Merge branch 'main' into QDOCS-109-RC-OIDC-TUT

bom/application/pom.xml

@@ -14,7 +14,7 @@
     <packaging>pom</packaging>
 
     <properties>
-        <bouncycastle.version>1.70</bouncycastle.version>
+        <bouncycastle.version>1.71</bouncycastle.version>
         <bouncycastle.fips.version>1.0.2.3</bouncycastle.fips.version>
         <bouncycastle.tls.fips.version>1.0.14.1</bouncycastle.tls.fips.version>
         <findbugs.version>3.0.2</findbugs.version>
@@ -133,7 +133,6 @@
         <rest-assured.version>4.5.1</rest-assured.version>
         <junit.jupiter.version>5.9.1</junit.jupiter.version>
         <junit-pioneer.version>1.5.0</junit-pioneer.version>
-        <testng.version>6.14.2</testng.version>
         <infinispan.version>14.0.5.Final</infinispan.version>
         <infinispan.protostream.version>4.5.1.Final</infinispan.protostream.version>
         <caffeine.version>3.1.1</caffeine.version>
@@ -155,7 +154,7 @@
         <kotlin.version>1.7.22</kotlin.version>
         <kotlin.coroutine.version>1.6.4</kotlin.coroutine.version>
         <kotlin-serialization.version>1.4.1</kotlin-serialization.version>
-        <dekorate.version>3.2.1</dekorate.version> <!-- Please check with Java Operator SDK team before updating -->
+        <dekorate.version>3.3.0</dekorate.version> <!-- Please check with Java Operator SDK team before updating -->
         <maven-invoker.version>3.2.0</maven-invoker.version>
         <awaitility.version>4.2.0</awaitility.version>
         <jboss-logmanager.version>1.0.11</jboss-logmanager.version>
@@ -2969,22 +2968,22 @@
             <!-- Bouncy Castle -->
             <dependency>
                 <groupId>org.bouncycastle</groupId>
-                <artifactId>bcprov-jdk15on</artifactId>
+                <artifactId>bcprov-jdk18on</artifactId>
                 <version>${bouncycastle.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.bouncycastle</groupId>
-                <artifactId>bctls-jdk15on</artifactId>
+                <artifactId>bctls-jdk18on</artifactId>
                 <version>${bouncycastle.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.bouncycastle</groupId>
-                <artifactId>bcpkix-jdk15on</artifactId>
+                <artifactId>bcpkix-jdk18on</artifactId>
                 <version>${bouncycastle.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.bouncycastle</groupId>
-                <artifactId>bcutil-jdk15on</artifactId>
+                <artifactId>bcutil-jdk18on</artifactId>
                 <version>${bouncycastle.version}</version>
             </dependency>
             <dependency>
@@ -4048,11 +4047,6 @@
                 <artifactId>jboss-jaxrs-api_2.1_spec</artifactId>
                 <version>${jboss-jaxrs-api_2.1_spec.version}</version>
             </dependency>
-            <dependency>
-                <groupId>org.testng</groupId>
-                <artifactId>testng</artifactId>
-                <version>${testng.version}</version>
-            </dependency>
             <dependency>
                 <groupId>org.apache.qpid</groupId>
                 <artifactId>proton-j</artifactId>

docs/src/main/asciidoc/kubernetes-client.adoc

@@ -328,7 +328,7 @@ Please note that if you would like to use Elliptic Curve keys with Kubernetes Cl
 ----
 <dependency>
     <groupId>org.bouncycastle</groupId>
-    <artifactId>bcpkix-jdk15on</artifactId>
+    <artifactId>bcpkix-jdk18on</artifactId>
 </dependency>
 ----
 

docs/src/main/asciidoc/quartz.adoc

@@ -141,7 +141,8 @@ public class TaskBean {
 
 === Scheduling Jobs Programmatically
 
-It is also possible to leverage the Quartz API directly.
+An injected `io.quarkus.scheduler.Scheduler` can be used to <<scheduler-reference.adoc#programmatic_scheduling,schedule a job programmatically>>.
+However, it is also possible to leverage the Quartz API directly.
 You can inject the underlying `org.quartz.Scheduler` in any bean:
 
 [source,java]

docs/src/main/asciidoc/scheduler-reference.adoc

@@ -15,7 +15,7 @@ Modern applications often need to run specific tasks periodically.
 There are two scheduler extensions in Quarkus.
 The `quarkus-scheduler` extension brings the API and a lightweight in-memory scheduler implementation.
 The `quarkus-quartz` extension implements the API from the `quarkus-scheduler` extension and contains a scheduler implementation based on the Quartz library.
-You will only need `quarkus-quartz` for more advanced scheduling use cases, such as persistent tasks, clustering and programmatic scheduling of jobs.
+You will only need `quarkus-quartz` for more advanced scheduling use cases, such as persistent tasks and clustering.
 
 NOTE: If you add the `quarkus-quartz` dependency to your project the lightweight scheduler implementation from the `quarkus-scheduler` extension is automatically disabled. 
 
@@ -334,34 +334,44 @@ class MyService {
 <6> Get Trigger metadata for a specific scheduled job by its identity.
 <7> You can configure the grace period for isOverdue() with quarkus.scheduler.overdue-grace-period
 
+[[programmatic_scheduling]]
 == Programmatic Scheduling
 
-If you need to schedule a job programmatically you'll need to add the xref:quartz.adoc[Quartz extension] and use the Quartz API directly.
+An injected `io.quarkus.scheduler.Scheduler` can be also used to schedule a job programmatically.
 
-.Programmatic Scheduling with Quartz API
+.Programmatic Scheduling
 [source,java]
 ----
-import org.quartz.Scheduler;
+import io.quarkus.scheduler.Scheduler;
 
+@ApplicationScoped
 class MyJobs {
 
-    void onStart(@Observes StartupEvent event, Scheduler quartz) throws SchedulerException {
-        JobDetail job = JobBuilder.newJob(SomeJob.class)
-                .withIdentity("myJob", "myGroup")
-                .build();
-        Trigger trigger = TriggerBuilder.newTrigger()
-                .withIdentity("myTrigger", "myGroup")
-                .startNow()
-                .withSchedule(SimpleScheduleBuilder.simpleSchedule()
-                        .withIntervalInSeconds(1)
-                        .repeatForever())
-                .build();
-        quartz.scheduleJob(job, trigger);
+    @Inject
+    Scheduler scheduler;
+
+    void addMyJob() { <1>
+        scheduler.newJob("myJob")
+            .setCron("0/5 * * * * ?")
+            .setTask(executionContext -> { <2>
+                // do something important every 5 seconds
+            })
+            .schedule(); <3>
     }
+    
+    void removeMyJob() {
+        scheduler.unscheduleJob("myJob"); <4>
+    } 
 }
 ----
+<1> This is a programmatic alternative to a method annotated with `@Scheduled(identity = "myJob", cron = "0/5 * * * * ?")`.
+<2> The business logic is defined in a callback.
+<3> The job is scheduled once the `JobDefinition#schedule()` method is called.
+<4> A job that was added programmatically can be also removed.
+
+NOTE: By default, the scheduler is not started unless a `@Scheduled` business method is found. You may need to force the start of the scheduler for "pure" programmatic scheduling via `quarkus.scheduler.start-mode=forced`.
 
-NOTE: By default, the scheduler is not started unless a `@Scheduled` business method is found. You may need to force the start of the scheduler for "pure" programmatic scheduling. See also <<quartz.adoc#quartz-configuration-reference,Quartz Configuration Reference>>.
+NOTE: If the xref:quartz.adoc[Quartz extension] is present then the Quartz API can be also used to schedule a job programmatically.
 
 == Scheduled Methods and Testing
 

docs/src/main/asciidoc/security-authorization-of-web-endpoints-reference.adoc → docs/src/main/asciidoc/security-authorize-web-endpoints-reference.adoc

@@ -3,8 +3,8 @@ This guide is maintained in the main Quarkus repository
 and pull requests should be submitted there:
 https://github.com/quarkusio/quarkus/tree/main/docs/src/main/asciidoc
 ////
-[id="security-authorization-of-web-endpoints-reference"]
-= Authorization of Web Endpoints
+[id="security-authorize-web-endpoints-reference"]
+= Authorize web endpoints
 include::_attributes.adoc[]
 :categories: security,web
 
@@ -65,7 +65,7 @@ This is an exact path match as it does not end with `*`.
 `roles1` is an example name; you can call the permission sets whatever you want.
 
 
-=== Matching on paths, methods
+=== Matching on paths and methods
 
 Permission sets can also specify paths and methods as a comma-separated list.
 If a path ends with the `*` wildcard, the query it generates matches all sub-paths.
@@ -163,12 +163,12 @@ quarkus.http.auth.permission.roles2.policy=admin-policy1
 
 TIP: Given the above permission set, `GET /api/foo` would match both permission sets' paths, requiring both the `user` and `admin` roles.
 
-=== Configuration Properties to Deny access
+=== Configuration properties to deny access
 
-The following configuration settings alter the RBAC Deny behavior:
+The following configuration settings alter the role-based access control (RBAC) denying behavior:
 
 `quarkus.security.jaxrs.deny-unannotated-endpoints=true|false`::
-If set to true, the access will be denied for all JAX-RS endpoints by default, so if a JAX-RS endpoint does not have any security annotations, it will default to the `@DenyAll` behavior.
+If set to true, access is denied for all JAX-RS endpoints by default. If a JAX-RS endpoint does not have any security annotations, it defaults to the `@DenyAll` behavior.
 This is useful to ensure you cannot accidentally expose an endpoint that is supposed to be secured.
 Defaults to `false`.
 

docs/src/main/asciidoc/security-customization.adoc

@@ -391,7 +391,7 @@ and add the BouncyCastle provider dependency:
 ----
 <dependency>
     <groupId>org.bouncycastle</groupId>
-    <artifactId>bcprov-jdk15on</artifactId>
+    <artifactId>bcprov-jdk18on</artifactId>
 </dependency>
 ----
 
@@ -426,7 +426,7 @@ and add the BouncyCastle TLS dependency:
 ----
 <dependency>
     <groupId>org.bouncycastle</groupId>
-    <artifactId>bctls-jdk15on</artifactId>
+    <artifactId>bctls-jdk18on</artifactId>
 </dependency>
 ----
 

docs/src/main/asciidoc/security-keycloak-authorization.adoc

@@ -388,11 +388,11 @@ Note that, depending on how many resources you have in Keycloak the time taken t
 
 In the default configuration, Keycloak is responsible for managing the roles and deciding who can access which routes.
 
-To configure the protected routes using the `@RolesAllowed` annotation or the `application.properties` file, check the xref:security-oidc-bearer-authentication-concept.adoc[Using OpenID Connect Adapter to Protect JAX-RS Applications] and xref:security-authorization-of-web-endpoints-reference.adoc[Security Authorization] guides. For more details, check the xref:security-overview-concept.adoc[Security guide].
+To configure the protected routes using the `@RolesAllowed` annotation or the `application.properties` file, check the xref:security-oidc-bearer-authentication-concept.adoc[Using OpenID Connect Adapter to Protect JAX-RS Applications] and xref:security-authorize-web-endpoints-reference.adoc[Security Authorization] guides. For more details, check the xref:security-overview-concept.adoc[Security guide].
 
 == Access to Public Resources
 
-If you'd like to access a public resource without `quarkus-keycloak-authorization` trying to apply its policies to it then you need to create a `permit` HTTP Policy configuration in `application.properties` as documented in the xref:security-authorization-of-web-endpoints-reference.adoc[Security Authorization] guide.
+If you'd like to access a public resource without `quarkus-keycloak-authorization` trying to apply its policies to it then you need to create a `permit` HTTP Policy configuration in `application.properties` as documented in the xref:security-authorize-web-endpoints-reference.adoc[Security Authorization] guide.
 
 Disabling a policy check using a Keycloak Authorization Policy such as:
 

docs/src/main/asciidoc/security-overview-concept.adoc

@@ -238,7 +238,7 @@ If you use `Basic` or `Form` HTTP-based authentication then you must add an `Ide
 == Authorization
 
 Quarkus also supports role-based access control (RBAC).
-For more information about RBAC and other authorization options in Quarkus, see xref:security-authorization-of-web-endpoints-reference.adoc[Security authorization].
+For more information about RBAC and other authorization options in Quarkus, see xref:security-authorize-web-endpoints-reference.adoc[Security authorization].
 
 == Quarkus Security customization
 

extensions/cache/deployment/src/test/java/io/quarkus/cache/test/deployment/CacheConfigTest.java

@@ -1,6 +1,8 @@
 package io.quarkus.cache.test.deployment;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
+import static org.junit.jupiter.api.Assertions.assertNull;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
@@ -35,8 +37,14 @@ public class CacheConfigTest {
     @CacheName("no-config-cache")
     Cache noConfigCache;
 
+    @CacheName("test-cache-2")
+    Cache testCache2;
+
+    @CacheName("test-cache-3")
+    Cache testCache3;
+
     @Test
-    public void testConfig() {
+    void testConfig() {
         CaffeineCacheImpl cache = (CaffeineCacheImpl) cacheManager.getCache(CACHE_NAME).get();
         assertEquals(10, cache.getCacheInfo().initialCapacity);
         assertEquals(100L, cache.getCacheInfo().maximumSize);
@@ -57,6 +65,26 @@ public void testConfig() {
         assertEquals(newExpireAfterAccess, cache.getCacheInfo().expireAfterAccess);
     }
 
+    @Test
+    void testCache2Config() {
+        CaffeineCacheImpl cache = (CaffeineCacheImpl) testCache2;
+        assertEquals(80, cache.getCacheInfo().initialCapacity);
+        assertNull(cache.getCacheInfo().maximumSize);
+        assertEquals(Duration.ofDays(4L), cache.getCacheInfo().expireAfterWrite);
+        assertEquals(Duration.ofSeconds(90L), cache.getCacheInfo().expireAfterAccess);
+        assertFalse(cache.getCacheInfo().metricsEnabled);
+    }
+
+    @Test
+    void testCache3Config() {
+        CaffeineCacheImpl cache = (CaffeineCacheImpl) testCache3;
+        assertEquals(123, cache.getCacheInfo().initialCapacity);
+        assertNull(cache.getCacheInfo().maximumSize);
+        assertNull(cache.getCacheInfo().expireAfterWrite);
+        assertNull(cache.getCacheInfo().expireAfterAccess);
+        assertTrue(cache.getCacheInfo().metricsEnabled);
+    }
+
     @Test
     void setMaximumSizeShouldThrowWhenNoInitialConfigValue() {
         assertThrows(IllegalStateException.class, () -> {

extensions/cache/deployment/src/test/resources/cache-config-test.properties

@@ -1,5 +1,20 @@
+### Default configuration applied to all Caffeine caches (lowest precedence)
+quarkus.cache.caffeine.initial-capacity=123
+# quarkus.cache.caffeine.maximum-size is purposely absent here
+# quarkus.cache.caffeine.expire-after-write is purposely absent here
+# quarkus.cache.caffeine.expire-after-access is purposely absent here
+quarkus.cache.caffeine.metrics-enabled=true
+
+### Additional configuration applied to "test-cache" (highest precedence)
 quarkus.cache.caffeine."test-cache".initial-capacity=10
 quarkus.cache.caffeine."test-cache".maximum-size=100
 quarkus.cache.caffeine."test-cache".expire-after-write=30
 quarkus.cache.caffeine."test-cache".expire-after-access=P2D
-quarkus.cache.caffeine."test-cache".metrics-enabled=true
+# quarkus.cache.caffeine."test-cache".metrics-enabled is purposely absent here
+
+### Additional configuration applied to "test-cache-2" (highest precedence)
+quarkus.cache.caffeine."test-cache-2".initial-capacity=80
+# quarkus.cache.caffeine."test-cache-2".maximum-size is purposely absent here
+quarkus.cache.caffeine."test-cache-2".expire-after-write=P4D
+quarkus.cache.caffeine."test-cache-2".expire-after-access=90
+quarkus.cache.caffeine."test-cache-2".metrics-enabled=false

extensions/cache/runtime/src/main/java/io/quarkus/cache/runtime/CacheConfig.java

@@ -9,6 +9,7 @@
 import java.util.OptionalLong;
 
 import io.quarkus.runtime.annotations.ConfigDocMapKey;
+import io.quarkus.runtime.annotations.ConfigDocSection;
 import io.quarkus.runtime.annotations.ConfigGroup;
 import io.quarkus.runtime.annotations.ConfigItem;
 import io.quarkus.runtime.annotations.ConfigRoot;
@@ -40,14 +41,22 @@ public class CacheConfig {
     public static class CaffeineConfig {
 
         /**
-         * Namespace configuration.
+         * Default configuration applied to all Caffeine caches (lowest precedence)
+         */
+        @ConfigItem(name = ConfigItem.PARENT)
+        @ConfigDocSection
+        public CaffeineCacheConfig defaultConfig;
+
+        /**
+         * Additional configuration applied to a specific Caffeine cache (highest precedence)
          */
         @ConfigItem(name = ConfigItem.PARENT)
         @ConfigDocMapKey("cache-name")
-        public Map<String, CaffeineNamespaceConfig> namespace;
+        @ConfigDocSection
+        public Map<String, CaffeineCacheConfig> cachesConfig;
 
         @ConfigGroup
-        public static class CaffeineNamespaceConfig {
+        public static class CaffeineCacheConfig {
 
             /**
              * Minimum total size for the internal data structures. Providing a large enough estimate at construction time
@@ -84,7 +93,7 @@ public static class CaffeineNamespaceConfig {
              * value to {@code true} will enable the accumulation of cache stats inside Caffeine.
              */
             @ConfigItem
-            public boolean metricsEnabled;
+            public Optional<Boolean> metricsEnabled;
         }
     }
 }