Package io.quarkus.vertx.http.runtime

Interface FormAuthRuntimeConfig

public interface FormAuthRuntimeConfig
config for the form authentication mechanism

  • Method Details

    • loginPage

      @WithDefault("/login.html") Optional<String> loginPage()
      The login page. Redirect to login page can be disabled by setting `quarkus.http.auth.form.login-page=`.

    • usernameParameter

      @WithDefault("j_username") String usernameParameter()
      The username field name.

    • passwordParameter

      @WithDefault("j_password") String passwordParameter()
      The password field name.

    • errorPage

      @WithDefault("/error.html") Optional<String> errorPage()
      The error page. Redirect to error page can be disabled by setting `quarkus.http.auth.form.error-page=`.

    • landingPage

      @WithDefault("/index.html") Optional<String> landingPage()
      The landing page to redirect to if there is no saved page to redirect back to. Redirect to landing page can be disabled by setting `quarkus.http.auth.form.landing-page=`.

    • redirectAfterLogin

      @WithDefault("true") @Deprecated(forRemoval=true, since="2.16") boolean redirectAfterLogin()
      Deprecated, for removal: This API element is subject to removal in a future version.
      redirect to landingPage can be disabled by removing default landing page (via `quarkus.http.auth.form.landing-page=`). Quarkus will ignore this configuration property if there is no landing page.
      Option to disable redirect to landingPage if there is no saved page to redirect back to. Form Auth POST is followed by redirect to landingPage by default.

    • locationCookie

      @WithDefault("quarkus-redirect-location") String locationCookie()
      Option to control the name of the cookie used to redirect the user back to the location they want to access.

    • timeout

      @WithDefault("PT30M") Duration timeout()
      The inactivity (idle) timeout

      When inactivity timeout is reached, cookie is not renewed and a new login is enforced.

    • newCookieInterval

      @WithDefault("PT1M") Duration newCookieInterval()
      How old a cookie can get before it will be replaced with a new cookie with an updated timeout, also referred to as "renewal-timeout".

      Note that smaller values will result in slightly more server load (as new encrypted cookies will be generated more often); however, larger values affect the inactivity timeout because the timeout is set when a cookie is generated.

      For example if this is set to 10 minutes, and the inactivity timeout is 30m, if a user's last request is when the cookie is 9m old then the actual timeout will happen 21m after the last request because the timeout is only refreshed when a new cookie is generated.

      That is, no timeout is tracked on the server side; the timestamp is encoded and encrypted in the cookie itself, and it is decrypted and parsed with each request.

    • cookieName

      @WithDefault("quarkus-credential") String cookieName()
      The cookie that is used to store the persistent session

    • cookiePath

      @WithDefault("/") Optional<String> cookiePath()
      The cookie path for the session and location cookies.

    • httpOnlyCookie

      @WithDefault("false") boolean httpOnlyCookie()
      Set the HttpOnly attribute to prevent access to the cookie via JavaScript.

    • cookieSameSite

      @WithDefault("strict") FormAuthRuntimeConfig.CookieSameSite cookieSameSite()
      SameSite attribute for the session and location cookies.

    • cookieMaxAge

      Optional<Duration> cookieMaxAge()
      Max-Age attribute for the session cookie. This is the amount of time the browser will keep the cookie.

      The default value is empty, which means the cookie will be kept until the browser is closed.