
-Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++[]
-endif::add-copy-button-to-env-var[]
-ifndef::add-copy-button-to-env-var[]
-Environment variable: `+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++`
-endif::add-copy-button-to-env-var[]
---
-|string
-|`/j_security_check`
-
 a|icon:lock[title=Fixed at build time] [[quarkus-vertx-http_quarkus-http-auth-proactive]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth-proactive[`quarkus.http.auth.proactive`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.auth.proactive+++[]
@@ -16595,6 +16574,27 @@ endif::add-copy-button-to-env-var[]
 |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-all-config[icon:question-circle[title=More information about the Duration format]]
 |
 
+a| [[quarkus-vertx-http_quarkus-http-auth-form-post-location]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth-form-post-location[`quarkus.http.auth.form.post-location`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.http.auth.form.post-location+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+The post location.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++`
+endif::add-copy-button-to-env-var[]
+--
+|string
+|`/j_security_check`
+
 a| [[quarkus-vertx-http_quarkus-http-auth-inclusive]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth-inclusive[`quarkus.http.auth.inclusive`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.auth.inclusive+++[]

_generated-doc/main/config/quarkus-vertx-http_quarkus.http.adoc

@@ -72,27 +72,6 @@ endif::add-copy-button-to-env-var[]
 |boolean
 |`false`
 
-a|icon:lock[title=Fixed at build time] [[quarkus-vertx-http_quarkus-http-auth-form-post-location]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth-form-post-location[`quarkus.http.auth.form.post-location`]##
-ifdef::add-copy-button-to-config-props[]
-config_property_copy_button:+++quarkus.http.auth.form.post-location+++[]
-endif::add-copy-button-to-config-props[]
-
-
-[.description]
---
-The post location.
-
-
-ifdef::add-copy-button-to-env-var[]
-Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++[]
-endif::add-copy-button-to-env-var[]
-ifndef::add-copy-button-to-env-var[]
-Environment variable: `+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++`
-endif::add-copy-button-to-env-var[]
---
-|string
-|`/j_security_check`
-
 a|icon:lock[title=Fixed at build time] [[quarkus-vertx-http_quarkus-http-auth-proactive]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth-proactive[`quarkus.http.auth.proactive`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.auth.proactive+++[]
@@ -2321,6 +2300,27 @@ endif::add-copy-button-to-env-var[]
 |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-vertx-http_quarkus-http[icon:question-circle[title=More information about the Duration format]]
 |
 
+a| [[quarkus-vertx-http_quarkus-http-auth-form-post-location]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth-form-post-location[`quarkus.http.auth.form.post-location`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.http.auth.form.post-location+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+The post location.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++`
+endif::add-copy-button-to-env-var[]
+--
+|string
+|`/j_security_check`
+
 a| [[quarkus-vertx-http_quarkus-http-auth-inclusive]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth-inclusive[`quarkus.http.auth.inclusive`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.auth.inclusive+++[]

_generated-doc/main/config/quarkus-vertx-http_quarkus.http.auth.adoc

@@ -649,6 +649,27 @@ endif::add-copy-button-to-env-var[]
 |link:https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/time/Duration.html[Duration] link:#duration-note-anchor-quarkus-vertx-http_quarkus-http-auth[icon:question-circle[title=More information about the Duration format]]
 |
 
+a| [[quarkus-vertx-http_quarkus-http-auth_quarkus-http-auth-form-post-location]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth_quarkus-http-auth-form-post-location[`quarkus.http.auth.form.post-location`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.http.auth.form.post-location+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+The post location.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_HTTP_AUTH_FORM_POST_LOCATION+++`
+endif::add-copy-button-to-env-var[]
+--
+|string
+|`/j_security_check`
+
 a| [[quarkus-vertx-http_quarkus-http-auth_quarkus-http-auth-inclusive]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-auth_quarkus-http-auth-inclusive[`quarkus.http.auth.inclusive`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.auth.inclusive+++[]

_versions/main/guides/security-authentication-mechanisms.adoc

@@ -194,29 +194,59 @@ code to destroy the cookie.
 
 [source,java]
 ----
-import io.quarkus.security.identity.CurrentIdentityAssociation;
+import io.quarkus.security.identity.SecurityIdentity;
 import io.quarkus.vertx.http.runtime.security.FormAuthenticationMechanism;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.POST;
 
 @Inject
-CurrentIdentityAssociation identity;
+SecurityIdentity identity;
 
 @POST
 public Response logout() {
-    if (identity.getIdentity().isAnonymous()) {
+    if (identity.isAnonymous()) {
         throw new UnauthorizedException("Not authenticated");
     }
-    FormAuthenticationMechanism.logout(identity.getIdentity()); <1>
+    FormAuthenticationMechanism.logout(identity); <1>
     return Response.noContent().build();
 }
 ----
 <1> Perform the logout by removing the session cookie.
 
+[[form-configuration-properties]]
+==== Form-based authentication configuration reference
+
 The following properties can be used to configure form-based authentication:
 
 include::{generated-dir}/config/quarkus-vertx-http_quarkus.http.auth.adoc[opts=optional, leveloffset=+1]
 
+[[form-based-auth-programmatic-set-up]]
+==== Set up Form-based authentication programmatically
+
+In addition to the configuration properties listed in the <<form-configuration-properties>> section, Quarkus supports a programmatic set up during the runtime as in the example below:
+
+[source,java]
+----
+package org.acme.http.security;
+
+import io.quarkus.vertx.http.security.Form;
+import io.quarkus.vertx.http.security.HttpSecurity;
+import jakarta.enterprise.event.Observes;
+
+public class FormConfiguration {
+
+    void configure(@Observes HttpSecurity httpSecurity) {   <1>
+        httpSecurity.mechanism(Form.builder()
+                .httpOnlyCookie()
+                .loginPage("/my-login.html")
+                .errorPage("/my-error.html")
+                .build());
+    }
+
+}
+----
+<1> Observe the `io.quarkus.vertx.http.security.HttpSecurity` CDI event and configure Form authentication mechanism programmatically.
+
 [[mutual-tls]]
 === Mutual TLS authentication
 

_versions/main/guides/security-authorize-web-endpoints-reference.adoc

@@ -506,6 +506,7 @@ quarkus.http.auth.permission.roles3.policy=role-policy3
 <2> The `/secured/*` path can only be accessed by authenticated users. This way, you have secured the `/secured/all` path and so on.
 <3> Shared permissions are always applied before unshared ones, therefore a `SecurityIdentity` with the `root` role will have the `user` role as well.
 
+[[path-specific-authz-programmatic-set-up]]
 === Set up path-specific authorization programmatically
 
 You can also configure the authorization policies presented by this guide so far programmatically.
@@ -562,12 +563,10 @@ public class HttpSecurityConfiguration {
     void configure(@Observes HttpSecurity httpSecurity, CustomHttpSecurityPolicy customHttpSecurityPolicy,
                         @ConfigProperty(name = "secured-path") String securedPath) {
 
-        httpSecurity.path("/api/*").authenticatedWith(new CustomAuthenticationMechanism());   <1>
-
-        httpSecurity.path("/other/*").basic().policy(customHttpSecurityPolicy); <2>
+        httpSecurity.path("/other/*").basic().policy(customHttpSecurityPolicy); <1>
 
         httpSecurity.path("/roles-secured/*").bearer().authorization()
-                .policy(identity -> identity.hasRole("user") || "root".equals(identity.getPrincipal().getName()));  <3>
+                .policy(identity -> identity.hasRole("user") || "root".equals(identity.getPrincipal().getName()));  <2>
 
         httpSecurity.path("/other/administration").authorizationCodeFlow()
                 .authorization().policy((identity, routingContext) -> {
@@ -576,22 +575,27 @@ public class HttpSecurityConfiguration {
                         return yourCustomAuthorizationCheck(customAuthorization);
                     }
                     return false;
-                });     <4>
+                });     <3>
 
-        httpSecurity.path(securedPath).form();  <5>
+        httpSecurity.path(securedPath).form();  <4>
 
-        httpSecurity.path("/user-info").bearer().authorization().permissions("openid", "email", "profile"); <6>
+        httpSecurity.path("/user-info").bearer().authorization().permissions("openid", "email", "profile"); <5>
     }
 }
 ----
-<1> Authenticate all the '/api/' sub-paths with your own `HttpAuthenticationMechanism` instance.
-<2> Use the Basic authentication and authorize the requests with a custom `io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy`.
-<3> Use the Bearer token authentication and authorize the `SecurityIdentity` with your own policy.
-<4> Use Authorization Code Flow mechanism and write your own policy based on incoming request headers.
-<5> When Quarkus fires the `HttpSecurity` CDI event, the runtime configuration is ready.
-<6> Require that all the requests to the `/user-info` path have string permissions `openid`, `email` and `profile`.
+<1> Use the Basic authentication and authorize the requests with a custom `io.quarkus.vertx.http.runtime.security.HttpSecurityPolicy`.
+<2> Use the Bearer token authentication and authorize the `SecurityIdentity` with your own policy.
+<3> Use Authorization Code Flow mechanism and write your own policy based on incoming request headers.
+<4> When Quarkus fires the `HttpSecurity` CDI event, the runtime configuration is ready.
+<5> Require that all the requests to the `/user-info` path have string permissions `openid`, `email` and `profile`.
 The same authorization can be required with the `@PermissionsAllowed(value = { "openid", "email", "profile" }, inclusive = true)` annotation instance placed on an endpoint.
 
+==== Programmatic set up references
+
+* xref:security-basic-authentication.adoc#basic-auth-programmatic-set-up[Set up Basic authentication programmatically]
+* xref:security-openid-connect-multitenancy.adoc#programmatic-startup[Programmatic OIDC start-up for multitenant application]
+* xref:security-authentication-mechanisms.adoc#form-based-auth-programmatic-set-up[Set up Form-based authentication programmatically]
+
 [[standard-security-annotations]]
 == Authorization using annotations
 

_versions/main/guides/security-basic-authentication.adoc

@@ -69,6 +69,33 @@ For more information about how you can secure your Quarkus applications by using
 {project-name} also includes built-in security to allow for role-based access control (RBAC) based on the common security annotations `@RolesAllowed`, `@DenyAll`, `@PermitAll` on REST endpoints and CDI beans.
 For more information, see the Quarkus xref:security-authorize-web-endpoints-reference.adoc[Authorization of web endpoints] guide.
 
+[[basic-auth-programmatic-set-up]]
+== Set up Basic authentication programmatically
+
+The `io.quarkus.vertx.http.security.HttpSecurity` CDI event allows to configure the Basic authentication mechanism programmatically like in the example below:
+
+[source,java]
+----
+package org.acme.http.security;
+
+import io.quarkus.vertx.http.security.HttpSecurity;
+import jakarta.enterprise.event.Observes;
+
+public class HttpSecurityConfiguration {
+
+    void configure(@Observes HttpSecurity httpSecurity) {
+        httpSecurity.basic("QuarkusTestRealm"); <1>
+    }
+
+}
+----
+<1> Enable the Basic authentication and use the `QuarkusTestRealm` authentication realm.
+
+[NOTE]
+====
+If you generate an OpenAPI schema document with the SmallRye OpenAPI extension, the Basic authentication must be enabled during the build-time with the `quarkus.http.auth.basic` configuration property.
+====
+
 == References
 
 * xref:security-overview.adoc[Quarkus Security overview]

_versions/main/guides/security-openid-connect-client-reference.adoc

@@ -1305,7 +1305,7 @@ quarkus.oidc-client.credentials.secret=secret
 quarkus.oidc-client.grant.type=exchange
 quarkus.oidc-client.grant-options.exchange.audience=quarkus-app-exchange
 
-quarkus.resteasy-client-oidc-token-propagation.exchange-token=true <1>
+quarkus.rest-client-oidc-token-propagation.exchange-token=true <1>
 ----
 <1> Please note that the `exchange-token` configuration property is ignored when the OidcClient name is set with the `io.quarkus.oidc.token.propagation.common.AccessToken#exchangeTokenClient` annotation attribute.