SONAR-13559 - add workaround for JDK-8014008 (fix JMX console on CE)

server/sonar-process/src/main/java/org/sonar/process/SecurityManagement.java

@@ -19,7 +19,10 @@
  */
 package org.sonar.process;
 
+import java.security.CodeSource;
 import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
 import java.security.Policy;
 import java.security.ProtectionDomain;
 import java.security.SecurityPermission;
@@ -68,6 +71,23 @@ public class SecurityManagement {
       return true;
     }
 
+    // workaround for SONAR-13559 / JDK-8014008
+    // borrowed as-is from https://github.com/elastic/elasticsearch/pull/14274
+    @Override
+    public PermissionCollection getPermissions(CodeSource codesource) {
+      // code should not rely on this method, or at least use it correctly:
+      // https://bugs.openjdk.java.net/browse/JDK-8014008
+      // return them a new empty permissions object so jvisualvm etc work
+      for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
+        if ("sun.rmi.server.LoaderHandler".equals(element.getClassName()) &&
+          "loadClass".equals(element.getMethodName())) {
+          return new Permissions();
+        }
+      }
+      // return UNSUPPORTED_EMPTY_COLLECTION since it is safe.
+      return super.getPermissions(codesource);
+    }
+
     String getDomainClassLoaderName(ProtectionDomain domain) {
       return domain.getClassLoader().getClass().getName();
     }