Architecture Overview

The architecture of XStream consists of the six main components:

Life Cycle

An XStream instance envisages two phases in its life cycle: Setup and Execution. A lot of default configuration is already applied when an XStream instance is instantiated, i.e. the instance is directly in setup phase. Now is the time to apply further configuration. This phase is not thread-safe.

Once an instance is properly configured in can be used in an execution phase, where Java object graphs are marshalled and unmarshalled. The execution phase is thread-safe, i.e. is is possible to use an XStream instance concurrently for execution. However, XStream builds caches during execution based on the configuration. Therefore, an instance should never be reconfigured during or after execution phase. The result of any further (un-)marshalling might not be what is expected.


Whenever XStream encounters an object that needs to be converted to/from XML, it delegates to a suitable Converter implementation associated with the class of that Object.

XStream comes bundled with many converters for common types, including primitives, String, Collections, arrays, null, Date, etc.

XStream also has a default Converter, that is used when no other Converters match a type. This uses reflection to automatically generate the XML for all the fields in an object.

If an object is composed of other objects, the Converter may delegate to other Converters.

To customize the XML for particular object type a new Converter should be implemented.


Mapper implementations are the key components to map between names used in XML and names of Java elements and vice versa. Mappers are organized in a chain, e.g. every time a mapper cannot map a special name it delegates the call to its logical parent. Mappers keep the configuration in XStream and a converter should always use the Mapper (chain) of XStream to map names it has to deal with.

XStream comes bundled with many mappers to map names of ordinary Java types and elements, of arrays, enums, proxies, outer classes, to handle alias definitions, implicit collections, and ignored elements and even the Security Framework is based on a Mapper implementation.

Overwrite XStream's wrapMapper function to add custom mapper implementation.

Drivers (Writer and Reader)

XStream is abstracted from the underlying XML data using the HierarchicalStreamWriter and HierarchicalStreamReader interfaces for serializing and deserializing respectively.

This abstraction allows XStream to read XML from direct streams using an XML parser or directly manipulate existing structures (such as DOM). This prevents the overhead of having to reparse if XStream is working from XML that has been partially processed by other libraries (for instance a SOAP library). It also avoids tying XStream to a particular library.

XStream comes bundled with reader and writer implementations for most major XML libraries.

Writer and Readers can be implemented allowing XStream to serialize to most XML APIs. Writers and Readers can also be created around tree based non XML structures.


When XStream serializes or deserializes some objects, it creates a MarshallingContext or UnmarshallingContext, which handle the traversing of the data and delegation to the necessary Converters.

The MarshallingContext/UnmarshallingContext is made available to converters allowing them to tell XStream to process objects contained within other objects.

XStream provides three pairs of context implementations that traverse the object graph with slightly different behaviors. The default can be changed using XStream.setMode(), passing in one of the following parameters:

A new context is created for each object graph that is serialized. Both the MarshallingContext and UnmarshallingContext implement DataHolder, a hash table passed around whilst processing the object graph that can be used as the user sees fit (in a similar way that the HttpServletRequest attributes are used in a web-application).

Type Permissions

XStream's Security Framework consists of a Mapper implementation and a lot of type permissions. These implementations are used to deny or allow the deserialization of java types based on their name or type hierarchy.

XStream facade

The main XStream class is typically used as the entry point. This assembles the necessary components of XStream (as described above; Context, Converter, Writer/Reader and ClassMapper) and provides a simple to use API for common operations.

Remember, the XStream class is just a facade - it can always be bypassed for more advanced operations.