diff -r 246d7e4f3c9f -r 06807f9a6835 src/share/jaxws_classes/com/sun/xml/internal/ws/spi/ProviderImpl.java
--- a/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/ProviderImpl.java	Mon Oct 27 12:57:38 2014 -0700
+++ b/src/share/jaxws_classes/com/sun/xml/internal/ws/spi/ProviderImpl.java	Fri Oct 24 15:02:28 2014 +0200
@@ -147,19 +147,12 @@
     }
 
     public EndpointReference readEndpointReference(final Source eprInfoset) {
-        // EPR constructors are private, so we need privilege escalation.
-        // this unmarshalling can only access instances of a fixed, known set of classes,
-        // so doing that shouldn't introduce security vulnerability.
-        return AccessController.doPrivileged(new PrivilegedAction<EndpointReference>() {
-            public EndpointReference run() {
-                try {
-                    Unmarshaller unmarshaller = eprjc.get().createUnmarshaller();
-                    return (EndpointReference) unmarshaller.unmarshal(eprInfoset);
-                } catch (JAXBException e) {
-                    throw new WebServiceException("Error creating Marshaller or marshalling.", e);
-                }
-            }
-        });
+        try {
+            Unmarshaller unmarshaller = eprjc.get().createUnmarshaller();
+            return (EndpointReference) unmarshaller.unmarshal(eprInfoset);
+        } catch (JAXBException e) {
+            throw new WebServiceException("Error creating Marshaller or marshalling.", e);
+        }
     }
 
     public <T> T getPort(EndpointReference endpointReference, Class<T> clazz, WebServiceFeature... webServiceFeatures) {