Module  javafx.base
软件包  javafx.util

Class FXPermission

  • All Implemented Interfaces:
    SerializableGuard


    public final class FXPermission
    extends BasicPermission
    此类用于JavaFX权限。 一个FXPermission包含目标名称,但没有操作列表; 你有指定的权限,或者你没有。

    目标名称是JavaFX权限的名称(见下文)。 命名约定遵循层次化属性命名约定。 此外,星号可用于表示所有JavaFX权限。

    下表列出了所有可能的FXPermission目标名称,每个都提供了许可允许的描述以及授权许可的风险的讨论。

    FXPermission Table Permission Target Name What the Permission Allows Risks of Allowing this Permission accessClipboard Posting and retrieval of information to and from the system clipboard This would allow a malicious application to share or read potentially sensitive or confidential information. accessWindowList Accessing the list of all JavaFX Windows Providing access to the complete list of all JavaFX windows could give a malicious application the ability to modify a security dialog. createRobot Creating JavaFX Robot objects The JavaFX Robot object allows code to generate native-level mouse and keyboard events as well as read the screen. It could allow malicious code to control the system, run other programs, read the display, and deny mouse and keyboard access to the user. createTransparentWindow Creating transparent windows Transparent windows are not limited to a rectangular region that obscures what is underneath the window. This can make it difficult to distinguish parts of the window from other application windows or the platform desktop, and can be used to allow a malicious application to trick a user into entering sensitive data, especially in conjunction with either setWindowAlwaysOnTop or unrestrictedFullScreen. loadFont Loading a custom font, either via the Font.loadFont(java.lang.String, double) method or a jar file containing embedded fonts listed in the jar manifest Loading a custom font might allow a malicious application to provide a malformed font. Such a font could crash the application, allowing the malicious application to take control of the system, if there are any bugs in the underlying platform font implementation. modifyFXMLClassLoader Setting the ClassLoader used to load FXML objects, and removing the restriction against loading system classes Allowing an application to set an arbitrary ClassLoader might enable a malicious application to load classes with elevated permissions. Also removing the restriction against loading system classes with a null ClassLoader, might allow the application access to classes they would otherwise be denied from accessing. setWindowAlwaysOnTop Setting the always-on-top property of a window: Stage.setAlwaysOnTop(boolean) The malicious window might make itself look and behave like the platform desktop, so that information entered by the unsuspecting user is captured and subsequently misused, especially in conjunction with the createTransparentWindow permission. unrestrictedFullScreen Allow unrestricted full-screen access, including keyboard events and warning banner This permission allows an application to enter full-screen mode at any time, override the warning banner, and disable the function of the ESC key to exit from full-screen mode. All keyboard input will be delivered to the application while in full-screen mode, rather than being limited to KEY_PRESSED and KEY_RELEASED events for a subset of keys. See Stage.setFullScreen(boolean). This could allow a malicious window to look and behave like the platform desktop, so that information entered by the unsuspecting user is captured and subsequently misused, especially in conjunction with the createTransparentWindow permission.
    从以下版本开始:
    9
    另请参见:
    BasicPermissionPermissionPermissionsPermissionCollectionSecurityManagerSerialized Form
    • 构造方法详细信息

      • FXPermission

        public FXPermission​(String name)
        创建一个具有指定名称的新的FXPermission 该名称是FXPermission的符号名称,例如“accessClipboard”,“createTransparentWindow”等。星号可用于指示所有JavaFX权限。
        参数
        name - name的名称
        异常
        NullPointerException - 如果 namenull
        IllegalArgumentException - 如果 name为空。