From 4f7f1705cbfa7757d859f43e73f9cbe184a04611 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Wed, 25 Dec 2024 01:54:12 +0000 Subject: [PATCH] Sync documentation of main branch --- .../main/config/quarkus-all-config.adoc | 10 +++++----- .../config/quarkus-devservices-keycloak.adoc | 2 +- ...-devservices-keycloak_quarkus.keycloak.adoc | 2 +- .../quarkus-vertx-http_quarkus.http.adoc | 4 ++-- .../quarkus-vertx-http_quarkus.management.adoc | 4 ++-- _versions/main/guides/_attributes.adoc | 2 +- .../main/guides/deploying-to-openshift.adoc | 2 +- .../main/guides/extension-maturity-matrix.adoc | 10 +++++----- .../main/guides/getting-started-testing.adoc | 14 +++++++------- .../security-keycloak-authorization.adoc | 2 +- .../guides/security-oidc-auth0-tutorial.adoc | 4 ++-- ...c-bearer-token-authentication-tutorial.adoc | 2 +- ...urity-oidc-bearer-token-authentication.adoc | 4 ++-- ...oidc-code-flow-authentication-tutorial.adoc | 2 +- ...security-oidc-code-flow-authentication.adoc | 6 +++--- ...ity-openid-connect-client-registration.adoc | 18 +++++++++--------- .../guides/security-openid-connect-client.adoc | 2 +- .../security-openid-connect-dev-services.adoc | 2 +- .../security-openid-connect-multitenancy.adoc | 2 +- .../security-openid-connect-providers.adoc | 2 +- _versions/main/guides/web.adoc | 2 +- 21 files changed, 49 insertions(+), 49 deletions(-) diff --git a/_generated-doc/main/config/quarkus-all-config.adoc b/_generated-doc/main/config/quarkus-all-config.adoc index 0ac2168bbc3..f54be7a5025 100644 --- a/_generated-doc/main/config/quarkus-all-config.adoc +++ b/_generated-doc/main/config/quarkus-all-config.adoc @@ -11589,7 +11589,7 @@ Environment variable: `+++QUARKUS_KEYCLOAK_DEVSERVICES_IMAGE_NAME+++` endif::add-copy-button-to-env-var[] -- |string -|`quay.io/keycloak/keycloak:25.0.6` +|`quay.io/keycloak/keycloak:26.0.7` a|icon:lock[title=Fixed at build time] [[quarkus-devservices-keycloak_quarkus-keycloak-devservices-keycloak-x-image]] [.property-path]##link:#quarkus-devservices-keycloak_quarkus-keycloak-devservices-keycloak-x-image[`quarkus.keycloak.devservices.keycloak-x-image`]## ifdef::add-copy-button-to-config-props[] @@ -15564,7 +15564,7 @@ endif::add-copy-button-to-config-props[] [.description] -- -If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client. +If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-++*++` headers from the client. ifdef::add-copy-button-to-env-var[] @@ -15585,7 +15585,7 @@ endif::add-copy-button-to-config-props[] [.description] -- -If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client. +If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-++*++` headers from the client. ifdef::add-copy-button-to-env-var[] @@ -17289,7 +17289,7 @@ endif::add-copy-button-to-config-props[] [.description] -- -If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client. +If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-++*++` headers from the client. ifdef::add-copy-button-to-env-var[] @@ -17310,7 +17310,7 @@ endif::add-copy-button-to-config-props[] [.description] -- -If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client. +If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-++*++` headers from the client. ifdef::add-copy-button-to-env-var[] diff --git a/_generated-doc/main/config/quarkus-devservices-keycloak.adoc b/_generated-doc/main/config/quarkus-devservices-keycloak.adoc index b67eb0fc695..7b54179deac 100644 --- a/_generated-doc/main/config/quarkus-devservices-keycloak.adoc +++ b/_generated-doc/main/config/quarkus-devservices-keycloak.adoc @@ -47,7 +47,7 @@ Environment variable: `+++QUARKUS_KEYCLOAK_DEVSERVICES_IMAGE_NAME+++` endif::add-copy-button-to-env-var[] -- |string -|`quay.io/keycloak/keycloak:25.0.6` +|`quay.io/keycloak/keycloak:26.0.7` a|icon:lock[title=Fixed at build time] [[quarkus-devservices-keycloak_quarkus-keycloak-devservices-keycloak-x-image]] [.property-path]##link:#quarkus-devservices-keycloak_quarkus-keycloak-devservices-keycloak-x-image[`quarkus.keycloak.devservices.keycloak-x-image`]## ifdef::add-copy-button-to-config-props[] diff --git a/_generated-doc/main/config/quarkus-devservices-keycloak_quarkus.keycloak.adoc b/_generated-doc/main/config/quarkus-devservices-keycloak_quarkus.keycloak.adoc index b67eb0fc695..7b54179deac 100644 --- a/_generated-doc/main/config/quarkus-devservices-keycloak_quarkus.keycloak.adoc +++ b/_generated-doc/main/config/quarkus-devservices-keycloak_quarkus.keycloak.adoc @@ -47,7 +47,7 @@ Environment variable: `+++QUARKUS_KEYCLOAK_DEVSERVICES_IMAGE_NAME+++` endif::add-copy-button-to-env-var[] -- |string -|`quay.io/keycloak/keycloak:25.0.6` +|`quay.io/keycloak/keycloak:26.0.7` a|icon:lock[title=Fixed at build time] [[quarkus-devservices-keycloak_quarkus-keycloak-devservices-keycloak-x-image]] [.property-path]##link:#quarkus-devservices-keycloak_quarkus-keycloak-devservices-keycloak-x-image[`quarkus.keycloak.devservices.keycloak-x-image`]## ifdef::add-copy-button-to-config-props[] diff --git a/_generated-doc/main/config/quarkus-vertx-http_quarkus.http.adoc b/_generated-doc/main/config/quarkus-vertx-http_quarkus.http.adoc index 6ebf99e65a5..3bbfd1229bb 100644 --- a/_generated-doc/main/config/quarkus-vertx-http_quarkus.http.adoc +++ b/_generated-doc/main/config/quarkus-vertx-http_quarkus.http.adoc @@ -3486,7 +3486,7 @@ endif::add-copy-button-to-config-props[] [.description] -- -If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client. +If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-++*++` headers from the client. ifdef::add-copy-button-to-env-var[] @@ -3507,7 +3507,7 @@ endif::add-copy-button-to-config-props[] [.description] -- -If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client. +If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-++*++` headers from the client. ifdef::add-copy-button-to-env-var[] diff --git a/_generated-doc/main/config/quarkus-vertx-http_quarkus.management.adoc b/_generated-doc/main/config/quarkus-vertx-http_quarkus.management.adoc index 995e4c95ad4..21a5aeb1522 100644 --- a/_generated-doc/main/config/quarkus-vertx-http_quarkus.management.adoc +++ b/_generated-doc/main/config/quarkus-vertx-http_quarkus.management.adoc @@ -1455,7 +1455,7 @@ endif::add-copy-button-to-config-props[] [.description] -- -If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client. +If this is true and proxy address forwarding is enabled then the standard `Forwarded` header will be used. In case the not standard `X-Forwarded-For` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-x-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-++*++` headers from the client. ifdef::add-copy-button-to-env-var[] @@ -1476,7 +1476,7 @@ endif::add-copy-button-to-config-props[] [.description] -- -If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `X-Forwarded` or `X-Forwarded-++*++` headers from the client. +If either this or `allow-forwarded` are true and proxy address forwarding is enabled then the not standard `Forwarded` header will be used. In case the standard `Forwarded` header is enabled and detected on HTTP requests, the standard header has the precedence. Activating this together with `quarkus.http.proxy.allow-forwarded` has security implications as clients can forge requests with a forwarded header that is not overwritten by the proxy. Therefore, proxies should strip unexpected `Forwarded` or `X-Forwarded-++*++` headers from the client. ifdef::add-copy-button-to-env-var[] diff --git a/_versions/main/guides/_attributes.adoc b/_versions/main/guides/_attributes.adoc index d79c37b7eb6..efa6a34b254 100644 --- a/_versions/main/guides/_attributes.adoc +++ b/_versions/main/guides/_attributes.adoc @@ -18,7 +18,7 @@ :infinispan-protostream-version: ${infinispan.protostream.version} :logstash-image: docker.io/elastic/logstash:8.15.0 :kibana-image: docker.io/elastic/kibana:8.15.0 -:keycloak-docker-image: quay.io/keycloak/keycloak:25.0.6 +:keycloak-docker-image: quay.io/keycloak/keycloak:26.0.7 :jandex-version: 3.2.3 :jandex-gradle-plugin-version: 1.0.0 :kotlin-version: 2.0.21 diff --git a/_versions/main/guides/deploying-to-openshift.adoc b/_versions/main/guides/deploying-to-openshift.adoc index 523c6308fec..f9bf9d4f091 100644 --- a/_versions/main/guides/deploying-to-openshift.adoc +++ b/_versions/main/guides/deploying-to-openshift.adoc @@ -417,7 +417,7 @@ You can provide the arguments that will be used by the Kubernetes Job via the pr Finally, the Kubernetes job will be launched every time that is installed in OpenShift. You can know more about how to run Kubernetes jobs in this https://kubernetes.io/docs/concepts/workloads/controllers/job/#running-an-example-job[link]. -You can configure the rest of the Kubernetes Job configuration using the properties under `quarkus.openshift.job.xxx` (see xref:deploying-to-openshift#quarkus-kubernetes_quarkus-openshift-job-parallelism[link]). +You can configure the rest of the Kubernetes Job configuration using the properties under `quarkus.openshift.job.xxx` (see xref:deploying-to-openshift.adoc#quarkus-kubernetes_quarkus-openshift-job-parallelism[link]). ===== Generating CronJob resources diff --git a/_versions/main/guides/extension-maturity-matrix.adoc b/_versions/main/guides/extension-maturity-matrix.adoc index 16d210a6ff1..a9bb187d9e9 100644 --- a/_versions/main/guides/extension-maturity-matrix.adoc +++ b/_versions/main/guides/extension-maturity-matrix.adoc @@ -27,7 +27,7 @@ It's completely OK to publish a first version of an extension that doesn't handl Also note that this list only includes the technical features of your extension. You might also want to think about how you share your extension, and how it presents itself to the world. The link:https://hub.quarkiverse.io/checklistfornewprojects/[new extension checklist] on the Quarkiverse Hub has a useful list of ways extensions can participate in the ecosystem. -It's also a good idea to spend some time on the metadata in the xref:extension-metadata#quarkus-extension-yaml[`quarkus-extension.yaml` file], which is used by Quarkus tooling. +It's also a good idea to spend some time on the metadata in the xref:extension-metadata.adoc#quarkus-extension-yaml[`quarkus-extension.yaml` file], which is used by Quarkus tooling. Here are some pointers on how to achieve those capabilities. @@ -66,7 +66,7 @@ The Writing Extensions guide has more guidance on xref:writing-extensions.adoc#h === CDI Beans Quarkus extensions should aim to xref:writing-extensions.adoc#expose-your-components-via-cdi[expose components via CDI], so that they can be consumed in a frictionless way by user applications. -Having everything injectable as CDI beans also helps testing, especially xref:getting-started-testing#mock-support[mocking]. +Having everything injectable as CDI beans also helps testing, especially xref:getting-started-testing.adoc#mock-support[mocking]. === Dev Service @@ -95,7 +95,7 @@ A good starting point is usually to use Although providing new, joyful, ways to do things is good, it's important to not break the normal patterns that users may be familiar with. -For some inspiration in this area, have a look at xref:logging#simplified-logging[simplified logging], xref:hibernate-orm-panache.adoc[simplified Hibernate ORM with Panache], the xref:rest-client.adoc#query-parameters[`@RestQuery` annotation], or the way Quarkus allows test containers to be used xref:getting-started-dev-services.adoc[without any configuration]. +For some inspiration in this area, have a look at xref:logging.adoc#simplified-logging[simplified logging], xref:hibernate-orm-panache.adoc[simplified Hibernate ORM with Panache], the xref:rest-client.adoc#query-parameters[`@RestQuery` annotation], or the way Quarkus allows test containers to be used xref:getting-started-dev-services.adoc[without any configuration]. === Codestart application template @@ -124,7 +124,7 @@ For a case study of how to eliminate reflection and what the performance benefit === Virtual thread support Not every library is suitable for using with virtual threads, out of the box. -xref:virtual-threads#why-not["Why not virtual threads everywhere?"] explains why. +xref:virtual-threads.adoc#why-not["Why not virtual threads everywhere?"] explains why. To get your library working properly with virtual threads, you should make sure the library is not pinning the carrier thread. Quarkus has xref:virtual-threads.adoc#testing-virtual-thread-applications[test helpers to do these checks in an automated way]. @@ -157,7 +157,7 @@ Avoid using errors and warnings for conditions that will not affect normal opera === Define health endpoints -Extensions may wish to xref:writing-extensions#extension-defined-endpoints[define library-specific endpoints] for health criteria which are specific to that extension. To add a new endpoint, extensions should produce a `NonApplicationRootPathBuildItem`. +Extensions may wish to xref:writing-extensions.adoc#extension-defined-endpoints[define library-specific endpoints] for health criteria which are specific to that extension. To add a new endpoint, extensions should produce a `NonApplicationRootPathBuildItem`. === Tracing context diff --git a/_versions/main/guides/getting-started-testing.adoc b/_versions/main/guides/getting-started-testing.adoc index 35c28cc9707..aa1e151a1f5 100644 --- a/_versions/main/guides/getting-started-testing.adoc +++ b/_versions/main/guides/getting-started-testing.adoc @@ -1224,20 +1224,20 @@ public @interface WithRepeatableTestResource { } ---- -=== Usage of `@WithTestResources` +=== Usage of `@WithTestResource` -While test resources provided by `@QuarkusTestResource` are available either globally or restricted to the annotated test class (`restrictToAnnotatedClass`), the annotation `@WithTestResources` allows to additionally group tests by test resources for execution. -`@WithTestResources` has a `scope` property that takes a `TestResourceScope` enum value: +While test resources provided by `@QuarkusTestResource` are available either globally or restricted to the annotated test class (`restrictToAnnotatedClass`), the annotation `@WithTestResource` allows to additionally group tests by test resources for execution. +`@WithTestResource` has a `scope` property that takes a `TestResourceScope` enum value: - `TestResourceScope.MATCHING_RESOURCES` (default): Quarkus will group tests with the same test resources and run them together. After a group has been executed, all test resources will be stopped, and the next group will be executed. - `TestResourceScope.RESTRICTED_TO_CLASS`: The test resource is available only for the annotated test class and will be stopped after the test class has been executed. -- `TestResourceScope.GLOBAL`: Test resources apply to all tests in the testsuite +- `TestResourceScope.GLOBAL`: Test resources apply to all tests in the test suite Quarkus needs to restart if one of the following is true: -- At least one the existing test resources is restricted to the test class -- At least one the next test resources is restricted to the test class -- Different {@code MATCHING_RESOURCE} scoped test resources are being used +- At least one of the test resources of the current test is restricted to the test class +- At least one of the test resources of the next test is restricted to the test class +- Different `MATCHING_RESOURCES` scoped test resources are being used == Hang Detection diff --git a/_versions/main/guides/security-keycloak-authorization.adoc b/_versions/main/guides/security-keycloak-authorization.adoc index 2ddeb8377ef..60c4be051ba 100644 --- a/_versions/main/guides/security-keycloak-authorization.adoc +++ b/_versions/main/guides/security-keycloak-authorization.adoc @@ -306,7 +306,7 @@ docker run --name keycloak \ start --hostname-strict=false --https-key-store-file=/etc/keycloak-keystore.jks <2> ---- -<1> For `keycloak.version`, ensure the version is `25.0.6` or later. +<1> For `keycloak.version`, ensure the version is `26.0.7` or later. <2> For Keycloak keystore, use the `keycloak-keystore.jks` file located at https://github.com/quarkusio/quarkus-quickstarts/blob/main/security-keycloak-authorization-quickstart/config/keycloak-keystore.jks[quarkus-quickstarts/security-keycloak-authorization-quickstart/config]. diff --git a/_versions/main/guides/security-oidc-auth0-tutorial.adoc b/_versions/main/guides/security-oidc-auth0-tutorial.adoc index d5e9dfe2b99..66bdaa41cc4 100644 --- a/_versions/main/guides/security-oidc-auth0-tutorial.adoc +++ b/_versions/main/guides/security-oidc-auth0-tutorial.adoc @@ -928,7 +928,7 @@ Press `r` and notice this test failing with `403` which is expected because the image::auth0-test-failure-403.png[Auth0 test failure 403] -Before fixing the test, let's review the options available for testing Quarkus endpoints secured by OIDC. These options might vary, depending on which flow your application supports and how you prefer to test. Endpoints which use OIDC authorization code flow can be tested using xref:security-oidc-code-flow-authentication#code-flow-integration-testing[one of these options] and endpoints which use Bearer token authentication can be tested using xref:security-oidc-bearer-token-authentication#bearer-token-integration-testing[one of these options]. +Before fixing the test, let's review the options available for testing Quarkus endpoints secured by OIDC. These options might vary, depending on which flow your application supports and how you prefer to test. Endpoints which use OIDC authorization code flow can be tested using xref:security-oidc-code-flow-authentication.adoc#code-flow-integration-testing[one of these options] and endpoints which use Bearer token authentication can be tested using xref:security-oidc-bearer-token-authentication.adoc#bearer-token-integration-testing[one of these options]. As you can see, testing of the endpoints secured with Auth0 can be done with the help of `Wiremock`, or `@TestSecurity` annotation. Experiment with writing such tests on your own and reach out if you encounter any problems. @@ -956,7 +956,7 @@ image::auth0-password-grant.png[Auth0 password grant] It is important to clarify that we do not recommend using the deprecated OAuth2 `password` token grant in production. However using it can help testing the endpoint with tokens acquired from the live dev Auth0 tenant. ==== -`OidcTestClient` should be used to test applications accepting bearer tokens which will work for the endpoint developed in this tutorial as it supports both authorization code flow and bearer token authentication. You would need to use OIDC WireMock or `HtmlUnit` directly against the Auth0 dev tenant if only the authorization code flow was supported - in the latter case `HtmlUnit` test code would have to be aligned with how Auth0 challenges users to enter their credentials. If you like, you can copy the xref:security-oidc-code-flow-authentication#code-flow-integration-testing-wiremock[HtmlUnit test fragment] from the documentation and experiment with it. +`OidcTestClient` should be used to test applications accepting bearer tokens which will work for the endpoint developed in this tutorial as it supports both authorization code flow and bearer token authentication. You would need to use OIDC WireMock or `HtmlUnit` directly against the Auth0 dev tenant if only the authorization code flow was supported - in the latter case `HtmlUnit` test code would have to be aligned with how Auth0 challenges users to enter their credentials. If you like, you can copy the xref:security-oidc-code-flow-authentication.adoc#code-flow-integration-testing-wiremock[HtmlUnit test fragment] from the documentation and experiment with it. In meantime we will now proceed with fixing the currently failing test using `OidcTestClient`. diff --git a/_versions/main/guides/security-oidc-bearer-token-authentication-tutorial.adoc b/_versions/main/guides/security-oidc-bearer-token-authentication-tutorial.adoc index 1eef1c8771c..054cf8b9719 100644 --- a/_versions/main/guides/security-oidc-bearer-token-authentication-tutorial.adoc +++ b/_versions/main/guides/security-oidc-bearer-token-authentication-tutorial.adoc @@ -217,7 +217,7 @@ For more information, see the <> sectio docker run --name keycloak -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8180:8080 quay.io/keycloak/keycloak:{keycloak.version} start-dev ---- ==== -* Where the `keycloak.version` is set to version `25.0.6` or later. +* Where the `keycloak.version` is set to version `26.0.7` or later. . You can access your Keycloak server at http://localhost:8180[localhost:8180]. . To access the Keycloak Administration console, log in as the `admin` user by using the following login credentials: diff --git a/_versions/main/guides/security-oidc-bearer-token-authentication.adoc b/_versions/main/guides/security-oidc-bearer-token-authentication.adoc index aa7554a5a75..b2e24e45539 100644 --- a/_versions/main/guides/security-oidc-bearer-token-authentication.adoc +++ b/_versions/main/guides/security-oidc-bearer-token-authentication.adoc @@ -1280,7 +1280,7 @@ quarkus.tls.oidc-server-mtls.trust-store.p12.password=password The above configuration is sufficient to require that OIDC bearer tokens are bound to the client certificates. -Next, if you need to access both mTLS and OIDC bearer security identities, consider enabling xref:security-authentication-mechanisms#combining-authentication-mechanisms[Inclusive authentication] with `quarkus.http.auth.inclusive=true`. +Next, if you need to access both mTLS and OIDC bearer security identities, consider enabling xref:security-authentication-mechanisms.adoc#combining-authentication-mechanisms[Inclusive authentication] with `quarkus.http.auth.inclusive=true`. Now you can access both MTLS and OIDC security identities as follows: @@ -1419,7 +1419,7 @@ Authentication that requires a dynamic tenant will fail. == OIDC request filters You can filter OIDC requests made by Quarkus to the OIDC provider by registering one or more `OidcRequestFilter` implementations, which can update or add new request headers, and log requests. -For more information, see xref:security-oidc-code-flow-authentication#code-flow-oidc-request-filters[OIDC request filters]. +For more information, see xref:security-oidc-code-flow-authentication.adoc#code-flow-oidc-request-filters[OIDC request filters]. [[bearer-token-oidc-response-filters]] === OIDC response filters diff --git a/_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc b/_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc index c54a5d7eea5..cb5a69c48a3 100644 --- a/_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc +++ b/_versions/main/guides/security-oidc-code-flow-authentication-tutorial.adoc @@ -201,7 +201,7 @@ To start a Keycloak server, use Docker and run the following command: docker run --name keycloak -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8180:8080 quay.io/keycloak/keycloak:{keycloak.version} start-dev ---- -where `keycloak.version` is set to `25.0.6` or later. +where `keycloak.version` is set to `26.0.7` or later. You can access your Keycloak Server at http://localhost:8180[localhost:8180]. diff --git a/_versions/main/guides/security-oidc-code-flow-authentication.adoc b/_versions/main/guides/security-oidc-code-flow-authentication.adoc index 7c656133d03..967ac4335e0 100644 --- a/_versions/main/guides/security-oidc-code-flow-authentication.adoc +++ b/_versions/main/guides/security-oidc-code-flow-authentication.adoc @@ -300,7 +300,7 @@ quarkus.tls.oidc.trust-store.p12.password=${trust-store-password} ==== POST query -Some providers, such as the xref:security-openid-connect-providers#strava[Strava OAuth2 provider], require client credentials be posted as HTTP POST query parameters: +Some providers, such as the xref:security-openid-connect-providers.adoc#strava[Strava OAuth2 provider], require client credentials be posted as HTTP POST query parameters: [source,properties] ---- @@ -416,7 +416,7 @@ import io.quarkus.oidc.runtime.OidcUtils; @Unremovable @OidcEndpoint(value = Type.TOKEN) <1> public class TokenEndpointResponseFilter implements OidcResponseFilter { - + @Override public void filter(OidcResponseContext rc) { String contentType = rc.responseHeaders().get("Content-Type"); <2> @@ -1853,7 +1853,7 @@ To import a custom realm file into Keycloak before running the tests, configure quarkus.keycloak.devservices.realm-path=quarkus-realm.json ---- -Finally, write the test code as described in the <> section. +Finally, write the test code as described in the <> section. The only difference is that `@QuarkusTestResource` is no longer required: [source, java] diff --git a/_versions/main/guides/security-openid-connect-client-registration.adoc b/_versions/main/guides/security-openid-connect-client-registration.adoc index efdd913d67a..71035c4af58 100644 --- a/_versions/main/guides/security-openid-connect-client-registration.adoc +++ b/_versions/main/guides/security-openid-connect-client-registration.adoc @@ -19,12 +19,12 @@ You can read more about it in the https://openid.net/specs/openid-connect-regist You can use Quarkus `quarkus-oidc-client-registration` extension to register one or more clients using OIDC client registration configurations and read, update and delete metadata of the registered clients. -xref:security-openid-connect-multitenancy#tenant-config-resolver[OIDC TenantConfigResolver] can be used to create OIDC tenant configurations using the metadata of the registered clients. +xref:security-openid-connect-multitenancy.adoc#tenant-config-resolver[OIDC TenantConfigResolver] can be used to create OIDC tenant configurations using the metadata of the registered clients. [IMPORTANT] ==== Currently, Quarkus `quarkus-oidc-client-registration` extension has an `experimental` status. -Dynamic client registration API provided by this extension may change while this extension has an experiemental status. +Dynamic client registration API provided by this extension may change while this extension has an experiemental status. ==== == OIDC Client Registration @@ -41,7 +41,7 @@ Add the following dependency: The `quarkus-oidc-client-registration` extension allows register one or more clients using OIDC client registration configurations, either on start-up or on demand, and read, update and delete metadata of the registered clients. -You can register and manage client registrations from the custom xref:security-openid-connect-multitenancy#tenant-config-resolver[OIDC TenantConfigResolver]. +You can register and manage client registrations from the custom xref:security-openid-connect-multitenancy.adoc#tenant-config-resolver[OIDC TenantConfigResolver]. Alternatively, you can register clients without even using OIDC. For example, it can be a command line tool which registers clients and passes metadata of the registered clients to Quarkus services which require them. @@ -61,7 +61,7 @@ quarkus.oidc-client-registration.auth-server-url=${quarkus.oidc.auth-server-url} quarkus.oidc-client-registration.metadata.client-name=Default Client quarkus.oidc-client-registration.metadata.redirect-uri=http://localhost:8081/protected -# Named OIDC client registration which configures a registration endpoint path: +# Named OIDC client registration which configures a registration endpoint path: # It require an initial registration token for a client registration to succeed. quarkus.oidc-client-registration.tenant-client.registration-path=${quarkus.oidc.auth-server-url}/clients-registrations/openid-connect @@ -72,7 +72,7 @@ quarkus.oidc-client-registration.initial-token=${initial-registration-token} The above configuration will lead to two new client registrations created in your OIDC provider. -You or may not need to acquire an initial registration access token. If you don't, then you will have to enable one or more client registration policies in your OIDC provider's dashboard. For example, see https://www.keycloak.org/docs/latest/securing_apps/#_client_registration_policies[Keycloak client registration policies]. +You or may not need to acquire an initial registration access token. If you don't, then you will have to enable one or more client registration policies in your OIDC provider's dashboard. For example, see https://www.keycloak.org/docs/latest/securing_apps/#_client_registration_policies[Keycloak client registration policies]. The next step is to inject either `quarkus.oidc.client.registration.OidcClientRegistration` if only a single default client registration is done, or `quarkus.oidc.client.registration.OidcClientRegistrations` if more than one registration is configured, and use metadata of the clients registered with these configurations. @@ -114,7 +114,7 @@ public class CustomTenantConfigResolver implements TenantConfigResolver { @Override public Uni resolve(RoutingContext routingContext, OidcRequestContext requestContext) { - + if (routingContext.request().path().endsWith("/protected")) { // Use the registered client created from the default OIDC client registration return clientReg.registeredClient().onItem().transform(client -> createTenantConfig("registered-client", client)); @@ -148,7 +148,7 @@ public class CustomTenantConfigResolver implements TenantConfigResolver { [[register-clients-on-demand]] === Register clients on demand -You can register new clients on demand. +You can register new clients on demand. You can add new clients to the existing, already configured `OidcClientConfiguration` or to a newly created `OidcClientConfiguration`. Start from configuring one or more OIDC client registrations: @@ -201,7 +201,7 @@ public class CustomTenantConfigResolver implements TenantConfigResolver { ClientMetadata metadata = createMetadata("http://localhost:8081/protected/dynamic-tenant", "Dynamic Tenant Client"); - return clientReg.registerClient(metadata).onItem().transform(r -> + return clientReg.registerClient(metadata).onItem().transform(r -> createTenantConfig("registered-client-dynamically", r)); } return null; @@ -280,7 +280,7 @@ public class CustomTenantConfigResolver implements TenantConfigResolver { .build(); return clientRegs.newClientRegistration(clientRegConfig) - .onItem().transform(reg -> + .onItem().transform(reg -> createTenantConfig("registered-client-dynamically", reg.registeredClient()); } diff --git a/_versions/main/guides/security-openid-connect-client.adoc b/_versions/main/guides/security-openid-connect-client.adoc index 5444790c3f7..0f9e86fafa9 100644 --- a/_versions/main/guides/security-openid-connect-client.adoc +++ b/_versions/main/guides/security-openid-connect-client.adoc @@ -505,7 +505,7 @@ To start a Keycloak Server, you can use Docker and just run the following comman docker run --name keycloak -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8180:8080 quay.io/keycloak/keycloak:{keycloak.version} start-dev ---- -Set `{keycloak.version}` to `25.0.6` or later. +Set `{keycloak.version}` to `26.0.7` or later. You can access your Keycloak Server at http://localhost:8180[localhost:8180]. diff --git a/_versions/main/guides/security-openid-connect-dev-services.adoc b/_versions/main/guides/security-openid-connect-dev-services.adoc index b29e6190110..dcdbdbeac04 100644 --- a/_versions/main/guides/security-openid-connect-dev-services.adoc +++ b/_versions/main/guides/security-openid-connect-dev-services.adoc @@ -258,7 +258,7 @@ For more information, see xref:security-oidc-bearer-token-authentication.adoc#be [[keycloak-initialization]] === Keycloak initialization -The `quay.io/keycloak/keycloak:25.0.6` image which contains a Keycloak distribution powered by Quarkus is used to start a container by default. +The `quay.io/keycloak/keycloak:26.0.7` image which contains a Keycloak distribution powered by Quarkus is used to start a container by default. `quarkus.keycloak.devservices.image-name` can be used to change the Keycloak image name. For example, set it to `quay.io/keycloak/keycloak:19.0.3-legacy` to use a Keycloak distribution powered by WildFly. Be aware that a Quarkus-based Keycloak distribution is only available starting from Keycloak `20.0.0`. diff --git a/_versions/main/guides/security-openid-connect-multitenancy.adoc b/_versions/main/guides/security-openid-connect-multitenancy.adoc index 68ae114f911..b30bfd2ebce 100644 --- a/_versions/main/guides/security-openid-connect-multitenancy.adoc +++ b/_versions/main/guides/security-openid-connect-multitenancy.adoc @@ -346,7 +346,7 @@ To start a Keycloak server, you can use Docker and run the following command: docker run --name keycloak -e KEYCLOAK_ADMIN=admin -e KEYCLOAK_ADMIN_PASSWORD=admin -p 8180:8080 quay.io/keycloak/keycloak:{keycloak.version} start-dev ---- -where `keycloak.version` is set to `25.0.6` or higher. +where `keycloak.version` is set to `26.0.7` or higher. Access your Keycloak server at http://localhost:8180[localhost:8180]. diff --git a/_versions/main/guides/security-openid-connect-providers.adoc b/_versions/main/guides/security-openid-connect-providers.adoc index 240922f2a92..d7ea4feb8d6 100644 --- a/_versions/main/guides/security-openid-connect-providers.adoc +++ b/_versions/main/guides/security-openid-connect-providers.adoc @@ -771,7 +771,7 @@ It may not be a problem when Quarkus fetches public verification keys from OIDC- Therefore, UserInfo is embedded in an internally generated ID token and is encrypted in the session cookie. You can disable it with `quarkus.oidc.cache-user-info-in-idtoken=false`. -Alternatively, use a default or custom UserInfo cache provider, please see the xref:security-oidc-bearer-token-authentication#bearer-token-token-introspection-userinfo-cache[Token Introspection and UserInfo cache] section of the "OpenID Connect (OIDC) Bearer token authentication" guide. +Alternatively, use a default or custom UserInfo cache provider, please see the xref:security-oidc-bearer-token-authentication.adoc#bearer-token-token-introspection-userinfo-cache[Token Introspection and UserInfo cache] section of the "OpenID Connect (OIDC) Bearer token authentication" guide. == References diff --git a/_versions/main/guides/web.adoc b/_versions/main/guides/web.adoc index 177b329f547..76b7e803e9a 100644 --- a/_versions/main/guides/web.adoc +++ b/_versions/main/guides/web.adoc @@ -21,7 +21,7 @@ Quarkus provides several extensions to create web applications, this document ai Let's assume you have a Quarkus backend, and you want to serve static files. This is the most basic case, it is supported out of the box with all our Vert.x based extensions, you must place them in the `META-INF/resources` directory of your application. -You can find more information in the xref:http-reference#serving-static-resources[HTTP reference guide]. +You can find more information in the xref:http-reference.adoc#serving-static-resources[HTTP reference guide]. === Serving scripts, styles, and web libraries