< prev index next >

src/java.desktop/share/classes/java/awt/AWTPermission.java

Print this page




  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.awt;
  27 
  28 import java.security.BasicPermission;
  29 
  30 /**
  31  * This class is for AWT permissions.
  32  * An <code>AWTPermission</code> contains a target name but
  33  * no actions list; you either have the named permission
  34  * or you don't.
  35  *
  36  * <P>
  37  * The target name is the name of the AWT permission (see below). The naming
  38  * convention follows the hierarchical property naming convention.
  39  * Also, an asterisk could be used to represent all AWT permissions.
  40  *
  41  * <P>
  42  * The following table lists all the possible <code>AWTPermission</code>
  43  * target names, and for each provides a description of what the
  44  * permission allows and a discussion of the risks of granting code
  45  * the permission.
  46  *
  47  * <table border=1 cellpadding=5 summary="AWTPermission target names, descriptions, and associated risks.">
  48  * <tr>
  49  * <th>Permission Target Name</th>
  50  * <th>What the Permission Allows</th>
  51  * <th>Risks of Allowing this Permission</th>
  52  * </tr>
  53  *
  54  * <tr>
  55  *   <td>accessClipboard</td>
  56  *   <td>Posting and retrieval of information to and from the AWT clipboard</td>
  57  *   <td>This would allow malfeasant code to share
  58  * potentially sensitive or confidential information.</td>
  59  * </tr>
  60  *
  61  * <tr>
  62  *   <td>accessEventQueue</td>


 108  *   <td>After adding an AWT event listener,
 109  * malicious code may scan all AWT events dispatched in the system,
 110  * allowing it to read all user input (such as passwords).  Each
 111  * AWT event listener is called from within the context of that
 112  * event queue's EventDispatchThread, so if the accessEventQueue
 113  * permission is also enabled, malicious code could modify the
 114  * contents of AWT event queues system-wide, causing the application
 115  * or applet to misbehave in an insecure manner.</td>
 116  * </tr>
 117  *
 118  * <tr>
 119  *   <td>readDisplayPixels</td>
 120  *   <td>Readback of pixels from the display screen</td>
 121  *   <td>Interfaces such as the java.awt.Composite interface or the
 122  * java.awt.Robot class allow arbitrary code to examine pixels on the
 123  * display enable malicious code to snoop on the activities of the user.</td>
 124  * </tr>
 125  *
 126  * <tr>
 127  *   <td>replaceKeyboardFocusManager</td>
 128  *   <td>Sets the <code>KeyboardFocusManager</code> for
 129  *       a particular thread.
 130  *   <td>When <code>SecurityManager</code> is installed, the invoking
 131  *       thread must be granted this permission in order to replace
 132  *       the current <code>KeyboardFocusManager</code>.  If permission
 133  *       is not granted, a <code>SecurityException</code> will be thrown.
 134  * </tr>
 135  *
 136  * <tr>
 137  *   <td>setAppletStub</td>
 138  *   <td>Setting the stub which implements Applet container services</td>
 139  *   <td>Malicious code could set an applet's stub and result in unexpected
 140  * behavior or denial of service to an applet.</td>
 141  * </tr>
 142  *
 143  * <tr>
 144  *   <td>setWindowAlwaysOnTop</td>
 145  *   <td>Setting always-on-top property of the window: {@link Window#setAlwaysOnTop}</td>
 146  *   <td>The malicious window might make itself look and behave like a real full desktop, so that
 147  * information entered by the unsuspecting user is captured and subsequently misused </td>
 148  * </tr>
 149  *
 150  * <tr>
 151  *   <td>showWindowWithoutWarningBanner</td>
 152  *   <td>Display of a window without also displaying a banner warning
 153  * that the window was created by an applet</td>


 184  * </tr>
 185  * </table>
 186  *
 187  * @see java.security.BasicPermission
 188  * @see java.security.Permission
 189  * @see java.security.Permissions
 190  * @see java.security.PermissionCollection
 191  * @see java.lang.SecurityManager
 192  *
 193  *
 194  * @author Marianne Mueller
 195  * @author Roland Schemers
 196  */
 197 
 198 public final class AWTPermission extends BasicPermission {
 199 
 200     /** use serialVersionUID from the Java 2 platform for interoperability */
 201     private static final long serialVersionUID = 8890392402588814465L;
 202 
 203     /**
 204      * Creates a new <code>AWTPermission</code> with the specified name.
 205      * The name is the symbolic name of the <code>AWTPermission</code>,
 206      * such as "topLevelWindow", "systemClipboard", etc. An asterisk
 207      * may be used to indicate all AWT permissions.
 208      *
 209      * @param name the name of the AWTPermission
 210      *
 211      * @throws NullPointerException if <code>name</code> is <code>null</code>.
 212      * @throws IllegalArgumentException if <code>name</code> is empty.
 213      */
 214 
 215     public AWTPermission(String name)
 216     {
 217         super(name);
 218     }
 219 
 220     /**
 221      * Creates a new <code>AWTPermission</code> object with the specified name.
 222      * The name is the symbolic name of the <code>AWTPermission</code>, and the
 223      * actions string is currently unused and should be <code>null</code>.
 224      *
 225      * @param name the name of the <code>AWTPermission</code>
 226      * @param actions should be <code>null</code>
 227      *
 228      * @throws NullPointerException if <code>name</code> is <code>null</code>.
 229      * @throws IllegalArgumentException if <code>name</code> is empty.
 230      */
 231 
 232     public AWTPermission(String name, String actions)
 233     {
 234         super(name, actions);
 235     }
 236 }


  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package java.awt;
  27 
  28 import java.security.BasicPermission;
  29 
  30 /**
  31  * This class is for AWT permissions.
  32  * An {@code AWTPermission} contains a target name but
  33  * no actions list; you either have the named permission
  34  * or you don't.
  35  *
  36  * <P>
  37  * The target name is the name of the AWT permission (see below). The naming
  38  * convention follows the hierarchical property naming convention.
  39  * Also, an asterisk could be used to represent all AWT permissions.
  40  *
  41  * <P>
  42  * The following table lists all the possible {@code AWTPermission}
  43  * target names, and for each provides a description of what the
  44  * permission allows and a discussion of the risks of granting code
  45  * the permission.
  46  *
  47  * <table border=1 cellpadding=5 summary="AWTPermission target names, descriptions, and associated risks.">
  48  * <tr>
  49  * <th>Permission Target Name</th>
  50  * <th>What the Permission Allows</th>
  51  * <th>Risks of Allowing this Permission</th>
  52  * </tr>
  53  *
  54  * <tr>
  55  *   <td>accessClipboard</td>
  56  *   <td>Posting and retrieval of information to and from the AWT clipboard</td>
  57  *   <td>This would allow malfeasant code to share
  58  * potentially sensitive or confidential information.</td>
  59  * </tr>
  60  *
  61  * <tr>
  62  *   <td>accessEventQueue</td>


 108  *   <td>After adding an AWT event listener,
 109  * malicious code may scan all AWT events dispatched in the system,
 110  * allowing it to read all user input (such as passwords).  Each
 111  * AWT event listener is called from within the context of that
 112  * event queue's EventDispatchThread, so if the accessEventQueue
 113  * permission is also enabled, malicious code could modify the
 114  * contents of AWT event queues system-wide, causing the application
 115  * or applet to misbehave in an insecure manner.</td>
 116  * </tr>
 117  *
 118  * <tr>
 119  *   <td>readDisplayPixels</td>
 120  *   <td>Readback of pixels from the display screen</td>
 121  *   <td>Interfaces such as the java.awt.Composite interface or the
 122  * java.awt.Robot class allow arbitrary code to examine pixels on the
 123  * display enable malicious code to snoop on the activities of the user.</td>
 124  * </tr>
 125  *
 126  * <tr>
 127  *   <td>replaceKeyboardFocusManager</td>
 128  *   <td>Sets the {@code KeyboardFocusManager} for
 129  *       a particular thread.
 130  *   <td>When {@code SecurityManager} is installed, the invoking
 131  *       thread must be granted this permission in order to replace
 132  *       the current {@code KeyboardFocusManager}.  If permission
 133  *       is not granted, a {@code SecurityException} will be thrown.
 134  * </tr>
 135  *
 136  * <tr>
 137  *   <td>setAppletStub</td>
 138  *   <td>Setting the stub which implements Applet container services</td>
 139  *   <td>Malicious code could set an applet's stub and result in unexpected
 140  * behavior or denial of service to an applet.</td>
 141  * </tr>
 142  *
 143  * <tr>
 144  *   <td>setWindowAlwaysOnTop</td>
 145  *   <td>Setting always-on-top property of the window: {@link Window#setAlwaysOnTop}</td>
 146  *   <td>The malicious window might make itself look and behave like a real full desktop, so that
 147  * information entered by the unsuspecting user is captured and subsequently misused </td>
 148  * </tr>
 149  *
 150  * <tr>
 151  *   <td>showWindowWithoutWarningBanner</td>
 152  *   <td>Display of a window without also displaying a banner warning
 153  * that the window was created by an applet</td>


 184  * </tr>
 185  * </table>
 186  *
 187  * @see java.security.BasicPermission
 188  * @see java.security.Permission
 189  * @see java.security.Permissions
 190  * @see java.security.PermissionCollection
 191  * @see java.lang.SecurityManager
 192  *
 193  *
 194  * @author Marianne Mueller
 195  * @author Roland Schemers
 196  */
 197 
 198 public final class AWTPermission extends BasicPermission {
 199 
 200     /** use serialVersionUID from the Java 2 platform for interoperability */
 201     private static final long serialVersionUID = 8890392402588814465L;
 202 
 203     /**
 204      * Creates a new {@code AWTPermission} with the specified name.
 205      * The name is the symbolic name of the {@code AWTPermission},
 206      * such as "topLevelWindow", "systemClipboard", etc. An asterisk
 207      * may be used to indicate all AWT permissions.
 208      *
 209      * @param name the name of the AWTPermission
 210      *
 211      * @throws NullPointerException if {@code name} is {@code null}.
 212      * @throws IllegalArgumentException if {@code name} is empty.
 213      */
 214 
 215     public AWTPermission(String name)
 216     {
 217         super(name);
 218     }
 219 
 220     /**
 221      * Creates a new {@code AWTPermission} object with the specified name.
 222      * The name is the symbolic name of the {@code AWTPermission}, and the
 223      * actions string is currently unused and should be {@code null}.
 224      *
 225      * @param name the name of the {@code AWTPermission}
 226      * @param actions should be {@code null}
 227      *
 228      * @throws NullPointerException if {@code name} is {@code null}.
 229      * @throws IllegalArgumentException if {@code name} is empty.
 230      */
 231 
 232     public AWTPermission(String name, String actions)
 233     {
 234         super(name, actions);
 235     }
 236 }
< prev index next >