[SUREFIRE-1975] JDK18 - The Security Manager is deprecated and will b…

…e removed in a future release

maven-surefire-plugin/src/site/apt/examples/junit.apt.vm

@@ -203,6 +203,8 @@ else
 
    As long as <<<forkCount>>> is not 0 and you use JUnit3, you can run your tests with a Java security manager enabled.
    The class name of the security manager must be sent as a system property variable to the JUnit3 provider.
+   The JDK 17 deprecated the class <<<java.lang.SecurityManager>>> and the JUnit3 provider fails with enabled system
+   property <<surefire.security.manager>>>.
 
    JUnit4 uses mechanisms internally that are not compatible with the tested
    security managers and thus this means of configuring a security manager with JUnit4 is not supported

surefire-api/src/main/java/org/apache/maven/surefire/api/util/internal/ObjectUtils.java

@@ -22,6 +22,8 @@
 import java.lang.management.ManagementFactory;
 import java.util.Map;
 
+import static org.apache.maven.surefire.api.util.ReflectionUtils.tryLoadClass;
+
 /**
  * Similar to Java 7 java.util.Objects.
  *
@@ -44,4 +46,11 @@ public static Map<String, String> systemProps()
     {
         return ManagementFactory.getRuntimeMXBean().getSystemProperties();
     }
+
+    public static boolean isSecurityManagerSupported()
+    {
+        ClassLoader classLoader = ObjectUtils.class.getClassLoader();
+        Class<?> smClass = tryLoadClass( classLoader, "java.lang.SecurityManager" );
+        return smClass != null && !smClass.isAnnotationPresent( Deprecated.class );
+    }
 }

surefire-api/src/test/java/org/apache/maven/JUnit4SuiteTest.java

@@ -42,6 +42,7 @@
 import org.apache.maven.surefire.api.util.internal.ChannelsWriterTest;
 import org.apache.maven.surefire.api.util.internal.ConcurrencyUtilsTest;
 import org.apache.maven.surefire.api.util.internal.ImmutableMapTest;
+import org.apache.maven.surefire.api.util.internal.ObjectUtilsTest;
 import org.junit.runner.RunWith;
 import org.junit.runners.Suite;
 
@@ -72,7 +73,8 @@
     ChannelsWriterTest.class,
     AsyncSocketTest.class,
     AbstractStreamEncoderTest.class,
-    AbstractStreamDecoderTest.class
+    AbstractStreamDecoderTest.class,
+    ObjectUtilsTest.class
 } )
 @RunWith( Suite.class )
 public class JUnit4SuiteTest

surefire-api/src/test/java/org/apache/maven/surefire/api/util/internal/ObjectUtilsTest.java

@@ -0,0 +1,39 @@
+package org.apache.maven.surefire.api.util.internal;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import org.junit.Test;
+
+import static org.fest.assertions.Assertions.assertThat;
+
+/**
+ * @since 3.0.0-M6
+ */
+public class ObjectUtilsTest
+{
+    @Test
+    public void shouldSupportSecurityManager()
+    {
+        float javaVersion = Float.parseFloat( System.getProperty( "java.specification.version" ) );
+        boolean isJava17Plus = javaVersion >= 17;
+        assertThat( ObjectUtils.isSecurityManagerSupported() )
+            .isEqualTo( !isJava17Plus );
+    }
+}

surefire-booter/src/main/java/org/apache/maven/surefire/booter/ProviderFactory.java

@@ -32,6 +32,7 @@
 import static org.apache.maven.surefire.api.util.ReflectionUtils.invokeGetter;
 import static org.apache.maven.surefire.api.util.ReflectionUtils.invokeMethodWithArray;
 import static org.apache.maven.surefire.api.util.ReflectionUtils.invokeMethodWithArray2;
+import static org.apache.maven.surefire.api.util.internal.ObjectUtils.isSecurityManagerSupported;
 
 /**
  * Creates the surefire provider.
@@ -85,7 +86,7 @@ public static RunResult invokeProvider( Object testSet, ClassLoader testsClassLo
         }
         finally
         {
-            if ( restoreStreams && System.getSecurityManager() == null )
+            if ( restoreStreams && ( !isSecurityManagerSupported() || System.getSecurityManager() == null ) )
             {
                 System.setOut( orgSystemOut );
                 System.setErr( orgSystemErr );

surefire-its/src/test/java/org/apache/maven/surefire/its/jiras/Surefire34SecurityManagerIT.java

@@ -21,8 +21,11 @@
 
 import org.apache.maven.surefire.its.fixture.SurefireJUnit4IntegrationTestCase;
 import org.apache.maven.surefire.its.fixture.SurefireLauncher;
+import org.junit.BeforeClass;
 import org.junit.Test;
 
+import static org.apache.maven.surefire.its.fixture.HelperAssertions.assumeJavaMaxVersion;
+
 /**
  * SUREFIRE-621 Asserts proper test counts when running junit 3 tests in parallel
  *
@@ -31,6 +34,12 @@
 public class Surefire34SecurityManagerIT
     extends SurefireJUnit4IntegrationTestCase
 {
+    @BeforeClass
+    public static void checkJavaVersion()
+    {
+        assumeJavaMaxVersion( 16 );
+    }
+
     @Test
     public void testSecurityManager()
     {

surefire-providers/surefire-junit3/src/main/java/org/apache/maven/surefire/junit/JUnit3Provider.java

@@ -19,6 +19,7 @@
  * under the License.
  */
 
+import org.apache.maven.surefire.api.util.internal.ObjectUtils;
 import org.apache.maven.surefire.common.junit3.JUnit3Reflector;
 import org.apache.maven.surefire.common.junit3.JUnit3TestChecker;
 import org.apache.maven.surefire.api.provider.AbstractProvider;
@@ -31,13 +32,13 @@
 import org.apache.maven.surefire.api.report.TestSetReportEntry;
 import org.apache.maven.surefire.api.suite.RunResult;
 import org.apache.maven.surefire.api.testset.TestSetFailedException;
-import org.apache.maven.surefire.api.util.ReflectionUtils;
 import org.apache.maven.surefire.api.util.RunOrderCalculator;
 import org.apache.maven.surefire.api.util.ScanResult;
 import org.apache.maven.surefire.api.util.TestsToRun;
 
 import java.util.Map;
 
+import static org.apache.maven.surefire.api.util.ReflectionUtils.instantiate;
 import static org.apache.maven.surefire.api.util.internal.ObjectUtils.systemProps;
 
 /**
@@ -100,13 +101,7 @@ else if ( forkTestSet instanceof Class )
             final RunListener reporter = reporterFactory.createReporter();
             ConsoleOutputCapture.startCapture( (ConsoleOutputReceiver) reporter );
             Map<String, String> systemProperties = systemProps();
-            String smClassName = System.getProperty( "surefire.security.manager" );
-            if ( smClassName != null )
-            {
-                SecurityManager securityManager =
-                    ReflectionUtils.instantiate( getClass().getClassLoader(), smClassName, SecurityManager.class );
-                System.setSecurityManager( securityManager );
-            }
+            setSystemManager( System.getProperty( "surefire.security.manager" ) );
 
             for ( Class<?> clazz : testsToRun )
             {
@@ -121,6 +116,21 @@ else if ( forkTestSet instanceof Class )
         return runResult;
     }
 
+    static void setSystemManager( String smClassName ) throws TestSetFailedException
+    {
+        if ( smClassName != null )
+        {
+            if ( !ObjectUtils.isSecurityManagerSupported() )
+            {
+                throw new TestSetFailedException( "JDK does not support overriding Security Manager with "
+                    + "a value in system property 'surefire.security.manager'." );
+            }
+            ClassLoader classLoader = JUnit3Provider.class.getClassLoader();
+            SecurityManager sm = instantiate( classLoader, smClassName, SecurityManager.class );
+            System.setSecurityManager( sm );
+        }
+    }
+
     private SurefireTestSet createTestSet( Class<?> clazz )
     {
         return reflector.isJUnit3Available() && jUnit3TestChecker.accept( clazz )

surefire-providers/surefire-junit3/src/test/java/org/apache/maven/surefire/junit/JUnitTestSetTest.java

@@ -22,15 +22,19 @@
 import junit.framework.Test;
 import junit.framework.TestCase;
 import junit.framework.TestSuite;
+import org.apache.maven.surefire.api.testset.TestSetFailedException;
 import org.apache.maven.surefire.common.junit3.JUnit3Reflector;
 import org.apache.maven.surefire.api.report.ReportEntry;
 import org.apache.maven.surefire.api.report.RunListener;
 import org.apache.maven.surefire.api.report.RunMode;
 import org.apache.maven.surefire.api.report.TestSetReportEntry;
+import org.apache.maven.surefire.shared.lang3.JavaVersion;
 
 import java.util.ArrayList;
 import java.util.List;
 
+import static org.apache.maven.surefire.api.util.ReflectionUtils.invokeGetter;
+
 /**
  *
  */
@@ -54,6 +58,32 @@ public void testExecuteSuiteClass()
                       succeededTests.get( 0 ).getName() );
     }
 
+    public void testSystemManager()
+    {
+        float javaVersion = Float.parseFloat( JavaVersion.JAVA_RECENT.toString() );
+        boolean isDeprecated = javaVersion >= 17;
+        try
+        {
+            JUnit3Provider.setSystemManager( "java.lang.SecurityManager" );
+
+            if ( isDeprecated )
+            {
+                fail();
+            }
+
+            Object sm = invokeGetter( System.class, null, "getSecurityManager" );
+            assertNotNull( sm );
+            assertEquals( "java.lang.SecurityManager", sm.getClass().getName() );
+        }
+        catch ( TestSetFailedException e )
+        {
+            if ( !isDeprecated )
+            {
+                fail();
+            }
+        }
+    }
+
     /**
      *
      */