ensure security manager is always on if it should be

src/test/java/org/elasticsearch/test/ElasticsearchLuceneTestCase.java

@@ -25,6 +25,7 @@ import com.carrotsearch.randomizedtesting.annotations.ThreadLeakLingering;
 import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
 import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
 import com.carrotsearch.randomizedtesting.annotations.TimeoutSuite;
+
 import org.apache.lucene.codecs.Codec;
 import org.apache.lucene.util.LuceneTestCase;
 import org.apache.lucene.util.LuceneTestCase.SuppressFileSystems;
@@ -47,6 +48,10 @@ import org.elasticsearch.test.junit.listeners.ReproduceInfoPrinter;
 @SuppressFileSystems("*") // we aren't ready for this yet.
 public abstract class ElasticsearchLuceneTestCase extends LuceneTestCase {
 
+    static {
+        SecurityHack.ensureInitialized();
+    }
+    
     private static final Codec DEFAULT_CODEC = Codec.getDefault();
 
     /**

src/test/java/org/elasticsearch/test/ElasticsearchTestCase.java

@@ -103,10 +103,7 @@ public abstract class ElasticsearchTestCase extends AbstractRandomizedTest {
         boolean enabled = false;
         assert enabled = true;
         ASSERTIONS_ENABLED = enabled;
-        if (Boolean.parseBoolean(Strings.hasLength(TESTS_SECURITY_MANAGER) ? TESTS_SECURITY_MANAGER : "true") && JAVA_SECURTY_POLICY != null) {
-            System.setSecurityManager(new SecurityManager());
-        }
-
+        SecurityHack.ensureInitialized();
     }
 
     @After

src/test/java/org/elasticsearch/test/ElasticsearchTokenStreamTestCase.java

@@ -24,6 +24,7 @@ import com.carrotsearch.randomizedtesting.annotations.ThreadLeakFilters;
 import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope;
 import com.carrotsearch.randomizedtesting.annotations.ThreadLeakScope.Scope;
 import com.carrotsearch.randomizedtesting.annotations.TimeoutSuite;
+
 import org.apache.lucene.analysis.BaseTokenStreamTestCase;
 import org.apache.lucene.util.LuceneTestCase;
 import org.apache.lucene.util.TimeUnits;
@@ -43,6 +44,10 @@ import org.elasticsearch.test.junit.listeners.ReproduceInfoPrinter;
  */
 public abstract class ElasticsearchTokenStreamTestCase extends BaseTokenStreamTestCase {
 
+    static {
+        SecurityHack.ensureInitialized();
+    }
+    
     public static Version randomVersion() {
         return ElasticsearchTestCase.randomVersion(random());
     }

src/test/java/org/elasticsearch/test/SecurityHack.java

@@ -0,0 +1,42 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.test;
+
+import org.apache.lucene.util.TestSecurityManager;
+import static com.carrotsearch.randomizedtesting.RandomizedTest.systemPropertyAsBoolean;
+
+/** 
+ * Installs test security manager (ensures it happens regardless of which
+ * test case happens to be first, test ordering, etc). 
+ * <p>
+ * Note that this is BS, this should be done by the jvm (by passing -Djava.security.manager).
+ * turning it on/off needs to be the role of maven, not this stuff.
+ */
+class SecurityHack {
+
+    static {
+        if (systemPropertyAsBoolean("tests.security.manager", true)) {
+            System.setSecurityManager(new TestSecurityManager());
+        }
+    }
+
+    // does nothing, just easy way to make sure the class is loaded.
+    static void ensureInitialized() {}
+}