Skip to content

Commit

Permalink
3.16.0 release notes
Browse files Browse the repository at this point in the history
  • Loading branch information
ppalaga committed Oct 24, 2024
1 parent 1144116 commit 609ba2c
Show file tree
Hide file tree
Showing 4 changed files with 82 additions and 32 deletions.
2 changes: 1 addition & 1 deletion docs/antora.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ asciidoc:

# Versions
quarkus-version: 3.16.0 # replace ${quarkus.version}
quarkus-cxf-version: 3.15.1 # replace ${release.current-version}
quarkus-cxf-version: 3.16.0 # replace ${release.current-version}

# Toggle whether some page elements are rendered
doc-show-badges: true # Whether JVM / Native badges are rendered
Expand Down
1 change: 1 addition & 0 deletions docs/modules/ROOT/nav.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@
** xref:security-guide/ws-securitypolicy-auth.adoc[WS-SecurityPolicy Authentication]
* xref:release-notes/index.adoc[Release notes]
ifeval::[{doc-is-main} == true]
** xref:release-notes/3.16.0.adoc[3.16.0]
** xref:release-notes/3.15.2.adoc[3.15.2 LTS]
** xref:release-notes/3.15.1.adoc[3.15.1 LTS]
** xref:release-notes/3.15.0.adoc[3.15.0 LTS]
Expand Down
109 changes: 78 additions & 31 deletions docs/modules/ROOT/pages/release-notes/3.16.0.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,40 +6,11 @@

== New and noteworthy in {quarkus-cxf-project-name}

=== Vert.x HttpClient based HTTP Conduit is the new default

The `VertxHttpClientHTTPConduitFactory` was xref:release-notes/3.13.0.adoc#_vert_x_httpclient_based_http_conduit[introduced] in {quarkus-cxf-project-name} 3.13.0.
Since then, it went through some improvements and testing
so that we are confident to make it the default for the xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-client-client-name-http-conduit-factory[quarkus.cxf.client."client-name".http-conduit-factory] and
xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-http-conduit-factory[quarkus.cxf.http-conduit-factory] options.
Before this change, the effective default was `URLConnectionHTTPConduitFactory`.

The main motivations for this change are as follows:

* Support for HTTP/2
* Seamless integration with Quarkus, especially in the areas of worker thread poolling and SSL/TLS configuration.

==== Force the old default

There are three options how you can get back to the old default:

* Set the `QUARKUS_CXF_DEFAULT_HTTP_CONDUIT_FACTORY` environment variable to `URLConnectionHTTPConduitFactory`
* Set the global xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-http-conduit-factory[quarkus.cxf.http-conduit-factory] option to `URLConnectionHTTPConduitFactory`
* Set the per client xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-client-client-name-http-conduit-factory[quarkus.cxf.client."client-name".http-conduit-factory] option to `URLConnectionHTTPConduitFactory`

==== Hostname verifiers not supported in combination with `VertxHttpClientHTTPConduitFactory`

Setting `xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-client-client-name-hostname-verifier[quarkus.cxf.client."client-name".hostname-verifier]` together with `VertxHttpClientHTTPConduitFactory` leads to an exception at runtime.

The `AllowAllHostnameVerifier` value of that option can be replaced by using a
xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-client-client-name-tls-configuration-name[named TLS configuration]
with `{link-quarkus-docs-base}/tls-registry-reference#trusting-all-certificates-and-hostname-verification[hostname-verification-algorithm]`
set to `NONE`.

=== https://github.com/quarkiverse/quarkus-cxf/issues/1486[#1486] TLS Registry support

{link-quarkus-docs-base}/tls-registry-reference[Quarkus TLS registry] is an extension provided by Quarkus that centralizes the TLS configuration,
making it easier to manage and maintain secure connections across your application.

`io.quarkus:quarkus-tls-registry` is a transitive dependency of `io.quarkiverse.cxf:quarkus-cxf` since {quarkus-cxf-project-name} 3.16.0,
so you do not have to add it manually.

Expand Down Expand Up @@ -77,12 +48,88 @@ quarkus.cxf.client.hello.trust-store = client-truststore.pkcs12
quarkus.cxf.client.hello.trust-store-password = client-truststore-password
----


=== Vert.x HttpClient based HTTP Conduit is the new default

Vert.x HttpClient based HTTP Conduit was xref:release-notes/3.13.0.adoc#_vert_x_httpclient_based_http_conduit[introduced] in {quarkus-cxf-project-name} 3.13.0.
Its usage was optional through setting the `VertxHttpClientHTTPConduitFactory` on either of the options
`xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-client-client-name-http-conduit-factory[quarkus.cxf.client."client-name".http-conduit-factory]` or
`xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-http-conduit-factory[quarkus.cxf.http-conduit-factory]`:

.application.properties
[source,properties]
----
# Before Quarkus CXF 3.16.0, VertxHttpClientHTTPConduitFactory had to be set explicitly
# Set the HTTPConduitFactory per-client
quarkus.cxf.client."client-name".http-conduit-factory = VertxHttpClientHTTPConduitFactory
# Set the HTTPConduitFactory globally
quarkus.cxf.http-conduit-factory = VertxHttpClientHTTPConduitFactory
----

Since then, it went through some improvements and testing so that we are confident to make it default.

The main motivations for using Vert.x HttpClient based HTTP Conduit as a default are as follows:

* Support for HTTP/2
* Seamless integration with Quarkus, especially in the areas of worker thread poolling and SSL/TLS configuration.


==== Force the old default

Before this change, the effective default was `URLConnectionHTTPConduitFactory`.
It is still supported and tested regularly.

There are three options how you can get back to the old default:

* Set the `QUARKUS_CXF_DEFAULT_HTTP_CONDUIT_FACTORY` environment variable to `URLConnectionHTTPConduitFactory`
* Set the global xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-http-conduit-factory[quarkus.cxf.http-conduit-factory] option to `URLConnectionHTTPConduitFactory`
* Set the per client xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-client-client-name-http-conduit-factory[quarkus.cxf.client."client-name".http-conduit-factory] option to `URLConnectionHTTPConduitFactory`

==== Hostname verifiers not supported in combination with `VertxHttpClientHTTPConduitFactory`

Since {quarkus-cxf-project-name} 3.16.0, setting
`xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-client-client-name-hostname-verifier[quarkus.cxf.client."client-name".hostname-verifier]`
together with using the default `VertxHttpClientHTTPConduitFactory` leads to an exception at runtime.

The `AllowAllHostnameVerifier` value of that option can be replaced by using a
xref:reference/extensions/quarkus-cxf.adoc#quarkus-cxf_quarkus-cxf-client-client-name-tls-configuration-name[named TLS configuration]
with `{link-quarkus-docs-base}/tls-registry-reference#trusting-all-certificates-and-hostname-verification[hostname-verification-algorithm]`
set to `NONE`.

Here is an example: if your configuration before {quarkus-cxf-project-name} 3.16.0 was as follows

.application.properties
[source,properties]
----
# A configuration that worked before Quarkus CXF 3.16.0
quarkus.cxf.client.helloAllowAll.client-endpoint-url = https://localhost:8444/services/hello
quarkus.cxf.client.helloAllowAll.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
quarkus.cxf.client.helloAllowAll.trust-store = client-truststore.pkcs12
quarkus.cxf.client.helloAllowAll.trust-store-password = secret
quarkus.cxf.client.helloAllowAll.hostname-verifier = AllowAllHostnameVerifier
----

then an equivalent configuration for Quarkus CXF 3.16.0+ is

.application.properties
[source,properties]
----
# An equivalent configuration for Quarkus CXF 3.16.0+
quarkus.tls.helloAllowAll.trust-store.p12.path = client-truststore.pkcs12
quarkus.tls.helloAllowAll.trust-store.p12.password = secret
quarkus.tls.helloAllowAll.hostname-verification-algorithm = NONE
quarkus.cxf.client.helloAllowAll.client-endpoint-url = https://localhost:8444/services/hello
quarkus.cxf.client.helloAllowAll.service-interface = io.quarkiverse.cxf.it.security.policy.HelloService
quarkus.cxf.client.helloAllowAll.tls-configuration-name = helloAllowAll
----


=== Documentation improvements

* The following security related pages were consolidated into a new xref:security-guide/index.adoc[Security guide]:
** xref:user-guide/ssl.adoc[SSL, TLS and HTTPS] - updated with the information about using TLS registry
** xref:user-guide/auth.adoc[Authentication and authorization]
** xref:security-guide/ws-securitypolicy-auth.adoc[Authentication enforced by WS-SecurityPolicy] - newly added page
** xref:security-guide/ws-securitypolicy-auth.adoc[Authentication enforced by WS-SecurityPolicy] - new

== Full changelog

Expand Down
2 changes: 2 additions & 0 deletions docs/modules/ROOT/pages/release-notes/index.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ Those are typically released on Wednesday following the {quarkus-cxf-project-nam
|===
| Quarkus CXF | Release date | Quarkus Platform | CXF

| xref:release-notes/3.16.0.adoc[3.16.0] | 2024-10-24 | 3.16.0 | 4.0.5

| xref:release-notes/3.15.2.adoc[3.15.2 LTS] | 2024-10-03 | 3.15.? | 4.0.5
| xref:release-notes/3.15.1.adoc[3.15.1 LTS] | 2024-09-23 | 3.15.0 | 4.0.5
| xref:release-notes/3.15.0.adoc[3.15.0 LTS] | 2024-09-19 | | 4.0.5
Expand Down

0 comments on commit 609ba2c

Please sign in to comment.