Skip to content

Steve Hill

How Do I Write a Jackson JSON Serializer & Deserializer?

java, code, jackson, json1 min read

Update (12/22/2015) Considering writing serialization classes instead? Check out Serializing POJOs with Jackson.

Jackson is a great JSON serialization library for Java. Finding out how to write serializers and deserializers can be frustrating, in no small part thanks to the enormous API Jackson comes with.

Note The following is known to work with Jackson 1.8.5, which ships with RESTEasy 2.3.2.Final.

Assume we have a naive User class we're interested in writing the Serializer and Deserializer for. Not much is notable here, except for the annotations that tell Jackson who knows how to serialize and deserialize this class.

1package net.sghill.example;
1import net.sghill.example.UserDeserializer;
2import net.sghill.example.UserSerializer;
6@JsonDeserialize(using = UserDeserializer.class)
7@JsonSerialize(using = UserSerializer.class)
8public class User {
9 private ObjectId id;
10 private String username;
11 private String password;
12 public User(ObjectId id, String username, String password) {
13 = id;
14 this.username = username;
15 this.password = password;
16 }
18 public ObjectId getId() { return id; }
19 public String getUsername() { return username; }
20 public String getPassword() { return password; }


We'll go about creating our deserializer by extending Jackson's abstract JsonDeserializer class, and giving it the type we want to deserialize to. Maybe most difficult is figuring out that you can reference the JSON by field name with the JsonParser's ObjectCodec.

1package net.sghill.example;
1import net.sghill.example.User;
2import org.codehaus.jackson.JsonNode;
3import org.codehaus.jackson.JsonParser;
4import org.codehaus.jackson.ObjectCodec;
9public class UserDeserializer extends JsonDeserializer {
10 @Override
11 public User deserialize(JsonParser jsonParser,
12 DeserializationContext deserializationContext) throws IOException {
13 ObjectCodec oc = jsonParser.getCodec();
14 JsonNode node = oc.readTree(jsonParser);
15 return new User(null,
16 node.get("username").getTextValue(),
17 node.get("password").getTextValue());
18 }


The serialization of the id and password will never be beneficial, and all we want is an object that contains the username.

Mirroring above, we'll extend the abstract JsonSerializer class, giving it the type we want to serialize from.

1package net.sghill.example;
1import net.sghill.example.User;
2import org.codehaus.jackson.JsonGenerator;
7public class UserSerializer extends JsonSerializer {
8 @Override
9 public void serialize(User user, JsonGenerator jsonGenerator,
10 SerializerProvider serializerProvider) throws IOException {
11 jsonGenerator.writeStartObject();
12 jsonGenerator.writeStringField("username", user.getUsername());
13 jsonGenerator.writeEndObject();
14 }

Note nothing going to production should be storing a password as plaintext in the database, as would be the case here. This is merely for illustration purposes. BCrypt is the current king of the castle for storing passwords.