1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/ProviderImpl.java Mon Oct 27 12:57:38 2014 -0700
1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/ProviderImpl.java Fri Oct 24 15:02:28 2014 +0200
1.3 @@ -147,19 +147,12 @@
1.4 }
1.5
1.6 public EndpointReference readEndpointReference(final Source eprInfoset) {
1.7 - // EPR constructors are private, so we need privilege escalation.
1.8 - // this unmarshalling can only access instances of a fixed, known set of classes,
1.9 - // so doing that shouldn't introduce security vulnerability.
1.10 - return AccessController.doPrivileged(new PrivilegedAction<EndpointReference>() {
1.11 - public EndpointReference run() {
1.12 - try {
1.13 - Unmarshaller unmarshaller = eprjc.get().createUnmarshaller();
1.14 - return (EndpointReference) unmarshaller.unmarshal(eprInfoset);
1.15 - } catch (JAXBException e) {
1.16 - throw new WebServiceException("Error creating Marshaller or marshalling.", e);
1.17 - }
1.18 - }
1.19 - });
1.20 + try {
1.21 + Unmarshaller unmarshaller = eprjc.get().createUnmarshaller();
1.22 + return (EndpointReference) unmarshaller.unmarshal(eprInfoset);
1.23 + } catch (JAXBException e) {
1.24 + throw new WebServiceException("Error creating Marshaller or marshalling.", e);
1.25 + }
1.26 }
1.27
1.28 public <T> T getPort(EndpointReference endpointReference, Class<T> clazz, WebServiceFeature... webServiceFeatures) {
