Module javafx.base

Package javafx.util

Class FXPermission

java.lang.Object

java.security.Permission

java.security.BasicPermission

javafx.util.FXPermission

All Implemented Interfaces:

Serializable, Guard

public final class FXPermission
extends BasicPermission

This class is for JavaFX permissions. An FXPermission contains a target name but no actions list; you either have the named permission or you don't.

The target name is the name of the JavaFX permission (see below). The naming convention follows the hierarchical property naming convention. Also, an asterisk can be used to represent all JavaFX permissions.

The following table lists all the possible FXPermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.

FXPermission Table

Permission Target Name	What the Permission Allows	Risks of Allowing this Permission
accessClipboard	Posting and retrieval of information to and from the system clipboard	This would allow a malicious application to share or read potentially sensitive or confidential information.
accessWindowList	Accessing the list of all JavaFX Windows	Providing access to the complete list of all JavaFX windows could give a malicious application the ability to modify a security dialog.
createRobot	Creating JavaFX Robot objects	The JavaFX Robot object allows code to generate native-level mouse and keyboard events as well as read the screen. It could allow malicious code to control the system, run other programs, read the display, and deny mouse and keyboard access to the user.
createTransparentWindow	Creating transparent windows	Transparent windows are not limited to a rectangular region that obscures what is underneath the window. This can make it difficult to distinguish parts of the window from other application windows or the platform desktop, and can be used to allow a malicious application to trick a user into entering sensitive data, especially in conjunction with either setWindowAlwaysOnTop or unrestrictedFullScreen.
loadFont	Loading a custom font, either via the Font.loadFont(java.lang.String, double) method or a jar file containing embedded fonts listed in the jar manifest	Loading a custom font might allow a malicious application to provide a malformed font. Such a font could crash the application, allowing the malicious application to take control of the system, if there are any bugs in the underlying platform font implementation.
modifyFXMLClassLoader	Setting the ClassLoader used to load FXML objects, and removing the restriction against loading system classes	Allowing an application to set an arbitrary ClassLoader might enable a malicious application to load classes with elevated permissions. Also removing the restriction against loading system classes with a null ClassLoader, might allow the application access to classes they would otherwise be denied from accessing.
setWindowAlwaysOnTop	Setting the always-on-top property of a window: Stage.setAlwaysOnTop(boolean)	The malicious window might make itself look and behave like the platform desktop, so that information entered by the unsuspecting user is captured and subsequently misused, especially in conjunction with the createTransparentWindow permission.
unrestrictedFullScreen	Allow unrestricted full-screen access, including keyboard events and warning banner	This permission allows an application to enter full-screen mode at any time, override the warning banner, and disable the function of the ESC key to exit from full-screen mode. All keyboard input will be delivered to the application while in full-screen mode, rather than being limited to KEY_PRESSED and KEY_RELEASED events for a subset of keys. See Stage.setFullScreen(boolean). This could allow a malicious window to look and behave like the platform desktop, so that information entered by the unsuspecting user is captured and subsequently misused, especially in conjunction with the createTransparentWindow permission.

Since:

9

See Also:

• BasicPermission
• Permission
• Permissions
• PermissionCollection
• SecurityManager
• Serialized Form

Constructor Summary

Constructors

Constructor	Description
FXPermission(String name)	Creates a new FXPermission with the specified name.

Method Summary

Methods declared in class java.security.BasicPermission

equals, getActions, hashCode, implies, newPermissionCollection

Methods declared in class java.security.Permission

checkGuard, getName, toString

Methods declared in class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

FXPermission

public FXPermission(String name)

Creates a new FXPermission with the specified name. The name is the symbolic name of the FXPermission, such as "accessClipboard", "createTransparentWindow ", etc. An asterisk may be used to indicate all JavaFX permissions.

Parameters:

name - the name of the FXPermission

Throws:

NullPointerException - if name is null.

IllegalArgumentException - if name is empty.