diff --git a/docs/src/main/asciidoc/security-authentication-mechanisms.adoc b/docs/src/main/asciidoc/security-authentication-mechanisms.adoc index 6e7a63d589538..8af1046d08557 100644 --- a/docs/src/main/asciidoc/security-authentication-mechanisms.adoc +++ b/docs/src/main/asciidoc/security-authentication-mechanisms.adoc @@ -93,6 +93,53 @@ quarkus.http.auth.form.login-page= quarkus.http.auth.form.error-page= ---- +Now that you have disabled redirects for the SPA, you must login and logout programmatically from your client. +Below are example JavaScript methods for logging into the `j_security_check` endpoint and logging out of the application by destroying the cookie. + +[source,javascript] +---- +const login = () => { + // Create an object to represent the form data + const formData = new URLSearchParams(); + formData.append("j_username", username); + formData.append("j_password", password); + + // Make an HTTP POST request using fetch against j_security_check endpoint + fetch("j_security_check", { + method: "POST", + body: formData, + headers: { + "Content-Type": "application/x-www-form-urlencoded", + }, + }) + .then((response) => { + if (response.status === 200) { + // Authentication was successful + console.log("Authentication successful"); + } else { + // Authentication failed + console.error("Invalid credentials"); + } + }) + .catch((error) => { + console.error(error); + }); +}; +---- + +To logout of the SPA you must destroy the cookie and redirect back to your main page. + +[source,javascript] +---- +const logout= () => { + // delete the credential cookie essentially killing the session + const removeCookie = `quarkus-credential=; Max-Age=0;path=/`; + document.cookie = removeCookie; + + // perform post logout actions here such as redirecting back to your login page +}; +---- + The following properties can be used to configure form-based authentication: include::{generated-dir}/config/quarkus-vertx-http-config-group-form-auth-config.adoc[opts=optional, leveloffset=+1]