Version
- Workspace
- tessl
- Visibility
- Public
- Created
- Last updated
'%3e%3cpath%20d='m7.15%205.779.281.877c-.001.502.003.991.124%201.48l.116-.082.229-1.265c.723%201.422%202.78%203.325%202.53%205.008-.022.154-.082.3-.158.435.349-.014.375-.38.578-.56.187%201.005.17%201.975-.22%202.932l1.428%203.159c-.007.07-.626.285-.744.226-.087-.044-.629-1.506-.742-1.754-.103-.224-.457-1.044-.592-1.165-.592-.534-2.033-.183-2.773-.256l.488-.115.148-.109c-.68-.08-1.363-.34-1.85-.815.531.046%201.052.121%201.592.087.1-.006.378-.02.432-.114-1.338-.016-2.398-.569-3.16-1.62-1.03-1.422-1.646-3.215-2.658-4.662-.203-.289-.474-.68-.776-.847-.015-.092.076-.054.137-.049.375.034.778.157%201.148.234l1.26.462c-.404-.737-1.332-.637-1.984-.994-.759-.416-1.2-1.386-1.487-2.149-.258-.68-.536-1.495-.492-2.217.282.262.529.573.896.73.087-.102-.838-1.102-.867-1.323C-.051.673.656-.051%201.328.003c1.128.09%202.44%201.953%202.87%202.886.074.069.145-.23.149-.25.029-.154.01-.306.054-.452.67.932%201.64%201.722%202.122%202.768l.626%201.778V5.78Z'/%3e%3cpath%20d='m10.851%206.733.626-1.778c.483-1.047%201.451-1.836%202.122-2.769.045.147.025.299.054.452.005.021.075.32.149.25.43-.932%201.742-2.796%202.87-2.885.672-.054%201.38.67%201.294%201.31-.03.22-.954%201.221-.867%201.322.367-.156.614-.467.896-.729.044.722-.234%201.536-.49%202.218-.288.763-.73%201.733-1.488%202.149-.652.356-1.58.256-1.984.993l1.26-.461c.37-.077.772-.2%201.148-.234.06-.006.152-.044.136.049-.301.166-.573.557-.775.847-.794%201.135-1.347%202.488-2.049%203.68-.635%201.081-1.285%202.087-2.613%202.432.148-.768.005-1.562-.173-2.316l-.32-.092c-.219-1.088-.84-2.001-1.466-2.908l.919-1.475.229%201.265.116.082c.12-.489.125-.979.123-1.48l.283-.877v.955ZM8.017%2014.984c-.238.57-.531%201.119-.78%201.686-.089.204-.446%201.24-.518%201.295-.145.114-.622-.087-.777-.2l1.207-2.78h.868ZM12.008%2013.75c-.059.174-.949.7-1.04.617l.12-.5.92-.117Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h18v18H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
docs
reference
architecture.mdbuild-spi.mdcaching.mdcompression.mdconditional-endpoints.mdconfiguration.mdcontext-injection.mddeclarative-responses.mdexception-mapping.mdfile-uploads.mdfilters.mdhandler-chain.mdjackson-serialization.mdjakarta-rest.mdmultipart-forms.mdobservability.mdparameter-annotations.mdqute-integration.mdreactive-programming.mdresource-management.mdrest-client.mdrest-data-panache.mdrest-links.mdrest-response.mdsecurity.mdserver-multipart.mdserver-spi.mdstreaming.mdwebsockets.md
tessl/maven-io-quarkus--quarkus-rest
tessl install tessl/maven-io-quarkus--quarkus-rest@3.15.0A Jakarta REST implementation utilizing build time processing and Vert.x for high-performance REST endpoints with reactive programming support, security integration, and cloud-native features.
jackson-serialization.mddocs/reference/
Jackson Serialization Customization
Quarkus REST provides Jackson-specific annotations for per-method serialization/deserialization configuration and role-based field filtering without affecting global Jackson configuration.
Note: These features require the quarkus-rest-jackson extension and are marked as experimental.
Capabilities
Custom Serialization
Configure Jackson serialization per resource method without modifying global ObjectMapper configuration.
package io.quarkus.resteasy.reactive.jackson;
import java.lang.reflect.Type;
import java.util.function.BiFunction;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectWriter;
/**
* Annotation for per-method Jackson serialization configuration.
* Allows customizing JSON serialization for specific REST endpoints
* without affecting global Jackson configuration.
*
* Applied at method or type level.
* Marked as @Experimental - API may change in future releases.
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
@Experimental
@interface CustomSerialization {
/**
* BiFunction that creates custom ObjectWriter from global ObjectMapper and target type.
*
* Requirements:
* - MUST have a no-args constructor
* - Should be stateless or only use state initialized in constructor
* - MUST NOT modify the ObjectMapper instance (it's the global instance)
* - Cached per resource method after first creation
*
* @return BiFunction class that produces custom ObjectWriter
*/
Class<? extends BiFunction<ObjectMapper, Type, ObjectWriter>> value();
}Usage Examples:
import io.quarkus.resteasy.reactive.jackson.CustomSerialization;
import com.fasterxml.jackson.databind.*;
import com.fasterxml.jackson.databind.ser.FilterProvider;
import com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter;
import com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider;
import jakarta.ws.rs.*;
import java.lang.reflect.Type;
import java.util.function.BiFunction;
@Path("/users")
public class UserResource {
// Custom serialization for sensitive data
@GET
@Path("/{id}")
@Produces("application/json")
@CustomSerialization(SensitiveDataWriter.class)
public User getUser(@PathParam("id") long id) {
return userService.findById(id);
}
// Different serialization for admin endpoint
@GET
@Path("/{id}/full")
@Produces("application/json")
@CustomSerialization(FullDataWriter.class)
public User getUserFull(@PathParam("id") long id) {
return userService.findById(id);
}
// Custom date format serialization
@GET
@Path("/created-today")
@Produces("application/json")
@CustomSerialization(CustomDateFormatWriter.class)
public List<User> getUsersCreatedToday() {
return userService.findCreatedToday();
}
}
// Filter sensitive fields for regular users
public class SensitiveDataWriter implements BiFunction<ObjectMapper, Type, ObjectWriter> {
@Override
public ObjectWriter apply(ObjectMapper mapper, Type type) {
// Create filter that excludes sensitive fields
SimpleBeanPropertyFilter filter = SimpleBeanPropertyFilter
.serializeAllExcept("password", "ssn", "creditCard");
FilterProvider filters = new SimpleFilterProvider()
.addFilter("sensitiveFilter", filter);
return mapper.writer(filters);
}
}
// Include all fields for admin view
public class FullDataWriter implements BiFunction<ObjectMapper, Type, ObjectWriter> {
@Override
public ObjectWriter apply(ObjectMapper mapper, Type type) {
// Return writer with all features enabled
return mapper.writer()
.withDefaultPrettyPrinter();
}
}
// Custom date formatting
public class CustomDateFormatWriter implements BiFunction<ObjectMapper, Type, ObjectWriter> {
@Override
public ObjectWriter apply(ObjectMapper mapper, Type type) {
// Create writer with custom date format
return mapper.writer()
.with(new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss"));
}
}
// Type-level custom serialization (applies to all methods)
@Path("/reports")
@CustomSerialization(ReportWriter.class)
public class ReportResource {
@GET
@Path("/daily")
public Report getDailyReport() {
return reportService.getDaily();
}
@GET
@Path("/monthly")
public Report getMonthlyReport() {
return reportService.getMonthly();
}
}
public class ReportWriter implements BiFunction<ObjectMapper, Type, ObjectWriter> {
@Override
public ObjectWriter apply(ObjectMapper mapper, Type type) {
return mapper.writer()
.withView(ReportViews.Summary.class);
}
}
class User {}
class Report {}
class ReportViews {
static class Summary {}
}
interface UserService {
User findById(long id);
List<User> findCreatedToday();
}
interface ReportService {
Report getDaily();
Report getMonthly();
}Custom Deserialization
Configure Jackson deserialization per resource method without modifying global ObjectMapper configuration.
package io.quarkus.resteasy.reactive.jackson;
import java.lang.reflect.Type;
import java.util.function.BiFunction;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.ObjectReader;
/**
* Annotation for per-method Jackson deserialization configuration.
* Allows customizing JSON deserialization for specific REST endpoints
* without affecting global Jackson configuration.
*
* Applied at method or type level.
* Marked as @Experimental - API may change in future releases.
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
@Experimental
@interface CustomDeserialization {
/**
* BiFunction that creates custom ObjectReader from global ObjectMapper and target type.
*
* Requirements:
* - MUST have a no-args constructor
* - Should be stateless or only use state initialized in constructor
* - MUST NOT modify the ObjectMapper instance (it's the global instance)
* - Cached per resource method after first creation
*
* @return BiFunction class that produces custom ObjectReader
*/
Class<? extends BiFunction<ObjectMapper, Type, ObjectReader>> value();
}Usage Examples:
import io.quarkus.resteasy.reactive.jackson.CustomDeserialization;
import com.fasterxml.jackson.databind.*;
import jakarta.ws.rs.*;
import java.lang.reflect.Type;
import java.util.function.BiFunction;
@Path("/data")
public class DataResource {
// Custom deserialization for lenient parsing
@POST
@Path("/import")
@Consumes("application/json")
@CustomDeserialization(LenientReader.class)
public Response importData(DataImport data) {
processImport(data);
return Response.ok().build();
}
// Strict deserialization for validation
@POST
@Path("/validate")
@Consumes("application/json")
@CustomDeserialization(StrictReader.class)
public Response validateData(DataImport data) {
return Response.ok("Valid").build();
}
// Custom date parsing
@POST
@Path("/legacy")
@Consumes("application/json")
@CustomDeserialization(LegacyFormatReader.class)
public Response importLegacy(LegacyData data) {
processLegacy(data);
return Response.ok().build();
}
private void processImport(DataImport data) {}
private void processLegacy(LegacyData data) {}
}
// Lenient reader - ignores unknown properties
public class LenientReader implements BiFunction<ObjectMapper, Type, ObjectReader> {
@Override
public ObjectReader apply(ObjectMapper mapper, Type type) {
return mapper.readerFor(mapper.constructType(type))
.without(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)
.with(DeserializationFeature.ACCEPT_EMPTY_STRING_AS_NULL_OBJECT);
}
}
// Strict reader - fails on any unknown property
public class StrictReader implements BiFunction<ObjectMapper, Type, ObjectReader> {
@Override
public ObjectReader apply(ObjectMapper mapper, Type type) {
return mapper.readerFor(mapper.constructType(type))
.with(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)
.with(DeserializationFeature.FAIL_ON_NULL_FOR_PRIMITIVES)
.with(DeserializationFeature.FAIL_ON_READING_DUP_TREE_KEY);
}
}
// Legacy date format reader
public class LegacyFormatReader implements BiFunction<ObjectMapper, Type, ObjectReader> {
@Override
public ObjectReader apply(ObjectMapper mapper, Type type) {
return mapper.readerFor(mapper.constructType(type))
.with(new java.text.SimpleDateFormat("dd/MM/yyyy"));
}
}
class DataImport {}
class LegacyData {}Role-Based Field Filtering
Automatically filter JSON fields based on user roles using security annotations.
package io.quarkus.resteasy.reactive.jackson;
/**
* Annotation for role-based field filtering in JSON serialization.
* Fields annotated with @SecureField will only be included in JSON
* if the current user has one of the specified roles.
*
* Applied to fields or getters of POJOs returned by REST methods.
* Works with Quarkus security integration.
*
* Warning: Does not work with jakarta.ws.rs.core.Response return types.
* Use org.jboss.resteasy.reactive.RestResponse instead.
*
* Marked as @Experimental - API may change in future releases.
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.FIELD})
@Experimental
@interface SecureField {
/**
* Roles allowed to see this field in serialized JSON.
* Field will be omitted if current user doesn't have any of these roles.
*/
String[] rolesAllowed();
}
/**
* Enables secure serialization for a method or class.
* When applied, @SecureField annotations on response types are processed,
* even if the class is annotated with @DisableSecureSerialization.
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
@Experimental
@interface EnableSecureSerialization {
}
/**
* Disables secure serialization for a method or class.
* When applied, all @SecureField annotations are ignored
* and serialization proceeds normally.
*
* At class level: applies to all methods in the class.
* At method level: applies only to that method.
*/
@Retention(RetentionPolicy.RUNTIME)
@Target({ElementType.METHOD, ElementType.TYPE})
@Experimental
@interface DisableSecureSerialization {
}Usage Examples:
import io.quarkus.resteasy.reactive.jackson.SecureField;
import io.quarkus.resteasy.reactive.jackson.EnableSecureSerialization;
import io.quarkus.resteasy.reactive.jackson.DisableSecureSerialization;
import org.jboss.resteasy.reactive.RestResponse;
import jakarta.annotation.security.RolesAllowed;
import jakarta.ws.rs.*;
// POJO with role-based field filtering
public class UserAccount {
public String username;
public String email;
// Only visible to admin role
@SecureField(rolesAllowed = "admin")
public String ssn;
// Only visible to admin and manager roles
@SecureField(rolesAllowed = {"admin", "manager"})
public Double salary;
// Only visible to admin role
@SecureField(rolesAllowed = "admin")
public String internalNotes;
// Always visible (no @SecureField)
public String department;
}
@Path("/accounts")
public class AccountResource {
// Regular users see: username, email, department
// Admins see all fields including ssn, salary, internalNotes
@GET
@Path("/{id}")
public UserAccount getAccount(@PathParam("id") long id) {
return accountService.findById(id);
}
// Using RestResponse (required for @SecureField to work)
@GET
@Path("/{id}/details")
public RestResponse<UserAccount> getAccountDetails(@PathParam("id") long id) {
UserAccount account = accountService.findById(id);
return RestResponse.ok(account);
}
// Wrong: Using Response - @SecureField won't work!
// Use RestResponse instead
@GET
@Path("/{id}/wrong")
public Response getAccountWrong(@PathParam("id") long id) {
UserAccount account = accountService.findById(id);
return Response.ok(account).build(); // @SecureField ignored!
}
@Inject
AccountService accountService;
}
// Method-level control
@Path("/reports")
public class ReportResource {
// Secure field filtering enabled (default)
@GET
@Path("/employee/{id}")
public EmployeeReport getEmployeeReport(@PathParam("id") long id) {
return reportService.getEmployee(id);
}
// Disable secure filtering for this method - all fields included
@GET
@Path("/export/{id}")
@DisableSecureSerialization
@RolesAllowed("admin")
public EmployeeReport exportAllData(@PathParam("id") long id) {
// All fields included regardless of @SecureField
return reportService.getEmployee(id);
}
@Inject
ReportService reportService;
}
// Class-level control
@Path("/public")
@DisableSecureSerialization // Disable for all methods in this class
public class PublicResource {
@GET
@Path("/profile/{id}")
public UserProfile getPublicProfile(@PathParam("id") long id) {
// @SecureField annotations ignored
return profileService.getPublic(id);
}
// Re-enable for specific method
@GET
@Path("/restricted/{id}")
@EnableSecureSerialization
@RolesAllowed("member")
public UserProfile getRestrictedProfile(@PathParam("id") long id) {
// @SecureField annotations active again
return profileService.getRestricted(id);
}
@Inject
ProfileService profileService;
}
// Complex example with nested objects
public class CompanyData {
public String name;
public String address;
@SecureField(rolesAllowed = {"admin", "finance"})
public FinancialInfo financials;
@SecureField(rolesAllowed = "admin")
public List<UserAccount> employees;
}
public class FinancialInfo {
public Double revenue;
public Double expenses;
@SecureField(rolesAllowed = "admin")
public String taxId;
}
interface AccountService {
UserAccount findById(long id);
}
interface ReportService {
EmployeeReport getEmployee(long id);
}
interface ProfileService {
UserProfile getPublic(long id);
UserProfile getRestricted(long id);
}
class EmployeeReport {}
class UserProfile {}Key Points:
@SecureFieldfilters fields based on current user's roles from Quarkus security context- Must use
RestResponse<T>instead ofResponsefor filtering to work - Nested objects respect their own
@SecureFieldannotations @EnableSecureSerialization/@DisableSecureSerializationprovide fine-grained control- Integrates with
@RolesAllowedand other Quarkus security annotations - All features are experimental and may change in future releases
Requirements
All Jackson customization features require the quarkus-rest-jackson extension:
<dependency>
<groupId>io.quarkus</groupId>
<artifactId>quarkus-rest-jackson</artifactId>
</dependency>Experimental Status
These APIs are marked as @Experimental and may change in future Quarkus releases. The API design is still being evaluated for optimal user experience.