HHH-15411 Introduce an system property to fully disable Hibernate's use of a system SecurityManager

2022-07-21 11:08:08 +01:00 · 2022-07-21 11:08:08 +01:00 · 697cfea170
parent deb2c52ab4
commit 697cfea170
7 changed files with 48 additions and 10 deletions
--- a/hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java
+++ b/hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java
@ -27,6 +27,7 @@ import org.hibernate.HibernateException;
 import org.hibernate.bytecode.enhance.spi.EnhancerConstants;
 import org.hibernate.bytecode.spi.BasicProxyFactory;
 import org.hibernate.internal.CoreMessageLogger;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 import org.hibernate.proxy.ProxyConfiguration;
 import org.hibernate.proxy.ProxyFactory;

@ -82,7 +83,7 @@ public final class ByteBuddyState {
 		this.proxyCache = new TypeCache( TypeCache.Sort.WEAK );
 		this.basicProxyCache = new TypeCache( TypeCache.Sort.WEAK );

-		if ( System.getSecurityManager() != null ) {
+		if ( SystemSecurityManager.isSecurityManagerEnabled() ) {
 			this.classRewriter = new SecurityManagerClassRewriter();
 		}
 		else {
@ -276,7 +277,7 @@ public final class ByteBuddyState {
 				}
 			};

-			this.delegateToInterceptorDispatcherMethodDelegation = System.getSecurityManager() != null
+			this.delegateToInterceptorDispatcherMethodDelegation = SystemSecurityManager.isSecurityManagerEnabled()
 					? AccessController.doPrivileged( delegateToInterceptorDispatcherMethodDelegationPrivilegedAction )
 					: delegateToInterceptorDispatcherMethodDelegationPrivilegedAction.run();

@ -290,7 +291,7 @@ public final class ByteBuddyState {
 				}
 			};

-			this.interceptorFieldAccessor = System.getSecurityManager() != null
+			this.interceptorFieldAccessor = SystemSecurityManager.isSecurityManagerEnabled()
 					? AccessController.doPrivileged( interceptorFieldAccessorPrivilegedAction )
 					: interceptorFieldAccessorPrivilegedAction.run();
 		}
--- a/hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/HibernateMethodLookupDispatcher.java
+++ b/hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/HibernateMethodLookupDispatcher.java
@ -16,6 +16,7 @@ import java.util.function.Function;
 import java.util.stream.Stream;

 import org.hibernate.HibernateException;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;

 /**
 * This dispatcher analyzes the stack frames to detect if a particular call should be authorized.
@ -85,7 +86,7 @@ public class HibernateMethodLookupDispatcher {
 			throw new SecurityException( "Unauthorized call by class " + callerClass );
 		}

-		return System.getSecurityManager() != null ? AccessController.doPrivileged( privilegedAction ) :
+		return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( privilegedAction ) :
 			privilegedAction.run();
 	}

@ -133,13 +134,13 @@ public class HibernateMethodLookupDispatcher {
 			}
 		};

-		GET_CALLER_STACK_ACTION = System.getSecurityManager() != null
+		GET_CALLER_STACK_ACTION = SystemSecurityManager.isSecurityManagerEnabled()
 				? AccessController.doPrivileged( initializeGetCallerStackAction )
 				: initializeGetCallerStackAction.run();
 	}

 	private static Class<?> getCallerClass() {
-		Class<?>[] stackTrace = System.getSecurityManager() != null
+		Class<?>[] stackTrace = SystemSecurityManager.isSecurityManagerEnabled()
 				? AccessController.doPrivileged( GET_CALLER_STACK_ACTION )
 				: GET_CALLER_STACK_ACTION.run();

--- a/hibernate-core/src/main/java/org/hibernate/internal/util/securitymanager/SystemSecurityManager.java
+++ b/hibernate-core/src/main/java/org/hibernate/internal/util/securitymanager/SystemSecurityManager.java
@ -0,0 +1,32 @@
+/*
+ * Hibernate, Relational Persistence for Idiomatic Java
+ *
+ * License: GNU Lesser General Public License (LGPL), version 2.1 or later.
+ * See the lgpl.txt file in the root directory or <http://www.gnu.org/licenses/lgpl-2.1.html>.
+ */
+package org.hibernate.internal.util.securitymanager;
+
+/**
+ * Encapsulates access to {@link System#getSecurityManager()},
+ * in preparation of it being phased out by the JDK.
+ *
+ * Since JDK 17 the security manager can be disabled by setting
+ * the system property {@code java.security.manager} to {@code disallow};
+ * to prepare for this we also offer the option of setting
+ * {@code org.hibernate.internal.util.securitymanager.FULLY_DISABLE} to {@code true}
+ * to have the same effect, although limited to the Hibernate ORM code.
+ */
+public final class SystemSecurityManager {
+
+	public static final String FULLY_DISABLE_PROP_NAME = "org.hibernate.internal.util.securitymanager.FULLY_DISABLE";
+	private static final boolean disabledForced = Boolean.getBoolean( FULLY_DISABLE_PROP_NAME );
+
+	private static final boolean SM_IS_ENABLED = (!disabledForced) && (System.getSecurityManager() != null );
+
+	public static boolean isSecurityManagerEnabled() {
+		return SM_IS_ENABLED;
+	}
+
+	//N.B. do not expose a "doPrivileged" helper as that would introduce a security problem
+
+}
--- a/hibernate-core/src/main/java/org/hibernate/jpa/internal/util/PersistenceUtilHelper.java
+++ b/hibernate-core/src/main/java/org/hibernate/jpa/internal/util/PersistenceUtilHelper.java
@ -27,6 +27,7 @@ import org.hibernate.bytecode.enhance.spi.interceptor.LazyAttributeLoadingInterc
 import org.hibernate.collection.spi.PersistentCollection;
 import org.hibernate.engine.spi.PersistentAttributeInterceptable;
 import org.hibernate.internal.util.ReflectHelper;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 import org.hibernate.proxy.HibernateProxy;
 import org.hibernate.proxy.LazyInitializer;

@ -378,7 +379,7 @@ public final class PersistenceUtilHelper {
 					return new NoSuchAttributeAccess( specifiedClass, attributeName );
 				}
 			};
-			return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
+			return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( action ) : action.run();
 		}
 	}

--- a/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
+++ b/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
@ -17,6 +17,7 @@ import org.hibernate.engine.spi.SharedSessionContractImplementor;
 import org.hibernate.internal.CoreMessageLogger;
 import org.hibernate.internal.util.ReflectHelper;
 import org.hibernate.internal.util.collections.ArrayHelper;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 import org.hibernate.proxy.HibernateProxy;
 import org.hibernate.proxy.ProxyConfiguration;
 import org.hibernate.proxy.ProxyFactory;
@ -119,7 +120,7 @@ public class ByteBuddyProxyFactory implements ProxyFactory, Serializable {

 			}
 		};
-		return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
+		return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( action ) : action.run();

 	}
 }
--- a/hibernate-envers/src/main/java/org/hibernate/envers/internal/entities/mapper/AbstractMapper.java
+++ b/hibernate-envers/src/main/java/org/hibernate/envers/internal/entities/mapper/AbstractMapper.java
@ -16,6 +16,7 @@ import org.hibernate.envers.exception.AuditException;
 import org.hibernate.envers.internal.entities.PropertyData;
 import org.hibernate.envers.internal.tools.ReflectionTools;
 import org.hibernate.internal.util.ReflectHelper;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 import org.hibernate.property.access.spi.Getter;
 import org.hibernate.property.access.spi.Setter;
 import org.hibernate.service.ServiceRegistry;
@ -35,7 +36,7 @@ public abstract class AbstractMapper {
 	 * @return the result of the privileged call, may be {@literal null}
 	 */
 	protected <T> T doPrivileged(Supplier<T> block) {
-		if ( System.getSecurityManager() != null ) {
+		if ( SystemSecurityManager.isSecurityManagerEnabled() ) {
 			return AccessController.doPrivileged( (PrivilegedAction<T>) block::get );
 		}
 		else {
--- a/hibernate-envers/src/main/java/org/hibernate/envers/internal/entities/mapper/relation/lazy/initializor/AbstractCollectionInitializor.java
+++ b/hibernate-envers/src/main/java/org/hibernate/envers/internal/entities/mapper/relation/lazy/initializor/AbstractCollectionInitializor.java
@ -20,6 +20,7 @@ import org.hibernate.envers.internal.entities.EntityInstantiator;
 import org.hibernate.envers.internal.entities.mapper.relation.query.RelationQueryGenerator;
 import org.hibernate.envers.internal.reader.AuditReaderImplementor;
 import org.hibernate.internal.util.ReflectHelper;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;

 /**
 * Initializes a persistent collection.
@ -74,7 +75,7 @@ public abstract class AbstractCollectionInitializor<T> implements Initializor<T>
 	 * @return the result of the privileged call, may be {@literal null}
 	 */
 	protected <R> R doPrivileged(Supplier<R> block) {
-		if ( System.getSecurityManager() != null ) {
+		if ( SystemSecurityManager.isSecurityManagerEnabled() ) {
 			return AccessController.doPrivileged( (PrivilegedAction<R>) block::get );
 		}
 		else {