Conditionalize content in upstream Quarkus repository for the 3.8.nex…

…t product release quarkusio#39954

docs/src/main/asciidoc/datasource.adoc

@@ -101,7 +101,9 @@ For more information about pool size adjustment properties, see the <<jdbc-confi
 
 . Add the correct reactive extension for the database of your choice.
 
+ifndef::quarkus-reactive-db2-client[]
 * `quarkus-reactive-db2-client`
+endif::quarkus-reactive-db2-client[]
 * `quarkus-reactive-mssql-client`
 * `quarkus-reactive-mysql-client`
 * `quarkus-reactive-oracle-client`
@@ -300,7 +302,9 @@ Quarkus offers several reactive clients for use with a reactive datasource.
 
 . Add the corresponding extension to your application:
 +
+ifndef::quarkus-reactive-db2-client[]
 * DB2: `quarkus-reactive-db2-client`
+endif::quarkus-reactive-db2-client[]
 * MariaDB/MySQL: `quarkus-reactive-mysql-client`
 * Microsoft SQL Server: `quarkus-reactive-mssql-client`
 * Oracle: `quarkus-reactive-oracle-client`
@@ -592,6 +596,7 @@ However, the Quarkus Derby extension allows native compilation of the Derby JDBC
 * Embedding H2 within your native image is not recommended.
 Consider using an alternative approach, for example, using a remote connection to a separate database instead.
 
+ifndef::deprecated-test-resource[]
 ==== Run an integration test
 
 . Add a dependency on the artifacts providing the additional tools that are under the following Maven coordinates:
@@ -628,6 +633,7 @@ public class TestResources {
 quarkus.datasource.db-kind=h2
 quarkus.datasource.jdbc.url=jdbc:h2:tcp://localhost/mem:test
 ----
+endif::deprecated-test-resource[]
 
 [[datasource-reference]]
 == References
@@ -820,9 +826,11 @@ a|* JDBC: `org.postgresql.Driver`
 |`reactive-pg-client`
 |`io.vertx.pgclient.spi.PgDriver`
 
+ifndef::quarkus-reactive-db2-client[]
 |`db2`
 |`reactive-db2-client`
 |`io.vertx.db2client.spi.DB2Driver`
+endif::quarkus-reactive-db2-client[]
 |===
 
 [TIP]
@@ -836,9 +844,11 @@ This automatic resolution is applicable in most cases so that driver configurati
 
 include::{generated-dir}/config/quarkus-reactive-datasource.adoc[opts=optional, leveloffset=+1]
 
+ifndef::quarkus-reactive-db2-client[]
 ==== Reactive DB2 configuration
 
 include::{generated-dir}/config/quarkus-reactive-db2-client.adoc[opts=optional, leveloffset=+1]
+endif::quarkus-reactive-db2-client[]
 
 ==== Reactive MariaDB/MySQL specific configuration
 

docs/src/main/asciidoc/security-authentication-mechanisms.adoc

@@ -35,7 +35,10 @@ The following table maps specific authentication requirements to a supported mec
 
 |Username and password |xref:security-basic-authentication.adoc[Basic], <<form-auth>>
 
-|Bearer access token |xref:security-oidc-bearer-token-authentication.adoc[OIDC Bearer token authentication], xref:security-jwt.adoc[JWT], xref:security-oauth2.adoc[OAuth2]
+|Bearer access token |xref:security-oidc-bearer-token-authentication.adoc[OIDC Bearer token authentication], xref:security-jwt.adoc[JWT]
+ifndef::quarkus-elytron-security-oauth2[]
+, xref:security-oauth2.adoc[OAuth2]
+endif::quarkus-elytron-security-oauth2[]
 
 |Single sign-on (SSO) |xref:security-oidc-code-flow-authentication.adoc[OIDC Code Flow], <<form-auth>>
 
@@ -96,7 +99,7 @@ quarkus.http.auth.form.error-page=
 # Define testing user
 quarkus.security.users.embedded.enabled=true
 quarkus.security.users.embedded.plain-text=true
-quarkus.security.users.embedded.users.alice=alice 
+quarkus.security.users.embedded.users.alice=alice
 quarkus.security.users.embedded.roles.alice=user
 ----
 
@@ -315,7 +318,9 @@ Quarkus Security also supports the following authentication mechanisms through e
 * <<webauthn-authentication>>
 * <<openid-connect-authentication>>
 * <<smallrye-jwt-authentication>>
+ifndef::quarkus-elytron-security-oauth2[]
 * <<oauth2-authentication>>
+endif::quarkus-elytron-security-oauth2[]
 
 [[webauthn-authentication]]
 === WebAuthn authentication
@@ -357,7 +362,9 @@ For more information about OIDC authentication and authorization methods that yo
 |Multiple tenants that can support the Bearer token authentication or Authorization Code Flow mechanisms|xref:security-openid-connect-multitenancy.adoc[Using OpenID Connect (OIDC) multi-tenancy]
 |Securing Quarkus with commonly used OpenID Connect providers|xref:security-openid-connect-providers.adoc[Configuring well-known OpenID Connect providers]
 |Using Keycloak to centralize authorization |xref:security-keycloak-authorization.adoc[Using OpenID Connect (OIDC) and Keycloak to centralize authorization]
+ifndef::quarkus-keycloak-admin-client[]
 |Configuring Keycloak programmatically |xref:security-keycloak-admin-client.adoc[Using the Keycloak admin client]
+endif::quarkus-keycloak-admin-client[]
 |====
 
 [NOTE]
@@ -404,13 +411,15 @@ It represents them as `org.eclipse.microprofile.jwt.JsonWebToken`.
 
 For more information, see the xref:security-jwt.adoc[Using JWT RBAC] guide.
 
+ifndef::quarkus-elytron-security-oauth2[]
 [[oauth2-authentication]]
 === OAuth2 authentication
 
 `quarkus-elytron-security-oauth2` provides an alternative to the Quarkus `quarkus-oidc` Bearer token authentication mechanism extension.
 `quarkus-elytron-security-oauth2` is based on `Elytron` and is primarily intended for introspecting opaque tokens remotely.
 
 For more information, see the Quarkus xref:security-oauth2.adoc[Using OAuth2] guide.
+endif::quarkus-elytron-security-oauth2[]
 
 [[oidc-jwt-oauth2-comparison]]
 == Choosing between OpenID Connect, SmallRye JWT, and OAuth2 authentication mechanisms
@@ -425,13 +434,20 @@ In both cases, `quarkus-oidc` requires a connection to the specified OpenID Conn
 * If the user authentication requires Authorization Code flow, or you need to support multiple tenants, use `quarkus-oidc`.
 `quarkus-oidc` can also request user information by using both Authorization Code Flow and Bearer access tokens.
 
-* If your bearer tokens must be verified, use `quarkus-oidc`, `quarkus-smallrye-jwt`, or `quarkus-elytron-security-oauth2`.
+ifndef::quarkus-elytron-security-oauth2[]
+* If your bearer tokens must be verified, use `quarkus-oidc`, `quarkus-elytron-security-oauth2`, or `quarkus-smallrye-jwt`.
+endif::quarkus-elytron-security-oauth2[]
+ifdef::quarkus-elytron-security-oauth2[]
+* If your bearer tokens must be verified, use `quarkus-oidc` or `quarkus-smallrye-jwt`.
+endif::quarkus-elytron-security-oauth2[]
 
 * If your bearer tokens are in a JSON web token (JWT) format, you can use any extensions in the preceding list.
 Both `quarkus-oidc` and `quarkus-smallrye-jwt` support refreshing the `JsonWebKey` (JWK) set when the OpenID Connect provider rotates the keys.
 Therefore, if remote token introspection must be avoided or is unsupported by the providers, use `quarkus-oidc` or `quarkus-smallrye-jwt` to verify JWT tokens.
 
-* To introspect the JWT tokens remotely, you can use either `quarkus-oidc` or `quarkus-elytron-security-oauth2` because they support verifying the opaque or binary tokens by using remote introspection.
+* To introspect the JWT tokens remotely, you can use `quarkus-oidc`
+ifndef::quarkus-elytron-security-oauth2[or `quarkus-elytron-security-oauth2`]
+for verifying the opaque or binary tokens by using remote introspection.
 `quarkus-smallrye-jwt` does not support the remote introspection of both opaque or JWT tokens but instead relies on the locally available keys that are usually retrieved from the OpenID Connect provider.
 
 * `quarkus-oidc` and `quarkus-smallrye-jwt` support the JWT and opaque token injection into the endpoint code.
@@ -442,9 +458,10 @@ All extensions can have the tokens injected as `Principal`.
 `quarkus-oidc` uses only the JWK-formatted keys that are part of a JWK set, whereas `quarkus-smallrye-jwt` supports PEM keys.
 
 * `quarkus-smallrye-jwt` handles locally signed, inner-signed-and-encrypted, and encrypted tokens.
-In contrast, although `quarkus-oidc` and `quarkus-elytron-security-oauth2` can also verify such tokens, they treat them as opaque tokens and verify them through remote introspection.
+ifndef::quarkus-elytron-security-oauth2[In contrast, although `quarkus-oidc` and `quarkus-elytron-security-oauth2` can also verify such tokens, they treat them as opaque tokens and verify them through remote introspection.]
+ifdef::quarkus-elytron-security-oauth2[In contrast, although `quarkus-oidc` can also verify such tokens, it treats them as opaque tokens and verifies them through remote introspection.]
 
-* If you need a lightweight library for the remote introspection of opaque or JWT tokens, use `quarkus-elytron-security-oauth2`.
+ifndef::quarkus-elytron-security-oauth2[* If you need a lightweight library for the remote introspection of opaque or JWT tokens, use `quarkus-elytron-security-oauth2`.]
 
 [NOTE]
 ====
@@ -459,29 +476,82 @@ Nonetheless, the providers effectively delegate most of the token-associated sta
 [[table]]
 .Token authentication mechanism comparison
 |===
-^|Feature required 3+^| Authentication mechanism
-
-^| ^s|`quarkus-oidc` ^s|`quarkus-smallrye-jwt` ^s| `quarkus-elytron-security-oauth2`
-
-s|Bearer JWT verification ^|Local verification or introspection  ^|Local verification  ^|Introspection
-
-s|Bearer opaque token verification ^|Introspection   ^|No  ^|Introspection
-s|Refreshing `JsonWebKey` set to verify JWT tokens  ^|Yes   ^|Yes  ^|No
-s|Represent token as `Principal`  ^|Yes   ^|Yes  ^|Yes
-s|Inject JWT as MP JWT  ^|Yes   ^|Yes  ^|No
-
-s|Authorization code flow  ^| Yes  ^|No  ^|No
-s|Multi-tenancy ^| Yes  ^|No  ^|No
-s|User information support  ^| Yes  ^|No  ^|No
-s|PEM key format support  ^|No   ^|Yes  ^|No
-
-s|SecretKey support ^|No ^|In JSON Web Key (JWK) format ^|No
-s|Inner-signed and encrypted or encrypted tokens ^|Introspection ^|Local verification ^|Introspection
-s|Custom token verification ^|No ^|With injected JWT parser ^|No
-s|JWT as a cookie support ^|No ^|Yes ^|Yes
+// Display four columns
+ifndef::quarkus-elytron-security-oauth2[ ^|Feature required 3+^| Authentication mechanism]
+// Display three columns and hide the quarkus-elytron-security-oauth2 column.
+ifdef::quarkus-elytron-security-oauth2[ ^|Feature required 2+^| Authentication mechanism]
+
+^|
+^s|`quarkus-oidc`
+^s|`quarkus-smallrye-jwt`
+ifndef::quarkus-elytron-security-oauth2[ ^s|`quarkus-elytron-security-oauth2`]
+
+s|Bearer JWT verification
+^|Local verification or introspection
+^|Local verification
+ifndef::quarkus-elytron-security-oauth2[ ^|Introspection]
+
+s|Bearer opaque token verification
+^|Introspection
+^|No
+ifndef::quarkus-elytron-security-oauth2[ ^|Introspection]
+
+s|Refreshing `JsonWebKey` set to verify JWT tokens
+^|Yes
+^|Yes
+ifndef::quarkus-elytron-security-oauth2[ ^|No]
+
+s|Represent token as `Principal`
+^|Yes
+^|Yes
+ifndef::quarkus-elytron-security-oauth2[ ^|Yes]
+
+s|Inject JWT as MP JWT
+^|Yes
+^|Yes
+ifndef::quarkus-elytron-security-oauth2[ ^|No]
+
+s|Authorization code flow
+^| Yes
+^|No
+ifndef::quarkus-elytron-security-oauth2[ ^|No]
+
+s|Multi-tenancy
+^| Yes
+^|No
+ifndef::quarkus-elytron-security-oauth2[ ^|No]
+
+s|User information support
+^| Yes
+^|No
+ifndef::quarkus-elytron-security-oauth2[ ^|No]
+
+s|PEM key format support
+^|No
+^|Yes
+ifndef::quarkus-elytron-security-oauth2[ ^|No]
+
+s|SecretKey support
+^|No
+^|In JSON Web Key (JWK) format
+ifndef::quarkus-elytron-security-oauth2[ ^|No]
+
+s|Inner-signed and encrypted or encrypted tokens
+^|Introspection
+^|Local verification
+ifndef::quarkus-elytron-security-oauth2[ ^|Introspection]
+
+s|Custom token verification
+^|No
+^|With injected JWT parser
+ifndef::quarkus-elytron-security-oauth2[ ^|No]
+
+s|JWT as a cookie support
+^|No
+^|Yes
+ifndef::quarkus-elytron-security-oauth2[ ^|Yes]
 |===
 
-
 == Combining authentication mechanisms
 
 If different sources provide the user credentials, you can combine authentication mechanisms.

docs/src/main/asciidoc/security-basic-authentication-howto.adoc

@@ -18,7 +18,12 @@ Enable xref:security-basic-authentication.adoc[Basic authentication] for your Qu
 * You have installed at least one extension that provides an `IdentityProvider` based on username and password.
 For example:
 
-** xref:security-jpa.adoc[Quarkus Security Jakarta Persistence extensions (`security-jpa` or `security-jpa-reactive`)]
+ifndef::quarkus-security-jpa-reactive[]
+** xref:security-jpa.adoc[Quarkus Security Jakarta Persistence extensions (`quarkus-security-jpa` or `quarkus-security-jpa-reactive`)]
+endif::quarkus-security-jpa-reactive[]
+ifdef::quarkus-security-jpa-reactive[]
+** xref:security-jpa.adoc[Quarkus Security Jakarta Persistence extension (`quarkus-security-jpa`)]
+endif::quarkus-security-jpa-reactive[]
 ** xref:security-properties.adoc[Elytron security properties file extension `(quarkus-elytron-security-properties-file)`]
 ** xref:security-jdbc.adoc[Elytron security JDBC extension `(quarkus-elytron-security-jdbc)`]
 

docs/src/main/asciidoc/security-getting-started-tutorial.adoc

@@ -54,12 +54,20 @@ You can find the solution in the `security-jpa-quickstart` link:{quickstarts-tre
 
 == Create and verify the Maven project
 
-For Quarkus Security to be able to map your security source to Jakarta Persistence entities, ensure that the Maven project in this tutorial includes the `security-jpa` or `security-jpa-reactive` extension.
+ifndef::quarkus-security-jpa-reactive[]
+For Quarkus Security to be able to map your security source to Jakarta Persistence entities, ensure that the Maven project in this tutorial includes the `quarkus-security-jpa` or `quarkus-security-jpa-reactive` extension.
+endif::quarkus-security-jpa-reactive[]
+ifdef::quarkus-security-jpa-reactive[]
+For Quarkus Security to be able to map your security source to Jakarta Persistence entities, ensure that the Maven project in this tutorial includes the `quarkus-security-jpa` extension.
+endif::quarkus-security-jpa-reactive[]
 
 [NOTE]
 ====
-xref:hibernate-orm-panache.adoc[Hibernate ORM with Panache] is used to store your user identities, but you can also use xref:hibernate-orm.adoc[Hibernate ORM] with the `security-jpa` extension.
-Both xref:hibernate-reactive.adoc[Hibernate Reactive] and xref:hibernate-reactive-panache.adoc[Hibernate Reactive with Panache] can be used with the `security-jpa-reactive` extension.
+xref:hibernate-orm-panache.adoc[Hibernate ORM with Panache] is used to store your user identities, but you can also use xref:hibernate-orm.adoc[Hibernate ORM] with the `quarkus-security-jpa` extension.
+
+ifndef::quarkus-security-jpa-reactive[]
+Both xref:hibernate-reactive.adoc[Hibernate Reactive] and xref:hibernate-reactive-panache.adoc[Hibernate Reactive with Panache] can be used with the `quarkus-security-jpa-reactive` extension.
+endif::quarkus-security-jpa-reactive[]
 
 You must also add your preferred database connector library.
 The instructions in this example tutorial use a PostgreSQL database for the identity store.
@@ -86,18 +94,20 @@ include::{includes}/devtools/create-app.adoc[]
 :add-extension-extensions: security-jpa
 include::{includes}/devtools/extension-add.adoc[]
 ====
+ifndef::quarkus-security-jpa-reactive[]
 ** To add the Security Jakarta Persistence extension to an existing Maven project with Hibernate Reactive, run the following command from your project base directory:
 +
 ====
 :add-extension-extensions: security-jpa-reactive
 include::{includes}/devtools/extension-add.adoc[]
 ====
+endif::quarkus-security-jpa-reactive[]
 
 === Verify the quarkus-security-jpa dependency
 
-After you have run either of the preceding commands to create the Maven project, verify that the `security-jpa` dependency was added to your project build XML file.
+After you have run either of the preceding commands to create the Maven project, verify that the `quarkus-security-jpa` dependency was added to your project build XML file.
 
-* To verify the `security-jpa` extension, check for the following configuration:
+* To verify the `quarkus-security-jpa` extension, check for the following configuration:
 +
 ====
 [source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
@@ -115,7 +125,8 @@ After you have run either of the preceding commands to create the Maven project,
 implementation("io.quarkus:quarkus-security-jpa")
 ----
 ====
-* To verify the `security-jpa-reactive` extension, check for the following configuration:
+ifndef::quarkus-security-jpa-reactive[]
+* To verify the `quarkus-security-jpa-reactive` extension, check for the following configuration:
 +
 ====
 [source,xml,role="primary asciidoc-tabs-target-sync-cli asciidoc-tabs-target-sync-maven"]
@@ -133,6 +144,7 @@ implementation("io.quarkus:quarkus-security-jpa")
 implementation("io.quarkus:quarkus-security-jpa-reactive")
 ----
 ====
+endif::quarkus-security-jpa-reactive[]
 
 == Write the application
 
@@ -266,7 +278,7 @@ public class User extends PanacheEntity {
 
 ----
 
-The `security-jpa` extension only initializes if a single entity is annotated with `@UserDefinition`.
+The `quarkus-security-jpa` extension only initializes if a single entity is annotated with `@UserDefinition`.
 
 <1> The `@UserDefinition` annotation must be present on a single entity, either a regular Hibernate ORM entity or a Hibernate ORM with Panache entity.
 <2> Indicates the field used for the username.
@@ -280,12 +292,13 @@ You can configure it to use plain text or custom passwords.
 ====
 Don’t forget to set up the Panache and PostgreSQL JDBC driver, please see xref:hibernate-orm-panache.adoc#setting-up-and-configuring-hibernate-orm-with-panache[Setting up and configuring Hibernate ORM with Panache] for more information.
 ====
-
+ifndef::quarkus-security-jpa-reactive[]
 [NOTE]
 ====
 Hibernate Reactive Panache uses `io.quarkus.hibernate.reactive.panache.PanacheEntity` instead of `io.quarkus.hibernate.orm.panache.PanacheEntity`.
 For more information, see  link:{quickstarts-tree-url}/security-jpa-reactive-quickstart/src/main/java/org/acme/elytron/security/jpa/reactive/User.java[User file].
 ====
+endif::quarkus-security-jpa-reactive[]
 
 == Configure the application
 
@@ -299,7 +312,7 @@ When secure access is required, and no other authentication mechanisms are enabl
 Therefore, in this tutorial, you do not need to set the property `quarkus.http.auth.basic` to `true`.
 ====
 +
-. Configure at least one data source in the `application.properties` file so the `security-jpa` extension can access your database.
+. Configure at least one data source in the `application.properties` file so the `quarkus-security-jpa` extension can access your database.
 For example:
 +
 ====
@@ -318,9 +331,10 @@ quarkus.hibernate-orm.database.generation=drop-and-create
 +
 . To initialize the database with users and roles, implement the `Startup` class, as outlined in the following code snippet:
 
+ifndef::quarkus-security-jpa-reactive[]
 [NOTE]
 ====
-* The URLs of Reactive datasources that are used by the `security-jpa-reactive` extension are set with the `quarkus.datasource.reactive.url`
+* The URLs of Reactive datasources that are used by the `quarkus-security-jpa-reactive` extension are set with the `quarkus.datasource.reactive.url`
 configuration property and not the `quarkus.datasource.jdbc.url` configuration property typically used by JDBC datasources.
 +
 [source,properties]
@@ -333,6 +347,7 @@ link:https://hibernate.org/orm/[Hibernate ORM] automatically creates the databas
 This approach is suitable for development but is not recommended for production.
 Therefore, adjustments are needed in a production environment.
 ====
+endif::quarkus-security-jpa-reactive[]
 
 [source,java]
 ----
@@ -362,7 +377,7 @@ The preceding example demonstrates how the application can be protected and iden
 [IMPORTANT]
 ====
 In a production environment, do not store plain text passwords.
-As a result, the `security-jpa` defaults to using bcrypt-hashed passwords.
+As a result, the `quarkus-security-jpa` defaults to using bcrypt-hashed passwords.
 ====
 
 == Test your application by using Dev Services for PostgreSQL