145 (bindingId != null) ? BindingID.parse(bindingId) : BindingID.parse(implementorClass), |
145 (bindingId != null) ? BindingID.parse(bindingId) : BindingID.parse(implementorClass), |
146 implementorClass, invoker, features); |
146 implementorClass, invoker, features); |
147 } |
147 } |
148 |
148 |
149 public EndpointReference readEndpointReference(final Source eprInfoset) { |
149 public EndpointReference readEndpointReference(final Source eprInfoset) { |
150 // EPR constructors are private, so we need privilege escalation. |
150 try { |
151 // this unmarshalling can only access instances of a fixed, known set of classes, |
151 Unmarshaller unmarshaller = eprjc.get().createUnmarshaller(); |
152 // so doing that shouldn't introduce security vulnerability. |
152 return (EndpointReference) unmarshaller.unmarshal(eprInfoset); |
153 return AccessController.doPrivileged(new PrivilegedAction<EndpointReference>() { |
153 } catch (JAXBException e) { |
154 public EndpointReference run() { |
154 throw new WebServiceException("Error creating Marshaller or marshalling.", e); |
155 try { |
155 } |
156 Unmarshaller unmarshaller = eprjc.get().createUnmarshaller(); |
|
157 return (EndpointReference) unmarshaller.unmarshal(eprInfoset); |
|
158 } catch (JAXBException e) { |
|
159 throw new WebServiceException("Error creating Marshaller or marshalling.", e); |
|
160 } |
|
161 } |
|
162 }); |
|
163 } |
156 } |
164 |
157 |
165 public <T> T getPort(EndpointReference endpointReference, Class<T> clazz, WebServiceFeature... webServiceFeatures) { |
158 public <T> T getPort(EndpointReference endpointReference, Class<T> clazz, WebServiceFeature... webServiceFeatures) { |
166 /* |
159 /* |
167 final @NotNull MemberSubmissionEndpointReference msepr = |
160 final @NotNull MemberSubmissionEndpointReference msepr = |