diff --git a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/internal/util/PersistenceUtilHelper.java b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/internal/util/PersistenceUtilHelper.java
index 42f1137220..9cba90dd17 100644
--- a/hibernate-entitymanager/src/main/java/org/hibernate/jpa/internal/util/PersistenceUtilHelper.java
+++ b/hibernate-entitymanager/src/main/java/org/hibernate/jpa/internal/util/PersistenceUtilHelper.java
@@ -10,6 +10,8 @@ import java.io.Serializable;
 import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -352,24 +354,29 @@ public final class PersistenceUtilHelper {
 			return attributeAccess;
 		}
 
-		private AttributeAccess buildAttributeAccess(String attributeName) {
-			for ( Class clazz : classHierarchy ) {
-				try {
-					final Field field = clazz.getDeclaredField( attributeName );
-					if ( field != null ) {
-						return new FieldAttributeAccess( field );
+		private AttributeAccess buildAttributeAccess(final String attributeName) {
+			final PrivilegedAction<AttributeAccess> action = new PrivilegedAction<AttributeAccess>() {
+				@Override
+				public AttributeAccess run() {
+					for ( Class clazz : classHierarchy ) {
+						try {
+							final Field field = clazz.getDeclaredField( attributeName );
+							if ( field != null ) {
+								return new FieldAttributeAccess( field );
+							}
+						}
+						catch ( NoSuchFieldException e ) {
+							final Method method = getMethod( clazz, attributeName );
+							if ( method != null ) {
+								return new MethodAttributeAccess( attributeName, method );
+							}
+						}
 					}
+					//we could not find any match
+					return new NoSuchAttributeAccess( specifiedClass, attributeName );
 				}
-				catch ( NoSuchFieldException e ) {
-					final Method method = getMethod( clazz, attributeName );
-					if ( method != null ) {
-						return new MethodAttributeAccess( attributeName, method );
-					}
-				}
-			}
-
-			//we could not find any match
-			return new NoSuchAttributeAccess( specifiedClass, attributeName );
+			};
+			return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
 		}
 	}