1.1 --- a/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/ProviderImpl.java Mon Oct 27 12:57:38 2014 -0700 1.2 +++ b/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/ProviderImpl.java Fri Oct 24 15:02:28 2014 +0200 1.3 @@ -147,19 +147,12 @@ 1.4 } 1.5 1.6 public EndpointReference readEndpointReference(final Source eprInfoset) { 1.7 - // EPR constructors are private, so we need privilege escalation. 1.8 - // this unmarshalling can only access instances of a fixed, known set of classes, 1.9 - // so doing that shouldn't introduce security vulnerability. 1.10 - return AccessController.doPrivileged(new PrivilegedAction<EndpointReference>() { 1.11 - public EndpointReference run() { 1.12 - try { 1.13 - Unmarshaller unmarshaller = eprjc.get().createUnmarshaller(); 1.14 - return (EndpointReference) unmarshaller.unmarshal(eprInfoset); 1.15 - } catch (JAXBException e) { 1.16 - throw new WebServiceException("Error creating Marshaller or marshalling.", e); 1.17 - } 1.18 - } 1.19 - }); 1.20 + try { 1.21 + Unmarshaller unmarshaller = eprjc.get().createUnmarshaller(); 1.22 + return (EndpointReference) unmarshaller.unmarshal(eprInfoset); 1.23 + } catch (JAXBException e) { 1.24 + throw new WebServiceException("Error creating Marshaller or marshalling.", e); 1.25 + } 1.26 } 1.27 1.28 public <T> T getPort(EndpointReference endpointReference, Class<T> clazz, WebServiceFeature... webServiceFeatures) {