diff -r 246d7e4f3c9f -r 06807f9a6835 src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java --- a/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java Mon Oct 27 12:57:38 2014 -0700 +++ b/src/share/jaxws_classes/com/sun/xml/internal/bind/v2/util/XmlFactory.java Fri Oct 24 15:02:28 2014 +0200 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,8 +25,10 @@ package com.sun.xml.internal.bind.v2.util; -import com.sun.xml.internal.bind.Util; import com.sun.xml.internal.bind.v2.Messages; + +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.logging.Level; import java.util.logging.Logger; import javax.xml.XMLConstants; @@ -43,8 +45,6 @@ import org.xml.sax.SAXNotRecognizedException; import org.xml.sax.SAXNotSupportedException; -import static com.sun.xml.internal.bind.Util.getSystemProperty; - /** * Provides helper methods for creating properly configured XML parser * factory instances with namespace support turned on and configured for @@ -68,7 +68,14 @@ */ private static final String DISABLE_XML_SECURITY = "com.sun.xml.internal.bind.disableXmlSecurity"; - public static final boolean XML_SECURITY_DISABLED = Boolean.parseBoolean(getSystemProperty(DISABLE_XML_SECURITY)); + private static final boolean XML_SECURITY_DISABLED = AccessController.doPrivileged( + new PrivilegedAction() { + @Override + public Boolean run() { + return Boolean.getBoolean(DISABLE_XML_SECURITY); + } + } + ); private static boolean isXMLSecurityDisabled(boolean runtimeSetting) { return XML_SECURITY_DISABLED || runtimeSetting;