Please review this change to the limited doPrivileged methods to check that the passed-in access control context is authorized before using. http://cr.openjdk.java.net/~mullan/webrevs/8021191/webrev.00/ Thanks, Sean