Handle access control exception when reading system properties

[jaymode]

In Elasticsearch, we always run with the Java Security Manager enabled and we have somewhat restrictive permissions. Our policy allows reading system properties, but does not allow writing them. Unfortunately, Java does not make a distinction between System.getProperties and System.setProperties when it comes to permissions as getProperties returns the internal properties object, which is mutable.

    public static Properties getProperties() {
        SecurityManager sm = getSecurityManager();
        if (sm != null) {
            sm.checkPropertiesAccess();
        }

        return props;
    }

    public static void setProperties(Properties props) {
        SecurityManager sm = getSecurityManager();
        if (sm != null) {
            sm.checkPropertiesAccess();
        }
        if (props == null) {
            props = new Properties();
            initProperties(props);
        }
        System.props = props;
    }

In order to use the UnboundID library we need to grant it access to write any system property and perform some hacks around initialization:

https://github.com/elastic/elasticsearch/blob/f09190c14d28c04c937e6ceb2f01b381a1369ac8/x-pack/plugin/core/src/main/plugin-metadata/plugin-security.policy#L9

https://github.com/elastic/elasticsearch/blob/f09190c14d28c04c937e6ceb2f01b381a1369ac8/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackPlugin.java#L94-L110

There are some ways around this that would require changes within the ldapsdk library. I have a gist of one way to do this; it is not complete by any means since third party code contributions are not accepted.

[dirmgr]

This should be addressed by the changes committed in https://github.com/pingidentity/ldapsdk/commit/c0d016fde736cb155c2011c2a9fb45623151187d