Jackson Json serialization: exclude property respect to the role of the logged user

Question

Is there any way to dynamically exclude a bean property from being serialized if the logged user has not the permissions to see a specific field?

For example, if a bean

Answer 1

If you use the same JAX-RS resources for requests with different user roles, you should consider the following solution:

@Provider
public class SecuritySerializerFilter extends JacksonJaxbJsonProvider {
    @Context
    SecurityContext securityContext;

    @Override
    public void writeTo(Object value, Class type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap httpHeaders, OutputStream entityStream) throws IOException, WebApplicationException {

        ObjectMapper current = locateMapper(type, mediaType);
        setMapper(current.setSerializationConfig(
            current.getSerializationConfig().withView(
                securityContext.isUserInRole("admin") ? Views.Admin.class : Views.User.class
            )
        ));

        super.writeTo(value, type, genericType, annotations, mediaType, httpHeaders, entityStream);
    }
}