1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java Mon Oct 27 12:57:38 2014 -0700
1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java Fri Oct 24 15:02:28 2014 +0200
1.3 @@ -1,5 +1,5 @@
1.4 /*
1.5 - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved.
1.6 + * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved.
1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
1.8 *
1.9 * This code is free software; you can redistribute it and/or modify it
1.10 @@ -25,8 +25,10 @@
1.11
1.12 package com.sun.xml.internal.bind.v2.util;
1.13
1.14 -import com.sun.xml.internal.bind.Util;
1.15 import com.sun.xml.internal.bind.v2.Messages;
1.16 +
1.17 +import java.security.AccessController;
1.18 +import java.security.PrivilegedAction;
1.19 import java.util.logging.Level;
1.20 import java.util.logging.Logger;
1.21 import javax.xml.XMLConstants;
1.22 @@ -43,8 +45,6 @@
1.23 import org.xml.sax.SAXNotRecognizedException;
1.24 import org.xml.sax.SAXNotSupportedException;
1.25
1.26 -import static com.sun.xml.internal.bind.Util.getSystemProperty;
1.27 -
1.28 /**
1.29 * Provides helper methods for creating properly configured XML parser
1.30 * factory instances with namespace support turned on and configured for
1.31 @@ -68,7 +68,14 @@
1.32 */
1.33 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity";
1.34
1.35 - public static final boolean XML_SECURITY_DISABLED = Boolean.parseBoolean(getSystemProperty(DISABLE_XML_SECURITY));
1.36 + private static final boolean XML_SECURITY_DISABLED = AccessController.doPrivileged(
1.37 + new PrivilegedAction<Boolean>() {
1.38 + @Override
1.39 + public Boolean run() {
1.40 + return Boolean.getBoolean(DISABLE_XML_SECURITY);
1.41 + }
1.42 + }
1.43 + );
1.44
1.45 private static boolean isXMLSecurityDisabled(boolean runtimeSetting) {
1.46 return XML_SECURITY_DISABLED || runtimeSetting;
