KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > java > awt > AWTPermission


1 /*
2  * @(#)AWTPermission.java 1.28 04/04/21
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package java.awt;
9
10 import java.security.BasicPermission JavaDoc;
11
12 /**
13  * This class is for AWT permissions.
14  * An <code>AWTPermission</code> contains a target name but
15  * no actions list; you either have the named permission
16  * or you don't.
17  *
18  * <P>
19  * The target name is the name of the AWT permission (see below). The naming
20  * convention follows the hierarchical property naming convention.
21  * Also, an asterisk could be used to represent all AWT permissions.
22  *
23  * <P>
24  * The following table lists all the possible <code>AWTPermission</code>
25  * target names, and for each provides a description of what the
26  * permission allows and a discussion of the risks of granting code
27  * the permission.
28  * <P>
29  *
30  * <table border=1 cellpadding=5 summary="AWTPermission target names, descriptions, and associated risks.">
31  * <tr>
32  * <th>Permission Target Name</th>
33  * <th>What the Permission Allows</th>
34  * <th>Risks of Allowing this Permission</th>
35  * </tr>
36  *
37  * <tr>
38  * <td>accessClipboard</td>
39  * <td>Posting and retrieval of information to and from the AWT clipboard</td>
40  * <td>This would allow malfeasant code to share
41  * potentially sensitive or confidential information.</td>
42  * </tr>
43  *
44  * <tr>
45  * <td>accessEventQueue</td>
46  * <td>Access to the AWT event queue</td>
47  * <td>After retrieving the AWT event queue,
48  * malicious code may peek at and even remove existing events
49  * from its event queue, as well as post bogus events which may purposefully
50  * cause the application or applet to misbehave in an insecure manner.</td>
51  * </tr>
52  *
53  * <tr>
54  * <td>createRobot</td>
55  * <td>Create java.awt.Robot objects</td>
56  * <td>The java.awt.Robot object allows code to generate native-level
57  * mouse and keyboard events as well as read the screen. It could allow
58  * malicious code to control the system, run other programs, read the
59  * display, and deny mouse and keyboard access to the user.</td>
60  * </tr>
61  *
62  * <tr>
63  * <td>fullScreenExclusive</td>
64  * <td>Enter full-screen exclusive mode</td>
65  * <td>Entering full-screen exclusive mode allows direct access to
66  * low-level graphics card memory. This could be used to spoof the
67  * system, since the program is in direct control of rendering.</td>
68  * </tr>
69  *
70  * <tr>
71  * <td>listenToAllAWTEvents</td>
72  * <td>Listen to all AWT events, system-wide</td>
73  * <td>After adding an AWT event listener,
74  * malicious code may scan all AWT events dispatched in the system,
75  * allowing it to read all user input (such as passwords). Each
76  * AWT event listener is called from within the context of that
77  * event queue's EventDispatchThread, so if the accessEventQueue
78  * permission is also enabled, malicious code could modify the
79  * contents of AWT event queues system-wide, causing the application
80  * or applet to misbehave in an insecure manner.</td>
81  * </tr>
82  *
83  * <tr>
84  * <td>readDisplayPixels</td>
85  * <td>Readback of pixels from the display screen</td>
86  * <td>Interfaces such as the java.awt.Composite interface or the
87  * java.awt.Robot class allow arbitrary code to examine pixels on the
88  * display enable malicious code to snoop on the activities of the user.</td>
89  * </tr>
90  *
91  * <tr>
92  * <td>replaceKeyboardFocusManager</td>
93  * <td>Sets the <code>KeyboardFocusManager</code> for
94  * a particular thread.
95  * <td>When <code>SecurityManager</code> is installed, the invoking
96  * thread must be granted this permission in order to replace
97  * the current <code>KeyboardFocusManager</code>. If permission
98  * is not granted, a <code>SecurityException</code> will be thrown.
99  * </tr>
100  *
101  * <tr>
102  * <td>showWindowWithoutWarningBanner</td>
103  * <td>Display of a window without also displaying a banner warning
104  * that the window was created by an applet</td>
105  * <td>Without this warning,
106  * an applet may pop up windows without the user knowing that they
107  * belong to an applet. Since users may make security-sensitive
108  * decisions based on whether or not the window belongs to an applet
109  * (entering a username and password into a dialog box, for example),
110  * disabling this warning banner may allow applets to trick the user
111  * into entering such information.</td>
112  * </tr>
113  *
114  * <tr>
115  * <td>watchMousePointer</td>
116  * <td>Getting the information about the mouse pointer position at any
117  * time</td>
118  * <td>Constantly watching the mouse pointer,
119  * an applet can make guesses about what the user is doing, i.e. moving
120  * the mouse to the lower left corner of the screen most likely means that
121  * the user is about to launch an application. If a virtual keypad is used
122  * so that keyboard is emulated using the mouse, an applet may guess what
123  * is being typed.</td>
124  * </tr>
125  *
126  * <tr>
127  * <td>setWindowAlwaysOnTop</td>
128  * <td>Setting always-on-top property of the window: {@link Window#setAlwaysOnTop}</td>
129  * <td>The malicious window might make itself look and behave like a real full desktop, so that
130  * information entered by the unsuspecting user is captured and subsequently misused </td>
131  * </tr>
132  *
133  * <tr>
134  * <td>setAppletStub</td>
135  * <td>Setting the stub which implements Applet container services</td>
136  * <td>Malicious code could set an applet's stub and result in unexpected
137  * behavior or denial of service to an applet.</td>
138  * </tr>
139  * </table>
140  *
141  * @see java.security.BasicPermission
142  * @see java.security.Permission
143  * @see java.security.Permissions
144  * @see java.security.PermissionCollection
145  * @see java.lang.SecurityManager
146  *
147  * @version 1.28, 04/21/04
148  *
149  * @author Marianne Mueller
150  * @author Roland Schemers
151  */
152
153 public final class AWTPermission extends BasicPermission JavaDoc {
154
155     /** use serialVersionUID from the Java 2 platform for interoperability */
156     private static final long serialVersionUID = 8890392402588814465L;
157
158     /**
159      * Creates a new <code>AWTPermission</code> with the specified name.
160      * The name is the symbolic name of the <code>AWTPermission</code>,
161      * such as "topLevelWindow", "systemClipboard", etc. An asterisk
162      * may be used to indicate all AWT permissions.
163      *
164      * @param name the name of the AWTPermission
165      */
166
167     public AWTPermission(String JavaDoc name)
168     {
169     super(name);
170     }
171
172     /**
173      * Creates a new <code>AWTPermission</code> object with the specified name.
174      * The name is the symbolic name of the <code>AWTPermission</code>, and the
175      * actions string is currently unused and should be <code>null</code>.
176      *
177      * @param name the name of the <code>AWTPermission</code>
178      * @param actions should be <code>null</code>
179      */
180
181     public AWTPermission(String JavaDoc name, String JavaDoc actions)
182     {
183     super(name, actions);
184     }
185 }
186
Popular Tags