From 64846a5c4ccdf0d900058fef60c2232926dbd6ad Mon Sep 17 00:00:00 2001 From: Simon Steiner Date: Tue, 2 Apr 2024 13:15:58 +0100 Subject: FOP-3174: Allow sections which need security permissions to be run when AllPermission denied in caller code --- .../main/java/org/apache/fop/apps/FopFactory.java | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java b/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java index 0c57d2643..3b90614b4 100644 --- a/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java +++ b/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java @@ -164,9 +164,26 @@ public final class FopFactory implements ImageContext { * @throws SAXException * @throws IOException */ - public static FopFactory newInstance(URI baseURI, InputStream confStream) throws SAXException, + public static FopFactory newInstance(final URI baseURI, final InputStream confStream) throws SAXException, IOException { - return new FopConfParser(confStream, baseURI).getFopFactoryBuilder().build(); + Object action = AccessController.doPrivileged( + new PrivilegedAction() { + public Object run() { + try { + return new FopConfParser(confStream, baseURI).getFopFactoryBuilder().build(); + } catch (SAXException | IOException e) { + return e; + } + } + } + ); + if (action instanceof SAXException) { + throw (SAXException) action; + } + if (action instanceof IOException) { + throw (IOException) action; + } + return (FopFactory) action; } /** -- cgit v1.2.3