Skip to content

Commit

Permalink
Merge pull request #42634 from gsmet/3.13.3-backports-1
Browse files Browse the repository at this point in the history
[3.13] 3.13.3 backports 1
  • Loading branch information
gsmet authored Aug 20, 2024
2 parents fb443aa + 8f9ea62 commit 36a2d4b
Show file tree
Hide file tree
Showing 53 changed files with 908 additions and 631 deletions.
4 changes: 2 additions & 2 deletions bom/application/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
<bouncycastle.tls.fips.version>1.0.19</bouncycastle.tls.fips.version>
<expressly.version>5.0.0</expressly.version>
<findbugs.version>3.0.2</findbugs.version>
<jandex.version>3.2.1</jandex.version>
<jandex.version>3.2.2</jandex.version>
<javax.annotation-api.version>1.3.2</javax.annotation-api.version>
<javax.inject.version>1</javax.inject.version>
<parsson.version>1.1.7</parsson.version>
Expand Down Expand Up @@ -94,7 +94,7 @@
<gizmo.version>1.8.0</gizmo.version>
<jackson-bom.version>2.17.2</jackson-bom.version>
<commons-logging-jboss-logging.version>1.0.0.Final</commons-logging-jboss-logging.version>
<commons-lang3.version>3.15.0</commons-lang3.version>
<commons-lang3.version>3.14.0</commons-lang3.version>
<commons-codec.version>1.17.1</commons-codec.version>
<classmate.version>1.7.0</classmate.version>
<!-- See root POM for hibernate-orm.version, hibernate-reactive.version, hibernate-validator.version,
Expand Down
2 changes: 1 addition & 1 deletion build-parent/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
<scala-plugin.version>${scala-maven-plugin.version}</scala-plugin.version>

<!-- Jandex versions -->
<jandex.version>3.2.1</jandex.version>
<jandex.version>3.2.2</jandex.version>
<jandex-gradle-plugin.version>1.0.0</jandex-gradle-plugin.version>

<asciidoctorj.version>2.5.13</asciidoctorj.version>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -168,44 +168,15 @@ private void queueConditionalDependency(ExtensionDependency<?> extension, Depend
}

private Configuration createConditionalDependenciesConfiguration(Project project, Dependency conditionalDep) {
// previously we used a detached configuration here but apparently extendsFrom(enforcedPlatforms)
// wouldn't actually enforce platforms on a detached configuration
var name = getConditionalConfigurationName(conditionalDep);
var config = project.getConfigurations().findByName(name);
if (config == null) {
project.getConfigurations().register(name, configuration -> {
configuration.setCanBeConsumed(false);
configuration.extendsFrom(enforcedPlatforms);
configuration.getDependencies().add(conditionalDep);
});
config = project.getConfigurations().getByName(name);
}
return config;
}

private static String getConditionalConfigurationName(Dependency conditionalDep) {
var name = new StringBuilder().append("quarkusConditional");
appendCapitalized(name, conditionalDep.getGroup());
appendCapitalized(name, conditionalDep.getName());
appendCapitalized(name, conditionalDep.getVersion());
return name.append("Configuration").toString();
}

private static void appendCapitalized(StringBuilder sb, String part) {
if (part != null && !part.isEmpty()) {
boolean toUpperCase = true;
for (int i = 0; i < part.length(); ++i) {
var c = part.charAt(i);
if (toUpperCase) {
sb.append(Character.toUpperCase(c));
toUpperCase = false;
} else if (c == '.' || c == '-') {
toUpperCase = true;
} else {
sb.append(c);
}
}
}
// Ideally, we want a named configuration here to make sure platform version constraints are enforced
// on conditional dependencies (https://github.com/gradle/gradle/issues/6881)
// However, if we use a named configuration we run into issues preventing IDEs to import projects
// (https://github.com/quarkusio/quarkus/issues/41825) and ./gradlew refreshVersions seems to break as well.
Configuration conditionalDepConfiguration = project.getConfigurations()
.detachedConfiguration()
.extendsFrom(enforcedPlatforms);
conditionalDepConfiguration.getDependencies().add(conditionalDep);
return conditionalDepConfiguration;
}

private void enableConditionalDependency(ModuleVersionIdentifier dependency) {
Expand Down
30 changes: 15 additions & 15 deletions docs/src/main/asciidoc/extension-metadata.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ And here is the final version of the file included in the runtime JAR augmented
----
name: "Quarkus REST (formerly RESTEasy Reactive)"
artifact: "io.quarkus:quarkus-rest:999-SNAPSHOT"
description: "A Jakarta REST implementation utilizing build time processing and Vert.x.\
\ This extension is not compatible with the quarkus-resteasy extension, or any of\
\ the extensions that depend on it." <1>
metadata:
short-name: "rest"
keywords:
Expand All @@ -84,13 +87,13 @@ metadata:
artifact: "io.quarkus:quarkus-project-core-extension-codestarts::jar:999-SNAPSHOT"
config:
- "quarkus.rest."
built-with-quarkus-core: "3.8.5" <1>
requires-quarkus-core: "[3.8,)" <2>
capabilities: <3>
built-with-quarkus-core: "3.8.5" <2>
requires-quarkus-core: "[3.8,)" <3>
capabilities: <4>
provides:
- "io.quarkus.rest"
- "io.quarkus.resteasy.reactive"
extension-dependencies: <4>
extension-dependencies: <5>
- "io.quarkus:quarkus-rest-common"
- "io.quarkus:quarkus-mutiny"
- "io.quarkus:quarkus-smallrye-context-propagation"
Expand All @@ -100,21 +103,18 @@ metadata:
- "io.quarkus:quarkus-vertx-http"
- "io.quarkus:quarkus-core"
- "io.quarkus:quarkus-jsonp"
description: "A Jakarta REST implementation utilizing build time processing and Vert.x.\
\ This extension is not compatible with the quarkus-resteasy extension, or any of\
\ the extensions that depend on it." <5>
scm-url: "https://github.com/quarkusio/quarkus" <6>
sponsor: A Sponsoring Organisation <7>
scm-url: "https://github.com/quarkusio/quarkus" <6>
sponsor: A Sponsoring Organisation <7>
----

<1> Quarkus version the extension was built with
<2> The Quarkus version range this extension requires. Optional, and will be set automatically by using the `built-with-quarkus-core` as the minimum range.
<3> https://quarkus.io/guides/capabilities[Capabilities] this extension provides
<4> Direct dependencies on other extensions
<5> Description that can be displayed to users. In this case, the description was copied from the `pom.xml` of the extension module but it could also be provided in the template file.
<1> Description that can be displayed to users. In this case, the description was copied from the `pom.xml` of the extension module but it could also be provided in the template file.
<2> Quarkus version the extension was built with
<3> The Quarkus version range this extension requires. Optional, and will be set automatically by using the `built-with-quarkus-core` as the minimum range.
<4> https://quarkus.io/guides/capabilities[Capabilities] this extension provides
<5> Direct dependencies on other extensions
<6> The source code repository of this extension. Optional, and will often be set automatically by using the `<scm>` information in the pom. In GitHub Actions builds, it will be inferred from the CI environment. For other GitHub repositories, it can be controlled by setting a `GITHUB_REPOSITORY` environment variable.
<7> The sponsor(s) of this extension. Optional, and will sometimes be determined automatically from commit history.


[[quarkus-extension-properties]]
== META-INF/quarkus-extension.properties

Expand Down
9 changes: 7 additions & 2 deletions docs/src/main/asciidoc/getting-started-testing.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -1088,11 +1088,16 @@ If you are using Quarkus Security, check out the xref:security-testing.adoc[Test

A very common need is to start some services on which your Quarkus application depends, before the Quarkus application starts for testing. To address this need, Quarkus provides `@io.quarkus.test.common.WithTestResource` and `io.quarkus.test.common.QuarkusTestResourceLifecycleManager`.

By simply annotating any test in the test suite with `@WithTestResource`, Quarkus will run the corresponding `QuarkusTestResourceLifecycleManager` before any tests are run.
A test suite is also free to utilize multiple `@WithTestResource` annotations, in which case all the corresponding `QuarkusTestResourceLifecycleManager` objects will be run before the tests. When using multiple test resources they can be started concurrently. For that you need to set `@WithTestResource(parallel = true)`.
When a test annotated with `@WithTestResource`, Quarkus will run the corresponding `QuarkusTestResourceLifecycleManager` before the test.

IMPORTANT: By default, `@WithTestResource` applies only to the test on which the annotation is placed. Each test that is annotated with `@WithTestResource` will result in the application being re-augmented and restarted
(in a similar fashion as happens in dev-mode when a change is detected) in order to incorporate the settings configured by the annotation. This means that if there are many instances of the annotation used throughout the testsuite,
test execution speed will be impacted by these restarts.

NOTE: Test resources are applied for a given test class or custom profile. To activate for all tests you can use `@WithTestResource(restrictToAnnotatedClass = false)`.

NOTE: When using multiple test resources they can be started concurrently. For that you need to set `@WithTestResource(parallel = true)`.

Quarkus provides a few implementations of `QuarkusTestResourceLifecycleManager` out of the box (see `io.quarkus.test.h2.H2DatabaseTestResource` which starts an H2 database, or `io.quarkus.test.kubernetes.client.KubernetesServerTestResource` which starts a mock Kubernetes API server),
but it is common to create custom implementations to address specific application needs.
Common cases include starting docker containers using https://www.testcontainers.org/[Testcontainers] (an example of which can be found https://github.com/quarkusio/quarkus/blob/main/test-framework/keycloak-server/src/main/java/io/quarkus/test/keycloak/server/KeycloakTestResourceLifecycleManager.java[here]),
Expand Down
31 changes: 0 additions & 31 deletions docs/src/main/asciidoc/mongodb-panache.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -90,37 +90,6 @@ If you don't want to generate a new project, add the dependency in your build fi
implementation("io.quarkus:quarkus-mongodb-panache")
----

[NOTE]
====
If your project is already configured to use other annotation processors, you will need to additionally add the Panache annotation processor:
[source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
.pom.xml
----
<plugin>
<artifactId>maven-compiler-plugin</artifactId>
<version>${compiler-plugin.version}</version>
<configuration>
<parameters>${maven.compiler.parameters}</parameters>
<annotationProcessorPaths>
<!-- Your existing annotation processor(s)... -->
<path>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-panache-common</artifactId>
<version>${quarkus.platform.version}</version>
</path>
</annotationProcessorPaths>
</configuration>
</plugin>
----
[source,gradle,role="secondary asciidoc-tabs-target-sync-gradle"]
.build.gradle
----
annotationProcessor("io.quarkus:quarkus-panache-common")
----
====

== Setting up and configuring MongoDB with Panache

To get started:
Expand Down
7 changes: 1 addition & 6 deletions docs/src/main/asciidoc/podman.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,7 @@ The Homebrew package manager on Mac (*brew*) *should not be used to install Podm

On Linux, Podman is integrated as part of the operating system, and installed through the system's packager manager. As with Mac, and Windows, Podman Desktop can also be installed to supplement the Podman CLI. However, on Linux, Podman Desktop acts as a client to the native Podman integration, and does not manage the underlying Podman installation.

See https://podman-desktop.io/downloads/ for the latest version of Podman Desktop or pick the version that suits your operating system from the list below:

- https://podman-desktop.io/macos/[MacOS]
- https://podman-desktop.io/windows/[Windows]
- https://podman-desktop.io/linux/[Linux]

See https://podman-desktop.io/downloads/ for the latest version of Podman Desktop.

Additionally, if you are using Linux, see the Podman https://podman.io/docs/installation#installing-on-linux[Linux installation documentation] for instructions installing Podman to your specific Linux distribution.

Expand Down
32 changes: 16 additions & 16 deletions docs/src/main/asciidoc/security-csrf-prevention.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
include::_attributes.adoc[]
:categories: security
:topics: security,csrf,http
:extensions: io.quarkus:quarkus-csrf-reactive
:extensions: io.quarkus:quarkus-rest-csrf

https://owasp.org/www-community/attacks/csrf[Cross-Site Request Forgery (CSRF)] is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.

Expand All @@ -24,15 +24,15 @@ First, we need a new project.
Create a new project with the following command:

:create-app-artifact-id: security-csrf-prevention
:create-app-extensions: csrf-reactive
:create-app-extensions: rest-csrf
include::{includes}/devtools/create-app.adoc[]

This command generates a project which imports the `csrf-reactive` extension.
This command generates a project which imports the `rest-csrf` extension.

If you already have your Quarkus project configured, you can add the `csrf-reactive` extension
If you already have your Quarkus project configured, you can add the `rest-csrf` extension
to your project by running the following command in your project base directory:

:add-extension-extensions: csrf-reactive
:add-extension-extensions: rest-csrf
include::{includes}/devtools/extension-add.adoc[]

This will add the following to your build file:
Expand All @@ -42,14 +42,14 @@ This will add the following to your build file:
----
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-csrf-reactive</artifactId>
<artifactId>quarkus-rest-csrf</artifactId>
</dependency>
----

[source,gradle,role="secondary asciidoc-tabs-target-sync-gradle"]
.build.gradle
----
implementation("io.quarkus:quarkus-csrf-reactive")
implementation("io.quarkus:quarkus-rest-csrf")
----

Next, let's add a `csrfToken.html` Qute template producing an HTML form in the `src/main/resources/templates` folder:
Expand Down Expand Up @@ -126,8 +126,8 @@ At this stage no additional configuration is needed - by default the CSRF form f

[source,properties]
----
quarkus.csrf-reactive.form-field-name=csrftoken
quarkus.csrf-reactive.cookie-name=csrftoken
quarkus.rest-csrf.form-field-name=csrftoken
quarkus.rest-csrf.cookie-name=csrftoken
----

== Sign CSRF token
Expand All @@ -136,7 +136,7 @@ You can get `HMAC` signatures created for the generated CSRF tokens and have the

[source,properties]
----
quarkus.csrf-reactive.token-signature-key=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
quarkus.rest-csrf.token-signature-key=AyM1SysPpbyDfgZld3umj1qzKObwVMkoqQ-EstJQLr_T-1qS0gZH75aKtMN3Yj0iPS4hcgUuTwjAzZr1Z9CAow
----

[[csrf-request-header]]
Expand All @@ -151,18 +151,18 @@ If HTML `form` tags are not used and you need to pass CSRF token as a header, th
----
<1> This expression is used to inject a CSRF token header and token. This token will be verified by the CSRF filter against a CSRF cookie.

Default header name is `X-CSRF-TOKEN`, you can customize it with `quarkus.csrf-reactive.token-header-name`, for example:
Default header name is `X-CSRF-TOKEN`, you can customize it with `quarkus.rest-csrf.token-header-name`, for example:

[source,properties]
----
quarkus.csrf-reactive.token-header-name=CUSTOM-X-CSRF-TOKEN
quarkus.rest-csrf.token-header-name=CUSTOM-X-CSRF-TOKEN
----

If you need to access the CSRF cookie from JavaScript in order to pass its value as a header, use `{inject:csrf.cookieName}` and `{inject:csrf.headerName}` to inject the cookie name which has to be read as a CSRF header value and allow accessing this cookie:

[source,properties]
----
quarkus.csrf-reactive.cookie-http-only=false
quarkus.rest-csrf.cookie-http-only=false
----

== Cross-origin resource sharing
Expand Down Expand Up @@ -255,11 +255,11 @@ As you can see a CSRF token verification will be required at the `/service/user`
[source,properties]
----
# Verify CSRF token only for the `/service/user` path, ignore other paths such as `/service/users`
quarkus.csrf-reactive.create-token-path=/service/user
quarkus.rest-csrf.create-token-path=/service/user
# If `/service/user` path accepts not only `application/x-www-form-urlencoded` payloads but also other ones such as JSON then allow them
# Setting this property is not necessary when the token is submitted as a header value
quarkus.csrf-reactive.require-form-url-encoded=false
quarkus.rest-csrf.require-form-url-encoded=false
----

== Verify CSRF token in the application code
Expand Down Expand Up @@ -316,7 +316,7 @@ Also disable the token verification in the filter:

[source,properties]
----
quarkus.csrf-reactive.verify-token=false
quarkus.rest-csrf.verify-token=false
----

[[csrf-reactive-configuration-reference]]
Expand Down
Loading

0 comments on commit 36a2d4b

Please sign in to comment.