java.lang.Object
java.security.Permission
java.security.BasicPermission
javafx.util.FXPermission
- All Implemented Interfaces:
Serializable
,Guard
public final class FXPermission extends BasicPermission
This class is for JavaFX permissions.
An
FXPermission
contains a target name but
no actions list; you either have the named permission
or you don't.
The target name is the name of the JavaFX permission (see below). The naming convention follows the hierarchical property naming convention. Also, an asterisk can be used to represent all JavaFX permissions.
The following table lists all the possible FXPermission
target names, and for each provides a description of what the permission
allows and a discussion of the risks of granting code the permission.
Permission Target Name | What the Permission Allows | Risks of Allowing this Permission |
---|---|---|
accessClipboard | Posting and retrieval of information to and from the system clipboard | This would allow a malicious application to share or read potentially sensitive or confidential information. |
accessWindowList | Accessing the list of all JavaFX Windows | Providing access to the complete list of all JavaFX windows could give a malicious application the ability to modify a security dialog. |
createRobot | Creating JavaFX Robot objects | The JavaFX Robot object allows code to generate native-level mouse and keyboard events as well as read the screen. It could allow malicious code to control the system, run other programs, read the display, and deny mouse and keyboard access to the user. |
createTransparentWindow | Creating transparent windows | Transparent windows are not limited to a rectangular region that
obscures what is underneath the window.
This can make it difficult to distinguish parts of the window
from other application windows or the platform desktop, and can be used
to allow a malicious application to trick a user into entering
sensitive data, especially in conjunction with either
setWindowAlwaysOnTop or unrestrictedFullScreen . |
loadFont | Loading a custom font, either via the
Font.loadFont(java.lang.String, double) method or a jar file containing
embedded fonts listed in the jar manifest |
Loading a custom font might allow a malicious application to provide a malformed font. Such a font could crash the application, allowing the malicious application to take control of the system, if there are any bugs in the underlying platform font implementation. |
modifyFXMLClassLoader | Setting the ClassLoader used to load FXML objects, and removing the restriction against loading system classes | Allowing an application to set an arbitrary ClassLoader might enable a malicious application to load classes with elevated permissions. Also removing the restriction against loading system classes with a null ClassLoader, might allow the application access to classes they would otherwise be denied from accessing. |
setWindowAlwaysOnTop | Setting the always-on-top property of a window:
Stage.setAlwaysOnTop(boolean) |
The malicious window might make itself look and behave like the
platform desktop, so that information entered by the unsuspecting user
is captured and subsequently misused,
especially in conjunction with the createTransparentWindow
permission. |
unrestrictedFullScreen | Allow unrestricted full-screen access, including keyboard events and warning banner | This permission allows an application to enter full-screen mode at any
time, override the warning banner, and disable the function of
the ESC key to exit from full-screen mode.
All keyboard input will be delivered to the application while in
full-screen mode, rather than being limited to KEY_PRESSED and
KEY_RELEASED events for a subset of keys. See
Stage.setFullScreen(boolean) .
This could allow a malicious window to
look and behave like the platform desktop, so that information entered
by the unsuspecting user is captured and subsequently misused,
especially in conjunction with the createTransparentWindow
permission. |
- Since:
- 9
- See Also:
BasicPermission
,Permission
,Permissions
,PermissionCollection
,SecurityManager
, Serialized Form
-
Constructor Summary
Constructors Constructor Description FXPermission(String name)
Creates a newFXPermission
with the specified name. -
Method Summary
Methods inherited from class java.security.BasicPermission
equals, getActions, hashCode, implies, newPermissionCollection
Methods inherited from class java.security.Permission
checkGuard, getName, toString
-
Constructor Details
-
FXPermission
Creates a newFXPermission
with the specified name. The name is the symbolic name of theFXPermission
, such as "accessClipboard", "createTransparentWindow ", etc. An asterisk may be used to indicate all JavaFX permissions.- Parameters:
name
- the name of the FXPermission- Throws:
NullPointerException
- ifname
isnull
.IllegalArgumentException
- ifname
is empty.
-