XStreamMarshaller()
Implementation of the Marshaller interface for XStream.
By default, XStream does not require any further configuration and can (un)marshal any class on the classpath. As such, it is not recommended to use the XStreamMarshaller to unmarshal XML from external sources (i.e. the Web), as this can result in security vulnerabilities. If you do use the XStreamMarshaller to unmarshal external XML, set the supportedClasses and converters properties (possibly using a CatchAllConverter) or override the #customizeXStream(XStream) method to make sure it only accepts the classes you want it to support.
Due to XStream's API, it is required to set the encoding used for writing to OutputStreams. It defaults to UTF-8.
NOTE: XStream is an XML serialization library, not a data binding library. Therefore, it has limited namespace support. As such, it is rather unsuitable for usage within Web Services.
This marshaller requires XStream 1.4.5 or higher, as of Spring 4.3. Note that XStream construction has been reworked in 4.0, with the stream driver and the class loader getting passed into XStream itself now.
Author
Peter Meijer
Author
Arjen Poutsma
Author
Juergen Hoeller
Since
3.0