From deb2c52ab4e78cb9b2e7bc7f5efc28c21ebefd0c Mon Sep 17 00:00:00 2001
From: Scott Marlow <smarlow@redhat.com>
Date: Wed, 6 Jul 2022 10:45:49 -0400
Subject: [PATCH] HHH-15371 ByteBuddyProxyFactory call to
 proxyClass.getConstructor().newInstance() when used with Java Security
 Manager should run in a privileged action

Signed-off-by: Scott Marlow <smarlow@redhat.com>
---
 .../pojo/bytebuddy/ByteBuddyProxyFactory.java | 46 +++++++++++++------
 1 file changed, 33 insertions(+), 13 deletions(-)

diff --git a/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java b/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
index 455e9df04f..e7b13aa993 100644
--- a/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
+++ b/hibernate-core/src/main/java/org/hibernate/proxy/pojo/bytebuddy/ByteBuddyProxyFactory.java
@@ -8,6 +8,8 @@ package org.hibernate.proxy.pojo.bytebuddy;
 
 import java.io.Serializable;
 import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Set;
 
 import org.hibernate.HibernateException;
@@ -85,21 +87,39 @@ public class ByteBuddyProxyFactory implements ProxyFactory, Serializable {
 				overridesEquals
 		);
 
-		try {
-			final HibernateProxy proxy = (HibernateProxy) proxyClass.getConstructor().newInstance();
+
+			final HibernateProxy proxy = getHibernateProxy();
 			( (ProxyConfiguration) proxy ).$$_hibernate_set_interceptor( interceptor );
 
 			return proxy;
-		}
-		catch (NoSuchMethodException e) {
-			String logMessage = LOG.bytecodeEnhancementFailedBecauseOfDefaultConstructor( entityName );
-			LOG.error( logMessage, e );
-			throw new HibernateException( logMessage, e );
-		}
-		catch (Throwable t) {
-			String logMessage = LOG.bytecodeEnhancementFailed( entityName );
-			LOG.error( logMessage, t );
-			throw new HibernateException( logMessage, t );
-		}
+
+	}
+
+	private HibernateProxy getHibernateProxy()
+			throws HibernateException {
+
+		final PrivilegedAction<HibernateProxy> action = new PrivilegedAction<HibernateProxy>() {
+
+			@Override
+			public HibernateProxy run() {
+
+				try {
+					return (HibernateProxy) proxyClass.getConstructor().newInstance();
+				}
+				catch (NoSuchMethodException e) {
+					String logMessage = LOG.bytecodeEnhancementFailedBecauseOfDefaultConstructor( entityName );
+					LOG.error( logMessage, e );
+					throw new HibernateException( logMessage, e );
+				}
+				catch (Throwable t) {
+					String logMessage = LOG.bytecodeEnhancementFailed( entityName );
+					LOG.error( logMessage, t );
+					throw new HibernateException( logMessage, t );
+				}
+
+			}
+		};
+		return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
+
 	}
 }