How to stream single JSON Object with Security Filtering

[bentatham]

In my API, I am using StreamingOutput directly, so I can write a complete JSON object, streaming data from the database and converting to JSON on the fly to avoid memory issues for large response...this all seems to work fine. I don't think using Multi can achieve the same objective with a single JSON document being returns (ie an object with a nested array of objects), so I'm left serializing the objects myself.

  @Inject ObjectMapper objectMapper;

  @GET
  @Produces("application/json")
  @RolesAllowed("ExternalEventAPI")
  @RunOnVirtualThread
  public StreamingOutput getEvents() {
    return output -> {
      try (JsonGenerator json = objectMapper.createGenerator(output)) {
        json.writeStartObject();
        // write some initial fields
        json.writeStartArray();
        /// get events from db (using jooq) and write out the json streaming style using 
        json.writeEndArray();
        json.writeEndObject();
      }
   };
  }

I think using a virtual thread make it all ok from a blocking perspective.
But my real issue is that the objects I want to write also use @SecureField and I can't figure out how to filter those using the same mechanisms that would be used if I were returning a POJO of the object directly (ie QuarkusResteasyReactiveRequestContext, EntityWriter or some such). Nothing seems to be injectable into my resource.

Can we make that injectable someone? Or am I missing something completely, and there is a more "quarkus way" to achieve a "streamed" json object.

[sberyozkin]

CC @geoand, hey Georgios, this is about the @SecuredField, please comment

[geoand]

See this