top of page

Java Swing Books PDF 11: Tips and Tricks for Creating Professional-Looking GUIs with Java

The IDE creates the ContactEditorUI form and the ContactEditorUI class within the application and opens the ContactEditorUI form in the GUI Builder. Notice that the my.contacteditor package replaces the default package.

java swing books pdf 11

Java Swing tutorial is a part of Java Foundation Classes (JFC) that is used to create window-based applications. It is built on the top of AWT (Abstract Windowing Toolkit) API and entirely written in java.

This book covers the classes that comprise the java.awt, java.awt.image, java.applet, java.awt.event, andjava.awt.datatransfer packages. These classes provide the functionality that allows a Java application to provide user interaction in a graphical environment. Part of O'Reilly's Java documentation series, the Java AWT Reference takes you beyond what you'd expect from a standard reference manual.

The Java security mechanism can also be used to implement the principle of least privilege, although it does not provide protection as strong as lower-level mechanisms. This can be implemented statically by restricting permissions through policy files and dynamically with the use of the mechanism (see Section 9). Note that when taking this approach, the security manager should be installed as early as possible (ideally from the command-line). Delaying installation may result in security-sensitive operations being performed before the security manager is in place, which could reduce the effectiveness of security checks or cause objects to be created with excessive permissions.

The checkIndex, checkFromToIndex, and checkFromIndexSize methods from the java.util.Objects class (available in Java 9 and later) can also be used to avoid integer overflows when performing range and bounds checks. These methods throw an IndexOutOfBoundsException if the index or sub-range being checked is out of bounds. The following code from demonstrates this:

As of Java SE 8, the java.lang.Math class also contains methods for various operations (addExact, multiplyExact, decrementExact, etc.) that throw an ArithmeticException if the result overflows the given type.

Exception objects may convey sensitive information. For example, if a method calls the constructor to read an underlying configuration file and that file is not present, a containing the file path is thrown. Propagating this exception back to the method caller exposes the layout of the file system. Many forms of attack require knowing or guessing locations of files.

For parameterized SQL statements using Java Database Connectivity (JDBC), use java.sql.PreparedStatement or java.sql.CallableStatement instead of java.sql.Statement. In general, it is better to use a well-written, higher-level library to insulate application code from SQL. When using such a library, it is not necessary to limit characters such as quote ('). If text destined for XML/HTML is handled correctly during output (Guideline 3-3), then it is unnecessary to disallow characters such as less than (

Some apparently global objects are actually local to applet1 or application contexts. Applets loaded from different web sites will have different values returned from, for example, java.awt.Frame.getFrames. Such static methods (and methods on true globals) use information from the current thread and the class loaders of code on the stack to determine which is the current context. This prevents malicious applets from interfering with applets from other sites.

Malicious subclasses that override the Object.finalize2 method can resurrect objects even if an exception was thrown from the constructor. Low-level classes with constructors explicitly throwing a are likely to have security issues. From JDK6 on, an exception thrown before the java.lang.Object constructor exits which prevents the finalizer from being called. Therefore, if subclassing is allowed and security checks must be performed to construct an object, perform the check before calling the super constructor. This can be done by inserting a method call as an argument to an alternative (this) constructor invocation.

When confirming an object's class type by examining the java.lang.Class instance belonging to that object, do not compare Class instances solely using class names (acquired via Class.getName), because instances are scoped both by their class name as well as the class loader that defined the class.

The class extends from java.util.Properties, and Properties extends from java.util.Hashtable. In this hierarchy, the Provider class inherits certain methods from Hashtable, including put and remove. Provider.put maps a cryptographic algorithm name, like RSA, to a class that implements that algorithm. To prevent malicious code from affecting its internal mappings, Provider overrides put and remove to enforce the necessary SecurityManager checks.

Malicious subclasses may implement java.lang.Cloneable. Implementing this interface affects the behavior of the subclass. A clone of a victim object may be made. The clone will be a shallow copy. The intrinsic lock and fields of the two objects will be different, but referenced objects will be the same. This allows an adversary to confuse the state of instances of the attacked class.

The examples in this section use java.util.Date extensively as it is an example of a mutable API class. In an application, it would be preferable to use the new Java Date and Time API (java.time.*) which has been designed to be immutable.

In rare cases it may be safe to call a copy method on the instance itself. For instance, is mutable but final and provides a public clone method for acquiring copies of its instances.

It is safe to call HttpCookie.clone because it cannot be overridden with an unsafe or malicious implementation. Date also provides a public clone method, but because the method is overrideable it can be trusted only if the Date object is from a trusted source. Some classes, such as, are subclassable even though they appear to be immutable.

The java.lang.Cloneable mechanism is problematic and should not be used. Implementing classes must explicitly copy all mutable fields which is highly error-prone. Copied fields may not be final. The clone object may become available before field copying has completed, possibly at some intermediate stage. In non-final classes Object.clone will make a new instance of the potentially unsafe or malicious subclass. Implementing Cloneable is an implementation detail, but appears in the public interface of the class.

Note that the of/ofEntries API methods return an unmodifiable collection, whereas the Collections.unmodifiable... API methods (unmodifiableCollection(), unmodifiableList(), unmodifiableMap(), etc.) return an unmodifiable view to a collection. While the collection cannot be modified via the unmodifiable view, the underlying collection may still be modified via a direct reference to it. However, the collections returned by the of/ofEntries API methods are in fact unmodifiable. See the java.util.Collections API documentation for a complete list of methods that return unmodifiable views to collections.

Arrays exposed via public variables or get methods can introduce similar issues. For those cases, a copy of the internal array (created using clone(), java.util.Arrays.copyOf(), etc.) should be exposed instead. java.util.Arrays.asList() should not be used for exposing an internal array, as this method creates a copy backed by the array, allowing two-way modification of the contents.

Constructors that call overridable methods give attackers a reference to this (the object being constructed) before the object has been fully initialized. Likewise, clone, readObject, or readObjectNoData methods that call overridable methods may do the same. The readObject methods will usually call, which is an overridable method.

A non-final class may be subclassed by a class that also implements java.lang.Cloneable. The result is that the base class can be unexpectedly cloned, although only for instances created by an adversary. The clone will be a shallow copy. The twins will share referenced objects but have different fields and separate intrinsic locks. The "pointer to implementation" approach detailed in Guideline 7-3 provides a good defense.

Security-sensitive serializable classes should ensure that object field types are final classes, or do special validation to ensure exact types when deserializing. Otherwise attacker code may populate the fields with malicious subclasses which behave in unexpected ways. For example, if a class has a field of type java.util.List, an attacker may populate the field with an implementation which returns inconsistent data.

Serialization with full permissions allows permission checks in writeObject methods to be circumvented. For instance, checks the guard before serializing the target object. With full permissions, this guard can be circumvented and the data from the object (although not the object itself) made available to the attacker.

Certain standard APIs in the core libraries of the Java runtime enforce SecurityManager checks but allow those checks to be bypassed depending on the immediate caller's class loader. When the java.lang.Class.newInstance method is invoked on a Class object, for example, the immediate caller's class loader is compared to the Class object's class loader. If the caller's class loader is an ancestor of (or the same as) the Class object's class loader, the newInstance method bypasses a SecurityManager check. (See Section 4.3.2 in [1] for information on class loader relationships). Otherwise, the relevant SecurityManager check is enforced.

Code may also call standard APIs (primarily in the java.lang.reflect package) to reflectively access fields or methods in another object. The following reflection-based APIs mirror the language checks that are enforced by the virtual machine: 2ff7e9595c

1 view0 comments

Recent Posts

See All


bottom of page