Quarkus 0.24.0 released - Vert.x everywhere
Due to serious outages of the OSS Sontype (our gate to Maven Central), we were unable to release as planned but… here we are, 0.24.0 is out!
This one is built on top of the shoulders of 0.23 to move more things to our new Vert.x based HTTP layer. It also introduces big changes to our security layer.
What’s new?
Servlet no longer required for JAX-RS
This means that if your application depends on quarkus-resteasy
and not quarkus-undertow
then Servlet will not be present, and RESTEasy will run directly on a Vert.x backend.
For most applications this should be largely transparent, however if you wish to use Servlet filters or other Servlet functionality then you can simply add a dependency on quarkus-undertow
. If Undertow is present, RESTEasy will detect this and will fall back to running as a Servlet.
Please reach out to us if you think a missing feature should be supported out of the box by RESTEasy + Vert.x because we want as many users as possible on the new Vert.x layer.
For instance, we introduced quarkus.http.root-path
as the counterpart of quarkus.servlet.context-path
.
New reactive security layer
Previously Security was tied to Undertow and only applied to Servlet deployments, while also being 100% blocking. This change brings in a new security layer that is not tied to any specific implementation, and also allows for reactive security operations to integrate with Vert.x. It is also no longer tied to Elytron, however Elytron still remains an option.
This is still a work in progress and there is a lot more work to come over the following few weeks, however the main changes today are:
-
HTTP Authentication is now handled at the Vert.x layer. Previously this was configured in the Elytron extensions, this configuration has been removed
-
The
elytron-security
extension has been broken up into base functionality and a newelytron-security-properties-file
extension that contains support for simple properties file based config. -
There is a new
elytron-security-jdbc
extension that allows for users to be loaded from a database. This extension is still alpha and its configuration will likely be simplified for the next release. -
HTTP basic auth is now enabled by the
quarkus.http-auth.basic=true
property. To use this, you will need to have theelytron-security-properties-file
or the (still alpha)elytron-security-jdbc
extension in your application. -
HTTP form auth is missing in this release, it will be replaced sometime next week. Previously this relied on an in-memory HTTP session, so did not work in cloud environments. The new implementation will use encrypted cookies to replace the in memory session allowing it to be used in clustered environments.
Keycloak extension replaced by an OIDC extension (OpenID Connect)
The original Keycloak-specific quarkus-keycloak
adapter has been replaced with a generic OpenID Connect (OIDC) quarkus-oidc
adapter which will provide a comprehensive, generic and reactive support for the most important OIDC flows and be able to verify the tokens from all the certified OIDC providers including Keycloak. Tokens from the other OIDC and OAuth2 providers implementing a token introspection endpoint will also be recognized.
You can find all the information relative to this new extension in our new OIDC guide but here is a summary of the changes that will probably affect you.
Note that the configuration namespace has changed from quarkus.keycloak
to quarkus.oidc
.
The realm
property has been removed and the Keycloak users are now required to configure
the auth-base-url
as follows:
quarkus.oidc.auth-base-url = http://myorg.keycloak.com/realms/{realm}
where {realm}
represents a Keycloak realm.
resource
has been renamed to client-id
.
realm-public-key
has been renamed to public-key
.
Multi-tenancy support based on KeycloakConfigResolver
is no longer supported with a Vert.x OAuth2 based alternative mechanism to be introduced in the next release.
Users needing to configure CORS should now use Quarkus CORS filter.
The team appreciates that some of the original quarkus-keycloak
users may be affected by this change and would like to assure the community that quarkus-oidc
will offer an equivalent but also significantly better overall OIDC experience very soon.
If some features are missing for your use case, please open GitHub issues.
MongoDB com Panache
You might already have used our Hibernate ORM with Panache layer. This simplified "Panache" approach will be generalized to other parts of the stack in the coming months.
And we already have a good news: we now have a MongoDB with Panache extension which heavily simplifies developing REST applications with MongoDB. You can find all the information in the MongoDB with Panache guide, which comes with a quickstart.
As for every brand new feature, feedback is highly welcome.
Jackson and JSON-B customization
It is now far easier to customize Jackson’s ObjectMapper
or JSON-B configuration thanks to a new API we introduced in 0.24.
Everything is explained in detail in our REST JSON guide.
REST Assured major update
We updated REST Assured to 4.1.1: there is a good chance you will have to adjust your tests. Checkout the Rest Assured Release Notes for details.
Other new extensions
RESTEasy JAXB
We now have a proper RESTEasy JAXB extension. So if you are using JAXB with your REST services, please use the quarkus-resteasy-jaxb
extension from now on.
Narayana STM
If you want to use Narayana STM (as in Software Transactional Memory), we now have an extension for it (and a guide!).
STM offers an approach to developing transactional applications in a highly concurrent environment with some of the same characteristics of ACID (Atomicity, Consistency, Isolation and Durability) transactions.
Full changelog
We also fixed a few bugs and usability issues: get the full changelog of 0.24.0 on GitHub.
Contributors
Quarkus has now 159 contributors. Many many thanks to each and everyone of them.
In particular for this release, thanks to Adam Bien, Alessio Soldano, Alexey Loubyansky, Andrej Petras, Andrew Guibert, Arne Mejlholm, Bill Burke, Chamin Kahandawaarachchi, Clement Escoffier, Cristiano Nicolai, Daniel Petisme, David M. Lloyd, Dmitry Telegin, Dusan Odalovic, Emmanuel Bernard, George Gastaldi, Georgios Andrianakis, Guillaume Dufour, Guillaume Smet, Jacob Middag, Jaikiran Pai, Jan Martiska, Jason T. Greene, Ken Finnigan, Loïc Mathieu, Maciej Swiderski, Manyanda Chitimbo, Martin Kouba, Matej Novotny, Max Rydahl Andersen, Michael Musgrove, Paulo Lieuthier, Peter Palaga, Peter Sönder, Radim Vansa, Rostislav Svoboda, Sanne Grinovero, Sergey Beryozkin, Stephane Epardaud, Stuart Douglas, Stéphane Épardaud, Timothy Power and Yoann Rodière.
Come Join Us
We value your feedback a lot so please report bugs, ask for improvements… Let’s build something great together!
If you are a Quarkus user or just curious, don’t be shy and join our welcoming community:
-
provide feedback on GitHub;
-
craft some code and push a PR;
-
discuss with us on Zulip and on the mailing list;
-
ask your questions on Stack Overflow.