Imagine you have a JPA Entity or some class you never want to inadvertently serialize directly.
@Entity
class Author {
@Id
private long id;
private String name;
public long getId() {
return id;
}
public getName() {
return name;
}
}To prevent Jackson from serializing any Entity annotated classes, a BlocklistModule can be configured and registered as follows:
Module module = BlocklistModule.builder()
.annotations(Entity.class) // All Entity annotated classes are blocked
.build();
ObjectMapper mapper = new ObjectMapper()
.registerModule(module);The module can also be scoped to a specific class or package:
Module module = BlocklistModule.builder()
.classes(Author.class) // Author is explicitly blocked
.packages("net.kilink.example") // All classes from net.kilink.example are blocked
.build();Attempting to serialize a blocked class will cause a JsonMappingException to be thrown with a message similar to "Attempted to serialize disallowed class Foo".