tessl/maven-io-jsonwebtoken--jjwt-jackson
Jackson JSON serialization support extension for JJWT (Java JWT library) providing high-performance JSON processing capabilities for JWT token handling
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-io-jsonwebtoken--jjwt-jackson@0.12.0index.mddocs/
JJWT Jackson Extension
JJWT Jackson extension is an optional extension module that provides Jackson-based JSON serialization and deserialization support for the JJWT (Java JWT) library. When present in the classpath, it enables high-performance JSON processing with Jackson's proven serialization framework for JWT token handling, offering advanced features like custom serializers, deserializers, and configuration options for optimal performance in JWT token management scenarios.
Package Information
- Package Name: jjwt-jackson
- Package Type: maven
- Language: Java
- Maven Coordinates:
io.jsonwebtoken:jjwt-jackson:0.12.6 - Jackson Version: 2.12.7.1
- Installation: Add dependency to your Maven
pom.xmlor Gradlebuild.gradle
Maven:
<dependency>
<groupId>io.jsonwebtoken</groupId>
<artifactId>jjwt-jackson</artifactId>
<version>0.12.6</version>
</dependency>Gradle:
implementation 'io.jsonwebtoken:jjwt-jackson:0.12.6'Core Imports
import io.jsonwebtoken.jackson.io.JacksonSerializer;
import io.jsonwebtoken.jackson.io.JacksonDeserializer;
import com.fasterxml.jackson.databind.ObjectMapper;Basic Usage
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.jackson.io.JacksonSerializer;
import io.jsonwebtoken.jackson.io.JacksonDeserializer;
import java.security.Key;
// Using default Jackson configuration
JacksonSerializer<Object> serializer = new JacksonSerializer<>();
JacksonDeserializer<Object> deserializer = new JacksonDeserializer<>();
// Build JWT with Jackson serialization
String jwt = Jwts.builder()
.json(serializer)
.subject("user123")
.claim("role", "admin")
.signWith(key)
.compact();
// Parse JWT with Jackson deserialization
Claims claims = Jwts.parser()
.json(deserializer)
.verifyWith(key)
.build()
.parseSignedClaims(jwt)
.getPayload();Architecture
The jjwt-jackson extension consists of three main components:
- JacksonSerializer: Handles serialization of Java objects to JSON for JWT creation
- JacksonDeserializer: Handles deserialization of JSON to Java objects for JWT parsing
- JacksonSupplierSerializer: Internal serializer for handling Supplier objects
The extension automatically registers a custom Jackson module (jjwt-jackson) with specialized serializers and configures the ObjectMapper with optimal settings for JWT processing.
Capabilities
JSON Serialization
Serializes Java objects to JSON format using Jackson for JWT token creation.
public class JacksonSerializer<T> extends io.jsonwebtoken.io.AbstractSerializer<T> {
public JacksonSerializer();
public JacksonSerializer(ObjectMapper objectMapper);
}Constructors:
JacksonSerializer()- Creates serializer with JJWT's default ObjectMapper configurationJacksonSerializer(ObjectMapper objectMapper)- Creates serializer with custom ObjectMapper instance
Usage with custom ObjectMapper:
ObjectMapper customMapper = new ObjectMapper();
// Configure custom mapper as needed
customMapper.configure(JsonGenerator.Feature.QUOTE_FIELD_NAMES, true);
JacksonSerializer<Object> serializer = new JacksonSerializer<>(customMapper);
String jwt = Jwts.builder()
.json(serializer)
.claim("customData", myObject)
.compact();JSON Deserialization
Deserializes JSON to Java objects using Jackson for JWT token parsing with support for custom claim type mapping.
public class JacksonDeserializer<T> extends io.jsonwebtoken.io.AbstractDeserializer<T> {
public JacksonDeserializer();
public JacksonDeserializer(ObjectMapper objectMapper);
public JacksonDeserializer(Map<String, Class<?>> claimTypeMap);
}Constructors:
JacksonDeserializer()- Creates deserializer with JJWT's default ObjectMapper configurationJacksonDeserializer(ObjectMapper objectMapper)- Creates deserializer with custom ObjectMapper instanceJacksonDeserializer(Map<String, Class<?>> claimTypeMap)- Creates deserializer with custom claim type mapping for specific claims (creates a new ObjectMapper internally)
Usage with custom claim types:
import java.util.Map;
// Define custom claim types
Map<String, Class<?>> claimTypes = Map.of(
"user", User.class,
"permissions", Permission[].class,
"metadata", Metadata.class
);
JacksonDeserializer<Object> deserializer = new JacksonDeserializer<>(claimTypes);
Claims claims = Jwts.parser()
.json(deserializer)
.verifyWith(key)
.build()
.parseSignedClaims(jwt)
.getPayload();
// Claims are now deserialized to their proper types
User user = claims.get("user", User.class);
Permission[] permissions = claims.get("permissions", Permission[].class);Usage with custom ObjectMapper:
ObjectMapper customMapper = new ObjectMapper();
customMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, true);
JacksonDeserializer<Object> deserializer = new JacksonDeserializer<>(customMapper);
Claims claims = Jwts.parser()
.json(deserializer)
.verifyWith(key)
.build()
.parseSignedClaims(jwt)
.getPayload();Default ObjectMapper Configuration
The extension provides a pre-configured ObjectMapper with optimal settings for JWT processing.
// Package-protected static constants in JacksonSerializer (not part of public API)
static final String MODULE_ID = "jjwt-jackson";
static final Module MODULE; // Jackson module with custom serializers
static final ObjectMapper DEFAULT_OBJECT_MAPPER; // Pre-configured ObjectMapper
// Package-protected utility method
static ObjectMapper newObjectMapper(); // Creates new ObjectMapper with jjwt-jackson moduleDefault Configuration:
- Registers
jjwt-jacksonmodule with custom serializers - Enables
JsonParser.Feature.STRICT_DUPLICATE_DETECTION(true) - Disables
DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES(false) - Configures
JsonGenerator.Feature.AUTO_CLOSE_TARGET(false) during serialization
POJO Claim Support
Enable seamless serialization and deserialization of Plain Old Java Objects (POJOs) as JWT claims.
public class User {
private String name;
private String email;
private List<String> roles;
// Constructors, getters, setters
public User() {}
public User(String name, String email, List<String> roles) {
this.name = name;
this.email = email;
this.roles = roles;
}
// getters and setters...
}
// Serialize POJO as claim
User user = new User("John Doe", "john@example.com", Arrays.asList("admin", "user"));
String jwt = Jwts.builder()
.json(new JacksonSerializer<>())
.claim("user", user)
.signWith(key)
.compact();
// Deserialize claim back to POJO
Map<String, Class<?>> claimTypes = Map.of("user", User.class);
JacksonDeserializer<Object> deserializer = new JacksonDeserializer<>(claimTypes);
Claims claims = Jwts.parser()
.json(deserializer)
.verifyWith(key)
.build()
.parseSignedClaims(jwt)
.getPayload();
User deserializedUser = claims.get("user", User.class);Integration with JJWT
Automatic Discovery
When jjwt-jackson is present in the classpath, JJWT automatically discovers and uses it for JSON processing without explicit configuration. This works through Java's Service Provider Interface (SPI) mechanism - the extension registers JacksonSerializer and JacksonDeserializer in META-INF/services/ files.
Manual Configuration
For fine-grained control, explicitly set serializers on JWT builders and parsers:
// JWT Creation
String jwt = Jwts.builder()
.json(new JacksonSerializer<>(customObjectMapper))
.subject("user123")
.claim("data", customObject)
.signWith(key)
.compact();
// JWT Parsing
Claims claims = Jwts.parser()
.json(new JacksonDeserializer<>(claimTypeMap))
.verifyWith(key)
.build()
.parseSignedClaims(jwt)
.getPayload();JWK Serialization
The extension also supports serialization of JSON Web Keys (JWKs):
import io.jsonwebtoken.security.Jwks;
import io.jsonwebtoken.security.Jwk;
// Create or load a JWK
Jwk<?> jwk = Jwks.builder().build();
// Serialize JWK to JSON
byte[] jsonBytes = new JacksonSerializer<>().serialize(jwk);
String jwkJson = new String(jsonBytes, StandardCharsets.UTF_8);
// Parse JWK from JSON
Jwk<?> parsed = Jwks.parser().build().parse(jwkJson);Error Handling
The Jackson extension integrates with JJWT's error handling and will throw appropriate JJWT exceptions:
- SerializationException - When serialization fails
- DeserializationException - When deserialization fails
- MalformedJwtException - When JSON structure is invalid
try {
Claims claims = Jwts.parser()
.json(new JacksonDeserializer<>())
.verifyWith(key)
.build()
.parseSignedClaims(invalidJwt)
.getPayload();
} catch (MalformedJwtException e) {
// Handle malformed JWT
} catch (io.jsonwebtoken.io.DeserializationException e) {
// Handle JSON deserialization errors
}Thread Safety
Both JacksonSerializer and JacksonDeserializer are thread-safe and can be shared across multiple threads. The underlying Jackson ObjectMapper and ObjectWriter/ObjectReader instances handle concurrent access safely.
Performance Considerations
- Reuse instances: Create serializer/deserializer instances once and reuse them
- Custom ObjectMapper: When using a custom ObjectMapper, ensure it's properly configured for your performance requirements
- Claim type mapping: Using typed claims with
JacksonDeserializer(Map<String, Class<?>>)provides better performance than generic Object deserialization
Types
// Key interfaces from jjwt-api (for reference)
interface io.jsonwebtoken.io.Serializer<T> {
@Deprecated
byte[] serialize(T t) throws io.jsonwebtoken.io.SerializationException;
void serialize(T t, OutputStream out) throws io.jsonwebtoken.io.SerializationException;
}
interface io.jsonwebtoken.io.Deserializer<T> {
@Deprecated
T deserialize(byte[] bytes) throws io.jsonwebtoken.io.DeserializationException;
T deserialize(Reader reader) throws io.jsonwebtoken.io.DeserializationException;
}
// Jackson types (from jackson-databind)
class com.fasterxml.jackson.databind.ObjectMapper {
// Jackson's main configuration and processing class
}
class com.fasterxml.jackson.databind.Module {
// Jackson module for extending functionality
}