In order to impose certain checks on classes that Jackson might deserialize to, I'd like to be able to easily find any such classes. However, in standard usage, Jackson can deserialize into a completely normal looking class that has no Jackson annotations.
A colleague mentioned having previously seen some way to setup Jackson to only successfully deserialize classes that are explicitly annotated as being able to do so. This would present an easy solution, as I could then just find classes with such an annotation. However, looking through all the Jackson docs, I can't find this functionality. Does anyone know where it's to be found/is this deprecated?
Consider an option where you mark your "json" classes with a custom annotation, then set a special annotation introspector which would fail to serialize all the other classes from your application.
Note that you will need to be able differentiate between the standard classes such as primitives, string, collection, etc., which don't have the custom annotation, and the classes from your application which shall not be processed.
Here is an example:
package stackoverflow;
public class JacksonTracking {
#Retention(RetentionPolicy.RUNTIME)
public static #interface Json {
}
#Json
public static class A {
public final String field1;
public A(String field1) {
this.field1 = field1;
}
}
public static class B {
public final String field2;
public B(String field2) {
this.field2 = field2;
}
}
public static class UnsupportedSerializer extends JsonSerializer.None {
private final Class<?> type;
public UnsupportedSerializer(Class<?> type) {
this.type = type;
}
#Override
public void serialize(Object value, JsonGenerator jgen, SerializerProvider provider) throws IOException {
throw new UnsupportedOperationException("Unsupported type: " + type);
}
}
public static void main(String[] args) throws JsonProcessingException {
ObjectMapper mapper = new ObjectMapper();
mapper.setAnnotationIntrospector(new JacksonAnnotationIntrospector() {
#Override
public Object findSerializer(Annotated a) {
if (a instanceof AnnotatedClass
&& a.getRawType().getPackage().getName().startsWith("stackoverflow")
&& !a.hasAnnotation(Json.class)) {
return new UnsupportedSerializer(a.getRawType());
}
return super.findSerializer(a);
}
});
System.out.println(mapper.writeValueAsString(new A("value1")));
System.out.println(mapper.writeValueAsString(new B("value2")));
}
}
Output:
{"field1":"value1"}
Exception in thread "main" com.fasterxml.jackson.databind.JsonMappingException: Unsupported type: class stackoverflow.JacksonTracking$B
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:125)
at com.fasterxml.jackson.databind.ObjectMapper._configAndWriteValue(ObjectMapper.java:2866)
at com.fasterxml.jackson.databind.ObjectMapper.writeValueAsString(ObjectMapper.java:2323)
at stackoverflow.JacksonTracking.main(JacksonTracking.java:71)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:134)
Caused by: java.lang.UnsupportedOperationException: Unsupported type: class stackoverflow.JacksonTracking$B
at stackoverflow.JacksonTracking$UnsupportedSerializer.serialize(JacksonTracking.java:52)
at com.fasterxml.jackson.databind.ser.DefaultSerializerProvider.serializeValue(DefaultSerializerProvider.java:114)
... 8 more
On the ObjectMapper that you use for deserialization you can configure auto detection of fields, methods, and creators. If you want to enforce this across your entire application I would recommend extending ObjectMapper and using the custom implementation everywhere. Then any additional config you want to impose can live there as well. Something like this:
public class CustomObjectMapper extends ObjectMapper {
public CustomObjectMapper() {
setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
}
}
You could of course just call setVisibility anywhere you declare an ObjectMapper instead:
ObjectMapper om = new ObjectMapper();
om.setVisibility(PropertyAccessor.ALL, JsonAutoDetect.Visibility.NONE);
Related
I'm writing a application using Spring boot and jackson for JSON parsing. I need to handle another service which produces JSON like this:
{
"task-id": 5081,
"task-created-on": {
"java.util.Date": 1631022026000
}
}
Notably, certain fields like the date field here are serialized into a map with a single key-value pair, where the key is a java classname and the value is the actual value of the field.
I've been going through the jackson documentation and haven't found anything about this format. Is there a way to configure jackson to produce and parse fields in this format?
At a minimum, I need to handle dates formatted this way. But I believe the service also uses this format for other objects, where the map key will be the name of some arbitrary java class and the value will be a map of its own. So I'd be interested in a solution that handles more than just dates if possible.
It can be easily done with custom serializer in Jackson by following steps.
First, create objects for serialization as follows:
class MyDateObject {
private Date date;
//general getter/setter
}
class Task {
#JsonProperty("task-id")
private int taskId;
#JsonProperty("task-created-on")
private MyDateObject taskCreatedOn;
//general getters/setters
}
Second, define your custom serializer: (Please note that I used myDateObject.getDate().getClass().getName() to get the class name of date field.)
class DateSerializer extends StdSerializer<MyDateObject> {
public DateSerializer() {
this(null);
}
protected DateSerializer(Class<MyDateObject> t) {
super(t);
}
#Override
public void serialize(MyDateObject myDateObject, JsonGenerator jsonGenerator, SerializerProvider serializerProvider) throws IOException {
jsonGenerator.writeStartObject();
jsonGenerator.writeNumberField(myDateObject.getDate().getClass().getName(), myDateObject.getDate().getTime());
jsonGenerator.writeEndObject();
}
}
Finally, register the serializer with ObjectMapper for the MyDateObject class and perform the serialization:
MyDateObject myDateObject = new MyDateObject();
myDateObject.setDate(new Date());
Task task = new Task();
task.setTaskId(5081);
task.setTaskCreatedOn(myDateObject);
SimpleModule simpleModule = new SimpleModule();
simpleModule.addSerializer(MyDateObject.class, new DateSerializer());
ObjectMapper objectMapper = new ObjectMapper();
objectMapper.registerModule(simpleModule);
System.out.println(objectMapper.writeValueAsString(task));
The expected output is:
{"task-id":5081,"task-created-on":{"java.util.Date":1633402076254}}
Please refer to Jackson – Custom Serializer for more information.
It is possible to solve the issue with the use of a custom JsonSerializer and applying the JsonSerialize over the fields in the pojo you are interested like below :
public class Task {
#JsonProperty("task-id")
private int taskId;
#JsonProperty("task-created-on")
#JsonSerialize(using = ObjectSerializer.class)
Date taskCreatedOn;
}
The custom serializer will use the JsonGenerator.html#writeObjectField to serialize a generic object (Date or other java class) as propertyname : {"classname" : value} :
public class ObjectSerializer extends JsonSerializer<Object> {
#Override
public void serialize(Object t, JsonGenerator jg, SerializerProvider sp) throws IOException {
jg.writeStartObject();
jg.writeObjectField(t.getClass().getName(), t);
jg.writeEndObject();
}
}
Went down a path of creating an annotation that would dynamic determine whether a field should be serialized or not.
The annotation's implementation is as follows:
#Retention(RetentionPolicy.RUNTIME)
#JacksonAnnotationsInside
#JsonSerialize(using = HiddenFieldSerializer.class)
#Target(value = ElementType.FIELD)
public #interface Hidden {
}
Now the code for the Serializer:
public class HiddenFieldSerializer
extends StdSerializer<String>
implements ContextualSerializer {
public HiddenFieldSerializer() {
super(String.class);
}
#Override
public void serialize(String value,
JsonGenerator jgen,
SerializerProvider provider) {
try {
provider.defaultSerializeNull(jgen);
} catch (IOException e) {
}
}
#Override
public JsonSerializer<?> createContextual(SerializerProvider prov,
BeanProperty property) {
return shouldHide() ?
new HiddenFieldSerializer() : new StringSerializer();
}
public boolean shouldHide() {
/* Simplifying this */
return Boolean.TRUE;
}
}
A little bit of code to show how it works:
public class Test {
static final ObjectMapper mapper = new ObjectMapper()
.setSerializationInclusion(Include.NON_NULL)
.setSerializationInclusion(Include.NON_EMPTY);
static class User {
#JsonProperty
String username;
#Hidden
#JsonProperty
String pin;
}
public static void main(String... args)
throws JsonProcessingException {
final POC.User u = new POC.User();
u.username = "harry_potter";
u.pin = "1298";
System.out.println(mapper.writeValueAsString(u));
}
}
And the output is as follows:
{"username":"harry_potter","pin":null}
How do I get the field pin to be removed from the serialization instead of it being null? Obviously setting the mapper's properties was of very little user in such a context. Any suggestions? Thoughts? Maybe the whole thing is a bad idea?
Ideally I should be able to see the following:
{"username":"harry_potter"}
It's not clear whether you want to ignore a given property statically or dynamically. Anyways, looks like you have over-engineered it.
First of all, I want to make sure that you came across #JsonIgnore before. If it doesn't suit your needs, you could define your custom ignore annotation as following:
#Retention(RetentionPolicy.RUNTIME)
public #interface Hidden {
}
Then pick the approach that best suit your needs:
Approach #1
Extend JacksonAnnotationIntrospector and override the method that checks for the ignore marker:
public class CustomAnnotationIntrospector extends JacksonAnnotationIntrospector {
#Override
public boolean hasIgnoreMarker(AnnotatedMember m) {
return super.hasIgnoreMarker(m) || m.hasAnnotation(Hidden.class);
}
}
Configure ObjectMapper to use your annotation introspector:
ObjectMapper mapper = new ObjectMapper();
mapper.setAnnotationIntrospector(new CustomAnnotationIntrospector());
The annotation introspection occurs only once per class so you can not dynamically change the criteria you use (if any). A similar example can be seen in this answer.
Approach #2
Extend BeanSerializerModifier to modify the properties that will be serialized:
public class CustomBeanSerializerModifier extends BeanSerializerModifier {
#Override
public List<BeanPropertyWriter> changeProperties(SerializationConfig config,
BeanDescription beanDesc, List<BeanPropertyWriter> beanProperties) {
return beanProperties.stream()
.filter(property -> property.getAnnotation(Hidden.class) == null)
.collect(Collectors.toList());
}
}
Then add it to a Module and register it to your ObjectMapper:
ObjectMapper mapper = new ObjectMapper();
mapper.registerModule(new SimpleModule() {
#Override
public void setupModule(SetupContext context) {
super.setupModule(context);
context.addBeanSerializerModifier(new CustomBeanSerializerModifier());
}
});
This approach allows you to ignore properties dynamically.
We're developing a RESTful API using Java EE 7 (RESTEasy / Hibernate / Jackson).
We want the API to serialize all child entities using their IDs, by default. We're doing this mostly to maintain consistency with our deserialization strategy, where we insist on receiving an ID.
However, we also want our users to be able to choose to get an expanded view of any of our child entities, either through a custom endpoint or a query parameter (undecided). For example:
// http://localhost:8080/rest/operator/1
// =====================================
{
"operatorId": 1,
"organization": 34,
"endUser": 23
}
// http://localhost:8080/rest/operator/1?expand=organization
// =====================================
{
"operatorId": 1,
"organization": {
"organizationId": 34,
"organizationName": "name"
},
"endUser": 23
}
// http://localhost:8080/rest/operator/1?expand=enduser
// =====================================
{
"operatorId": 1,
"organization": 34,
"endUser": {
"endUserId": 23,
"endUserName": "other name"
}
}
// http://localhost:8080/rest/operator/1?expand=organization,enduser
// =====================================
{
"operatorId": 1,
"organization": {
"organizationId": 34,
"organizationName": "name"
},
"endUser": {
"endUserId": 23,
"endUserName": "other name"
}
}
Is there a way to dynamically change the behavior of Jackson to determine whether a specified AbstractEntity field is serialized in full form or as its ID? How might it be done?
Additional Info
We know of a few ways to serialize our child entities using their IDs, including:
public class Operator extends AbstractEntity {
...
#JsonIdentityInfo(generator=ObjectIdGenerators.PropertyGenerator.class, property="organizationId")
#JsonIdentityReference(alwaysAsId=true)
public getOrganization() { ... }
...
}
and
public class Operator extends AbstractEntity {
...
#JsonSerialize(using=AbstractEntityIdSerializer.class)
public getOrganization() { ... }
...
}
where AbstractEntityIdSerializer serializes the entity using its ID.
The problem is that we don't know of a way for the user to override that default behavior and revert to standard Jackson object serialization. Ideally they'd also be able to choose which child properties to serialize in full form.
It would be awesome to dynamically toggle the alwaysAsId argument of #JsonIdentityReference for any property at runtime, if that's possible, or make the equivalent change to ObjectMapper/ObjectWriter.
Update: Working(?) Solution
We haven't had a chance to fully test this yet, but I've been working on a solution that leverages overriding Jackson's AnnotationIntrospector class. It seems to be working as intended.
public class CustomAnnotationIntrospector extends JacksonAnnotationIntrospector {
private final Set<String> expandFieldNames_;
public CustomAnnotationIntrospector(Set<String> expandFieldNames) {
expandFieldNames_ = expandFieldNames;
}
#Override
public ObjectIdInfo findObjectReferenceInfo(Annotated ann, ObjectIdInfo objectIdInfo) {
JsonIdentityReference ref = _findAnnotation(ann, JsonIdentityReference.class);
if (ref != null) {
for (String expandFieldName : expandFieldNames_) {
String expandFieldGetterName = "get" + expandFieldName;
String propertyName = ann.getName();
boolean fieldNameMatches = expandFieldName.equalsIgnoreCase(propertyName);
boolean fieldGetterNameMatches = expandFieldGetterName.equalsIgnoreCase(propertyName);
if (fieldNameMatches || fieldGetterNameMatches) {
return objectIdInfo.withAlwaysAsId(false);
}
}
objectIdInfo = objectIdInfo.withAlwaysAsId(ref.alwaysAsId());
}
return objectIdInfo;
}
}
At serialization time, we copy our ObjectMapper (so the AnnotationIntrospector runs again) and apply CustomAnnotationIntrospector as follows:
#Context
private HttpRequest httpRequest_;
#Override
writeTo(...) {
// Get our application's ObjectMapper.
ContextResolver<ObjectMapper> objectMapperResolver = provider_.getContextResolver(ObjectMapper.class,
MediaType.WILDCARD_TYPE);
ObjectMapper objectMapper = objectMapperResolver.getContext(Object.class);
// Get Set of fields to be expanded (pre-parsed).
Set<String> fieldNames = (Set<String>)httpRequest_.getAttribute("ExpandFields");
if (!fieldNames.isEmpty()) {
// Pass expand fields to AnnotationIntrospector.
AnnotationIntrospector expansionAnnotationIntrospector = new CustomAnnotationIntrospector(fieldNames);
// Replace ObjectMapper with copy of ObjectMapper and apply custom AnnotationIntrospector.
objectMapper = objectMapper.copy();
objectMapper.setAnnotationIntrospector(expansionAnnotationIntrospector);
}
ObjectWriter objectWriter = objectMapper.writer();
objectWriter.writeValue(...);
}
Any glaring flaws in this approach? It seems relatively straightforward and is fully dynamic.
The answer is Jackson's mixin feature:
You create a simple Java class that has the exact same method signature as the anotated method of the entity. You annotate that method with the modified value. the body of the method is insignificant (it would not be called):
public class OperatorExpanded {
...
#JsonIdentityInfo(generator=ObjectIdGenerators.PropertyGenerator.class, property="organizationId")
#JsonIdentityReference(alwaysAsId=false)
public Organization getOrganization() { return null; }
...
}
you tie the mixin to the entity-to-be-serialized using Jackson's module system: this can be decided at run time
ObjectMapper mapper = new ObjectMapper();
if ("organization".equals(request.getParameter("exapnd")) {
SimpleModule simpleModule = new SimpleModule();
simpleModule.setMixInAnnotation(Operator.class, OperatorExpanded.class);
mapper.registerModule(simpleModule);
}
now, the mapper will take the annotations from the mixin, but invoke the method of the entity.
If you are looking for a generalized solution that needs to be extended to all of your resources you may try following approach. I tried below solution using Jersey and Jackson. It should also work with RestEasy.
Basically, you need to write a custom jackson provider which set a special serializer for an expand field. Also, you need to pass the expand fields to the serializer so that you can decide how to do the serialization for expand fields.
#Singleton
public class ExpandFieldJacksonProvider extends JacksonJaxbJsonProvider {
#Inject
private Provider<ContainerRequestContext> provider;
#Override
protected JsonEndpointConfig _configForWriting(final ObjectMapper mapper, final Annotation[] annotations, final Class<?> defaultView) {
final AnnotationIntrospector customIntrospector = mapper.getSerializationConfig().getAnnotationIntrospector();
// Set the custom (user) introspector to be the primary one.
final ObjectMapper filteringMapper = mapper.setAnnotationIntrospector(AnnotationIntrospector.pair(customIntrospector, new JacksonAnnotationIntrospector() {
#Override
public Object findSerializer(Annotated a) {
// All expand fields should be annotated with '#ExpandField'.
ExpandField expField = a.getAnnotation(ExpandField.class);
if (expField != null) {
// Use a custom serializer for expand field
return new ExpandSerializer(expField.fieldName(), expField.idProperty());
}
return super.findSerializer(a);
}
}));
return super._configForWriting(filteringMapper, annotations, defaultView);
}
#Override
public void writeTo(final Object value, final Class<?> type, final Type genericType, final Annotation[] annotations, final MediaType mediaType, final MultivaluedMap<String, Object> httpHeaders,
final OutputStream entityStream) throws IOException {
// Set the expand fields to java's ThreadLocal so that it can be accessed in 'ExpandSerializer' class.
ExpandFieldThreadLocal.set(provider.get().getUriInfo().getQueryParameters().get("expand"));
super.writeTo(value, type, genericType, annotations, mediaType, httpHeaders, entityStream);
// Once the serialization is done, clear ThreadLocal
ExpandFieldThreadLocal.remove();
}
ExpandField.java
#Retention(RUNTIME)
public #interface ExpandField {
// name of expand field
String fieldName();
// name of Id property in expand field. For eg: oraganisationId
String idProperty();
}
ExpandFieldThreadLocal.java
public class ExpandFieldThreadLocal {
private static final ThreadLocal<List<String>> _threadLocal = new ThreadLocal<>();
public static List<String> get() {
return _threadLocal.get();
}
public static void set(List<String> expandFields) {
_threadLocal.set(expandFields);
}
public static void remove() {
_threadLocal.remove();
}
}
ExpandFieldSerializer.java
public static class ExpandSerializer extends JsonSerializer<Object> {
private String fieldName;
private String idProperty;
public ExpandSerializer(String fieldName,String idProperty) {
this.fieldName = fieldName;
this.idProperty = idProperty;
}
#Override
public void serialize(Object value, JsonGenerator gen, SerializerProvider serializers) throws IOException, JsonProcessingException {
// Get expand fields in current request which is set in custom jackson provider.
List<String> expandFields = ExpandFieldThreadLocal.get();
if (expandFields == null || !expandFields.contains(fieldName)) {
try {
// If 'expand' is not present in query param OR if the 'expand' field does not contain this field, write only id.
serializers.defaultSerializeValue(value.getClass().getMethod("get"+StringUtils.capitalize(idProperty)).invoke(value),gen);
} catch (Exception e) {
//Handle Exception here
}
} else {
serializers.defaultSerializeValue(value, gen);
}
}
}
Operator.java
public class Operator extends AbstractEntity {
...
#ExpandField(fieldName = "organization",idProperty="organizationId")
private organization;
...
}
The final step is to register the new ExpandFieldJacksonProvider. In Jersey, we register it through an instance of javax.ws.rs.core.Application as shown below. I hope there is something similar in RestEasy. By default, most of the JAX-RS libraries tend to load default JacksonJaxbJsonProvider through auto-discovery. You have to make sure auto-discovery is disabled for Jackson and new ExpandFieldJacksonProvider is registered.
public class JaxRsApplication extends Application{
#Override
public Set<Class<?>> getClasses() {
Set<Class<?>> clazzes=new HashSet<>();
clazzes.add(ExpandFieldJacksonProvider.class);
return clazzes;
}
}
Is there a way where we can add ObjectMapper for a particular class through annotation.
#JsonRootName("employee")
public class Sample implements Serializable{
private String name;
private String id;
// Getters and setters
}
In the RestController i have RequestMapping and a method like:-
#ResponseBody
public Sample (#RequestBody Sample sample){
//some logic
return sample;
}
My input payload to this will be like
{
"employee":{
"name":"abcd",
"id":"1234"
}
}
My desired output would be
{
"name":"abcd",
"id":"1234"
}
1)Is there a way i can use the same class to fulfill the input and the output.
2) I have added #JsonRootName at the top of the class which requires ObjectMapper's Serialization feature enable to WRAP_ROOT_VALUE like :-
ObjectMapper mapper = new ObjectMapper();
mapper.enable(SerializationFeature.WRAP_ROOT_VALUE);
mapper.enable(DeserializationFeature.UNWRAP_ROOT_VALUE);
where this can be added to reflect in only this class.
Maybe just leave the default serialization behavior? Then, at deserialization you would still pull out the "employee" wrapper, but at serialization you would write it without the wrapper.
ObjectMapper mapper = new ObjectMapper();
//mapper.enable(SerializationFeature.WRAP_ROOT_VALUE);
mapper.enable(DeserializationFeature.UNWRAP_ROOT_VALUE);
With your input, I got the desired serialization output:
{"name":"abcd","id":"1234"}
EDIT
As for where to put this code, I'd recommend a singleton or class with static methods that handle your (de)serialization. You could have two different mappers than perform the "normal" or "wrapped" behavior. Here's an outline of the static method approach:
public class SerializationUtil {
private static ObjectMapper normalObjectMapper;
private static ObjectMapper wrappedObjectMapper;
static {
/* configure different (de)serialization strategies */
normalObjectMapper = new ObjectMapper();
wrappedObjectMapper = new ObjectMapper();
wrappedObjectMapper.enable(SerializationFeature.WRAP_ROOT_VALUE);
wrappedObjectMapper.enable(DeserializationFeature.UNWRAP_ROOT_VALUE);
}
public static <T> T normalDeserialize(String json, Class<T> clazz) throws Exception {
return normalObjectMapper.readValue(json, clazz);
}
public static String normalSerialize(Object bean) throws Exception {
return normalObjectMapper.writeValueAsString(bean);
}
public static <T> T deserializeWrappedObject(String json, Class<T> clazz) throws Exception {
return wrappedObjectMapper.readValue(json, clazz);
}
public static String serializeWrappedObject(Object bean) throws Exception {
return wrappedObjectMapper.writeValueAsString(bean);
}
}
The benefit of this method is it allows the caller to decide the serialization behavior. So if there are portions of your code where you need to handle it differently you can call another method. Note that the wrapping/unwrapping are both enabled. So to get your desired behavior, you would call these methods like so:
public static void main(String[] args) {
Bean bean = SerializationUtil.deserializeWrappedObject(jsonInput, Bean.class);
String jsonOutput = SerializationUtil.normalSerialize(bean);
}
If this does not appeal to you, you could alternatively detect the special case and handle it in the same method call:
public static <T> T deserialize(String json, Class<T> clazz) throws Exception {
if (clazz instanceof Bean) {
return wrappedObjectMapper.readValue(json, clazz);
} else {
return normalObjectMapper.readValue(json, clazz);
}
}
I want to serialize few fields of my class in custom way using jackson. So i wrote a custom serializer for this.But my problem is i am not able to get the name of the field in custom serializer. My POJO class is
public static class Foo {
public String foo = "a";
#JsonSerialize(using = CustomSerializer.class)
public String bar = "b";
#JsonSerialize(using = CustomSerializer.class)
public String foobar = "c";
}
And my custom serializer class is
public class CustomSerializer extends JsonSerializer<String>
{
#Override
public void serialize(String t, JsonGenerator jg, SerializerProvider sp) throws IOException, JsonProcessingException
{
if(field.name.equals("a"))
//do this
else if(filed.name.equals("b"))
//do that
}
}
Here i want get the name of field which is being serialized.
How can i get the name of fields "a" and "b" in custom serializer ?
Thanks
I think, this is not possible now. But you can create two separate serializers for each property. I know, this a little workaround, but it should work.