API REVIEW: RT-23888, Make PopupFeatures and PromptData final

John Hendrikx hjohn at xs4all.nl
Sat Sep 1 11:02:40 PDT 2012 

On 1/09/2012 00:51, Richard Bair wrote:
>> I agree with the other guys that final classes are annoying for us, but if they are needed to make things better then so be it.
>>
>> I think the emotive responses might be a result of us not knowing/understanding the benefits of the final usage and therefore only being able to assess it by its negative aspects.
>>
>>> The security problem with non-final classes has to do with attacks related to hacking finalizers, equals, hash code, and serialization from a sub class.
>> Can you elaborate on this? Let's say I was a malicious, Hollywood-style hacker. What kind of damage could I do and how would I do that damage via some non-final class (the 'animation' ones for example caused me much grief by being final).
> http://www.oracle.com/technetwork/java/seccodeguide-139067.html
>
> And now that you have this power, please use it for good and help us find security bugs before they hit the net. BTW, if you do find such a bug, email me privately before publicizing to the world ;-).
>
> Richard
I haven't read this yet, although I will.

However, these security issues only apply to JavaFX apps running inside 
a browser.  And although I think it is very cool that they can run in a 
browser, it is not in the least a concern of mine as I am not targetting 
the browser (so messages like "press escape to exit full screen" are 
kinda superfluous for me :)).

The final keyword however cannot be turned off by disabling the security 
manager, and so I'm wondering if perhaps classes that are dangerous to 
subclass in a "secure" environment could not simply check if they are 
being subclassed in their constructors and throw the usual 
SecurityException if so.

Something like:

public MyWannabeFinalSecureClass {
   public MyWannabeFinalSecureClass() {
      if(!getClass().equals(MyWannabeFinalSecureClass.class) && 
!Platform.checkSubclassingAllowed()) {
         // Safe because getClass() is final.
         throw new JavaFXSecurityException();
      }

     // Otherwise, subclass away...
   }
}

Of course, this being my first venture into Java Security Managers, I 
could be totally off :)

--John

More information about the openjfx-dev mailing list