tessl/maven-io-jsonwebtoken--jjwt-jackson
Jackson JSON serialization support extension for JJWT (Java JWT library) providing high-performance JSON processing capabilities for JWT token handling
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
To install, run
npx @tessl/cli install tessl/maven-io-jsonwebtoken--jjwt-jackson@0.12.00
# JJWT Jackson Extension
1
2
JJWT Jackson extension is an optional extension module that provides Jackson-based JSON serialization and deserialization support for the JJWT (Java JWT) library. When present in the classpath, it enables high-performance JSON processing with Jackson's proven serialization framework for JWT token handling, offering advanced features like custom serializers, deserializers, and configuration options for optimal performance in JWT token management scenarios.
3
4
## Package Information
5
6
- **Package Name**: jjwt-jackson
7
- **Package Type**: maven
8
- **Language**: Java
9
- **Maven Coordinates**: `io.jsonwebtoken:jjwt-jackson:0.12.6`
10
- **Jackson Version**: 2.12.7.1
11
- **Installation**: Add dependency to your Maven `pom.xml` or Gradle `build.gradle`
12
13
Maven:
14
```xml
15
<dependency>
16
<groupId>io.jsonwebtoken</groupId>
17
<artifactId>jjwt-jackson</artifactId>
18
<version>0.12.6</version>
19
</dependency>
20
```
21
22
Gradle:
23
```groovy
24
implementation 'io.jsonwebtoken:jjwt-jackson:0.12.6'
25
```
26
27
## Core Imports
28
29
```java
30
import io.jsonwebtoken.jackson.io.JacksonSerializer;
31
import io.jsonwebtoken.jackson.io.JacksonDeserializer;
32
import com.fasterxml.jackson.databind.ObjectMapper;
33
```
34
35
## Basic Usage
36
37
```java
38
import io.jsonwebtoken.Jwts;
39
import io.jsonwebtoken.jackson.io.JacksonSerializer;
40
import io.jsonwebtoken.jackson.io.JacksonDeserializer;
41
import java.security.Key;
42
43
// Using default Jackson configuration
44
JacksonSerializer<Object> serializer = new JacksonSerializer<>();
45
JacksonDeserializer<Object> deserializer = new JacksonDeserializer<>();
46
47
// Build JWT with Jackson serialization
48
String jwt = Jwts.builder()
49
.json(serializer)
50
.subject("user123")
51
.claim("role", "admin")
52
.signWith(key)
53
.compact();
54
55
// Parse JWT with Jackson deserialization
56
Claims claims = Jwts.parser()
57
.json(deserializer)
58
.verifyWith(key)
59
.build()
60
.parseSignedClaims(jwt)
61
.getPayload();
62
```
63
64
## Architecture
65
66
The jjwt-jackson extension consists of three main components:
67
68
- **JacksonSerializer**: Handles serialization of Java objects to JSON for JWT creation
69
- **JacksonDeserializer**: Handles deserialization of JSON to Java objects for JWT parsing
70
- **JacksonSupplierSerializer**: Internal serializer for handling Supplier objects
71
72
The extension automatically registers a custom Jackson module (`jjwt-jackson`) with specialized serializers and configures the ObjectMapper with optimal settings for JWT processing.
73
74
## Capabilities
75
76
### JSON Serialization
77
78
Serializes Java objects to JSON format using Jackson for JWT token creation.
79
80
```java { .api }
81
public class JacksonSerializer<T> extends io.jsonwebtoken.io.AbstractSerializer<T> {
82
public JacksonSerializer();
83
public JacksonSerializer(ObjectMapper objectMapper);
84
}
85
```
86
87
**Constructors:**
88
- `JacksonSerializer()` - Creates serializer with JJWT's default ObjectMapper configuration
89
- `JacksonSerializer(ObjectMapper objectMapper)` - Creates serializer with custom ObjectMapper instance
90
91
**Usage with custom ObjectMapper:**
92
```java
93
ObjectMapper customMapper = new ObjectMapper();
94
// Configure custom mapper as needed
95
customMapper.configure(JsonGenerator.Feature.QUOTE_FIELD_NAMES, true);
96
97
JacksonSerializer<Object> serializer = new JacksonSerializer<>(customMapper);
98
99
String jwt = Jwts.builder()
100
.json(serializer)
101
.claim("customData", myObject)
102
.compact();
103
```
104
105
### JSON Deserialization
106
107
Deserializes JSON to Java objects using Jackson for JWT token parsing with support for custom claim type mapping.
108
109
```java { .api }
110
public class JacksonDeserializer<T> extends io.jsonwebtoken.io.AbstractDeserializer<T> {
111
public JacksonDeserializer();
112
public JacksonDeserializer(ObjectMapper objectMapper);
113
public JacksonDeserializer(Map<String, Class<?>> claimTypeMap);
114
}
115
```
116
117
**Constructors:**
118
- `JacksonDeserializer()` - Creates deserializer with JJWT's default ObjectMapper configuration
119
- `JacksonDeserializer(ObjectMapper objectMapper)` - Creates deserializer with custom ObjectMapper instance
120
- `JacksonDeserializer(Map<String, Class<?>> claimTypeMap)` - Creates deserializer with custom claim type mapping for specific claims (creates a new ObjectMapper internally)
121
122
**Usage with custom claim types:**
123
```java
124
import java.util.Map;
125
126
// Define custom claim types
127
Map<String, Class<?>> claimTypes = Map.of(
128
"user", User.class,
129
"permissions", Permission[].class,
130
"metadata", Metadata.class
131
);
132
133
JacksonDeserializer<Object> deserializer = new JacksonDeserializer<>(claimTypes);
134
135
Claims claims = Jwts.parser()
136
.json(deserializer)
137
.verifyWith(key)
138
.build()
139
.parseSignedClaims(jwt)
140
.getPayload();
141
142
// Claims are now deserialized to their proper types
143
User user = claims.get("user", User.class);
144
Permission[] permissions = claims.get("permissions", Permission[].class);
145
```
146
147
**Usage with custom ObjectMapper:**
148
```java
149
ObjectMapper customMapper = new ObjectMapper();
150
customMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, true);
151
152
JacksonDeserializer<Object> deserializer = new JacksonDeserializer<>(customMapper);
153
154
Claims claims = Jwts.parser()
155
.json(deserializer)
156
.verifyWith(key)
157
.build()
158
.parseSignedClaims(jwt)
159
.getPayload();
160
```
161
162
### Default ObjectMapper Configuration
163
164
The extension provides a pre-configured ObjectMapper with optimal settings for JWT processing.
165
166
```java { .api }
167
// Package-protected static constants in JacksonSerializer (not part of public API)
168
static final String MODULE_ID = "jjwt-jackson";
169
static final Module MODULE; // Jackson module with custom serializers
170
static final ObjectMapper DEFAULT_OBJECT_MAPPER; // Pre-configured ObjectMapper
171
172
// Package-protected utility method
173
static ObjectMapper newObjectMapper(); // Creates new ObjectMapper with jjwt-jackson module
174
```
175
176
**Default Configuration:**
177
- Registers `jjwt-jackson` module with custom serializers
178
- Enables `JsonParser.Feature.STRICT_DUPLICATE_DETECTION` (true)
179
- Disables `DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES` (false)
180
- Configures `JsonGenerator.Feature.AUTO_CLOSE_TARGET` (false) during serialization
181
182
### POJO Claim Support
183
184
Enable seamless serialization and deserialization of Plain Old Java Objects (POJOs) as JWT claims.
185
186
```java
187
public class User {
188
private String name;
189
private String email;
190
private List<String> roles;
191
192
// Constructors, getters, setters
193
public User() {}
194
public User(String name, String email, List<String> roles) {
195
this.name = name;
196
this.email = email;
197
this.roles = roles;
198
}
199
200
// getters and setters...
201
}
202
203
// Serialize POJO as claim
204
User user = new User("John Doe", "john@example.com", Arrays.asList("admin", "user"));
205
206
String jwt = Jwts.builder()
207
.json(new JacksonSerializer<>())
208
.claim("user", user)
209
.signWith(key)
210
.compact();
211
212
// Deserialize claim back to POJO
213
Map<String, Class<?>> claimTypes = Map.of("user", User.class);
214
JacksonDeserializer<Object> deserializer = new JacksonDeserializer<>(claimTypes);
215
216
Claims claims = Jwts.parser()
217
.json(deserializer)
218
.verifyWith(key)
219
.build()
220
.parseSignedClaims(jwt)
221
.getPayload();
222
223
User deserializedUser = claims.get("user", User.class);
224
```
225
226
## Integration with JJWT
227
228
### Automatic Discovery
229
230
When `jjwt-jackson` is present in the classpath, JJWT automatically discovers and uses it for JSON processing without explicit configuration. This works through Java's Service Provider Interface (SPI) mechanism - the extension registers `JacksonSerializer` and `JacksonDeserializer` in `META-INF/services/` files.
231
232
### Manual Configuration
233
234
For fine-grained control, explicitly set serializers on JWT builders and parsers:
235
236
```java
237
// JWT Creation
238
String jwt = Jwts.builder()
239
.json(new JacksonSerializer<>(customObjectMapper))
240
.subject("user123")
241
.claim("data", customObject)
242
.signWith(key)
243
.compact();
244
245
// JWT Parsing
246
Claims claims = Jwts.parser()
247
.json(new JacksonDeserializer<>(claimTypeMap))
248
.verifyWith(key)
249
.build()
250
.parseSignedClaims(jwt)
251
.getPayload();
252
```
253
254
### JWK Serialization
255
256
The extension also supports serialization of JSON Web Keys (JWKs):
257
258
```java
259
import io.jsonwebtoken.security.Jwks;
260
import io.jsonwebtoken.security.Jwk;
261
262
// Create or load a JWK
263
Jwk<?> jwk = Jwks.builder().build();
264
265
// Serialize JWK to JSON
266
byte[] jsonBytes = new JacksonSerializer<>().serialize(jwk);
267
String jwkJson = new String(jsonBytes, StandardCharsets.UTF_8);
268
269
// Parse JWK from JSON
270
Jwk<?> parsed = Jwks.parser().build().parse(jwkJson);
271
```
272
273
## Error Handling
274
275
The Jackson extension integrates with JJWT's error handling and will throw appropriate JJWT exceptions:
276
277
- **SerializationException** - When serialization fails
278
- **DeserializationException** - When deserialization fails
279
- **MalformedJwtException** - When JSON structure is invalid
280
281
```java
282
try {
283
Claims claims = Jwts.parser()
284
.json(new JacksonDeserializer<>())
285
.verifyWith(key)
286
.build()
287
.parseSignedClaims(invalidJwt)
288
.getPayload();
289
} catch (MalformedJwtException e) {
290
// Handle malformed JWT
291
} catch (io.jsonwebtoken.io.DeserializationException e) {
292
// Handle JSON deserialization errors
293
}
294
```
295
296
## Thread Safety
297
298
Both `JacksonSerializer` and `JacksonDeserializer` are thread-safe and can be shared across multiple threads. The underlying Jackson ObjectMapper and ObjectWriter/ObjectReader instances handle concurrent access safely.
299
300
## Performance Considerations
301
302
- **Reuse instances**: Create serializer/deserializer instances once and reuse them
303
- **Custom ObjectMapper**: When using a custom ObjectMapper, ensure it's properly configured for your performance requirements
304
- **Claim type mapping**: Using typed claims with `JacksonDeserializer(Map<String, Class<?>>)` provides better performance than generic Object deserialization
305
306
## Types
307
308
```java { .api }
309
// Key interfaces from jjwt-api (for reference)
310
interface io.jsonwebtoken.io.Serializer<T> {
311
@Deprecated
312
byte[] serialize(T t) throws io.jsonwebtoken.io.SerializationException;
313
void serialize(T t, OutputStream out) throws io.jsonwebtoken.io.SerializationException;
314
}
315
316
interface io.jsonwebtoken.io.Deserializer<T> {
317
@Deprecated
318
T deserialize(byte[] bytes) throws io.jsonwebtoken.io.DeserializationException;
319
T deserialize(Reader reader) throws io.jsonwebtoken.io.DeserializationException;
320
}
321
322
// Jackson types (from jackson-databind)
323
class com.fasterxml.jackson.databind.ObjectMapper {
324
// Jackson's main configuration and processing class
325
}
326
327
class com.fasterxml.jackson.databind.Module {
328
// Jackson module for extending functionality
329
}
330
```