Module javafx.base
Package javafx.util

Class FXPermission

  • All Implemented Interfaces:
    Serializable, Guard

    public final class FXPermission
    extends BasicPermission
    This class is for JavaFX permissions. An FXPermission contains a target name but no actions list; you either have the named permission or you don't.

    The target name is the name of the JavaFX permission (see below). The naming convention follows the hierarchical property naming convention. Also, an asterisk can be used to represent all JavaFX permissions.

    The following table lists all the possible FXPermission target names, and for each provides a description of what the permission allows and a discussion of the risks of granting code the permission.

    FXPermission Table
    Permission Target Name What the Permission Allows Risks of Allowing this Permission
    accessClipboard Posting and retrieval of information to and from the system clipboard This would allow a malicious application to share or read potentially sensitive or confidential information.
    accessWindowList Accessing the list of all JavaFX Windows Providing access to the complete list of all JavaFX windows could give a malicious application the ability to modify a security dialog.
    createRobot Creating JavaFX Robot objects The JavaFX Robot object allows code to generate native-level mouse and keyboard events as well as read the screen. It could allow malicious code to control the system, run other programs, read the display, and deny mouse and keyboard access to the user.
    createTransparentWindow Creating transparent windows Transparent windows are not limited to a rectangular region that obscures what is underneath the window. This can make it difficult to distinguish parts of the window from other application windows or the platform desktop, and can be used to allow a malicious application to trick a user into entering sensitive data, especially in conjunction with either setWindowAlwaysOnTop or unrestrictedFullScreen.
    loadFont Loading a custom font, either via the Font.loadFont(java.lang.String, double) method or a jar file containing embedded fonts listed in the jar manifest Loading a custom font might allow a malicious application to provide a malformed font. Such a font could crash the application, allowing the malicious application to take control of the system, if there are any bugs in the underlying platform font implementation.
    modifyFXMLClassLoader Setting the ClassLoader used to load FXML objects, and removing the restriction against loading system classes Allowing an application to set an arbitrary ClassLoader might enable a malicious application to load classes with elevated permissions. Also removing the restriction against loading system classes with a null ClassLoader, might allow the application access to classes they would otherwise be denied from accessing.
    setWindowAlwaysOnTop Setting the always-on-top property of a window: Stage.setAlwaysOnTop(boolean) The malicious window might make itself look and behave like the platform desktop, so that information entered by the unsuspecting user is captured and subsequently misused, especially in conjunction with the createTransparentWindow permission.
    unrestrictedFullScreen Allow unrestricted full-screen access, including keyboard events and warning banner This permission allows an application to enter full-screen mode at any time, override the warning banner, and disable the function of the ESC key to exit from full-screen mode. All keyboard input will be delivered to the application while in full-screen mode, rather than being limited to KEY_PRESSED and KEY_RELEASED events for a subset of keys. See Stage.setFullScreen(boolean). This could allow a malicious window to look and behave like the platform desktop, so that information entered by the unsuspecting user is captured and subsequently misused, especially in conjunction with the createTransparentWindow permission.
    Since:
    9
    See Also:
    BasicPermission, Permission, Permissions, PermissionCollection, SecurityManager, Serialized Form
    • Constructor Detail

      • FXPermission

        public FXPermission​(String name)
        Creates a new FXPermission with the specified name. The name is the symbolic name of the FXPermission, such as "accessClipboard", "createTransparentWindow ", etc. An asterisk may be used to indicate all JavaFX permissions.
        Parameters:
        name - the name of the FXPermission
        Throws:
        NullPointerException - if name is null.
        IllegalArgumentException - if name is empty.