those system−level resources. Table 4−5. Security Manager Protections of System Resources Method Called By Rationale checkPrintJobAccess Toolkit.getPrintJob Untrusted classes cant initiate print jobs. checkSystemClipboardAccess Toolkit.getSystemClipboard Untrusted classes cant read the system clipboard. checkAwtEventQueueAccess EventQueue.getEventQueue Untrusted classes cant manipulate window events. checkPropertiesAccess System.getProperties System.setProperties Untrusted classes cant see or set system properties. checkPropertyAccess System.getProperty Untrusted classes cant get a particular system property. checkPropertyAccess Locale.setDefault Cant change the locale unless the user.language property can be read. 68 checkPropertyAccess Font.getFont Cant get a font unless its property can be read. checkTopLevelWindow Window Windows created by untrusted classes should have an indentifying banner. public void checkPrintJobAccess Untrusted classes are not allowed access to the users printer. This is another example of a nuisance protection; you wouldnt want a rogue applet sending reams of nonsense data to your printer. This method is never actually called by the standard Java API −− its up to the platform−specific implementation of the AWT toolkit to call it. Note this doesnt prevent the user from initiating a print action from the browser −− it only prevents an applet from initiating the print action. The utility of such a check is subtle: the user always has to confirm the print dialog box before anything is actually printed at least with the popular implementations of the AWT toolkit. The only sort of scenario that this check prevents is this: the user could surf to www.EvilSite.org and then to www.sun.com; although the applets from EvilSite are no longer on the current page, theyre still active, and one of them could pop up the print dialog. The user will associate the dialog with the www.sun.com page and presumably allow it to print −− and when the EvilSite applet then prints out offensive material, the user will blame the Sun page. In order to succeed, the current protection domain must have an AWT permission with the name queuePrintJob . public void checkSystemClipboardAccess The Java virtual machine contains a system clipboard that can be used as a holder for copy−and−paste operations. Granting access to the clipboard to an untrusted class runs the risk that a class will come along, examine the clipboard, and find contents a previous program left there. Such contents might be sensitive data the new class should not be allowed to read; hence, untrusted classes are prevented from accessing the system clipboard. This restriction applies only to the system clipboard: an untrusted class can still create its own clipboard and perform its own copy−and−paste operations to that clipboard. Untrusted classes can also share non−system clipboards between them. This method is also never actually called by the Java API; its up to the platform−specific implementation of the AWT toolkit to call it. To succeed, the current protection domain must have an AWT permission of accessClipboard . public void checkAwtEventQueueAccess Similarly, the Java virtual machine contains a system event queue that holds all pending AWT events for the system. An untrusted class that had access to such a queue would be able to delete events from the queue or insert events into the queue. This protects against the same sort of scenario we saw for printing −− an applet on a previously visited page could insert events into the queue which would then be fed to an applet on the existing page. Chapter 4. The Security Manager