Sync documentation of main branch

actions-user · actions-user · commit 087b574ff11c · 2025-08-19T01:59:58.000Z
diff --git a/_generated-doc/main/config/quarkus-all-config.adoc b/_generated-doc/main/config/quarkus-all-config.adoc
@@ -14618,27 +14618,6 @@ endif::add-copy-button-to-env-var[]
 |int
 |
 
-a| [[quarkus-vertx-http_quarkus-http-cors-enabled]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-cors-enabled[`quarkus.http.cors.enabled`]##
-ifdef::add-copy-button-to-config-props[]
-config_property_copy_button:+++quarkus.http.cors.enabled+++[]
-endif::add-copy-button-to-config-props[]
-
-
-[.description]
---
-Enable the CORS filter.
-
-
-ifdef::add-copy-button-to-env-var[]
-Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_CORS_ENABLED+++[]
-endif::add-copy-button-to-env-var[]
-ifndef::add-copy-button-to-env-var[]
-Environment variable: `+++QUARKUS_HTTP_CORS_ENABLED+++`
-endif::add-copy-button-to-env-var[]
---
-|boolean
-|`+++${quarkus.http.cors:false}+++`
-
 a| [[quarkus-vertx-http_quarkus-http-port]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-port[`quarkus.http.port`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.port+++[]
@@ -16683,6 +16662,27 @@ h|[[quarkus-vertx-http_section_quarkus-http-cors]] [.section-name.section-level0
 h|Type
 h|Default
 
+a| [[quarkus-vertx-http_quarkus-http-cors-enabled]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-cors-enabled[`quarkus.http.cors.enabled`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.http.cors.enabled+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+Enable the CORS filter.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_CORS_ENABLED+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_HTTP_CORS_ENABLED+++`
+endif::add-copy-button-to-env-var[]
+--
+|boolean
+|`+++${quarkus.http.cors:false}+++`
+
 a| [[quarkus-vertx-http_quarkus-http-cors-origins]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-cors-origins[`quarkus.http.cors.origins`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.cors.origins+++[]
diff --git a/_generated-doc/main/config/quarkus-vertx-http_quarkus.http.adoc b/_generated-doc/main/config/quarkus-vertx-http_quarkus.http.adoc
@@ -317,27 +317,6 @@ endif::add-copy-button-to-env-var[]
 |int
 |
 
-a| [[quarkus-vertx-http_quarkus-http-cors-enabled]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-cors-enabled[`quarkus.http.cors.enabled`]##
-ifdef::add-copy-button-to-config-props[]
-config_property_copy_button:+++quarkus.http.cors.enabled+++[]
-endif::add-copy-button-to-config-props[]
-
-
-[.description]
---
-Enable the CORS filter.
-
-
-ifdef::add-copy-button-to-env-var[]
-Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_CORS_ENABLED+++[]
-endif::add-copy-button-to-env-var[]
-ifndef::add-copy-button-to-env-var[]
-Environment variable: `+++QUARKUS_HTTP_CORS_ENABLED+++`
-endif::add-copy-button-to-env-var[]
---
-|boolean
-|`+++${quarkus.http.cors:false}+++`
-
 a| [[quarkus-vertx-http_quarkus-http-port]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-port[`quarkus.http.port`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.port+++[]
@@ -2382,6 +2361,27 @@ h|[[quarkus-vertx-http_section_quarkus-http-cors]] [.section-name.section-level0
 h|Type
 h|Default
 
+a| [[quarkus-vertx-http_quarkus-http-cors-enabled]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-cors-enabled[`quarkus.http.cors.enabled`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.http.cors.enabled+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+Enable the CORS filter.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_CORS_ENABLED+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_HTTP_CORS_ENABLED+++`
+endif::add-copy-button-to-env-var[]
+--
+|boolean
+|`+++${quarkus.http.cors:false}+++`
+
 a| [[quarkus-vertx-http_quarkus-http-cors-origins]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-cors-origins[`quarkus.http.cors.origins`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.cors.origins+++[]
diff --git a/_generated-doc/main/config/quarkus-vertx-http_quarkus.http.cors.adoc b/_generated-doc/main/config/quarkus-vertx-http_quarkus.http.cors.adoc
@@ -7,6 +7,27 @@ h|[.header-title]##Configuration property##
 h|Type
 h|Default
 
+a| [[quarkus-vertx-http_quarkus-http-cors_quarkus-http-cors-enabled]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-cors_quarkus-http-cors-enabled[`quarkus.http.cors.enabled`]##
+ifdef::add-copy-button-to-config-props[]
+config_property_copy_button:+++quarkus.http.cors.enabled+++[]
+endif::add-copy-button-to-config-props[]
+
+
+[.description]
+--
+Enable the CORS filter.
+
+
+ifdef::add-copy-button-to-env-var[]
+Environment variable: env_var_with_copy_button:+++QUARKUS_HTTP_CORS_ENABLED+++[]
+endif::add-copy-button-to-env-var[]
+ifndef::add-copy-button-to-env-var[]
+Environment variable: `+++QUARKUS_HTTP_CORS_ENABLED+++`
+endif::add-copy-button-to-env-var[]
+--
+|boolean
+|`+++${quarkus.http.cors:false}+++`
+
 a| [[quarkus-vertx-http_quarkus-http-cors_quarkus-http-cors-origins]] [.property-path]##link:#quarkus-vertx-http_quarkus-http-cors_quarkus-http-cors-origins[`quarkus.http.cors.origins`]##
 ifdef::add-copy-button-to-config-props[]
 config_property_copy_button:+++quarkus.http.cors.origins+++[]
diff --git a/_versions/main/guides/amqp-reference.adoc b/_versions/main/guides/amqp-reference.adoc
@@ -74,7 +74,7 @@ quarkus.messaging.auto-connector-attachment=false
 
 == Configuring the AMQP Broker access
 
-The AMQP connector connects to AMQP 1.0 brokers such as Apache ActiveMQ or Artemis.
+The AMQP connector connects to AMQP 1.0 brokers such as Apache's ActiveMQ Classic or ActiveMQ Artemis.
 To configure the location and credentials of the broker, add the following properties in the `application.properties`:
 
 [source, properties]
@@ -318,17 +318,19 @@ mp.messaging.outgoing.orders.address=my-order-queue
 If the `address` attribute is not set, the connector uses the channel name.
 
 To use an existing queue, you need to configure the `address`, `container-id` and, optionally, the `link-name` attributes.
-For example, if you have an Apache Artemis broker configured with:
+For example, if you have an Apache ActiveMQ Artemis broker configured with:
 
 [source, xml]
 ----
-<queues>
-    <queue name="people">
-        <address>people</address>
-        <durable>true</durable>
-        <user>artemis</user>
-    </queue>
-</queues>
+<addresses>
+    <address name="people">
+        <anycast>
+            <queue name="people">
+                <user>artemis</user>
+            </queue>
+        </anycast>
+    </address>
+</addresses>
 ----
 
 You need the following configuration:
@@ -367,7 +369,7 @@ mp.messaging.incoming.people-out.container-id=bar
 mp.messaging.incoming.people-out.link-name=people
 ----
 
-More details about the AMQP Address model can be found in the https://activemq.apache.org/components/artemis/documentation/2.0.0/address-model.html[Artemis documentation].
+More details about the AMQP Address model can be found in the https://activemq.apache.org/components/artemis/documentation/latest/address-model.html[ActiveMQ Artemis documentation].
 
 [[blocking-processing]]
 === Execution model and Blocking processing
diff --git a/_versions/main/guides/hibernate-orm-panache.adoc b/_versions/main/guides/hibernate-orm-panache.adoc
@@ -978,6 +978,47 @@ PanacheQuery<RaceWeight> query = Person.find("select new MyView(d.race, AVG(d.we
 ----
 ====
 
+If you need to have multiple constructors in your DTO, you must annotate the constructor intended to generate a SELECT clause with @ProjectedConstructor:
+
+[source,java]
+----
+import io.quarkus.runtime.annotations.RegisterForReflection;
+import io.quarkus.hibernate.orm.panache.common.ProjectedConstructor;
+
+@RegisterForReflection
+public class PersonName {
+    public final String name;
+
+    @ProjectedConstructor // <1>
+    public PersonName(String name) {
+        this.name = name;
+    }
+
+    public PersonName(String name, String otherField) {
+        this.name = name;
+    }
+}
+
+// only 'name' will be loaded from the database
+PanacheQuery<PersonName> query = Person.find("status", Status.Alive).project(PersonName.class);
+----
+
+<1> This will use your annotated constructor to create the query. (`select new PersonName(name) from ...`)
+
+[WARNING]
+====
+If a DTO used in a projection has multiple constructors and is not properly annotated, it may lead to *unexpected behavior*.
+
+The constructor resolution process follows this order:
+
+1. Look for a constructor annotated with `@ProjectedConstructor`
+This is the most explicit and preferred way to indicate which constructor should be used.
+2. Look for parameters annotated with `@ProjectedFieldName`
+3. Use the first non-parameterless constructor
+If no annotations are found.
+4. Fallback to the first constructor it finds, this could lead to multiple problems or inconsistencies.
+====
+
 == Multiple Persistence Units
 
 The support for multiple persistence units is described in detail in xref:hibernate-orm.adoc#multiple-persistence-units[the Hibernate ORM guide].
diff --git a/_versions/main/guides/hibernate-reactive-panache.adoc b/_versions/main/guides/hibernate-reactive-panache.adoc
@@ -729,6 +729,47 @@ PanacheQuery<RaceWeight> query = Person.find("select new MyView(d.race, AVG(d.we
 ----
 ====
 
+If you need to have multiple constructors in your DTO, you must annotate the constructor intended to generate a SELECT clause with @ProjectedConstructor:
+
+[source,java]
+----
+import io.quarkus.runtime.annotations.RegisterForReflection;
+import io.quarkus.hibernate.reactive.panache.common.ProjectedConstructor;
+
+@RegisterForReflection
+public class PersonName {
+    public final String name;
+
+    @ProjectedConstructor // <1>
+    public PersonName(String name) {
+        this.name = name;
+    }
+
+    public PersonName(String name, String otherField) {
+        this.name = name;
+    }
+}
+
+// only 'name' will be loaded from the database
+PanacheQuery<PersonName> query = Person.find("status", Status.Alive).project(PersonName.class);
+----
+
+<1> This will use your annotated constructor to create the query. (`select new PersonName(name) from ...`)
+
+[WARNING]
+====
+If a DTO used in a projection has multiple constructors and is not properly annotated, it may lead to *unexpected behavior*.
+
+The constructor resolution process follows this order:
+
+1. Look for a constructor annotated with `@ProjectedConstructor`
+This is the most explicit and preferred way to indicate which constructor should be used.
+2. Look for parameters annotated with `@ProjectedFieldName`
+3. Use the first non-parameterless constructor
+If no annotations are found.
+4. Fallback to the first constructor it finds, this could lead to multiple problems or inconsistencies.
+====
+
 == Multiple Persistence Units
 
 Hibernate Reactive in Quarkus currently does not support multiple persistence units.
diff --git a/_versions/main/guides/kafka-streams.adoc b/_versions/main/guides/kafka-streams.adoc
@@ -631,7 +631,8 @@ public class InteractiveQueries {
     private ReadOnlyKeyValueStore<Integer, Aggregation> getWeatherStationStore() {
         while (true) {
             try {
-                return streams.store(TopologyProducer.WEATHER_STATIONS_STORE, QueryableStoreTypes.keyValueStore());
+                return streams.store(StoreQueryParameters
+                    .fromNameAndType(TopologyProducer.WEATHER_STATIONS_STORE, QueryableStoreTypes.keyValueStore()));
             } catch (InvalidStateStoreException e) {
                 // ignore, store not ready yet
             }
diff --git a/_versions/main/guides/security-authorize-web-endpoints-reference.adoc b/_versions/main/guides/security-authorize-web-endpoints-reference.adoc
@@ -596,6 +596,7 @@ The same authorization can be required with the `@PermissionsAllowed(value = { "
 * xref:security-openid-connect-multitenancy.adoc#programmatic-startup[Programmatic OIDC start-up for multitenant application]
 * xref:security-authentication-mechanisms.adoc#form-based-auth-programmatic-set-up[Set up Form-based authentication programmatically]
 * xref:security-authentication-mechanisms.adoc#mtls-programmatic-set-up[Set up the mutual TLS client authentication programmatically]
+* xref:security-cors.adoc#cors-filter-programmatic-set-up[Configuring the CORS filter programmatically]
 
 [[standard-security-annotations]]
 == Authorization using annotations
diff --git a/_versions/main/guides/security-cors.adoc b/_versions/main/guides/security-cors.adoc
@@ -91,6 +91,45 @@ Allowing unrestricted origins in production environments poses severe security r
 For production, define explicit origins in the `quarkus.http.cors.origins` property.
 ====
 
+[[cors-filter-programmatic-set-up]]
+== Configuring the CORS filter programmatically
+
+To enforce CORS policies in your application, enable the Quarkus CORS filter with the `io.quarkus.vertx.http.security.HttpSecurity` CDI event:
+
+[source,java]
+----
+package org.acme.http.security;
+
+import io.quarkus.vertx.http.security.HttpSecurity;
+import jakarta.enterprise.event.Observes;
+
+public class CorsProgrammaticConfig {
+    void configure(@Observes HttpSecurity httpSecurity) {
+        httpSecurity.cors("https://example.com");
+    }
+}
+----
+
+The `io.quarkus.vertx.http.security.CORS` builder allows you to create a complete CORS configuration:
+
+[source,java]
+----
+package org.acme.http.security;
+
+import io.quarkus.vertx.http.security.CORS;
+import io.quarkus.vertx.http.security.HttpSecurity;
+import jakarta.enterprise.event.Observes;
+
+public class CorsProgrammaticConfig {
+    void configure(@Observes HttpSecurity httpSecurity) {
+        httpSecurity.cors(CORS.builder()
+                .origin("https://example.com")
+                .method("POST")
+                .build());
+    }
+}
+----
+
 == References
 
 * xref:security-overview.adoc[Quarkus Security overview]
diff --git a/_versions/main/guides/security-getting-started-tutorial.adoc b/_versions/main/guides/security-getting-started-tutorial.adoc
@@ -293,11 +293,27 @@ The `quarkus-security-jpa` extension only initializes if a single entity is anno
 By default, it uses bcrypt-hashed passwords.
 You can configure it to use plain text or custom passwords.
 <4> Indicates the comma-separated list of roles added to the target principal representation attributes.
-<5> Allows us to add users while hashing passwords with the proper bcrypt hash.
+<5> Provides a helper method to add users with properly hashed passwords. The `BcryptUtil.bcryptHash()` method:
+* Automatically generates a random salt for each password.
+* Hashes the password using bcrypt with 10 iterations (default).
+* Returns the hash in Modular Crypt Format (MCF), which includes the algorithm identifier, cost parameter, salt, and hash.
+
+[TIP]
+====
+**Password hashing best practices:**
+
+* Always pass plain text passwords to `BcryptUtil.bcryptHash()` - never pre-hash them.
+* The bcrypt hash includes the salt, so no separate salt storage is needed.
+* To verify passwords during authentication, the framework automatically uses `BcryptUtil.matches(plainPassword, hashedPassword)`.
+* For custom iterations: `BcryptUtil.bcryptHash(password, iterationCount)` where higher iterations (12-14) provide more security but slower performance.
+====
+
+- For more information about configuring passwords and roles, see xref:configure-the-application[Configure the application]. 
+- For more information on hashing passwords and available options, see xref:security-jpa.adoc#password-storage-and-hashing[Password storage and hashing].
 
 [NOTE]
 ====
-Don’t forget to set up the Panache and PostgreSQL JDBC driver, please see xref:hibernate-orm-panache.adoc#setting-up-and-configuring-hibernate-orm-with-panache[Setting up and configuring Hibernate ORM with Panache] for more information.
+Remember to set up the Panache and PostgreSQL JDBC driver. For more information, see xref:hibernate-orm-panache.adoc#setting-up-and-configuring-hibernate-orm-with-panache[Setting up and configuring Hibernate ORM with Panache].
 ====
 ifndef::no-quarkus-security-jpa-reactive[]
 [NOTE]
@@ -307,6 +323,7 @@ For more information, see  link:{quickstarts-tree-url}/security-jpa-reactive-qui
 ====
 endif::no-quarkus-security-jpa-reactive[]
 
+[id="configure-the-application"]
 == Configure the application
 
 . Enable the built-in Quarkus xref:security-basic-authentication.adoc[Basic authentication] mechanism by setting the `quarkus.http.auth.basic` property to `true`:
diff --git a/_versions/main/guides/security-jpa.adoc b/_versions/main/guides/security-jpa.adoc
@@ -126,6 +126,7 @@ public class Role extends PanacheEntity {
 This example demonstrates storing and accessing roles. To update an existing user or create a new one, annotate `public List<Role> roles` with `@Cascade(CascadeType.ALL)` or choose a specific `CascadeType`.
 ====
 
+[id="password-storage-and-hashing"]
 == Password storage and hashing
 
 When developing applications with Quarkus, you can decide how to manage password storage and hashing. You can keep the default password and hashing settings of Quarkus, or you can hash passwords manually.
