junit5: add property to allow SecurityManager override in tests (#217)

README.md

@@ -316,6 +316,8 @@ you are using the standard `@maven` namespace for your
 **Note**: The junit5 runner prevents `System.exit` being called
 using a `SecurityManager`, which means that one test can't
 prematurely cause an entire test run to finish unexpectedly.
+This security measure prohibits tests from setting their own `SecurityManager`.
+To override this, set the `bazel.junit5runner.allowSettingSecurityManager` system property.
 
 While the `SecurityManager` has been deprecated in recent Java
 releases, there's no replacement yet. JEP 411 has this as one of

java/private/junit5.bzl

@@ -57,6 +57,8 @@ def java_junit5_test(
     **Note**: The junit5 runner prevents `System.exit` being called
     using a `SecurityManager`, which means that one test can't
     prematurely cause an entire test run to finish unexpectedly.
+    This security measure prohibits tests from setting their own `SecurityManager`.
+    To override this, set the `bazel.junit5runner.allowSettingSecurityManager` system property.
 
     While the `SecurityManager` has been deprecated in recent Java
     releases, there's no replacement yet. JEP 411 has this as one of

java/src/com/github/bazel_contrib/contrib_rules_jvm/junit5/TestRunningSecurityManager.java

@@ -29,7 +29,13 @@ public void checkPermission(Permission perm) {
       if (allowExitCall) {
         return;
       }
-      throw new SecurityException("Replacing the security manager is not allowed");
+      if (System.getProperty("bazel.junit5runner.allowSettingSecurityManager") != null) {
+        System.err.println(
+            "Warning: junit runner security manager replaced, calls to System.exit will not be"
+                + " blocked");
+      } else {
+        throw new SecurityException("Replacing the security manager is not allowed");
+      }
     }
 
     if (delegateSecurityManager != null) {

java/test/com/github/bazel_contrib/contrib_rules_jvm/junit5/SecurityManagerSettingTest.java

@@ -0,0 +1,41 @@
+package com.github.bazel_contrib.contrib_rules_jvm.junit5;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
+import java.security.Permission;
+import org.junit.jupiter.api.Test;
+
+@SuppressFBWarnings("THROWS_METHOD_THROWS_CLAUSE_THROWABLE")
+public class SecurityManagerSettingTest {
+
+  private static final String ALLOW_SETTING_SECURITY_MANAGER_PROPERTY =
+      "bazel.junit5runner.allowSettingSecurityManager";
+
+  @Test
+  void testCanSetSecurityManagerWhenPropertyIsTrue() {
+    System.setProperty(ALLOW_SETTING_SECURITY_MANAGER_PROPERTY, "true");
+    SecurityManager originalSecurityManager = System.getSecurityManager();
+    SecurityManager testSecurityManager =
+        new SecurityManager() {
+          @Override
+          public void checkPermission(Permission perm) {}
+        };
+
+    try {
+      System.setSecurityManager(testSecurityManager);
+      assertEquals(testSecurityManager, System.getSecurityManager());
+    } finally {
+      System.setSecurityManager(originalSecurityManager);
+      System.clearProperty(ALLOW_SETTING_SECURITY_MANAGER_PROPERTY);
+    }
+  }
+
+  @Test
+  void testCannotSetSecurityManagerWhenPropertyIsNotSet() {
+    assertNull(System.getProperty(ALLOW_SETTING_SECURITY_MANAGER_PROPERTY));
+    assertThrows(SecurityException.class, () -> System.setSecurityManager(new SecurityManager()));
+  }
+}