HHH-15411 Introduce an system property to fully disable Hibernate's use of a system SecurityManager

hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java

@@ -27,6 +27,7 @@
 import org.hibernate.bytecode.enhance.spi.EnhancerConstants;
 import org.hibernate.bytecode.spi.BasicProxyFactory;
 import org.hibernate.internal.CoreMessageLogger;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 import org.hibernate.proxy.ProxyConfiguration;
 import org.hibernate.proxy.ProxyFactory;
 
@@ -82,7 +83,7 @@ public final class ByteBuddyState {
 		this.proxyCache = new TypeCache( TypeCache.Sort.WEAK );
 		this.basicProxyCache = new TypeCache( TypeCache.Sort.WEAK );
 
-		if ( System.getSecurityManager() != null ) {
+		if ( SystemSecurityManager.isSecurityManagerEnabled() ) {
 			this.classRewriter = new SecurityManagerClassRewriter();
 		}
 		else {
@@ -276,7 +277,7 @@ public MethodDelegation run() {
 				}
 			};
 
-			this.delegateToInterceptorDispatcherMethodDelegation = System.getSecurityManager() != null
+			this.delegateToInterceptorDispatcherMethodDelegation = SystemSecurityManager.isSecurityManagerEnabled()
 					? AccessController.doPrivileged( delegateToInterceptorDispatcherMethodDelegationPrivilegedAction )
 					: delegateToInterceptorDispatcherMethodDelegationPrivilegedAction.run();
 
@@ -290,7 +291,7 @@ public FieldAccessor.PropertyConfigurable run() {
 				}
 			};
 
-			this.interceptorFieldAccessor = System.getSecurityManager() != null
+			this.interceptorFieldAccessor = SystemSecurityManager.isSecurityManagerEnabled()
 					? AccessController.doPrivileged( interceptorFieldAccessorPrivilegedAction )
 					: interceptorFieldAccessorPrivilegedAction.run();
 		}

hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/HibernateMethodLookupDispatcher.java

@@ -16,6 +16,7 @@
 import java.util.stream.Stream;
 
 import org.hibernate.HibernateException;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 
 /**
  * This dispatcher analyzes the stack frames to detect if a particular call should be authorized.
@@ -85,7 +86,7 @@ private static Method doPrivilegedAction(PrivilegedAction<Method> privilegedActi
 			throw new SecurityException( "Unauthorized call by class " + callerClass );
 		}
 
-		return System.getSecurityManager() != null ? AccessController.doPrivileged( privilegedAction ) :
+		return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( privilegedAction ) :
 			privilegedAction.run();
 	}
 
@@ -133,13 +134,13 @@ public PrivilegedAction<Class<?>[]> run() {
 			}
 		};
 
-		GET_CALLER_STACK_ACTION = System.getSecurityManager() != null
+		GET_CALLER_STACK_ACTION = SystemSecurityManager.isSecurityManagerEnabled()
 				? AccessController.doPrivileged( initializeGetCallerStackAction )
 				: initializeGetCallerStackAction.run();
 	}
 
 	private static Class<?> getCallerClass() {
-		Class<?>[] stackTrace = System.getSecurityManager() != null
+		Class<?>[] stackTrace = SystemSecurityManager.isSecurityManagerEnabled()
 				? AccessController.doPrivileged( GET_CALLER_STACK_ACTION )
 				: GET_CALLER_STACK_ACTION.run();
 

hibernate-core/src/main/java/org/hibernate/internal/util/securitymanager/SystemSecurityManager.java

@@ -0,0 +1,32 @@
+/*
+ * Hibernate, Relational Persistence for Idiomatic Java
+ *
+ * License: GNU Lesser General Public License (LGPL), version 2.1 or later.
+ * See the lgpl.txt file in the root directory or <http://www.gnu.org/licenses/lgpl-2.1.html>.
+ */
+package org.hibernate.internal.util.securitymanager;
+
+/**
+ * Encapsulates access to {@link System#getSecurityManager()},
+ * in preparation of it being phased out by the JDK.
+ *
+ * Since JDK 17 the security manager can be disabled by setting
+ * the system property {@code java.security.manager} to {@code disallow};
+ * to prepare for this we also offer the option of setting
+ * {@code org.hibernate.internal.util.securitymanager.FULLY_DISABLE} to {@code true}
+ * to have the same effect, although limited to the Hibernate ORM code.
+ */
+public final class SystemSecurityManager {
+
+	public static final String FULLY_DISABLE_PROP_NAME = "org.hibernate.internal.util.securitymanager.FULLY_DISABLE";
+	private static final boolean disabledForced = Boolean.getBoolean( FULLY_DISABLE_PROP_NAME );
+
+	private static final boolean SM_IS_ENABLED = (!disabledForced) && (System.getSecurityManager() != null );
+
+	public static boolean isSecurityManagerEnabled() {
+		return SM_IS_ENABLED;
+	}
+
+	//N.B. do not expose a "doPrivileged" helper as that would introduce a security problem
+
+}

hibernate-core/src/main/java/org/hibernate/jpa/internal/util/PersistenceUtilHelper.java

@@ -27,6 +27,7 @@
 import org.hibernate.collection.spi.PersistentCollection;
 import org.hibernate.engine.spi.PersistentAttributeInterceptable;
 import org.hibernate.internal.util.ReflectHelper;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 import org.hibernate.proxy.HibernateProxy;
 import org.hibernate.proxy.LazyInitializer;
 
@@ -378,7 +379,7 @@ public AttributeAccess run() {
 					return new NoSuchAttributeAccess( specifiedClass, attributeName );
 				}
 			};
-			return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
+			return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( action ) : action.run();
 		}
 	}
 

hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java

@@ -17,6 +17,7 @@
 import org.hibernate.internal.CoreMessageLogger;
 import org.hibernate.internal.util.ReflectHelper;
 import org.hibernate.internal.util.collections.ArrayHelper;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 import org.hibernate.proxy.HibernateProxy;
 import org.hibernate.proxy.ProxyConfiguration;
 import org.hibernate.proxy.ProxyFactory;
@@ -119,7 +120,7 @@ public HibernateProxy run() {
 
 			}
 		};
-		return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
+		return SystemSecurityManager.isSecurityManagerEnabled() ? AccessController.doPrivileged( action ) : action.run();
 
 	}
 }

hibernate-envers/src/main/java/org/hibernate/envers/internal/entities/mapper/AbstractMapper.java

@@ -16,6 +16,7 @@
 import org.hibernate.envers.internal.entities.PropertyData;
 import org.hibernate.envers.internal.tools.ReflectionTools;
 import org.hibernate.internal.util.ReflectHelper;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 import org.hibernate.property.access.spi.Getter;
 import org.hibernate.property.access.spi.Setter;
 import org.hibernate.service.ServiceRegistry;
@@ -35,7 +36,7 @@ public abstract class AbstractMapper {
 	 * @return the result of the privileged call, may be {@literal null}
 	 */
 	protected <T> T doPrivileged(Supplier<T> block) {
-		if ( System.getSecurityManager() != null ) {
+		if ( SystemSecurityManager.isSecurityManagerEnabled() ) {
 			return AccessController.doPrivileged( (PrivilegedAction<T>) block::get );
 		}
 		else {

hibernate-envers/src/main/java/org/hibernate/envers/internal/entities/mapper/relation/lazy/initializor/AbstractCollectionInitializor.java

@@ -20,6 +20,7 @@
 import org.hibernate.envers.internal.entities.mapper.relation.query.RelationQueryGenerator;
 import org.hibernate.envers.internal.reader.AuditReaderImplementor;
 import org.hibernate.internal.util.ReflectHelper;
+import org.hibernate.internal.util.securitymanager.SystemSecurityManager;
 
 /**
  * Initializes a persistent collection.
@@ -74,7 +75,7 @@ public T initialize() {
 	 * @return the result of the privileged call, may be {@literal null}
 	 */
 	protected <R> R doPrivileged(Supplier<R> block) {
-		if ( System.getSecurityManager() != null ) {
+		if ( SystemSecurityManager.isSecurityManagerEnabled() ) {
 			return AccessController.doPrivileged( (PrivilegedAction<R>) block::get );
 		}
 		else {