Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support distinct jsonviews for serialization and deserialization #46807

Merged
merged 1 commit into from
Mar 14, 2025
Merged

Support distinct jsonviews for serialization and deserialization #46807

merged 1 commit into from
Mar 14, 2025

Conversation

Postremus
Copy link
Member

Before, the jsonview for the request body could leak affect the serialization side, and cause the response entity to be written with the wrong jsonview. Now, the method and class level jsonview affect the serialization side, while a method parameter jsonview affect only the deserialization side.

However, technically speaking, this is also a minor breaking change for undocumented behaviour. Should be worth it though, since this implementation is less surprising, and follows what is currently documented at https://quarkus.io/version/main/guides/rest#jsonview-support.

Therefore, a note for the migration guide:

closes #46751

Quarkus Rest - JsonView Deserialization changes

With this version, the deserialization support for jsonviews gets documented and slightly changed.

For example:

(1)

@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@JsonView(Views.Private.class)
public RestResponse<User> create(User user) {
    return RestResponse.status(CREATED, user);
}

(2)
@POST
@Produces(MediaType.APPLICATION_JSON)
@Consumes(MediaType.APPLICATION_JSON)
@JsonView(Views.Private.class)
public RestResponse<User> create(@JsonView(Views.Public.class) User user) {
    return RestResponse.status(CREATED, user);
}

(1) The method parameter user was also deserialized using the Views.Private view.
(2) The method parameter user was most likely to correctly use the expected Views.Public view for deserialization. For Serialization however, the Views.Public was also used, although the method is annoted with the Views.Private view.

The behaviour changed, so that now the deserialization is only influenced by the method parameter jsonview. The serialization is now always only influenced by the method (or class level) jsonview.
For (1), the user parameter does not use any JsonView anymore.
For (2), this means that the user parameter correctly uses Views.Public for deserialization, and for serialization Views.Private gets used

@Postremus
Support distinct jsonviews for serialization and deserialization
a23972d 
Before, the jsonview for the request body could leak affect the serialization side, and cause the response entity to be written with the wrong jsonview.
Now, the method and class level jsonview affect the serialization side, while a method parameter jsonview affect only the deserialization side.
@quarkus-bot quarkus-bot
Copy link

quarkus-bot bot commented Mar 13, 2025
edited by github-actions bot
Loading

Status for workflow Quarkus CI

This is the status report for running Quarkus CI on commit a23972d.

✅ The latest workflow run for the pull request has completed successfully.

It should be safe to merge provided you have a look at the other checks in the summary.

You can consult the Develocity build scans.

@Postremus Postremus requested a review from geoand March 14, 2025 09:32
geoand
geoand approved these changes Mar 14, 2025
View reviewed changes
Copy link
Contributor

@geoand geoand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@geoand geoand merged commit b88d1c6 into quarkusio:main Mar 14, 2025
39 checks passed
@quarkus-bot quarkus-bot bot added this to the 3.22 - main milestone Mar 14, 2025
@Postremus Postremus deleted the issues/46751-jsonview-ser-deser-disc branch March 14, 2025 19:18
@gsmet gsmet modified the milestones: 3.22 - main, 3.21.0 Mar 18, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@geoand geoand geoand approved these changes

Assignees
No one assigned
Labels
area/rest kind/bugfix
Projects
None yet
Milestone
3.21.0
Development

Successfully merging this pull request may close these issues.

Wrong JsonView is used for writing response entity
3 participants
@Postremus @geoand @gsmet