Welcome to Apache XMLBeans™
The Apache Software Foundation
Apache XMLBeans
Documentation
Samples
Community
Resources
Welcome
What is XMLBeans?
History
Changes
Overview
Getting Started
Sample Code
FAQ
Tutorial: First Steps
v5.0.0 Javadoc
Welcome to Apache XMLBeans™
What is XMLBeans?
XMLBeans is a technology for accessing XML by binding it to Java types. XMLBeans
provides several ways to get at the XML, including:
Through XML schema that has been compiled to generate Java types that represent
schema types. In this way, you can access instances of the schema through
JavaBeans-style accessors after the fashion of "getFoo" and "setFoo".
The XMLBeans API also allows you to reflect into the XML schema itself
through an XML Schema Object model.
A cursor model through which you can traverse the full XML infoset.
Support for XML DOM.
For a more complete introduction, see the
XMLBeans
Overview
or
Getting
Started With XMLBeans
For more details on XMLBeans see the
XMLBeans Wiki pages
or the XMLBeans documentation (the Documentation tab on this website).
Release: Apache XMLBeans 5.3.0 (Dec 13, 2024)
Latest release files
are available
The Apache
POI
project has unretired the XMLBeans codebase
since 3.0.0 and is maintaining it as a sub-project.
Note
XMLBeans 5.2.2 has a dependency on log4j-api 2.24.1. We have discovered an issue with log4j-api 2.24.1.
We strongly recommend that users avoid XMLBeans 5.2.2 or if you must use it, you should force your
build to use log4j-api 2.24.2. The main issue is
Issue 3143
Some bug fixes (for a more complete list of changes see
CHANGES
or
JIRA
).
CVE-2021-23926 - XML External Entity (XXE) Processing in Apache XMLBeans versions prior to 3.0.0
(January 13, 2021)
Description:
When parsing XML files using XMLBeans 2.6.0 or below, the underlying parser
created by XMLBeans could be susceptible to XML External Entity (XXE) attacks.
This issue was fixed a few years ago but on review, we decided we should have a CVE
to raise awareness of the issue.
Mitigation:
Affected users are advised to update to Apache XMLBeans 3.0.0 or above
which fixes this vulnerability. XMLBeans 4.0.0 or above is preferable.
References:
XML external entity attack
Version history
Getting Started
Start off with your own stuff.
If you want to get right to it with your own XML schema and instance, follow these basic steps:
Install XMLBeans.
Compile your schema. Use
scomp
to compile the schema, generating and jarring Java types. For example, to create a
employeeschema.jar from an employeesschema.xsd file:
scomp -out employeeschema.jar employeeschema.xsd
Write code. With the generated JAR on your classpath, write code to bind an XML instance
to the Java types representing your schema. Here's an example that would use
types generated from an employees schema:
File xmlFile = new File("c:\employees.xml");
// Bind the instance to the generated XMLBeans types.
EmployeesDocument empDoc =
EmployeesDocument.Factory.parse(xmlFile);
// Get and print pieces of the XML instance.
Employees emps = empDoc.getEmployees();
Employee[] empArray = emps.getEmployeeArray();
for (int i = 0; i < empArray.length; i++)
System.out.println(empArray[i]);
Read a tutorial.
Read our
tutorial
to get a sense of XMLBeans
basics.
Read documentation and other information.
On our
documentation
page, you'll find links to
several topics that describe XMLBeans features and how to use them. You'll also
find links to Javadoc reference on the XMLBeans API.
You can also check out the
FAQ
, which is updated
with new answers as they're needed.
Don't forget the
XMLBeans Wiki
, which collects
lots of valuable information.
Check out the samples.
Many of the XMLBeans features are illustrated in our
samples
Copyright ©
2004-2025
The Apache Software Foundation
Apache, Apache XMLBeans, Apache POI, the Apache logo, and the Apache XMLBeans
logos are trademarks of The Apache Software Foundation.
Send feedback about the website to:
dev@poi.apache.org
US