1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java Mon Oct 27 12:57:38 2014 -0700 1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java Fri Oct 24 15:02:28 2014 +0200 1.3 @@ -1,5 +1,5 @@ 1.4 /* 1.5 - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. 1.6 + * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. 1.7 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 1.8 * 1.9 * This code is free software; you can redistribute it and/or modify it 1.10 @@ -25,8 +25,10 @@ 1.11 1.12 package com.sun.xml.internal.bind.v2.util; 1.13 1.14 -import com.sun.xml.internal.bind.Util; 1.15 import com.sun.xml.internal.bind.v2.Messages; 1.16 + 1.17 +import java.security.AccessController; 1.18 +import java.security.PrivilegedAction; 1.19 import java.util.logging.Level; 1.20 import java.util.logging.Logger; 1.21 import javax.xml.XMLConstants; 1.22 @@ -43,8 +45,6 @@ 1.23 import org.xml.sax.SAXNotRecognizedException; 1.24 import org.xml.sax.SAXNotSupportedException; 1.25 1.26 -import static com.sun.xml.internal.bind.Util.getSystemProperty; 1.27 - 1.28 /** 1.29 * Provides helper methods for creating properly configured XML parser 1.30 * factory instances with namespace support turned on and configured for 1.31 @@ -68,7 +68,14 @@ 1.32 */ 1.33 private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity"; 1.34 1.35 - public static final boolean XML_SECURITY_DISABLED = Boolean.parseBoolean(getSystemProperty(DISABLE_XML_SECURITY)); 1.36 + private static final boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( 1.37 + new PrivilegedAction<Boolean>() { 1.38 + @Override 1.39 + public Boolean run() { 1.40 + return Boolean.getBoolean(DISABLE_XML_SECURITY); 1.41 + } 1.42 + } 1.43 + ); 1.44 1.45 private static boolean isXMLSecurityDisabled(boolean runtimeSetting) { 1.46 return XML_SECURITY_DISABLED || runtimeSetting;