diff --git a/docs/src/main/asciidoc/security-cors.adoc b/docs/src/main/asciidoc/security-cors.adoc index aa14789f707f2..04e7faa6ca54f 100644 --- a/docs/src/main/asciidoc/security-cors.adoc +++ b/docs/src/main/asciidoc/security-cors.adoc @@ -54,7 +54,7 @@ quarkus.http.cors.access-control-allow-credentials=true <7> ---- <1> Enables the CORS filter. -<2> Specifies allowed origins, including a regular expression. +<2> Specifies allowed origins, including a regular expression. When not specified, CORS is not permitted, and only same-origin requests are allowed. <3> Lists allowed HTTP methods for cross-origin requests. <4> Declares custom headers that clients can include in requests. <5> Identifies response headers that clients can access. diff --git a/docs/src/main/asciidoc/security-keycloak-authorization.adoc b/docs/src/main/asciidoc/security-keycloak-authorization.adoc index 2f0675b12a404..22dfa11a18e35 100644 --- a/docs/src/main/asciidoc/security-keycloak-authorization.adoc +++ b/docs/src/main/asciidoc/security-keycloak-authorization.adoc @@ -525,8 +525,6 @@ public class ProtectedResource { } ---- -NOTE: If you want to use the `AuthzClient` directly, set `quarkus.keycloak.policy-enforcer.enable=true`; otherwise, no bean is available for injection. - [NOTE] ==== To use the `AuthzClient` directly, set `quarkus.keycloak.policy-enforcer.enable=true`. @@ -535,9 +533,9 @@ Otherwise, no bean is available for injection. == Mapping protected resources -By default, the extension fetches resources from Keycloak on demand, using their URI to identify and map the application resources that require protection. +By default, the extension uses lazy loading to fetch resources from Keycloak on demand. It uses the request URI to identify and map application resources that require protection. -To disable on-demand fetching and instead pre-load resources at startup, configure the following property: +To disable lazy loading and instead pre-load all resources at startup, configure the following property: [source,properties] ----