Blog

All postsreleasesguidesnewssecurity

What's new in Vert.x 4.1

Vert.x 4.1 comes with plenty of new exciting features.

Here is an overview of the most important features supported in Vert.x 4.1.

Reactive Microsoft SQL Server Client

The Reactive Microsoft SQL Server Client joins the database clients family!

In this first release, several common data types are supported, as well as prepared statements and transactions.

Vert.x HTTP Proxy

It is very easy to write an HTTP proxy with Vert.x, yet there are a lot of things that proxies must do.

Vert.x HTTP Proxy is a new component of the stack that aims to make it easy to write proxies.

You can create a proxy as follows:

proxyServer.requestHandler(
       HttpProxy.reverseProxy(vertx.createHttpClient())
       .origin(7070, "localhost"))
   .listen(8080);

The proxy can also dynamically resolve the origin (i.e the proxied server):

HttpProxy proxy = HttpProxy.reverseProxy(proxyClient).originSelector(
  address -> resolveOrigin(address)
);

Vert.x Web Proxy integrates the proxy with Vert.x Web.

This component is in tech preview and will receive more features over time.

RxJava 3

Vert.x has been supporting RxJava for many years, the RxJava 3 support has landed in 4.1

The rxified API works like previous versions, however regular methods are exposed with RxJava types instead of callbacks since Vert.x 4 async model is based on futures.

server.requestHandler(req -> {
  HttpServerResponse resp = req.respone();
  resp.setChunked(true);
 
  // No need to subscribe to the completable
  Completable c1 = resp.write("1");
 
  // Write result is cached, this will send
  // 1
  c1.subscribe();
  c1.subscribe();
 
  // The Rxified API however requires subscription to trigger the call
  Completable c2 = resp.rxWrite("2");
 
  // Write is subscription based, this will send
  // 2
  // 2
  c2.subscribe();
  c2.subscribe();
});

Open Telemetry support

Open Telemetry tracing is a new and noticeable tracing integration available in 4.1.

Service proxy with futures

Vert.x 4 provides a future-first API. However, service proxies can only be declared with callbacks.

We addressed this issue in Vert.x 4.1 and you can now write service proxies with futures. The only change you need is to declare the future usage in the Codegen module declaration.

Vertx-Web

In this release, we improved the logging handler to enable custom logging formats.

The OAuth2 handler now follows the OIDC standard by validating the requested scopes are present in the OAuth2 response. A new APIKEY handler was added to support more security use cases, and it is now possible to write custom authn handlers without requiring internal classes.

The API ctx.json() now follows the IANA content type standard.

Vertx-Web OpenAPI

A lot of community discussions and work has been done to improve the security handling of OpenAPI in Vert.x. We now support all kinds of security described in OpenAPI 3.0, OpenId, OAuth2, API-Key, HTTP.

The new API also allows for fetching the security configuration from the document itself, rather than having it double-configured in the document and in the code.

Vertx-Auth

In the Vert.x auth module, support for EdDSA was added to the JOSE/COSE code. This means that we can now use those algorithms in JWT/OAuth2/OIDC/FIDO2. The support relies only on the provided JDK which means that users will need to use JDK 15 or above to be able to use those algorithms.

In the JOSE code, improvements were made to correctly follow the use value of a JWK and more tests were added to verify that we interop properly with tokens generated by other libraries.

Finally, in FIDO2/Webauthn we follow the recommendation of storing the attestation certificates, which allows offline validation of devices. This is a utility that allows you to check if tokens have been compromised and disable their future use at the RP.

Kotlin 1.5 support

Vert.x 4.1 supports Kotlin 1.5

General pool improvements

Vert.x internal pool has been improved to gain more flexibility with new features such as

  • multiple event loops per pool
  • waiter cancellation
  • lock free implementation
  • connection selection strategy

In addition, the internal pool is now used by the Vert.x SQL Client and Vert.x Mail Clients.

Web Session Storage with Infinispan

Vert.x Web session storage is pluggable. In this version, a new session store with Infinispan in-memory data grid is available.

It is implemented on top of the Infinispan client so it can be used with either standalone or clustered Vert.x applications.

If you want to get started, don’t miss the Web Session Storage with Infinispan Client how-to.

Julien Viet's profile image
by Julien Viet
Posted on 21 May 2021
in releases
4 min read

Next post

Eclipse Vert.x 4.1.0.CR2 released!

The second candidate release of the upcoming Vert.x 4.1 has just been released. We consider it feature complete and invite the community to test it.

Julien Viet's profile image
Julien Viet
27 May 2021
#releases

Previous post

Eclipse Vert.x 4.1.0.CR1 released!

The first candidate release of the upcoming Vert.x 4.1 has just been released. We consider it feature complete and invite the community to test it.

Julien Viet's profile image
Julien Viet
21 May 2021
#releases

Related posts

Things to keep in mind concerning CSRF attacks

Eclipse Vert.x like most frameworks provides an anti-CSRF defense. However, no framework can prevent all attack vectors that exist in the web. Therefore, developers need to be aware of some dangers and common attack vectors concerning CSRF defenses.

Xhelal Likaj's profile image
Xhelal Likaj
23 January 2021
#guides

Eclipse Vert.x 4.1.0.Beta1 released!

The first beta of the upcoming Vert.x 4.1 has just been released. We consider it feature complete and invite the community to test it.

Julien Viet's profile image
Julien Viet
12 May 2021
#releases

Eclipse Vert.x 5 candidate 1 released!

This is the first milestone of the upcoming Vert.x 5.

Julien Viet's profile image
Julien Viet
18 November 2024
#releases