XML (Extensible Markup Language) is a W3C standard format for structured information. It has a large eco-system of additional standards and tools.
In Java there are many different APIs and frameworks for accessing, producing and processing XML. For the devonfw we recommend to use JAXB for mapping Java objects to XML and vice-versa. Further there is the popular DOM API for reading and writing smaller XML documents directly. When processing large XML documents StAX is the right choice.
We use JAXB to serialize Java objects to XML or vice-versa.
Use @XmlSeeAlso annotation to provide sub-classes.
See section "Collective Polymorphism" described here.
In order to map custom datatypes or other types that do not follow the Java bean conventions, you need to define a custom mapping. If you create dedicated objects for the XML mapping you can easily avoid such situations. When this is not suitable use @XmlJavaTypeAdapter and provide an XmlAdapter implementation that handles the mapping.
For details see here.
To prevent XML External Entity attacks, follow JAXP Security Guide and enable FSP.