From: Simon Steiner <ssteiner@apache.org>
Date: Tue, 2 Apr 2024 12:15:58 +0000 (+0100)
Subject: FOP-3174: Allow sections which need security permissions to be run when AllPermission... 
X-Git-Tag: 2_10~34
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=64846a5c4ccdf0d900058fef60c2232926dbd6ad;p=xmlgraphics-fop.git

FOP-3174: Allow sections which need security permissions to be run when AllPermission denied in caller code
---

diff --git a/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java b/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java
index 0c57d2643..3b90614b4 100644
--- a/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java
+++ b/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java
@@ -164,9 +164,26 @@ public final class FopFactory implements ImageContext {
      * @throws SAXException
      * @throws IOException
      */
-    public static FopFactory newInstance(URI baseURI, InputStream confStream) throws SAXException,
+    public static FopFactory newInstance(final URI baseURI, final InputStream confStream) throws SAXException,
             IOException {
-        return new FopConfParser(confStream, baseURI).getFopFactoryBuilder().build();
+        Object action = AccessController.doPrivileged(
+            new PrivilegedAction<Object>() {
+                public Object run() {
+                    try {
+                        return new FopConfParser(confStream, baseURI).getFopFactoryBuilder().build();
+                    } catch (SAXException | IOException e) {
+                        return e;
+                    }
+                }
+            }
+        );
+        if (action instanceof SAXException) {
+            throw (SAXException) action;
+        }
+        if (action instanceof IOException) {
+            throw (IOException) action;
+        }
+        return (FopFactory) action;
     }
 
     /**