EN · DE · RU · FR · ES
← Index · ← File index · ← Prev · Next → · 📄 source

#756: XmlObject.java

projectforge-business/src/main/java/org/projectforge/framework/xmlstream/XmlObject.java Java annotation — class-level marker for XmlStream serialization. 44 lines. @Target(TYPE), @Retention(RUNTIME). Source: projectforge-business/src/main/java/org/projectforge/framework/xmlstream/XmlObject.java 44 lines · 10 code · 30 comments · 4 blank
Purpose: A class-level annotation — marks a class as serializable/deserializable by the XmlStream framework. 44 lines. This is the equivalent of JAXB's @XmlRootElement and XStream's implicit convention (any class can be serialized). Unlike them, XmlStream requires explicit annotation — classes without @XmlObject will not be processed by either XmlObjectReader or XmlObjectWriter. This is a security measure: only explicitly permitted classes participate in serialization.

Sole Parameter: alias()

Overrides the root XML element name. By default (empty string), the fully-qualified class name is used: org.projectforge.business.user.PFUserDO<org.projectforge.business.user.PFUserDO>. With alias: @XmlObject(alias="user")<user>. Aliases are registered in AliasMap (#758) during XmlRegistry initialization.

Difference from @XmlField(alias): @XmlObject.alias sets the root element name (the tag wrapping the entire object), while @XmlField.alias sets a child element or attribute name (a specific field).

Runtime Usage

  1. XmlRegistry at startup scans the classpath (or config) and finds all @XmlObject-annotated classes
  2. For each class, registers it in AliasMap: Class → alias and alias → Class
  3. XmlObjectReader.newInstance() upon encountering an XML element looks up the corresponding class via AliasMap.getClassForAlias(tagName)
  4. If found — creates an instance via BeanHelper.newInstance() and recursively populates fields (using @XmlField)
  5. If not found — returns Status.IGNORE (#760)

XmlObject vs. XStream @XStreamAlias

Key difference: @XmlObject is not just an alias — it's an explicit permission for serialization. A class without @XmlObject is entirely excluded from the process. XStream by default serializes any class — creating a risk of accidental data leakage (e.g., serializing a Hibernate proxy with passwords). XmlStream is safer but requires more manual annotation work.

XmlStream Annotation Trio

AnnotationFileRole
@XmlField#752Configure field serialization (name, type, defaults, format)
@XmlObject#754Enable class for serialization with alias
@XmlOmitField#757Exclude a field from serialization entirely

Git History

868d6abb7 2025 → 2026 (copyright year update)
63081666f Source file headers: 2024→2025
b6092df09 Copyright 2023 → 2024
ab45d51fa Copyright 2001-2022 → 2001-2023
5f7ef41b8 Copyright 2021 → 2022
cd27dd997 package xstream → xmlstream
ceb63e8a1 Source code header: (C) 2001-2021
7c79f1922 Copyright of source header → 2020
32f634b88 Optimize imports
dd5ca38ac CopyRight of all java file-header updated or created
9ebb88522 Initial commit
The annotation has one attribute (alias) and has not changed since the initial commit beyond copyright updates and the xstream → xmlstream package rename. The simplicity is intentional — this is a permission gate, not a configuration surface.