From bc09109ace70fbd6e533e4c0985412fb54b0060d Mon Sep 17 00:00:00 2001 From: Melloware Date: Thu, 2 Nov 2023 10:26:47 -0400 Subject: [PATCH] Update docs/src/main/asciidoc/security-authentication-mechanisms.adoc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Michal Vavřík <43821672+michalvavrik@users.noreply.github.com> Add SPA Form Based Authentication instructions --- .../security-authentication-mechanisms.adoc | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) diff --git a/docs/src/main/asciidoc/security-authentication-mechanisms.adoc b/docs/src/main/asciidoc/security-authentication-mechanisms.adoc index 6e7a63d589538d..3119856123a60f 100644 --- a/docs/src/main/asciidoc/security-authentication-mechanisms.adoc +++ b/docs/src/main/asciidoc/security-authentication-mechanisms.adoc @@ -93,6 +93,53 @@ quarkus.http.auth.form.login-page= quarkus.http.auth.form.error-page= ---- +Now that you have disabled redirects for the SPA, you must login and logout programmatically from your client. +Below are example JavaScript methods for logging into the `j_security_check` endpoint and logging out of the application by destroying the cookie. + +[source,javascript] +---- +const login = () => { + // Create an object to represent the form data + const formData = new URLSearchParams(); + formData.append("j_username", username); + formData.append("j_password", password); + + // Make an HTTP POST request using fetch against j_security_check endpoint + fetch("j_security_check", { + method: "POST", + body: formData, + headers: { + "Content-Type": "application/x-www-form-urlencoded", + }, + }) + .then((response) => { + if (response.status === 200) { + // Authentication was successful + console.log("Authentication successful"); + } else { + // Authentication failed + console.error("Invalid credentials"); + } + }) + .catch((error) => { + console.error(error); + }); +}; +---- + +To logout of the SPA you must destroy the cookie and possibly redirect back to your main page. + +[source,javascript] +---- +const logout= () => { + // delete the credential cookie essentially killing the session + const removeCookie = `quarkus-credential=; Max-Age=0;path=/`; + document.cookie = removeCookie; + + // perform post logout actions here such as redirecting back to your login page +}; +---- + The following properties can be used to configure form-based authentication: include::{generated-dir}/config/quarkus-vertx-http-config-group-form-auth-config.adoc[opts=optional, leveloffset=+1]