[jboss-cvs] JBossAS SVN: r88700 - projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue May 12 01:32:04 EDT 2009
Author: xhuang at jboss.com
Date: 2009-05-12 01:32:03 -0400 (Tue, 12 May 2009)
New Revision: 88700
Modified:
projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
Log:
update
Modified: projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
===================================================================
--- projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po 2009-05-12 05:31:10 UTC (rev 88699)
+++ projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po 2009-05-12 05:32:03 UTC (rev 88700)
@@ -9,8 +9,8 @@
"Project-Id-Version: J2EE_Security_On_JBOSS\n"
"Report-Msgid-Bugs-To: http://bugs.kde.org\n"
"POT-Creation-Date: 2009-01-20 02:37+0000\n"
-"PO-Revision-Date: 2009-05-11 17:06+1000\n"
-"Last-Translator: Xi HUANG\n"
+"PO-Revision-Date: 2009-05-12 15:02+1000\n"
+"Last-Translator: Xi HUANG <xhuang at redhat.com>\n"
"Language-Team: <en at li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
@@ -6187,9 +6187,9 @@
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1792
-#, fuzzy, no-c-format
+#, no-c-format
msgid "The client side standard JAAS configuration"
-msgstr "EJB 应用程序配置"
+msgstr "客户端的标准 JAAS 配置"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1793
@@ -6205,12 +6205,21 @@
" ;\n"
"};"
msgstr ""
+"srp {\n"
+" org.jboss.security.srp.jaas.SRPLoginModule required\n"
+" srpServerJndiName=\"srp-test/SRPServerInterface\"\n"
+" ;\n"
+" \n"
+" org.jboss.security.ClientLoginModule required\n"
+" password-stacking=\"useFirstPass\"\n"
+" ;\n"
+"};"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1794
-#, fuzzy, no-c-format
+#, no-c-format
msgid "The server side XMLLoginConfig configuration"
-msgstr "服务端配置"
+msgstr "服务端的 XMLLoginConfig 配置"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1795
@@ -6233,6 +6242,22 @@
" </authentication>\n"
"</application-policy>"
msgstr ""
+"<application-policy name=\"security-ex3\">\n"
+" <authentication>\n"
+" <login-module code=\"org.jboss.security.srp.jaas."
+"SRPCacheLoginModule\"\n"
+" flag = \"required\">\n"
+" <module-option name=\"cacheJndiName\">srp-test/"
+"AuthenticationCache</module-option>\n"
+" </login-module>\n"
+" <login-module code=\"org.jboss.security.auth.spi."
+"UsersRolesLoginModule\"\n"
+" flag = \"required\">\n"
+" <module-option name=\"password-stacking\">useFirstPass</"
+"module-option>\n"
+" </login-module>\n"
+" </authentication>\n"
+"</application-policy>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1796
@@ -6585,13 +6610,13 @@
#: J2EE_Security_On_JBOSS.xml:1922
#, no-c-format
msgid "Using SSL with JBoss"
-msgstr ""
+msgstr "在 JBoss 里使用 SSL"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1924
#, no-c-format
msgid "Adding SSL to EJB3"
-msgstr ""
+msgstr "为 EJB3 添加 SSL"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1925
@@ -6604,12 +6629,14 @@
"you must generate a keystore and then configure your beans to use SSL "
"transport."
msgstr ""
+"JBoss EJB3 缺省在端口 3878 使用一个基于套接字的调用者层。这是在 <filename> $JBOSS_HOME/server/<replaceable><serverconfig>"
+"</replaceable>/deploy/ejb3.deployer/META-INF/jboss-service.xml</filename> 里设置的。在有些情况下,你可能希望使用 SSL。为了实现这一点,你必须生成一个密匙库(Keystore)并配置 bean 来使用 SSL 传输。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1929 J2EE_Security_On_JBOSS.xml:1983
#, no-c-format
msgid "Generating the keystore and truststore"
-msgstr ""
+msgstr "生成密匙库(keystore)和信任库(truststore)"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1930
@@ -6643,6 +6670,27 @@
"specifies the location (\"localhost.keystore\") of the keystore to create/"
"add to."
msgstr ""
+"为了使 SSL 正常工作,你需要创建一个 public/private 密钥对,它将存储在密钥库里。使用 JDK 里的附带的 <literal>genkey</literal> 命令来生成密钥对。<programlisting>\n"
+" $cd $JBOSS_HOME/server/production/conf/\n"
+" $keytool -genkey -alias ejb3-ssl -keypass opensource -keystore localhost."
+"keystore\n"
+" Enter keystore password: opensource\n"
+" What is your first and last name?\n"
+" [Unknown]:\n"
+" What is the name of your organizational unit?\n"
+" [Unknown]:\n"
+" What is the name of your organization?\n"
+" [Unknown]:\n"
+" What is the name of your City or Locality?\n"
+" [Unknown]:\n"
+" What is the name of your State or Province?\n"
+" [Unknown]:\n"
+" What is the two-letter country code for this unit?\n"
+" [Unknown]:\n"
+" Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown "
+"correct?\n"
+" [no]: yes\n"
+"</programlisting> 这里的 <literal>alias</literal>是密钥库里的密钥对的别名 (\"ejb2-ssl\")。<literal>keypass</literal> 是密钥库的密码 (\"opensource\"),而 <literal>keystore</literal> 指定了密钥库的位置 (\"localhost.keystore\")。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1935
@@ -6652,7 +6700,7 @@
"authoritiy, you also need to create a truststore for the client, explicitly "
"saying that you trust the certificate you just created. The first step is to "
"export the certificate using the JDK keytool:"
-msgstr ""
+msgstr "既然你还没有通过任何证书授权机构(certification authoritiy)签署证书,你也需要为客户创建一个信任库(truststore),显性地指明你信任刚才创建的证书。第一步是使用 JDK keytool 输出证书:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1937
@@ -6663,6 +6711,10 @@
" Enter keystore password: opensource\n"
" Certificate stored in file <mycert.cer>"
msgstr ""
+"$ keytool -export -alias ejb3-ssl -file mycert.cer -keystore localhost."
+"keystore\n"
+" Enter keystore password: opensource\n"
+" Certificate stored in file <mycert.cer>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1939
@@ -6670,7 +6722,7 @@
msgid ""
"Then you need to create the truststore if it does not exist and import the "
"certificate into the trueststore:"
-msgstr ""
+msgstr "然后,如果这个信任库不存在,你就需要创建它并把证书导入到信任库:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1941
@@ -6693,12 +6745,28 @@
" Trust this certificate? [no]: yes\n"
" Certificate was added to keystore"
msgstr ""
+"$ keytool -import -alias ejb3-ssl -file mycert.cer -keystore localhost."
+"truststore\n"
+" Enter keystore password: opensource\n"
+" Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, "
+"C=Unknown\n"
+" Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, "
+"C=Unknown\n"
+" Serial number: 43bff927\n"
+" Valid from: Sat Jan 07 18:23:51 CET 2006 until: Fri Apr 07 19:23:51 CEST "
+"2006\n"
+" Certificate fingerprints:\n"
+" MD5: CF:DC:71:A8:F4:EA:8F:5A:E9:94:E3:E6:5B:A9:C8:F3\n"
+" SHA1: 0E:AD:F3:D6:41:5E:F6:84:9A:D1:54:3D:DE:A9:B2:01:28:"
+"F6:7C:26\n"
+" Trust this certificate? [no]: yes\n"
+" Certificate was added to keystore"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1945 J2EE_Security_On_JBOSS.xml:1989
#, no-c-format
msgid "Setting up the SSL transport"
-msgstr ""
+msgstr "设立 SSL 传输"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1946
@@ -6707,7 +6775,7 @@
"The simplest way to define an SSL transport is to define a new Remoting "
"connector using the <literal>sslsocket</literal> protocol as follows. This "
"transport will listen on port 3843:"
-msgstr ""
+msgstr "定义 SSL 传输的最简单的方法是使用 <literal>sslsocket</literal> 协议定义一个新的远程连接器。这个传输协议将侦听端口 3843:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1948
@@ -6729,6 +6797,21 @@
" </attribute>\n"
" </mbean>"
msgstr ""
+"<mbean code=\"org.jboss.remoting.transport.Connector\"\n"
+" xmbean-dd=\"org/jboss/remoting/transport/Connector.xml\"\n"
+" name=\"jboss.remoting:type=Connector,transport=socket3843,handler=ejb3"
+"\">\n"
+" <depends>jboss.aop:service=AspectDeployer</depends>\n"
+" <attribute name=\"InvokerLocator\">sslsocket://0.0.0.0:3843</"
+"attribute>\n"
+" <attribute name=\"Configuration\">\n"
+" <handlers>\n"
+" <handler subsystem=\"AOP\">\n"
+" org.jboss.aspects.remoting.AOPRemotingInvocationHandler\n"
+" </handler>\n"
+" </handlers>\n"
+" </attribute>\n"
+" </mbean>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1950 J2EE_Security_On_JBOSS.xml:1990
@@ -6740,6 +6823,9 @@
"literal> system properties when starting JBoss, as the following example "
"shows:"
msgstr ""
+"现在你需要告诉 JBoss Remoting 去哪找到用于 SSL 及其密码的密钥库。这是在启动 JBoss 时通过 <literal>javax.net.ssl."
+"keyStore</literal> 和 <literal>javax.net.ssl.keyStorePassword=opensource</"
+"literal> 系统属性完成的,如下面的例子所示:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1952 J2EE_Security_On_JBOSS.xml:1992
@@ -6750,12 +6836,16 @@
"keystore \n"
" -Djavax.net.ssl.keyStorePassword=opensource"
msgstr ""
+"$cd $JBOSS_HOME/bin\n"
+" $ run -Djavax.net.ssl.keyStore=../server/production/conf/localhost."
+"keystore \n"
+" -Djavax.net.ssl.keyStorePassword=opensource"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1956 J2EE_Security_On_JBOSS.xml:2001
#, no-c-format
msgid "Configuring your beans to use the SSL transport"
-msgstr ""
+msgstr "配置 bean 来使用 SSL 传输"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1957
@@ -6766,6 +6856,8 @@
"annotation.ejb.RemoteBinding</literal> annotation you can have the bean "
"invokable via SSL."
msgstr ""
+"在缺省情况下,所有的 bean 都在 <literal>socket://0.0.0.0:3873</literal> 上使用缺省的连接器。通过使用 <literal>@org.jboss."
+"annotation.ejb.RemoteBinding</literal> 注解,你可以使得 bean 可以通过 SSL 调用。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1959
@@ -6779,6 +6871,13 @@
" ...\n"
" }"
msgstr ""
+"@RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding="
+"\"StatefulSSL\"),\n"
+" @Remote(BusinessInterface.class)\n"
+" public class StatefulBean implements BusinessInterface\n"
+" {\n"
+" ...\n"
+" }"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1961
@@ -6787,13 +6886,13 @@
"This bean will be bound under the JNDI name <literal>StatefulSSL</literal> "
"and the proxy implementing the remote interface returned to the client will "
"communicate with the server via SSL."
-msgstr ""
+msgstr "这个 bean 将绑定在 JNDI 名称 <literal>StatefulSSL</literal> 下,实现返回给客户的远程接口的代理将通过 SSL 和服务器通信。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1964
#, no-c-format
msgid "You can also enable different types of communication for your beans"
-msgstr ""
+msgstr "你也可以启用不同类型的通信"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1966
@@ -6810,6 +6909,16 @@
" ...\n"
" }"
msgstr ""
+"@RemoteBindings({\n"
+" @RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding="
+"\"StatefulSSL\"),\n"
+" @RemoteBinding(jndiBinding=\"StatefulNormal\")\n"
+" })\n"
+" @Remote(BusinessInterface.class)\n"
+" public class StatefulBean implements BusinessInterface\n"
+" {\n"
+" ...\n"
+" }"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1968
@@ -6821,12 +6930,14 @@
"literal> the returned proxy implementing the remote interface will "
"communicate with the server via SSL."
msgstr ""
+"现在,如果你查找 <literal>StatefulNormal</literal>,返回的实现远程接口的代理将通过普通的未加密的套接字协议和服务器通信,如果查找 <literal>StatefulSSL</"
+"literal>,返回的实现远程接口的代理将通过 SSL 协议和服务器通信。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1973 J2EE_Security_On_JBOSS.xml:2010
#, no-c-format
msgid "Setting up the client to use the truststore"
-msgstr ""
+msgstr "设置客户端使用信任库"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1974
@@ -6837,6 +6948,8 @@
"ssl.trustStore</literal> system property and specify the password using the "
"<literal>javax.net.ssl.trustStorePassword</literal> system property:"
msgstr ""
+"如果没有使用证书授权机构签署的证书,你需要用系统属性 <literal>javax.net."
+"ssl.trustStore</literal> 把客户指向信任库并用 <literal>javax.net.ssl.trustStorePassword</literal> 指定密码:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1976
@@ -6845,18 +6958,20 @@
"java -Djavax.net.ssl.trustStore=${resources}/test/ssl/localhost.truststore\n"
" -Djavax.net.ssl.trustStorePassword=opensource com.acme.RunClient"
msgstr ""
+"java -Djavax.net.ssl.trustStore=${resources}/test/ssl/localhost.truststore\n"
+" -Djavax.net.ssl.trustStorePassword=opensource com.acme.RunClient"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1981
#, no-c-format
msgid "Adding SSL to EJB 2.1 calls"
-msgstr ""
+msgstr "在 EJB 2.1 调用里添加 SSL"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1984
#, no-c-format
msgid "This is similar to the steps described for Adding SSL to EJB3 calls."
-msgstr ""
+msgstr "这和在 EJB3 调用里添加 SSL 是类似的。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1994
@@ -6866,6 +6981,8 @@
"to your <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</"
"literal> file."
msgstr ""
+"如果你想定制 SSLSocketBuilder,你需要在 <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</"
+"literal> 里添加如下内容。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1996
@@ -6908,6 +7025,42 @@
" <attribute name=\"KeyStoreType\">JKS</attribute>\n"
" </mbean>"
msgstr ""
+"<!-- This section is for custom (SSL) server socket factory -->\n"
+" <mbean code=\"org.jboss.remoting.security.SSLSocketBuilder\"\n"
+" name=\"jboss.remoting:service=SocketBuilder,type=SSL\"\n"
+" display-name=\"SSL Server Socket Factory Builder\">\n"
+" <!-- IMPORTANT - If making ANY customizations, this MUST be set to "
+"false. -->\n"
+" <!-- Otherwise, will used default settings and the following "
+"attributes will be ignored. -->\n"
+" <attribute name=\"UseSSLServerSocketFactory\">false</"
+"attribute>\n"
+" <!-- This is the url string to the key store to use -->\n"
+" <attribute name=\"KeyStoreURL\">localhost.keystore</"
+"attribute>\n"
+" <!-- The password for the key store -->\n"
+" <attribute name=\"KeyStorePassword\">sslsocket</"
+"attribute>\n"
+" <!-- The password for the keys (will use KeystorePassword if this "
+"is not set explicitly. -->\n"
+" <attribute name=\"KeyPassword\">sslsocket</attribute>\n"
+" <!-- The protocol for the SSLContext. Default is TLS. -->\n"
+" <attribute name=\"SecureSocketProtocol\">TLS</attribute>\n"
+" <!-- The algorithm for the key manager factory. Default is "
+"SunX509. -->\n"
+" <attribute name=\"KeyManagementAlgorithm\">SunX509</"
+"attribute>\n"
+" <!-- The type to be used for the key store. -->\n"
+" <!-- Defaults to JKS. Some acceptable values are JKS (Java "
+"Keystore - Sun's keystore format), -->\n"
+" <!-- JCEKS (Java Cryptography Extension keystore - More secure "
+"version of JKS), and -->\n"
+" <!-- PKCS12 (Public-Key Cryptography Standards #12 \n"
+" keystore - RSA's Personal Information Exchange Syntax "
+"Standard). -->\n"
+" <!-- These are not case sensitive. -->\n"
+" <attribute name=\"KeyStoreType\">JKS</attribute>\n"
+" </mbean>"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1997
@@ -6922,6 +7075,14 @@
"type=SSL</depends>\n"
" </mbean>"
msgstr ""
+"<mbean code=\"org.jboss.remoting.security.SSLServerSocketFactoryService"
+"\"\n"
+" name=\"jboss.remoting:service=ServerSocketFactory,type=SSL\"\n"
+" display-name=\"SSL Server Socket Factory\">\n"
+" <depends optional-attribute-name=\"SSLSocketBuilder\"\n"
+" proxy-type=\"attribute\">jboss.remoting:service=SocketBuilder,"
+"type=SSL</depends>\n"
+" </mbean>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2002
@@ -7049,6 +7210,127 @@
" </mbean>\n"
"</programlisting> and add the following in it's place:"
msgstr ""
+"In your <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</"
+"literal> file, comment out the following lines: <programlisting>\n"
+"<mbean code=\"org.jboss.remoting.transport.Connector\"\n"
+" name=\"jboss.remoting:service=Connector,transport=socket\"\n"
+" display-name=\"Socket transport Connector\">\n"
+"\n"
+" <!-- Can either just specify the InvokerLocator attribute and not "
+"the invoker element in the -->\n"
+" <!-- Configuration attribute, or do the full invoker configuration "
+"in the in invoker element -->\n"
+" <!-- of the Configuration attribute. -->\n"
+"\n"
+" <!-- Remember that if you do use more than one param on the uri, "
+"will have to include as a CDATA, -->\n"
+" <!-- otherwise, parser will complain. -->\n"
+" <!-- \n"
+" <attribute name=\"InvokerLocator\">\n"
+" <![CDATA[socket://${jboss.bind.address}:4446/?"
+"datatype=invocation]]>\n"
+" </attribute> \n"
+" -->\n"
+"\n"
+" <attribute name=\"Configuration\">\n"
+" <!-- Using the following \n"
+" <invoker> \n"
+" element instead of the InvokerLocator above because specific "
+"attributes needed. \n"
+" -->\n"
+" <!-- If wanted to use any of the parameters below, can \n"
+" just add them as parameters to the url above if wanted use \n"
+" the InvokerLocator attribute. -->\n"
+" <config>\n"
+" <!-- Other than transport type and handler, none of these "
+"configurations are required \n"
+" (will just use defaults). -->\n"
+" <invoker transport=\"socket\">\n"
+" <attribute name=\"dataType\" isParam=\"true\">"
+"invocation</attribute>\n"
+" <attribute name=\"marshaller\"\n"
+" isParam=\"true\">org.jboss.invocation.unified.marshall."
+"InvocationMarshaller</attribute>\n"
+" <attribute name=\"unmarshaller\"\n"
+" isParam=\"true\">org.jboss.invocation.unified.marshall."
+"InvocationUnMarshaller</attribute>\n"
+" <!-- This will be port on which the marshall loader port "
+"runs on. -->\n"
+" <!-- <attribute name=\"loaderport\" isParam=\"true"
+"\">4447</attribute> -->\n"
+" <!-- The following are specific to socket invoker -->\n"
+" <!-- <attribute name=\"numAcceptThreads\">1</"
+"attribute>-->\n"
+" <!-- <attribute name=\"maxPoolSize\">303</"
+"attribute>-->\n"
+" <!-- <attribute name=\"clientMaxPoolSize\" isParam="
+"\"true\">304</attribute>-->\n"
+" <attribute name=\"socketTimeout\" isParam=\"true"
+"\">600000</attribute>\n"
+" <attribute name=\"serverBindAddress\">${jboss.bind."
+"address}</attribute>\n"
+" <attribute name=\"serverBindPort\">4446</"
+"attribute>\n"
+" <!-- <attribute name=\"clientConnectAddress"
+"\">216.23.33.2</attribute> -->\n"
+" <!-- <attribute name=\"clientConnectPort\">7777</"
+"attribute> -->\n"
+" <attribute name=\"enableTcpNoDelay\" isParam=\"true\">"
+"true</attribute>\n"
+" <!-- <attribute name=\"backlog\">200</"
+"attribute>-->\n"
+" <!-- The following is for callback configuration and is "
+"independant of invoker type -->\n"
+" <!-- <attribute name=\"callbackMemCeiling\">30</"
+"attribute>-->\n"
+" <!-- indicates callback store by fully qualified class "
+"name -->\n"
+" <!-- <attribute name=\"callbackStore\">org.jboss."
+"remoting.CallbackStore</attribute>-->\n"
+" <!-- indicates callback store by object name -->\n"
+" <!-- \n"
+" <attribute name=\"callbackStore\">\n"
+" jboss.remoting:service=CallbackStore,type=Serializable\n"
+" </attribute> \n"
+" -->\n"
+" <!-- config params for callback store. if were declaring "
+"callback store via object name, -->\n"
+" <!-- could have specified these config params there. --"
+">\n"
+" <!-- StoreFilePath indicates to which directory to write "
+"the callback objects. -->\n"
+" <!-- The default value is the property value of 'jboss."
+"server.data.dir' and \n"
+" if this is not set, -->\n"
+" <!-- then will be 'data'. Will then append 'remoting' and "
+"the callback client's session id. -->\n"
+" <!-- An example would be 'data\\remoting\\5c4o05l-9jijyx-"
+"e5b6xyph-1-e5b6xyph-2'. -->\n"
+" <!-- <attribute name=\"StoreFilePath\">callback</"
+"attribute>-->\n"
+" <!-- StoreFileSuffix indicates the file suffix to use \n"
+" for the callback objects written to disk. -->\n"
+" <!-- The default value for file suffix is 'ser'. -->\n"
+" <!-- <attribute name=\"StoreFileSuffix\">cst</"
+"attribute>-->\n"
+" </invoker>\n"
+"\n"
+" <!-- At least one handler is required by the connector. If "
+"have more than one, must decalre -->\n"
+" <!-- different subsystem values. Otherwise, all invocations "
+"will be routed to the only one -->\n"
+" <!-- that is declared. -->\n"
+" <handlers>\n"
+" <!-- can also specify handler by fully qualified classname "
+"-->\n"
+" <handler subsystem=\"invoker\">jboss:service=invoker,"
+"type=unified</handler>\n"
+" </handlers>\n"
+" </config>\n"
+" </attribute>\n"
+" <depends>jboss.remoting:service=NetworkRegistry</depends>\n"
+" </mbean>\n"
+"</programlisting> and add the following in it's place:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:2006
@@ -7085,18 +7367,48 @@
" <depends>jboss.remoting:service=NetworkRegistry</depends>\n"
" </mbean>"
msgstr ""
+"<mbean code=\"org.jboss.remoting.transport.Connector\"\n"
+" xmbean-dd=\"org/jboss/remoting/transport/Connector.xml\"\n"
+" name=\"jboss.remoting:service=Connector,transport=sslsocket\"> \n"
+" display-name=\"SSL Socket transport Connector\">\n"
+"\n"
+" <attribute name=\"Configuration\">\n"
+" <config>\n"
+" <invoker transport=\"sslsocket\">\n"
+" <attribute name=\"serverSocketFactory\">\n"
+" jboss.remoting:service=ServerSocketFactory,type=SSL\n"
+" </attribute>\n"
+" <attribute name=\"serverBindAddress\">${jboss.bind."
+"address}</attribute>\n"
+" <attribute name=\"serverBindPort\">3843</"
+"attribute>\n"
+" </invoker>\n"
+" <handlers>\n"
+" <handler subsystem=\"invoker\">jboss:service=invoker,"
+"type=unified</handler> \n"
+" </handlers>\n"
+" </config>\n"
+" </attribute>\n"
+" <!--If you specify the keystore and password in the command line and "
+"you're \n"
+" not using the custom ServerSocketFactory, you should take out the "
+"following line-->\n"
+" <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</"
+"depends>\n"
+" <depends>jboss.remoting:service=NetworkRegistry</depends>\n"
+" </mbean>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2011
#, no-c-format
msgid "This is similar to the steps described for EJB3."
-msgstr ""
+msgstr "这和 EJB3 的步骤类似。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:2019
#, no-c-format
msgid "Configuring JBoss for use Behind a Firewall"
-msgstr ""
+msgstr "配置 JBoss 在防火墙后使用"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2020
@@ -7111,6 +7423,9 @@
"Additional_ports_in_the_all_configuration\"/> shows the same information for "
"the additional ports that exist in the all configuration file set."
msgstr ""
+"JBoss 带有许多基于套接字的服务,它们都会打开侦听端口。本节我们将讨论在防火墙后使用这些服务所要进行的配置。下表显示了端口、套接字类型、default 配置文件集里的关联服务。<xref linkend="
+"\"Configuring_JBoss_for_use_Behind_a_Firewall-"
+"Additional_ports_in_the_all_configuration\"/> 显示了 all 配置文件集里相同的信息。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:2024
@@ -7555,7 +7870,6 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2386
#, no-c-format
-#, fuzzy
msgid ""
"The <literal>http-invoker.sar</literal> found in the deploy directory is a "
"service that provides RMI/HTTP access for EJBs and the JNDI <literal>Naming</"
@@ -7575,7 +7889,9 @@
msgstr ""
"deploy 目录里的 <literal>http-invoker.sar</literal> 是一个提供对 EJB 的 RMI/HTTP 访问以及 JNDI <literal>Naming</"
"literal> 的服务。它包括了一个处理代表应该分发给 <literal>MBeanServer</"
-"literal> 的调用的 <literal>org.jboss.invocation.Invocation</literal> 对象的 servlet。这有效地允许对支持脱管调用者操作的 MBean 的访问。"
+"literal> 的调用的 <literal>org.jboss.invocation.Invocation</literal> 对象的 servlet。既然能够知道如何格式化合适的 HTTP post,这就有效地允许了对支持脱管调用者操作的 MBean 的访问。为了设置接入点(Access Point)的安全性,你需要设置 <literal>http-invoker.sar/invoker.war/WEB-INF/web.xml</literal> 描述符里提及的 <literal>JMXInvokerServlet</literal> servlet。这里缺省定义了 <literal>/restricted/"
+"JMXInvokerServlet</literal> 路径的安全性映射,你只要简单地删除其他路径并配置 <literal>http-invoker.sar/invoker.war/WEB-INF/jboss-web."
+"xml</literal> 描述符里定义的 <literal>http-invoker</literal> 安全域就可以了。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:2392
@@ -7594,5 +7910,5 @@
"<literal>http-invoker.sar</literal> as described in the previous section. In "
"the future this service will be deployed as an XMBean with a security "
"interceptor that supports role based access checks."
-msgstr ""
+msgstr "<literal>jmx-invoker-adaptor-server.sar</literal> 是一个开放 JMX MBeanServer 接口的服务,它通过使用 RMI/JRMP 脱管调用者服务的 RMI 兼容接口来实现。设置这个服务的安全性的唯一办法是切换到 RMI/HTTP 协议并象前面所述地设置 <literal>http-invoker.sar</literal> 的安全性。这个服务将来会被部署为带有支持基于角色访问检查的安全拦截器的 XMBean。"
More information about the jboss-cvs-commits
mailing list