[jboss-cvs] JBossAS SVN: r92904 - projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri Aug 28 02:00:31 EDT 2009
Author: xhuang at jboss.com
Date: 2009-08-28 02:00:30 -0400 (Fri, 28 Aug 2009)
New Revision: 92904
Modified:
projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/Web_Services.po
Log:
update
Modified: projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
===================================================================
--- projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po 2009-08-28 05:59:30 UTC (rev 92903)
+++ projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po 2009-08-28 06:00:30 UTC (rev 92904)
@@ -9,7 +9,7 @@
"Project-Id-Version: J2EE_Security_On_JBOSS\n"
"Report-Msgid-Bugs-To: http://bugs.kde.org\n"
"POT-Creation-Date: 2009-01-20 02:37+0000\n"
-"PO-Revision-Date: 2009-08-24 15:07+1000\n"
+"PO-Revision-Date: 2009-08-28 15:49+1000\n"
"Last-Translator: Xi HUANG <xhuang at redhat.com>\n"
"Language-Team: <en at li.org>\n"
"MIME-Version: 1.0\n"
@@ -33,22 +33,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:8
#, no-c-format
-msgid ""
-"Security is a fundamental part of any enterprise application. You need to be "
-"able to restrict who is allowed to access your applications and control what "
-"operations application users may perform. The J2EE specifications define a "
-"simple role-based security model for EJBs and web components. The JBoss "
-"component framework that handles security is the JBossSX extension "
-"framework. The JBossSX security extension provides support for both the role-"
-"based declarative J2EE security model and integration of custom security via "
-"a security proxy layer. The default implementation of the declarative "
-"security model is based on Java Authentication and Authorization Service "
-"(JAAS) login modules and subjects. The security proxy layer allows custom "
-"security that cannot be described using the declarative model to be added to "
-"an EJB in a way that is independent of the EJB business object. Before "
-"getting into the JBoss security implementation details, we will review EJB "
-"and servlet specification security models, as well as JAAS to establish the "
-"foundation for these details."
+msgid "Security is a fundamental part of any enterprise application. You need to be able to restrict who is allowed to access your applications and control what operations application users may perform. The J2EE specifications define a simple role-based security model for EJBs and web components. The JBoss component framework that handles security is the JBossSX extension framework. The JBossSX security extension provides support for both the role-based declarative J2EE security model and integration of custom security via a security proxy layer. The default implementation of the declarative security model is based on Java Authentication and Authorization Service (JAAS) login modules and subjects. The security proxy layer allows custom security that cannot be described using the declarative model to be added to an EJB in a way that is independent of the EJB business object. Before getting into the JBoss security implementation details, we will review EJB and servlet specifi!
cation security models, as well as JAAS to establish the foundation for these details."
msgstr "安全性是任何企业级应用程序的基础部分。你需要限制谁可以访问应用程序以及用户可以执行什么样的操作。J2EE 规格为 EJB 和 web 组件定义了一个简单的基于角色的安全性模型。处理安全性的 JBoss 组件框架是 JBossSX 扩展框架。JBossSX 扩展框架为基于角色的声明式 J2EE 安全性模型以及通过安全性代理层自定义安全性提供支持。声明式 J2EE 安全性模型的实现基于 Java 验证和授权服务(JAAS)的登录模块和主题。安全性代理层允许自定义不能通过声明式模型描述的安全性,并以独立于 EJB 商业对象的形式加入到 EJB 里。在探讨 JBoss 安全性实现的细节之前,我们将回顾 EJB 和 Servlet 规格的安全性模型以及 JAAS。"
#. Tag: title
@@ -60,28 +45,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:13
#, no-c-format
-msgid ""
-"The J2EE security model declarative in that you describe the security roles "
-"and permissions in a standard XML descriptor rather than embedding security "
-"into your business component. This isolates security from business-level "
-"code because security tends to be more a function of where the component is "
-"deployed than an inherent aspect of the component's business logic. For "
-"example, consider an ATM component that is to be used to access a bank "
-"account. The security requirements, roles and permissions will vary "
-"independently of how you access the bank account, based on what bank is "
-"managing the account, where the ATM is located, and so on."
+msgid "The J2EE security model declarative in that you describe the security roles and permissions in a standard XML descriptor rather than embedding security into your business component. This isolates security from business-level code because security tends to be more a function of where the component is deployed than an inherent aspect of the component's business logic. For example, consider an ATM component that is to be used to access a bank account. The security requirements, roles and permissions will vary independently of how you access the bank account, based on what bank is managing the account, where the ATM is located, and so on."
msgstr "对于 J2EE 安全性模型来说,你在标准的 XML 部署描述符里描述安全角色和权限而不是把这些嵌入到商业组件里。例如用于访问银行帐号的 ATM 组件。其安全性要求、角色和权限将根据你怎样访问银行帐号而不同,它们基于管理帐号的银行、ATM 的位置等等。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:16
#, no-c-format
-msgid ""
-"Securing a J2EE application is based on the specification of the application "
-"security requirements via the standard J2EE deployment descriptors. You "
-"secure access to EJBs and web components in an enterprise application by "
-"using the <literal>ejb-jar.xml</literal> and <literal>web.xml</literal> "
-"deployment descriptors. The following sections look at the purpose and usage "
-"of the various security elements."
+msgid "Securing a J2EE application is based on the specification of the application security requirements via the standard J2EE deployment descriptors. You secure access to EJBs and web components in an enterprise application by using the <literal>ejb-jar.xml</literal> and <literal>web.xml</literal> deployment descriptors. The following sections look at the purpose and usage of the various security elements."
msgstr "通过标准 J2EE 部署描述符可以设置 J2EE 应用程序的安全性。你可以使用 <literal>ejb-jar.xml</literal> 和 <literal>web.xml</literal> 来设置企业级应用程序里的 EJB 和 Web 组件的安全性。下面的内容将讨论描述符里不同的安全性元素的用途和用法。"
#. Tag: title
@@ -93,25 +63,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:21
#, no-c-format
-msgid ""
-"Both EJBs and servlets can declare one or more <literal>security-role-ref</"
-"literal> elements as shown in <xref linkend=\"Security_References-"
-"The_security_role_ref_element\"/>. This element declares that a component is "
-"using the <literal>role-name</literal> value as an argument to the "
-"<literal>isCallerInRole(String)</literal> method. By using the "
-"<literal>isCallerInRole</literal> method, a component can verify whether the "
-"caller is in a role that has been declared with a <literal>security-role-ref/"
-"role-name</literal> element. The <literal>role-name</literal> element value "
-"must link to a <literal>security-role</literal> element through the "
-"<literal>role-link</literal> element. The typical use of "
-"<literal>isCallerInRole</literal> is to perform a security check that cannot "
-"be defined by using the role-based <literal>method-permissions</literal> "
-"elements."
-msgstr ""
-"如 <xref linkend=\"Security_References-"
-"The_security_role_ref_element\"/> 里所显示的,EJB 和 servlet 都可以声明一个或多个 <literal>security-role-ref</"
-"literal> 元素。这个元素声明了一个把 <literal>role-name</literal> 值用作 <literal>isCallerInRole(String)</literal> 方法的参数的组件。通过使用 <literal>isCallerInRole</literal> 方法,组件可以验证调用者是否具有 <literal>security-role-ref/"
-"role-name</literal> 元素所声明的角色。<literal>role-name</literal> 元素的值必须通过 <literal>role-link</literal> 元素链接到 <literal>security-role</literal> 元素。<literal>isCallerInRole</literal> 的典型用法是执行不能够通过基于角色的 <literal>method-permissions</literal> 元素定义的安全检查。"
+msgid "Both EJBs and servlets can declare one or more <literal>security-role-ref</literal> elements as shown in <xref linkend=\"Security_References-The_security_role_ref_element\"/>. This element declares that a component is using the <literal>role-name</literal> value as an argument to the <literal>isCallerInRole(String)</literal> method. By using the <literal>isCallerInRole</literal> method, a component can verify whether the caller is in a role that has been declared with a <literal>security-role-ref/role-name</literal> element. The <literal>role-name</literal> element value must link to a <literal>security-role</literal> element through the <literal>role-link</literal> element. The typical use of <literal>isCallerInRole</literal> is to perform a security check that cannot be defined by using the role-based <literal>method-permissions</literal> elements."
+msgstr "如 <xref linkend=\"Security_References-The_security_role_ref_element\"/> 里所显示的,EJB 和 servlet 都可以声明一个或多个 <literal>security-role-ref</literal> 元素。这个元素声明了一个把 <literal>role-name</literal> 值用作 <literal>isCallerInRole(String)</literal> 方法的参数的组件。通过使用 <literal>isCallerInRole</literal> 方法,组件可以验证调用者是否具有 <literal>security-role-ref/role-name</literal> 元素所声明的角色。<literal>role-name</literal> 元素的值必须通过 <literal>role-link</literal> 元素链接到 <literal>security-role</literal> 元素。<literal>isCallerInRole</literal> 的典型用法是执行不能够通过基于角色的 <literal>method-permissions</literal> 元素定义的安全检查。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:25
@@ -122,19 +75,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:32
#, no-c-format
-msgid ""
-"shows the use of <literal>security-role-ref</literal> in an <literal>ejb-jar."
-"xml</literal>."
-msgstr ""
-"显示了在 <literal>ejb-jar."
-"xml</literal> 里对 <literal>security-role-ref</literal> 的使用。"
+msgid "shows the use of <literal>security-role-ref</literal> in an <literal>ejb-jar.xml</literal>."
+msgstr "显示了在 <literal>ejb-jar.xml</literal> 里对 <literal>security-role-ref</literal> 的使用。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:35
#, no-c-format
-msgid ""
-"An ejb-jar.xml descriptor fragment that illustrates the security-role-ref "
-"element usage."
+msgid "An ejb-jar.xml descriptor fragment that illustrates the security-role-ref element usage."
msgstr "解释 security-role-ref 元素的用法的 ejb-jar.xml 片段。"
#. Tag: programlisting
@@ -174,19 +121,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:37
#, no-c-format
-msgid ""
-"shows the use of <literal>security-role-ref</literal> in a <literal>web.xml</"
-"literal>."
-msgstr ""
-"显示了在 <literal>web.xml</"
-"literal> 里对 <literal>security-role-ref</literal> 的使用。"
+msgid "shows the use of <literal>security-role-ref</literal> in a <literal>web.xml</literal>."
+msgstr "显示了在 <literal>web.xml</literal> 里对 <literal>security-role-ref</literal> 的使用。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:40
#, no-c-format
-msgid ""
-"An example web.xml descriptor fragment that illustrates the security-role-"
-"ref element usage."
+msgid "An example web.xml descriptor fragment that illustrates the security-role-ref element usage."
msgstr "解释 security-role-ref 元素的用法的 web.xml 片段。"
#. Tag: programlisting
@@ -226,13 +167,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:47
#, no-c-format
-msgid ""
-"An EJB has the capability to specify what identity an EJB should use when it "
-"invokes methods on other components using the <literal>security-identity</"
-"literal> element, shown in"
-msgstr ""
-"EJB 能够使用 <literal>security-identity</"
-"literal> 元素指定当调用其他组件的方法时 EJB 应该使用哪个标识,如:"
+msgid "An EJB has the capability to specify what identity an EJB should use when it invokes methods on other components using the <literal>security-identity</literal> element, shown in"
+msgstr "EJB 能够使用 <literal>security-identity</literal> 元素指定当调用其他组件的方法时 EJB 应该使用哪个标识,如:"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:51
@@ -243,44 +179,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:58
#, no-c-format
-msgid ""
-"The invocation identity can be that of the current caller, or it can be a "
-"specific role. The application assembler uses the <literal>security-"
-"identity</literal> element with a <literal>use-caller-identity</literal> "
-"child element to indicate that the current caller's identity should be "
-"propagated as the security identity for method invocations made by the EJB. "
-"Propagation of the caller's identity is the default used in the absence "
-"of an explicit <literal>security-identity</literal> element declaration."
-msgstr ""
-"调用标识符可以是当前的调用者也可以是特殊的角色。应用程序组装者使用带有 <literal>use-caller-identity</literal> 子元素的 <literal>security-"
-"identity</literal> 元素来指明当前调用者的标识符应该填充为 EJB 调用方法的安全标识符。当没有显性地声明 <literal>security-identity</literal> 元素时,缺省使用调用者标识。"
+msgid "The invocation identity can be that of the current caller, or it can be a specific role. The application assembler uses the <literal>security-identity</literal> element with a <literal>use-caller-identity</literal> child element to indicate that the current caller's identity should be propagated as the security identity for method invocations made by the EJB. Propagation of the caller's identity is the default used in the absence of an explicit <literal>security-identity</literal> element declaration."
+msgstr "调用标识符可以是当前的调用者也可以是特殊的角色。应用程序组装者使用带有 <literal>use-caller-identity</literal> 子元素的 <literal>security-identity</literal> 元素来指明当前调用者的标识符应该填充为 EJB 调用方法的安全标识符。当没有显性地声明 <literal>security-identity</literal> 元素时,缺省使用调用者标识。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:61
#, no-c-format
-msgid ""
-"Alternatively, the application assembler can use the <literal>run-as/role-"
-"name</literal> child element to specify that a specific security role given "
-"by the <literal>role-name</literal> value should be used as the security "
-"identity for method invocations made by the EJB. Note that this does not "
-"change the caller's identity as seen by the <literal>EJBContext."
-"getCallerPrincipal()</literal> method. Rather, the caller's security "
-"roles are set to the single role specified by the <literal>run-as/role-name</"
-"literal> element value. One use case for the <literal>run-as</literal> "
-"element is to prevent external clients from accessing internal EJBs. You "
-"accomplish this by assigning the internal EJB <literal>method-permission</"
-"literal> elements that restrict access to a role never assigned to an "
-"external client. EJBs that need to use internal EJB are then configured with "
-"a <literal>run-as/role-name</literal> equal to the restricted role. The "
-"following descriptor fragment that illustrates <literal>security-identity</"
-"literal> element usage."
-msgstr ""
-"或者,应用程序组装者可以使用 <literal>run-as/role-"
-"name</literal> 子元素来指定 <literal>role-name</literal> 值给出的特殊安全角色应该用作 EJB 所调用的方法的安全标识符。请注意这不会改变 <literal>EJBContext."
-"getCallerPrincipal()</literal> 所获得的调用者的标识符。而调用者的安全角色被设置为 <literal>run-as/role-name</"
-"literal> 元素指定的单一角色。<literal>run-as</literal> 的一个例子是阻止外部的客户访问内部的 EJB。你通过内部的 EJB <literal>method-permission</"
-"literal> 元素并限制不分配给外部客户的角色的访问权限来实现这一点。需要使用内部 EJB 的 EJB 则配置和受限角色相等的 <literal>run-as/role-name</literal>。下面的描述符片段解释了 <literal>security-identity</"
-"literal> 元素的用法。"
+msgid "Alternatively, the application assembler can use the <literal>run-as/role-name</literal> child element to specify that a specific security role given by the <literal>role-name</literal> value should be used as the security identity for method invocations made by the EJB. Note that this does not change the caller's identity as seen by the <literal>EJBContext.getCallerPrincipal()</literal> method. Rather, the caller's security roles are set to the single role specified by the <literal>run-as/role-name</literal> element value. One use case for the <literal>run-as</literal> element is to prevent external clients from accessing internal EJBs. You accomplish this by assigning the internal EJB <literal>method-permission</literal> elements that restrict access to a role never assigned to an external client. EJBs that need to use internal EJB are then configured with a <literal>run-as/role-name</literal> equal to the restricted role. The following descriptor fragment !
that illustrates <literal>security-identity</literal> element usage."
+msgstr "或者,应用程序组装者可以使用 <literal>run-as/role-name</literal> 子元素来指定 <literal>role-name</literal> 值给出的特殊安全角色应该用作 EJB 所调用的方法的安全标识符。请注意这不会改变 <literal>EJBContext.getCallerPrincipal()</literal> 所获得的调用者的标识符。而调用者的安全角色被设置为 <literal>run-as/role-name</literal> 元素指定的单一角色。<literal>run-as</literal> 的一个例子是阻止外部的客户访问内部的 EJB。你通过内部的 EJB <literal>method-permission</literal> 元素并限制不分配给外部客户的角色的访问权限来实现这一点。需要使用内部 EJB 的 EJB 则配置和受限角色相等的 <literal>run-as/role-name</literal>。下面的描述符片段解释了 <literal>security-identity</literal> 元素的用法。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:64
@@ -301,8 +207,7 @@
" <!-- ... -->\n"
" <security-identity>\n"
" <run-as>\n"
-" <description>A private internal role</"
-"description>\n"
+" <description>A private internal role</description>\n"
" <role-name>InternalRole</role-name>\n"
" </run-as>\n"
" </security-identity>\n"
@@ -326,8 +231,7 @@
" <!-- ... -->\n"
" <security-identity>\n"
" <run-as>\n"
-" <description>A private internal role</"
-"description>\n"
+" <description>A private internal role</description>\n"
" <role-name>InternalRole</role-name>\n"
" </run-as>\n"
" </security-identity>\n"
@@ -339,17 +243,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:65
#, no-c-format
-msgid ""
-"When you use <literal>run-as</literal> to assign a specific role to outgoing "
-"calls, JBoss associates a principal named <literal>anonymous</literal>. If "
-"you want another principal to be associated with the call, you need to "
-"associate a <literal>run-as-principal</literal> with the bean in the "
-"<literal>jboss.xml</literal> file. The following fragment associates a "
-"principal named <literal>internal</literal> with <literal>RunAsBean</"
-"literal> from the prior example."
-msgstr ""
-"当你使用 <literal>run-as</literal> 来为转出的调用分配特定角色时,JBoss 将关联一个名为 <literal>anonymous</literal> 的 principal。如果你希望使用另外一个 principal,你需要将 <literal>run-as-principal</literal> 和 <literal>jboss.xml</literal> 文件里的 bean 进行关联。下面的片段将前面例子里的 <literal>RunAsBean</"
-"literal> 和名为 <literal>internal</literal> 的 principal 进行了关联。"
+msgid "When you use <literal>run-as</literal> to assign a specific role to outgoing calls, JBoss associates a principal named <literal>anonymous</literal>. If you want another principal to be associated with the call, you need to associate a <literal>run-as-principal</literal> with the bean in the <literal>jboss.xml</literal> file. The following fragment associates a principal named <literal>internal</literal> with <literal>RunAsBean</literal> from the prior example."
+msgstr "当你使用 <literal>run-as</literal> 来为转出的调用分配特定角色时,JBoss 将关联一个名为 <literal>anonymous</literal> 的 principal。如果你希望使用另外一个 principal,你需要将 <literal>run-as-principal</literal> 和 <literal>jboss.xml</literal> 文件里的 bean 进行关联。下面的片段将前面例子里的 <literal>RunAsBean</literal> 和名为 <literal>internal</literal> 的 principal 进行了关联。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:68
@@ -372,10 +267,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:69
#, no-c-format
-msgid ""
-"The <literal>run-as</literal> element is also available in servlet "
-"definitions in a <literal>web.xml</literal> file. The following example "
-"shows how to assign the role <literal>InternalRole</literal> to a servlet:"
+msgid "The <literal>run-as</literal> element is also available in servlet definitions in a <literal>web.xml</literal> file. The following example shows how to assign the role <literal>InternalRole</literal> to a servlet:"
msgstr "在 <literal>web.xml</literal> 文件里也可以使用 <literal>run-as</literal> 元素。下面的例子显示了如何把 <literal>InternalRole</literal> 角色分配给一个 servlet:"
#. Tag: programlisting
@@ -401,13 +293,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:73
#, no-c-format
-msgid ""
-"Calls from this servlet will be associated with the anonymous "
-"<literal>principal</literal>. The <literal>run-as-principal</literal> "
-"element is available in the <literal>jboss-web.xml</literal> file to assign "
-"a specific principal to go along with the <literal>run-as</literal> role. "
-"The following fragment shows how to associate a principal named "
-"<literal>internal</literal> to the servlet in the prior example."
+msgid "Calls from this servlet will be associated with the anonymous <literal>principal</literal>. The <literal>run-as-principal</literal> element is available in the <literal>jboss-web.xml</literal> file to assign a specific principal to go along with the <literal>run-as</literal> role. The following fragment shows how to associate a principal named <literal>internal</literal> to the servlet in the prior example."
msgstr "这个 servlet 里的调用将和匿名的 <literal>principal</literal> 相关联。<literal>jboss-web.xml</literal> 文件里也可以使用 <literal>run-as-principal</literal> 元素分配特定的 principal 和 <literal>run-as</literal> 角色。下面的片段显示了如何把名为 <literal>internal</literal> 的 principal 给前面例子里的 servlet。"
#. Tag: programlisting
@@ -433,29 +319,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:81
#, no-c-format
-msgid ""
-"The security role name referenced by either the <literal>security-role-ref</"
-"literal> or <literal>security-identity</literal> element needs to map to one "
-"of the application's declared roles. An application assembler defines "
-"logical security roles by declaring <literal>security-role</literal> "
-"elements. The <literal>role-name</literal> value is a logical application "
-"role name like Administrator, Architect, SalesManager, etc."
-msgstr ""
-"<literal>security-role-ref</"
-"literal> 或 <literal>security-identity</literal> 元素引用的安全角色名称需要匹配一个应用程序声明的角色。应用程序组装者通过声明 <literal>security-role</literal> 元素定义逻辑的安全角色。<literal>role-name</literal> 的值是一个逻辑应用程序角色名如 Administrator、 Architect、SalesManager 等。"
+msgid "The security role name referenced by either the <literal>security-role-ref</literal> or <literal>security-identity</literal> element needs to map to one of the application's declared roles. An application assembler defines logical security roles by declaring <literal>security-role</literal> elements. The <literal>role-name</literal> value is a logical application role name like Administrator, Architect, SalesManager, etc."
+msgstr "<literal>security-role-ref</literal> 或 <literal>security-identity</literal> 元素引用的安全角色名称需要匹配一个应用程序声明的角色。应用程序组装者通过声明 <literal>security-role</literal> 元素定义逻辑的安全角色。<literal>role-name</literal> 的值是一个逻辑应用程序角色名如 Administrator、 Architect、SalesManager 等。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:84
#, no-c-format
-msgid ""
-"The J2EE specifications note that it is important to keep in mind that the "
-"security roles in the deployment descriptor are used to define the logical "
-"security view of an application. Roles defined in the J2EE deployment "
-"descriptors should not be confused with the user groups, users, principals, "
-"and other concepts that exist in the target enterprise's operational "
-"environment. The deployment descriptor roles are application constructs with "
-"application domain-specific names. For example, a banking application might "
-"use role names such as BankManager, Teller, or Customer."
+msgid "The J2EE specifications note that it is important to keep in mind that the security roles in the deployment descriptor are used to define the logical security view of an application. Roles defined in the J2EE deployment descriptors should not be confused with the user groups, users, principals, and other concepts that exist in the target enterprise's operational environment. The deployment descriptor roles are application constructs with application domain-specific names. For example, a banking application might use role names such as BankManager, Teller, or Customer."
msgstr "J2EE 规格注明了把部署描述符里的安全角色用于定义应用程序的逻辑安全视图是很重要的。J2EE 部署描述符里定义的角色不应该和用户组、Principal 以及目标企业操作环境里的其他概念相混淆。部署描述符里的角色是带有专有名称的程序组件。例如,银行应用程序可能使用 BankManager、Teller、Customer 等角色名称。"
#. Tag: title
@@ -467,33 +337,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:95
#, no-c-format
-msgid ""
-"In JBoss, a <literal>security-role</literal> element is only used to map "
-"<literal>security-role-ref/role-name</literal> values to the logical role "
-"that the component role references. The user's assigned roles are a "
-"dynamic function of the application's security manager, as you will see "
-"when we discuss the JBossSX implementation details. JBoss does not require "
-"the definition of <literal>security-role</literal> elements in order to "
-"declare method permissions. However, the specification of <literal>security-"
-"role</literal> elements is still a recommended practice to ensure "
-"portability across application servers and for deployment descriptor "
-"maintenance. <xref linkend=\"Security_roles-An_ejb_jar."
-"xml_descriptor_fragment_that_illustrates_the_security_role_element_usage.\"/"
-"> shows the usage of the <literal>security-role</literal> in an <literal>ejb-"
-"jar.xml</literal> file."
-msgstr ""
-"在 JBoss 里,<literal>security-role</literal> 元素只用来把 <literal>security-role-ref/role-name</literal> 值映射到组件角色引用的逻辑角色。如你在我们将讨论的 JBossSX 实现按细节里所看到的,用户所分配的角色是应用程序的安全管理者的一个动态功能。JBoss 不要求定义 <literal>security-role</literal> 元素来声明方法权限。然而,为了确保应用服务器间的可移植性以及部署描述符的可维护性,指定 <literal>security-"
-"role</literal> 元素仍然是一个推荐的方法。<xref linkend=\"Security_roles-An_ejb_jar."
-"xml_descriptor_fragment_that_illustrates_the_security_role_element_usage.\"/"
-"> 显示了 <literal>ejb-"
-"jar.xml</literal> 文件里的 <literal>security-role</literal> 的用法。"
+msgid "In JBoss, a <literal>security-role</literal> element is only used to map <literal>security-role-ref/role-name</literal> values to the logical role that the component role references. The user's assigned roles are a dynamic function of the application's security manager, as you will see when we discuss the JBossSX implementation details. JBoss does not require the definition of <literal>security-role</literal> elements in order to declare method permissions. However, the specification of <literal>security-role</literal> elements is still a recommended practice to ensure portability across application servers and for deployment descriptor maintenance. <xref linkend=\"Security_roles-An_ejb_jar.xml_descriptor_fragment_that_illustrates_the_security_role_element_usage.\"/> shows the usage of the <literal>security-role</literal> in an <literal>ejb-jar.xml</literal> file."
+msgstr "在 JBoss 里,<literal>security-role</literal> 元素只用来把 <literal>security-role-ref/role-name</literal> 值映射到组件角色引用的逻辑角色。如你在我们将讨论的 JBossSX 实现按细节里所看到的,用户所分配的角色是应用程序的安全管理者的一个动态功能。JBoss 不要求定义 <literal>security-role</literal> 元素来声明方法权限。然而,为了确保应用服务器间的可移植性以及部署描述符的可维护性,指定 <literal>security-role</literal> 元素仍然是一个推荐的方法。<xref linkend=\"Security_roles-An_ejb_jar.xml_descriptor_fragment_that_illustrates_the_security_role_element_usage.\"/> 显示了 <literal>ejb-jar.xml</literal> 文件里的 <literal>security-role</literal> 的用法。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:98
#, no-c-format
-msgid ""
-"An ejb-jar.xml descriptor fragment that illustrates the security-role "
-"element usage."
+msgid "An ejb-jar.xml descriptor fragment that illustrates the security-role element usage."
msgstr "解释 security-role 元素用法的一个 ejb-jar.xml 描述符片段。"
#. Tag: programlisting
@@ -505,8 +355,7 @@
" <!-- ... -->\n"
" <assembly-descriptor>\n"
" <security-role>\n"
-" <description>The single application role</"
-"description>\n"
+" <description>The single application role</description>\n"
" <role-name>TheApplicationRole</role-name>\n"
" </security-role>\n"
" </assembly-descriptor>\n"
@@ -517,8 +366,7 @@
" <!-- ... -->\n"
" <assembly-descriptor>\n"
" <security-role>\n"
-" <description>The single application role</"
-"description>\n"
+" <description>The single application role</description>\n"
" <role-name>TheApplicationRole</role-name>\n"
" </security-role>\n"
" </assembly-descriptor>\n"
@@ -527,19 +375,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:100
#, no-c-format
-msgid ""
-"shows the usage of the <literal>security-role</literal> in an <literal>web."
-"xml</literal> file."
-msgstr ""
-"显示了 <literal>web."
-"xml</literal> 文件里的 <literal>security-role</literal> 的用法。"
+msgid "shows the usage of the <literal>security-role</literal> in an <literal>web.xml</literal> file."
+msgstr "显示了 <literal>web.xml</literal> 文件里的 <literal>security-role</literal> 的用法。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:103
#, no-c-format
-msgid ""
-"An example web.xml descriptor fragment that illustrates the security-role "
-"element usage."
+msgid "An example web.xml descriptor fragment that illustrates the security-role element usage."
msgstr "解释 security-role 元素用法的一个 web.xml 描述符示例。"
#. Tag: programlisting
@@ -573,10 +415,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:110
#, no-c-format
-msgid ""
-"An application assembler can set the roles that are allowed to invoke an "
-"EJB's home and remote interface methods through method-permission "
-"element declarations."
+msgid "An application assembler can set the roles that are allowed to invoke an EJB's home and remote interface methods through method-permission element declarations."
msgstr "应用程序组合者(application assembler)可以通过 method-permission 元素声明设置允许调用 EJB 的 home 和 remote 接口方法的角色。"
#. Tag: title
@@ -588,23 +427,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:121
#, no-c-format
-msgid ""
-"Each <literal>method-permission</literal> element contains one or more role-"
-"name child elements that define the logical roles that are allowed to access "
-"the EJB methods as identified by method child elements. You can also specify "
-"an <literal>unchecked</literal> element instead of the <literal>role-name</"
-"literal> element to declare that any authenticated user can access the "
-"methods identified by method child elements. In addition, you can declare "
-"that no one should have access to a method that has the <literal>exclude-"
-"list</literal> element. If an EJB has methods that have not been declared as "
-"accessible by a role using a <literal>method-permission</literal> element, "
-"the EJB methods default to being excluded from use. This is equivalent to "
-"defaulting the methods into the <literal>exclude-list</literal>."
-msgstr ""
-"每个 <literal>method-permission</literal> 元素都包含一个或多个 role-"
-"name 子元素,它们定义被允许访问 method 子元素标识的 EJB 方法。你也可以指定 <literal>unchecked</literal> 元素而不是 <literal>role-name</"
-"literal> 元素来声明任何经验证的用户可以访问 method 子元素标识的方法。此外,你可以声明任何人都不应该访问 <literal>exclude-"
-"list</literal> 元素列出的方法。如果 EJB 具有没有通过 <literal>method-permission</literal> 元素定义角色声明为可访问的方法,这个 EJB 的方法缺省是不可使用的。这和在 <literal>exclude-list</literal> 列出这些方法是相同的。"
+msgid "Each <literal>method-permission</literal> element contains one or more role-name child elements that define the logical roles that are allowed to access the EJB methods as identified by method child elements. You can also specify an <literal>unchecked</literal> element instead of the <literal>role-name</literal> element to declare that any authenticated user can access the methods identified by method child elements. In addition, you can declare that no one should have access to a method that has the <literal>exclude-list</literal> element. If an EJB has methods that have not been declared as accessible by a role using a <literal>method-permission</literal> element, the EJB methods default to being excluded from use. This is equivalent to defaulting the methods into the <literal>exclude-list</literal>."
+msgstr "每个 <literal>method-permission</literal> 元素都包含一个或多个 role-name 子元素,它们定义被允许访问 method 子元素标识的 EJB 方法。你也可以指定 <literal>unchecked</literal> 元素而不是 <literal>role-name</literal> 元素来声明任何经验证的用户可以访问 method 子元素标识的方法。此外,你可以声明任何人都不应该访问 <literal>exclude-list</literal> 元素列出的方法。如果 EJB 具有没有通过 <literal>method-permission</literal> 元素定义角色声明为可访问的方法,这个 EJB 的方法缺省是不可使用的。这和在 <literal>exclude-list</literal> 列出这些方法是相同的。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:125
@@ -621,9 +445,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:135
#, no-c-format
-msgid ""
-"The first is used for referring to all the home and component interface "
-"methods of the named enterprise bean:"
+msgid "The first is used for referring to all the home and component interface methods of the named enterprise bean:"
msgstr "第一种用于引用 enterprise bean 的所有 home 和 component 接口方法:"
#. Tag: programlisting
@@ -643,12 +465,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:139
#, no-c-format
-msgid ""
-"The second style is used for referring to a specified method of the home or "
-"component interface of the named enterprise bean:"
-msgstr ""
-"第二种风格是用于引用 enterprise bean 的 home 或 "
-"component 接口的指定方法。"
+msgid "The second style is used for referring to a specified method of the home or component interface of the named enterprise bean:"
+msgstr "第二种风格是用于引用 enterprise bean 的 home 或 component 接口的指定方法。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:142
@@ -667,17 +485,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:143
#, no-c-format
-msgid ""
-"If there are multiple methods with the same overloaded name, this style "
-"refers to all of the overloaded methods."
+msgid "If there are multiple methods with the same overloaded name, this style refers to all of the overloaded methods."
msgstr "如果多个方法进行了重载,这个风格引用所有重载的方法。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:146
#, no-c-format
-msgid ""
-"The third style is used to refer to a specified method within a set of "
-"methods with an overloaded name:"
+msgid "The third style is used to refer to a specified method within a set of methods with an overloaded name:"
msgstr "第三种风格用于引用一系列重载方法里的某个特殊方法:"
#. Tag: programlisting
@@ -707,37 +521,25 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:150
#, no-c-format
-msgid ""
-"The method must be defined in the specified enterprise bean's home or "
-"remote interface. The method-param element values are the fully qualified "
-"name of the corresponding method parameter type. If there are multiple "
-"methods with the same overloaded signature, the permission applies to all of "
-"the matching overloaded methods."
+msgid "The method must be defined in the specified enterprise bean's home or remote interface. The method-param element values are the fully qualified name of the corresponding method parameter type. If there are multiple methods with the same overloaded signature, the permission applies to all of the matching overloaded methods."
msgstr "这个方法必须订阅在特殊的 EJB 的 home 或 remote 接口里。method-param 元素的值是对应的方法参数类型的全限定名。如果有多个具有相同重载签名的方法,权限将应用于所有匹配的重载方法上。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:153
#, no-c-format
-msgid ""
-"The optional <literal>method-intf</literal> element can be used to "
-"differentiate methods with the same name and signature that are defined in "
-"both the home and remote interfaces of an enterprise bean."
+msgid "The optional <literal>method-intf</literal> element can be used to differentiate methods with the same name and signature that are defined in both the home and remote interfaces of an enterprise bean."
msgstr "可选的 <literal>method-intf</literal> 元素可以用于区分 EJB 的 home 和 remote 接口都定义了的具有相同名称和签名的方法。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:156
#, no-c-format
-msgid ""
-"provides complete examples of the <literal>method-permission</literal> "
-"element usage."
+msgid "provides complete examples of the <literal>method-permission</literal> element usage."
msgstr "提供关于 <literal>method-permission</literal> 元素的用法的完整示例。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:159
#, no-c-format
-msgid ""
-"An ejb-jar.xml descriptor fragment that illustrates the method-permission "
-"element usage."
+msgid "An ejb-jar.xml descriptor fragment that illustrates the method-permission element usage."
msgstr "解释 method-permission 的用法的 ejb-jar.xml 描述符片段。"
#. Tag: programlisting
@@ -747,8 +549,7 @@
"<ejb-jar>\n"
" <assembly-descriptor>\n"
" <method-permission>\n"
-" <description>The employee and temp-employee roles may "
-"access any\n"
+" <description>The employee and temp-employee roles may access any\n"
" method of the EmployeeService bean </description>\n"
" <role-name>employee</role-name>\n"
" <role-name>temp-employee</role-name>\n"
@@ -758,10 +559,8 @@
" </method>\n"
" </method-permission>\n"
" <method-permission>\n"
-" <description>The employee role may access the "
-"findByPrimaryKey,\n"
-" getEmployeeInfo, and the updateEmployeeInfo(String) method "
-"of\n"
+" <description>The employee role may access the findByPrimaryKey,\n"
+" getEmployeeInfo, and the updateEmployeeInfo(String) method of\n"
" the AardvarkPayroll bean </description>\n"
" <role-name>employee</role-name>\n"
" <method>\n"
@@ -776,8 +575,7 @@
" <ejb-name>AardvarkPayroll</ejb-name>\n"
" <method-name>updateEmployeeInfo</method-name>\n"
" <method-params>\n"
-" <method-param>java.lang.String</method-"
-"param>\n"
+" <method-param>java.lang.String</method-param>\n"
" </method-params>\n"
" </method>\n"
" </method-permission>\n"
@@ -791,8 +589,7 @@
" </method>\n"
" </method-permission>\n"
" <method-permission>\n"
-" <description>Any authenticated user may access any method "
-"of the\n"
+" <description>Any authenticated user may access any method of the\n"
" EmployeeServiceHelp bean</description>\n"
" <unchecked/>\n"
" <method>\n"
@@ -801,8 +598,7 @@
" </method>\n"
" </method-permission>\n"
" <exclude-list>\n"
-" <description>No fireTheCTO methods of the EmployeeFiring "
-"bean may be\n"
+" <description>No fireTheCTO methods of the EmployeeFiring bean may be\n"
" used in this deployment</description>\n"
" <method>\n"
" <ejb-name>EmployeeFiring</ejb-name>\n"
@@ -815,8 +611,7 @@
"<ejb-jar>\n"
" <assembly-descriptor>\n"
" <method-permission>\n"
-" <description>The employee and temp-employee roles may "
-"access any\n"
+" <description>The employee and temp-employee roles may access any\n"
" method of the EmployeeService bean </description>\n"
" <role-name>employee</role-name>\n"
" <role-name>temp-employee</role-name>\n"
@@ -826,10 +621,8 @@
" </method>\n"
" </method-permission>\n"
" <method-permission>\n"
-" <description>The employee role may access the "
-"findByPrimaryKey,\n"
-" getEmployeeInfo, and the updateEmployeeInfo(String) method "
-"of\n"
+" <description>The employee role may access the findByPrimaryKey,\n"
+" getEmployeeInfo, and the updateEmployeeInfo(String) method of\n"
" the AardvarkPayroll bean </description>\n"
" <role-name>employee</role-name>\n"
" <method>\n"
@@ -844,8 +637,7 @@
" <ejb-name>AardvarkPayroll</ejb-name>\n"
" <method-name>updateEmployeeInfo</method-name>\n"
" <method-params>\n"
-" <method-param>java.lang.String</method-"
-"param>\n"
+" <method-param>java.lang.String</method-param>\n"
" </method-params>\n"
" </method>\n"
" </method-permission>\n"
@@ -859,8 +651,7 @@
" </method>\n"
" </method-permission>\n"
" <method-permission>\n"
-" <description>Any authenticated user may access any method "
-"of the\n"
+" <description>Any authenticated user may access any method of the\n"
" EmployeeServiceHelp bean</description>\n"
" <unchecked/>\n"
" <method>\n"
@@ -869,8 +660,7 @@
" </method>\n"
" </method-permission>\n"
" <exclude-list>\n"
-" <description>No fireTheCTO methods of the EmployeeFiring "
-"bean may be\n"
+" <description>No fireTheCTO methods of the EmployeeFiring bean may be\n"
" used in this deployment</description>\n"
" <method>\n"
" <ejb-name>EmployeeFiring</ejb-name>\n"
@@ -889,14 +679,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:166
#, no-c-format
-msgid ""
-"In a web application, security is defined by the roles that are allowed "
-"access to content by a URL pattern that identifies the protected content. "
-"This set of information is declared by using the <literal>web.xml</"
-"literal><literal>security-constraint</literal> element."
-msgstr ""
-"在 web 应用程序里,角色定义安全性,它通过 URL 模式定义被保护内容的访问权限。这一系列信息是由 <literal>web.xml</"
-"literal><literal>security-constraint</literal> 元素来声明的。"
+msgid "In a web application, security is defined by the roles that are allowed access to content by a URL pattern that identifies the protected content. This set of information is declared by using the <literal>web.xml</literal><literal>security-constraint</literal> element."
+msgstr "在 web 应用程序里,角色定义安全性,它通过 URL 模式定义被保护内容的访问权限。这一系列信息是由 <literal>web.xml</literal><literal>security-constraint</literal> 元素来声明的。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:170
@@ -907,54 +691,19 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:177
#, no-c-format
-msgid ""
-"The content to be secured is declared using one or more <literal>web-"
-"resource-collection</literal> elements. Each <literal>web-resource-"
-"collection</literal> element contains an optional series of <literal>url-"
-"pattern</literal> elements followed by an optional series of <literal>http-"
-"method</literal> elements. The <literal>url-pattern</literal> element value "
-"specifies a URL pattern against which a request URL must match for the "
-"request to correspond to an attempt to access secured content. The "
-"<literal>http-method</literal> element value specifies a type of HTTP "
-"request to allow."
-msgstr ""
-"通过一个或多个 <literal>web-"
-"resource-collection</literal> 元素可设置内容的安全性。每个 <literal>web-resource-"
-"collection</literal> 元素都包括一系列可选的 <literal>url-"
-"pattern</literal> 元素,后面跟着一系列可选的 <literal>http-"
-"method</literal> 元素。<literal>url-pattern</literal> 元素的值指定 URL 模式,对受保护内容的访问的请求 URL 必须匹配它。<literal>http-method</literal> 元素的值指定所允许的 HTTP 请求类型。"
+msgid "The content to be secured is declared using one or more <literal>web-resource-collection</literal> elements. Each <literal>web-resource-collection</literal> element contains an optional series of <literal>url-pattern</literal> elements followed by an optional series of <literal>http-method</literal> elements. The <literal>url-pattern</literal> element value specifies a URL pattern against which a request URL must match for the request to correspond to an attempt to access secured content. The <literal>http-method</literal> element value specifies a type of HTTP request to allow."
+msgstr "通过一个或多个 <literal>web-resource-collection</literal> 元素可设置内容的安全性。每个 <literal>web-resource-collection</literal> 元素都包括一系列可选的 <literal>url-pattern</literal> 元素,后面跟着一系列可选的 <literal>http-method</literal> 元素。<literal>url-pattern</literal> 元素的值指定 URL 模式,对受保护内容的访问的请求 URL 必须匹配它。<literal>http-method</literal> 元素的值指定所允许的 HTTP 请求类型。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:180
#, no-c-format
-msgid ""
-"The optional <literal>user-data-constraint</literal> element specifies the "
-"requirements for the transport layer of the client to server connection. The "
-"requirement may be for content integrity (preventing data tampering in the "
-"communication process) or for confidentiality (preventing reading while in "
-"transit). The transport-guarantee element value specifies the degree to "
-"which communication between the client and server should be protected. Its "
-"values are <literal>NONE</literal>, <literal>INTEGRAL</literal>, and "
-"<literal>CONFIDENTIAL</literal>. A value of <literal>NONE</literal> means "
-"that the application does not require any transport guarantees. A value of "
-"<literal>INTEGRAL</literal> means that the application requires the data "
-"sent between the client and server to be sent in such a way that it can'"
-"t be changed in transit. A value of <literal>CONFIDENTIAL</literal> means "
-"that the application requires the data to be transmitted in a fashion that "
-"prevents other entities from observing the contents of the transmission. In "
-"most cases, the presence of the <literal>INTEGRAL</literal> or "
-"<literal>CONFIDENTIAL</literal> flag indicates that the use of SSL is "
-"required."
+msgid "The optional <literal>user-data-constraint</literal> element specifies the requirements for the transport layer of the client to server connection. The requirement may be for content integrity (preventing data tampering in the communication process) or for confidentiality (preventing reading while in transit). The transport-guarantee element value specifies the degree to which communication between the client and server should be protected. Its values are <literal>NONE</literal>, <literal>INTEGRAL</literal>, and <literal>CONFIDENTIAL</literal>. A value of <literal>NONE</literal> means that the application does not require any transport guarantees. A value of <literal>INTEGRAL</literal> means that the application requires the data sent between the client and server to be sent in such a way that it can't be changed in transit. A value of <literal>CONFIDENTIAL</literal> means that the application requires the data to be transmitted in a fashion that prevents other e!
ntities from observing the contents of the transmission. In most cases, the presence of the <literal>INTEGRAL</literal> or <literal>CONFIDENTIAL</literal> flag indicates that the use of SSL is required."
msgstr "可选的 <literal>user-data-constraint</literal> 元素指定对客户和服务器连接的传输层的要求。这些要求可能是内容的完整性(阻止数据在通信过程中被擅自改动)或者机密性(阻止在传输时被读取)。transport-guarantee 元素指定客户和服务器间的通信应该受保护的程度。它的值是 <literal>NONE</literal>、<literal>INTEGRAL</literal> 和 <literal>CONFIDENTIAL</literal>。<literal>NONE</literal> 表示应用程序不要求任何传输的保证。<literal>INTEGRAL</literal> 表示应用程序要求客户和服务器间的数据以不能在传输时更改的方式发送。<literal>CONFIDENTIAL</literal> 表示应用程序要求数据以阻止其他实体观测传输内容的方式进行传输。在大多数情况下,<literal>INTEGRAL</literal> 或 <literal>CONFIDENTIAL</literal> 标记要求使用 SSL。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:183
#, no-c-format
-msgid ""
-"The optional <literal>login-config</literal> element is used to configure "
-"the authentication method that should be used, the realm name that should be "
-"used for rhw application, and the attributes that are needed by the form "
-"login mechanism."
+msgid "The optional <literal>login-config</literal> element is used to configure the authentication method that should be used, the realm name that should be used for rhw application, and the attributes that are needed by the form login mechanism."
msgstr "可选的 <literal>login-config</literal> 元素用于配置应该使用的 authentication 方法,realm 名称应该用于 rhw 应用程序以及表单登录机制所要求的属性。"
#. Tag: title
@@ -966,50 +715,20 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:194
#, no-c-format
-msgid ""
-"The <literal>auth-method</literal> child element specifies the "
-"authentication mechanism for the web application. As a prerequisite to "
-"gaining access to any web resources that are protected by an authorization "
-"constraint, a user must have authenticated using the configured mechanism. "
-"Legal <literal>auth-method</literal> values are <literal>BASIC</literal>, "
-"<literal>DIGEST</literal>, <literal>FORM</literal>, and <literal>CLIENT-"
-"CERT</literal>. The <literal>realm-name</literal> child element specifies "
-"the realm name to use in HTTP basic and digest authorization. The "
-"<literal>form-login-config</literal> child element specifies the log in as "
-"well as error pages that should be used in form-based login. If the "
-"<literal>auth-method</literal> value is not <literal>FORM</literal>, then "
-"<literal>form-login-config</literal> and its child elements are ignored."
-msgstr ""
-"<literal>auth-method</literal> 子元素指定 web 应用程序的验证机制。作为获取对任何由授权约束保护的 web 资源的访问的预备条件,用户必须用相关机制进行验证。合法的 <literal>auth-method</literal> 值为 <literal>BASIC</literal>、"
-"<literal>DIGEST</literal>、<literal>FORM</literal> 和 <literal>CLIENT-"
-"CERT</literal>。<literal>realm-name</literal> 子元素指定使用 HTTP BASIC 和 DIGEST 授权时使用的 realm 名称。<literal>form-login-config</literal> 子元素指定基于表单的登录应该使用登录和错误页面。如果 <literal>auth-method</literal> 的值不是 <literal>FORM</literal>,<literal>form-login-config</literal> 及其子元素将被忽略。"
+msgid "The <literal>auth-method</literal> child element specifies the authentication mechanism for the web application. As a prerequisite to gaining access to any web resources that are protected by an authorization constraint, a user must have authenticated using the configured mechanism. Legal <literal>auth-method</literal> values are <literal>BASIC</literal>, <literal>DIGEST</literal>, <literal>FORM</literal>, and <literal>CLIENT-CERT</literal>. The <literal>realm-name</literal> child element specifies the realm name to use in HTTP basic and digest authorization. The <literal>form-login-config</literal> child element specifies the log in as well as error pages that should be used in form-based login. If the <literal>auth-method</literal> value is not <literal>FORM</literal>, then <literal>form-login-config</literal> and its child elements are ignored."
+msgstr "<literal>auth-method</literal> 子元素指定 web 应用程序的验证机制。作为获取对任何由授权约束保护的 web 资源的访问的预备条件,用户必须用相关机制进行验证。合法的 <literal>auth-method</literal> 值为 <literal>BASIC</literal>、<literal>DIGEST</literal>、<literal>FORM</literal> 和 <literal>CLIENT-CERT</literal>。<literal>realm-name</literal> 子元素指定使用 HTTP BASIC 和 DIGEST 授权时使用的 realm 名称。<literal>form-login-config</literal> 子元素指定基于表单的登录应该使用登录和错误页面。如果 <literal>auth-method</literal> 的值不是 <literal>FORM</literal>,<literal>form-login-config</literal> 及其子元素将被忽略。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:197
#, no-c-format
-msgid ""
-"As an example, the <literal>web.xml</literal> descriptor fragment given in "
-"<xref linkend=\"Web_Content_Security_Constraints-_A_web."
-"xml_descriptor_fragment_which_illustrates_the_use_of_the_security_constraint_and_related_elements."
-"\"/> indicates that any URL lying under the web application's <literal>/"
-"restricted</literal> path requires an <literal>AuthorizedUser</literal> "
-"role. There is no required transport guarantee and the authentication method "
-"used for obtaining the user identity is BASIC HTTP authentication."
-msgstr ""
-"<xref linkend=\"Web_Content_Security_Constraints-_A_web."
-"xml_descriptor_fragment_which_illustrates_the_use_of_the_security_constraint_and_related_elements."
-"\"/> 里给出的 <literal>web.xml</literal> 片段指出任何依附于应用程序的 <literal>/"
-"restricted</literal> 路径下的 URL 需要具有 <literal>AuthorizedUser</literal> 角色。它不要求传输保证且用于获取用户标识符的验证方式是 BASIC HTTP 验证。"
+msgid "As an example, the <literal>web.xml</literal> descriptor fragment given in <xref linkend=\"Web_Content_Security_Constraints-_A_web.xml_descriptor_fragment_which_illustrates_the_use_of_the_security_constraint_and_related_elements.\"/> indicates that any URL lying under the web application's <literal>/restricted</literal> path requires an <literal>AuthorizedUser</literal> role. There is no required transport guarantee and the authentication method used for obtaining the user identity is BASIC HTTP authentication."
+msgstr "<xref linkend=\"Web_Content_Security_Constraints-_A_web.xml_descriptor_fragment_which_illustrates_the_use_of_the_security_constraint_and_related_elements.\"/> 里给出的 <literal>web.xml</literal> 片段指出任何依附于应用程序的 <literal>/restricted</literal> 路径下的 URL 需要具有 <literal>AuthorizedUser</literal> 角色。它不要求传输保证且用于获取用户标识符的验证方式是 BASIC HTTP 验证。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:200
#, no-c-format
-msgid ""
-"A web.xml descriptor fragment which illustrates the use of the security-"
-"constraint and related elements."
-msgstr ""
-"解释 security-"
-"constraint 和相关元素的用法的 web.xml 片段。"
+msgid "A web.xml descriptor fragment which illustrates the use of the security-constraint and related elements."
+msgstr "解释 security-constraint 和相关元素的用法的 web.xml 片段。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:201
@@ -1019,8 +738,7 @@
" <!-- ... -->\n"
" <security-constraint>\n"
" <web-resource-collection>\n"
-" <web-resource-name>Secure Content</web-resource-"
-"name>\n"
+" <web-resource-name>Secure Content</web-resource-name>\n"
" <url-pattern>/restricted/*</url-pattern>\n"
" </web-resource-collection>\n"
" <auth-constraint>\n"
@@ -1037,8 +755,7 @@
" </login-config>\n"
" <!-- ... -->\n"
" <security-role>\n"
-" <description>The role required to access restricted content "
-"</description>\n"
+" <description>The role required to access restricted content </description>\n"
" <role-name>AuthorizedUser</role-name>\n"
" </security-role>\n"
"</web-app>"
@@ -1047,8 +764,7 @@
" <!-- ... -->\n"
" <security-constraint>\n"
" <web-resource-collection>\n"
-" <web-resource-name>Secure Content</web-resource-"
-"name>\n"
+" <web-resource-name>Secure Content</web-resource-name>\n"
" <url-pattern>/restricted/*</url-pattern>\n"
" </web-resource-collection>\n"
" <auth-constraint>\n"
@@ -1065,8 +781,7 @@
" </login-config>\n"
" <!-- ... -->\n"
" <security-role>\n"
-" <description>The role required to access restricted content "
-"</description>\n"
+" <description>The role required to access restricted content </description>\n"
" <role-name>AuthorizedUser</role-name>\n"
" </security-role>\n"
"</web-app>"
@@ -1080,20 +795,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:207
#, no-c-format
-msgid ""
-"The J2EE security elements that have been covered so far describe the "
-"security requirements only from the application's perspective. Because "
-"J2EE security elements declare logical roles, the application deployer maps "
-"the roles from the application domain onto the deployment environment. The "
-"J2EE specifications omit these application server-specific details. In "
-"JBoss, mapping the application roles onto the deployment environment entails "
-"specifying a security manager that implements the J2EE security model using "
-"JBoss server specific deployment descriptors. The details behind the "
-"security configuration are discussed in <xref linkend=\"Security_on_JBoss-"
-"The_JBoss_Security_Model\"/>."
-msgstr ""
-"我们已经介绍的 J2EE 安全元素只是从应用程序的角度来描述安全性要求。因为J2EE 安全元素声明了逻辑角色,应用程序部署者把这些角色从应用程序域映射到部署环境里。J2EE 规格忽视了这些应用程序专有的细节。在 JBoss 里,我们通过指定用 JBoss 服务器专有的部署描述符实现 J2EE 安全模型的安全性管理者来把应用程序角色映射到部署环境里。我们将在 <xref linkend=\"Security_on_JBoss-"
-"The_JBoss_Security_Model\"/> 里讨论安全性配置背后的细节。"
+msgid "The J2EE security elements that have been covered so far describe the security requirements only from the application's perspective. Because J2EE security elements declare logical roles, the application deployer maps the roles from the application domain onto the deployment environment. The J2EE specifications omit these application server-specific details. In JBoss, mapping the application roles onto the deployment environment entails specifying a security manager that implements the J2EE security model using JBoss server specific deployment descriptors. The details behind the security configuration are discussed in <xref linkend=\"Security_on_JBoss-The_JBoss_Security_Model\"/>."
+msgstr "我们已经介绍的 J2EE 安全元素只是从应用程序的角度来描述安全性要求。因为J2EE 安全元素声明了逻辑角色,应用程序部署者把这些角色从应用程序域映射到部署环境里。J2EE 规格忽视了这些应用程序专有的细节。在 JBoss 里,我们通过指定用 JBoss 服务器专有的部署描述符实现 J2EE 安全模型的安全性管理者来把应用程序角色映射到部署环境里。我们将在 <xref linkend=\"Security_on_JBoss-The_JBoss_Security_Model\"/> 里讨论安全性配置背后的细节。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:215
@@ -1104,12 +807,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:216
#, no-c-format
-msgid ""
-"The JBossSX framework is based on the JAAS API. It is important that you "
-"understand the basic elements of the JAAS API to understand the "
-"implementation details of JBossSX. The following sections provide an "
-"introduction to JAAS to prepare you for the JBossSX architecture discussion "
-"later in this chapter."
+msgid "The JBossSX framework is based on the JAAS API. It is important that you understand the basic elements of the JAAS API to understand the implementation details of JBossSX. The following sections provide an introduction to JAAS to prepare you for the JBossSX architecture discussion later in this chapter."
msgstr "JBossSX 框架是基于 JAAS API 的。理解 JAAS API 的基本元素对于理解 JBossSX 的实现细节是很重要的。下面的章节介绍了 JAAS,它为后面对 JBossSX 架构的讨论做好了准备。"
#. Tag: title
@@ -1121,28 +819,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:221
#, no-c-format
-msgid ""
-"The JAAS 1.0 API consists of a set of Java packages designed for user "
-"authentication and authorization. It implements a Java version of the "
-"standard Pluggable Authentication Module (PAM) framework and compatibly "
-"extends the Java 2 Platform's access control architecture to support "
-"user-based authorization. JAAS was first released as an extension package "
-"for JDK 1.3 and is bundled with JDK 1.4+. Because the JBossSX framework uses "
-"only the authentication capabilities of JAAS to implement the declarative "
-"role-based J2EE security model, this introduction focuses on only that topic."
+msgid "The JAAS 1.0 API consists of a set of Java packages designed for user authentication and authorization. It implements a Java version of the standard Pluggable Authentication Module (PAM) framework and compatibly extends the Java 2 Platform's access control architecture to support user-based authorization. JAAS was first released as an extension package for JDK 1.3 and is bundled with JDK 1.4+. Because the JBossSX framework uses only the authentication capabilities of JAAS to implement the declarative role-based J2EE security model, this introduction focuses on only that topic."
msgstr "JAAS 1.0 API 由一系列用于用户验证和授权的 Java 包组成。它实现标准可插拔验证模块(Pluggable Authentication Module,PAM)框架的 Java 版本,并扩展了 Java 2 平台的访问控制架构以支持基于用户的授权。JAAS 最先是作为 JDK 1.3 的扩展包发行的,现在它已捆绑在 JDK 1.4+ 里了。因为 JBossSX 框架只使用 JAAS 的验证功能来实现声明式的基于 J2EE 安全模型,这个介绍着重于这个方面的内容。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:224
#, no-c-format
-msgid ""
-"JAAS authentication is performed in a pluggable fashion. This permits Java "
-"applications to remain independent from underlying authentication "
-"technologies and allows the JBossSX security manager to work in different "
-"security infrastructures. Integration with a security infrastructure can be "
-"achieved without changing the JBossSX security manager implementation. All "
-"that needs to change is the configuration of the authentication stack that "
-"JAAS uses."
+msgid "JAAS authentication is performed in a pluggable fashion. This permits Java applications to remain independent from underlying authentication technologies and allows the JBossSX security manager to work in different security infrastructures. Integration with a security infrastructure can be achieved without changing the JBossSX security manager implementation. All that needs to change is the configuration of the authentication stack that JAAS uses."
msgstr "JAAS 验证以可插拔的方式运行。这允许 Java 程序独立于底层的验证技术并允许 JBossSX 安全性管理者工作于不同的安全基础结构里。和安全基础结构的集成可以不用修改 JBossSX 安全性管理者实现。所需修改的是 JAAS 使用的验证栈的配置而已。"
#. Tag: title
@@ -1154,11 +837,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:229
#, no-c-format
-msgid ""
-"The JAAS core classes can be broken down into three categories: common, "
-"authentication, and authorization. The following list presents only the "
-"common and authentication classes because these are the specific classes "
-"used to implement the functionality of JBossSX covered in this chapter."
+msgid "The JAAS core classes can be broken down into three categories: common, authentication, and authorization. The following list presents only the common and authentication classes because these are the specific classes used to implement the functionality of JBossSX covered in this chapter."
msgstr "JAAS 的核心类可分为三个类别:common、authentication 和 authorization。下面的列表只显示 common 和 authentication 类别,因为它们是实现本章所涵盖的 JBossSX 功能所专有的类。"
#. Tag: para
@@ -1188,52 +867,32 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:252
#, no-c-format
-msgid ""
-"<literal>Callback</literal> (<literal>javax.security.auth.callback.Callback</"
-"literal>)"
-msgstr ""
-"<literal>Callback</literal> (<literal>javax.security.auth.callback.Callback</"
-"literal>)"
+msgid "<literal>Callback</literal> (<literal>javax.security.auth.callback.Callback</literal>)"
+msgstr "<literal>Callback</literal> (<literal>javax.security.auth.callback.Callback</literal>)"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:257
#, no-c-format
-msgid ""
-"<literal>CallbackHandler</literal> (<literal>javax.security.auth.callback."
-"CallbackHandler</literal>)"
-msgstr ""
-"<literal>CallbackHandler</literal> (<literal>javax.security.auth.callback."
-"CallbackHandler</literal>)"
+msgid "<literal>CallbackHandler</literal> (<literal>javax.security.auth.callback.CallbackHandler</literal>)"
+msgstr "<literal>CallbackHandler</literal> (<literal>javax.security.auth.callback.CallbackHandler</literal>)"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:262
#, no-c-format
-msgid ""
-"<literal>Configuration</literal> (<literal>javax.security.auth.login."
-"Configuration</literal>)"
-msgstr ""
-"<literal>Configuration</literal> (<literal>javax.security.auth.login."
-"Configuration</literal>)"
+msgid "<literal>Configuration</literal> (<literal>javax.security.auth.login.Configuration</literal>)"
+msgstr "<literal>Configuration</literal> (<literal>javax.security.auth.login.Configuration</literal>)"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:267
#, no-c-format
-msgid ""
-"<literal>LoginContext</literal> (<literal>javax.security.auth.login."
-"LoginContext</literal>)"
-msgstr ""
-"<literal>LoginContext</literal> (<literal>javax.security.auth.login."
-"LoginContext</literal>)"
+msgid "<literal>LoginContext</literal> (<literal>javax.security.auth.login.LoginContext</literal>)"
+msgstr "<literal>LoginContext</literal> (<literal>javax.security.auth.login.LoginContext</literal>)"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:272
#, no-c-format
-msgid ""
-"<literal>LoginModule</literal> (<literal>javax.security.auth.spi."
-"LoginModule</literal>)"
-msgstr ""
-"<literal>LoginModule</literal> (<literal>javax.security.auth.spi."
-"LoginModule</literal>)"
+msgid "<literal>LoginModule</literal> (<literal>javax.security.auth.spi.LoginModule</literal>)"
+msgstr "<literal>LoginModule</literal> (<literal>javax.security.auth.spi.LoginModule</literal>)"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:278
@@ -1244,30 +903,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:279
#, no-c-format
-msgid ""
-"To authorize access to resources, applications first need to authenticate "
-"the request's source. The JAAS framework defines the term subject to "
-"represent a request's source. The <literal>Subject</literal> class is "
-"the central class in JAAS. A <literal>Subject</literal> represents "
-"information for a single entity, such as a person or service. It encompasses "
-"the entity's principals, public credentials, and private credentials. "
-"The JAAS APIs use the existing Java 2 <literal>java.security.Principal</"
-"literal> interface to represent a principal, which is essentially just a "
-"typed name."
-msgstr ""
-"要给对资源的访问授权,应用程序首先需要验证请求的源头。JAAS 框架定义了术语 subject 来代表请求源。<literal>Subject</literal> 类是 JAAS 的核心类。<literal>Subject</literal> 代表单个实体的信息,如某个人或服务。它包括实体的 principal、public credential 以及 private credential。JAAS API 使用现有的 Java 2 <literal>java.security.Principal</"
-"literal> 接口来表示 principal。"
+msgid "To authorize access to resources, applications first need to authenticate the request's source. The JAAS framework defines the term subject to represent a request's source. The <literal>Subject</literal> class is the central class in JAAS. A <literal>Subject</literal> represents information for a single entity, such as a person or service. It encompasses the entity's principals, public credentials, and private credentials. The JAAS APIs use the existing Java 2 <literal>java.security.Principal</literal> interface to represent a principal, which is essentially just a typed name."
+msgstr "要给对资源的访问授权,应用程序首先需要验证请求的源头。JAAS 框架定义了术语 subject 来代表请求源。<literal>Subject</literal> 类是 JAAS 的核心类。<literal>Subject</literal> 代表单个实体的信息,如某个人或服务。它包括实体的 principal、public credential 以及 private credential。JAAS API 使用现有的 Java 2 <literal>java.security.Principal</literal> 接口来表示 principal。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:282
#, no-c-format
-msgid ""
-"During the authentication process, a subject is populated with associated "
-"identities, or principals. A subject may have many principals. For example, "
-"a person may have a name principal (John Doe), a social security number "
-"principal (123-45-6789), and a username principal (johnd), all of which help "
-"distinguish the subject from other subjects. To retrieve the principals "
-"associated with a subject, two methods are available:"
+msgid "During the authentication process, a subject is populated with associated identities, or principals. A subject may have many principals. For example, a person may have a name principal (John Doe), a social security number principal (123-45-6789), and a username principal (johnd), all of which help distinguish the subject from other subjects. To retrieve the principals associated with a subject, two methods are available:"
msgstr "在验证过程中,subject 用相关联的标识符或者 principal 进行填充。一个 subject 可以有多个 principal。例如,一个人可以有一个名字 principal(John Doe),一个社保号码 principal (123-45-6789),以及一个用户名 principal(johnd),所有这些都有助于和其他 subject 进行区分。要获取和 subject 相关联的 principal,可以使用两个方法:"
#. Tag: programlisting
@@ -1283,19 +925,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:286
#, no-c-format
-msgid ""
-"The first method returns all principals contained in the subject. The second "
-"method returns only those principals that are instances of class <literal>c</"
-"literal> or one of its subclasses. An empty set is returned if the subject "
-"has no matching principals. Note that the <literal>java.security.acl.Group</"
-"literal> interface is a subinterface of <literal>java.security.Principal</"
-"literal>, so an instance in the principals set may represent a logical "
-"grouping of other principals or groups of principals."
-msgstr ""
-"第一个方法返回该 subject 里包含的所有 principal。第二个方法返回类 <literal>c</"
-"literal> 或者是它的子类的实例。如果该 subject 不含有任何匹配的 principal,将返回一个空集。请注意,<literal>java.security.acl.Group</"
-"literal> 接口是 <literal>java.security.Principal</"
-"literal> 的子接口,所以 principal 集里的实例可以代表其他 principal 或 principal 组的一个逻辑组。"
+msgid "The first method returns all principals contained in the subject. The second method returns only those principals that are instances of class <literal>c</literal> or one of its subclasses. An empty set is returned if the subject has no matching principals. Note that the <literal>java.security.acl.Group</literal> interface is a subinterface of <literal>java.security.Principal</literal>, so an instance in the principals set may represent a logical grouping of other principals or groups of principals."
+msgstr "第一个方法返回该 subject 里包含的所有 principal。第二个方法返回类 <literal>c</literal> 或者是它的子类的实例。如果该 subject 不含有任何匹配的 principal,将返回一个空集。请注意,<literal>java.security.acl.Group</literal> 接口是 <literal>java.security.Principal</literal> 的子接口,所以 principal 集里的实例可以代表其他 principal 或 principal 组的一个逻辑组。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:292
@@ -1306,32 +937,20 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:293
#, no-c-format
-msgid ""
-"Authentication of a subject requires a JAAS login. The login procedure "
-"consists of the following steps:"
+msgid "Authentication of a subject requires a JAAS login. The login procedure consists of the following steps:"
msgstr "subject 的验证要求 JAAS 登录。登录过程由下列步骤组成:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:298
#, no-c-format
-msgid ""
-"An application instantiates a <literal>LoginContext</literal> and passes in "
-"the name of the login configuration and a <literal>CallbackHandler</literal> "
-"to populate the <literal>Callback</literal> objects, as required by the "
-"configuration <literal>LoginModule</literal>s."
+msgid "An application instantiates a <literal>LoginContext</literal> and passes in the name of the login configuration and a <literal>CallbackHandler</literal> to populate the <literal>Callback</literal> objects, as required by the configuration <literal>LoginModule</literal>s."
msgstr "应用程序初始化一个 <literal>LoginContext</literal> 并传入登录配置的名称和一个 <literal>CallbackHandler</literal>,且按照配置 <literal>LoginModule</literal> 所要求的填充 <literal>Callback</literal> 对象。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:303
#, no-c-format
-msgid ""
-"The <literal>LoginContext</literal> consults a <literal>Configuration</"
-"literal> to load all the <literal>LoginModules</literal> included in the "
-"named login configuration. If no such named configuration exists the "
-"<literal>other</literal> configuration is used as a default."
-msgstr ""
-"<literal>LoginContext</literal> 查询 <literal>Configuration</"
-"literal> 以载入命名登录配置里的 <literal>LoginModules</literal>。如果不存在该配置,<literal>other</literal> 将被缺省使用。"
+msgid "The <literal>LoginContext</literal> consults a <literal>Configuration</literal> to load all the <literal>LoginModules</literal> included in the named login configuration. If no such named configuration exists the <literal>other</literal> configuration is used as a default."
+msgstr "<literal>LoginContext</literal> 查询 <literal>Configuration</literal> 以载入命名登录配置里的 <literal>LoginModules</literal>。如果不存在该配置,<literal>other</literal> 将被缺省使用。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:308
@@ -1342,59 +961,31 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:313
#, no-c-format
-msgid ""
-"The login method invokes all the loaded <literal>LoginModule</literal>s. As "
-"each <literal>LoginModule</literal> attempts to authenticate the subject, it "
-"invokes the handle method on the associated <literal>CallbackHandler</"
-"literal> to obtain the information required for the authentication process. "
-"The required information is passed to the handle method in the form of an "
-"array of <literal>Callback</literal> objects. Upon success, the "
-"<literal>LoginModule</literal>s associate relevant principals and "
-"credentials with the subject."
-msgstr ""
-"login 方法调用所有已加载的 <literal>LoginModule</literal>。因为每个 <literal>LoginModule</literal> 都试图验证 subject,它调用相关联的 <literal>CallbackHandler</"
-"literal> 上的 handle 方法来获取验证过程所要求的信息。这些信息以 <literal>Callback</literal> 对象队列的形式被传递给 handle 方法。执行成功后,<literal>LoginModule</literal> 将相关的 principal 和 credential 和该 subject 进行关联。"
+msgid "The login method invokes all the loaded <literal>LoginModule</literal>s. As each <literal>LoginModule</literal> attempts to authenticate the subject, it invokes the handle method on the associated <literal>CallbackHandler</literal> to obtain the information required for the authentication process. The required information is passed to the handle method in the form of an array of <literal>Callback</literal> objects. Upon success, the <literal>LoginModule</literal>s associate relevant principals and credentials with the subject."
+msgstr "login 方法调用所有已加载的 <literal>LoginModule</literal>。因为每个 <literal>LoginModule</literal> 都试图验证 subject,它调用相关联的 <literal>CallbackHandler</literal> 上的 handle 方法来获取验证过程所要求的信息。这些信息以 <literal>Callback</literal> 对象队列的形式被传递给 handle 方法。执行成功后,<literal>LoginModule</literal> 将相关的 principal 和 credential 和该 subject 进行关联。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:318
#, no-c-format
-msgid ""
-"The <literal>LoginContext</literal> returns the authentication status to the "
-"application. Success is represented by a return from the login method. "
-"Failure is represented through a LoginException being thrown by the login "
-"method."
+msgid "The <literal>LoginContext</literal> returns the authentication status to the application. Success is represented by a return from the login method. Failure is represented through a LoginException being thrown by the login method."
msgstr "<literal>LoginContext</literal> 把验证的状态返回给应用程序。login 方法的返回代表成功。而 login 方法抛出 LoginException 异常则表示失败。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:323
#, no-c-format
-msgid ""
-"If authentication succeeds, the application retrieves the authenticated "
-"subject using the <literal>LoginContext.getSubject</literal> method."
+msgid "If authentication succeeds, the application retrieves the authenticated subject using the <literal>LoginContext.getSubject</literal> method."
msgstr "如果验证成功,应用程序用 <literal>LoginContext.getSubject</literal> 方法获取已验证的 subject。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:328
#, no-c-format
-msgid ""
-"After the scope of the subject authentication is complete, all principals "
-"and related information associated with the subject by the login method can "
-"be removed by invoking the <literal>LoginContext.logout</literal> method."
+msgid "After the scope of the subject authentication is complete, all principals and related information associated with the subject by the login method can be removed by invoking the <literal>LoginContext.logout</literal> method."
msgstr "在 subject 验证完成后,所有的 principal 和相关信息都可调用 <literal>LoginContext.logout</literal> 方法进行删除。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:333
#, no-c-format
-msgid ""
-"The <literal>LoginContext</literal> class provides the basic methods for "
-"authenticating subjects and offers a way to develop an application that is "
-"independent of the underlying authentication technology. The "
-"<literal>LoginContext</literal> consults a <literal>Configuration</literal> "
-"to determine the authentication services configured for a particular "
-"application. <literal>LoginModule</literal> classes represent the "
-"authentication services. Therefore, you can plug different login modules "
-"into an application without changing the application itself. The following "
-"code shows the steps required by an application to authenticate a subject."
+msgid "The <literal>LoginContext</literal> class provides the basic methods for authenticating subjects and offers a way to develop an application that is independent of the underlying authentication technology. The <literal>LoginContext</literal> consults a <literal>Configuration</literal> to determine the authentication services configured for a particular application. <literal>LoginModule</literal> classes represent the authentication services. Therefore, you can plug different login modules into an application without changing the application itself. The following code shows the steps required by an application to authenticate a subject."
msgstr "<literal>LoginContext</literal> 类提供验证 subject 的基本方法并为独立于底层验证技术的程序开发提供了一种途径。<literal>LoginContext</literal> 查询 <literal>Configuration</literal> 来决定为某个应用程序配置的验证服务。<literal>LoginModule</literal> 类代表了这些验证服务。因此,你可以在应用程序里插入不同的登录模块而不需改变应用程序本身。下面的代码显示应用程序验证 subject 所需的步骤。"
#. Tag: programlisting
@@ -1439,8 +1030,7 @@
" pc.setPassword(password);\n"
" } else {\n"
" throw new UnsupportedCallbackException(callbacks[i],\n"
-" \"Unrecognized "
-"Callback\");\n"
+" \"Unrecognized Callback\");\n"
" }\n"
" }\n"
" }\n"
@@ -1484,8 +1074,7 @@
" pc.setPassword(password);\n"
" } else {\n"
" throw new UnsupportedCallbackException(callbacks[i],\n"
-" \"Unrecognized "
-"Callback\");\n"
+" \"Unrecognized Callback\");\n"
" }\n"
" }\n"
" }\n"
@@ -1494,149 +1083,56 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:337
#, no-c-format
-msgid ""
-"Developers integrate with an authentication technology by creating an "
-"implementation of the <literal>LoginModule</literal> interface. This allows "
-"an administrator to plug different authentication technologies into an "
-"application. You can chain together multiple <literal>LoginModule</literal>s "
-"to allow for more than one authentication technology to participate in the "
-"authentication process. For example, one <literal>LoginModule</literal> may "
-"perform username/password-based authentication, while another may interface "
-"to hardware devices such as smart card readers or biometric authenticators."
+msgid "Developers integrate with an authentication technology by creating an implementation of the <literal>LoginModule</literal> interface. This allows an administrator to plug different authentication technologies into an application. You can chain together multiple <literal>LoginModule</literal>s to allow for more than one authentication technology to participate in the authentication process. For example, one <literal>LoginModule</literal> may perform username/password-based authentication, while another may interface to hardware devices such as smart card readers or biometric authenticators."
msgstr "开发人员通过创建 <literal>LoginModule</literal> 接口的实现来集成验证技术。这允许管理者在应用程序里插入不同的验证技术。你可以把多个 <literal>LoginModule</literal> 链接起来,使多种验证技术参与验证过程。例如,一个 <literal>LoginModule</literal> 可以执行基于用户名/密码的验证,而另外一个则可以对硬件设备如智能卡读写器进行验证。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:340
#, no-c-format
-msgid ""
-"The life cycle of a <literal>LoginModule</literal> is driven by the "
-"<literal>LoginContext</literal> object against which the client creates and "
-"issues the login method. The process consists of two phases. The steps of "
-"the process are as follows:"
+msgid "The life cycle of a <literal>LoginModule</literal> is driven by the <literal>LoginContext</literal> object against which the client creates and issues the login method. The process consists of two phases. The steps of the process are as follows:"
msgstr "<literal>LoginModule</literal> 的生命周期由 <literal>LoginContext</literal> 对象根据哪个客户创建和执行 login 方法来决定。这个过程由两个阶段组成。它的步骤如下:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:345
#, no-c-format
-msgid ""
-"The <literal>LoginContext</literal> creates each configured "
-"<literal>LoginModule</literal> using its public no-arg constructor."
+msgid "The <literal>LoginContext</literal> creates each configured <literal>LoginModule</literal> using its public no-arg constructor."
msgstr "<literal>LoginContext</literal> 创建用 public 的无参构造器创建每个 <literal>LoginModule</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:350
#, no-c-format
-msgid ""
-"Each <literal>LoginModule</literal> is initialized with a call to its "
-"initialize method. The <literal>Subject</literal> argument is guaranteed to "
-"be non-null. The signature of the initialize method is: <literal>public void "
-"initialize(Subject subject, CallbackHandler callbackHandler, Map "
-"sharedState, Map options)</literal>."
-msgstr ""
-"每个 <literal>LoginModule</literal> 都通过其 initialize 方法进行初始化。<literal>Subject</literal> 参数必须是非空值。 initialize 方法的签名是 <literal>public void "
-"initialize(Subject subject, CallbackHandler callbackHandler, Map "
-"sharedState, Map options)</literal>。"
+msgid "Each <literal>LoginModule</literal> is initialized with a call to its initialize method. The <literal>Subject</literal> argument is guaranteed to be non-null. The signature of the initialize method is: <literal>public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)</literal>."
+msgstr "每个 <literal>LoginModule</literal> 都通过其 initialize 方法进行初始化。<literal>Subject</literal> 参数必须是非空值。 initialize 方法的签名是 <literal>public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:355
#, no-c-format
-msgid ""
-"The <literal>login</literal> method is called to start the authentication "
-"process. For example, a method implementation might prompt the user for a "
-"username and password and then verify the information against data stored in "
-"a naming service such as NIS or LDAP. Alternative implementations might "
-"interface to smart cards and biometric devices, or simply extract user "
-"information from the underlying operating system. The validation of user "
-"identity by each <literal>LoginModule</literal> is considered phase 1 of "
-"JAAS authentication. The signature of the <literal>login</literal> method is "
-"<literal>boolean login() throws LoginException</literal>. A "
-"<literal>LoginException</literal> indicates failure. A return value of true "
-"indicates that the method succeeded, whereas a return valueof false "
-"indicates that the login module should be ignored."
+msgid "The <literal>login</literal> method is called to start the authentication process. For example, a method implementation might prompt the user for a username and password and then verify the information against data stored in a naming service such as NIS or LDAP. Alternative implementations might interface to smart cards and biometric devices, or simply extract user information from the underlying operating system. The validation of user identity by each <literal>LoginModule</literal> is considered phase 1 of JAAS authentication. The signature of the <literal>login</literal> method is <literal>boolean login() throws LoginException</literal>. A <literal>LoginException</literal> indicates failure. A return value of true indicates that the method succeeded, whereas a return valueof false indicates that the login module should be ignored."
msgstr "<literal>login</literal> 方法被调用以启动验证过程。例如,某个方法实现可能提示用户输入用户名和密码,然后根据存储在命名服务如 NIS 或 LDAP 里的数据进行验证。其他的实现可能使用智能卡和生物设备,或是简单地从底层操作系统抽取用户的信息。每个 <literal>LoginModule</literal> 对用户标识符的验证都可考虑为 JAAS 验证的第一阶段。<literal>login</literal> 方法的签名是 <literal>boolean login() throws LoginException</literal>。<literal>LoginException</literal> 异常则表示失败。返回值为 true 表示方法执行成功,而 false 则表示应该忽略这个登录模块。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:360
#, no-c-format
-msgid ""
-"If the <literal>LoginContext</literal>'s overall authentication "
-"succeeds, <literal>commit</literal> is invoked on each <literal>LoginModule</"
-"literal>. If phase 1 succeeds for a <literal>LoginModule</literal>, then the "
-"commit method continues with phase 2 and associates the relevant principals, "
-"public credentials, and/or private credentials with the subject. If phase 1 "
-"fails for a <literal>LoginModule</literal>, then <literal>commit</literal> "
-"removes any previously stored authentication state, such as usernames or "
-"passwords. The signature of the <literal>commit</literal> method is: "
-"<literal>boolean commit() throws LoginException</literal>. Failure to "
-"complete the commit phase is indicated by throwing a "
-"<literal>LoginException</literal>. A return of true indicates that the "
-"method succeeded, whereas a return of false indicates that the login module "
-"should be ignored."
-msgstr ""
-"如果总的 <literal>LoginContext</literal> 验证通过了,每个 <literal>LoginModule</"
-"literal> 上的 <literal>commit</literal> 都会被调用,然后提交方法将继续第二阶段验证并把相关的 principal、public credential 和 private credential 和 subject 进行关联。如果因为某个 <literal>LoginModule</"
-"literal> 第一阶段失败了,<literal>commit</literal> 将删除之前存储的验证状态如用户名或密码。<literal>commit</literal> 方法的签名是:<literal>boolean commit() throws LoginException</literal>。抛出 <literal>LoginException</literal> 表示 commit 阶段没有完成。返回值为 true 表示该方法执行成功,而 false 则表示应该忽略这个登录模块。"
+msgid "If the <literal>LoginContext</literal>'s overall authentication succeeds, <literal>commit</literal> is invoked on each <literal>LoginModule</literal>. If phase 1 succeeds for a <literal>LoginModule</literal>, then the commit method continues with phase 2 and associates the relevant principals, public credentials, and/or private credentials with the subject. If phase 1 fails for a <literal>LoginModule</literal>, then <literal>commit</literal> removes any previously stored authentication state, such as usernames or passwords. The signature of the <literal>commit</literal> method is: <literal>boolean commit() throws LoginException</literal>. Failure to complete the commit phase is indicated by throwing a <literal>LoginException</literal>. A return of true indicates that the method succeeded, whereas a return of false indicates that the login module should be ignored."
+msgstr "如果总的 <literal>LoginContext</literal> 验证通过了,每个 <literal>LoginModule</literal> 上的 <literal>commit</literal> 都会被调用,然后提交方法将继续第二阶段验证并把相关的 principal、public credential 和 private credential 和 subject 进行关联。如果因为某个 <literal>LoginModule</literal> 第一阶段失败了,<literal>commit</literal> 将删除之前存储的验证状态如用户名或密码。<literal>commit</literal> 方法的签名是:<literal>boolean commit() throws LoginException</literal>。抛出 <literal>LoginException</literal> 表示 commit 阶段没有完成。返回值为 true 表示该方法执行成功,而 false 则表示应该忽略这个登录模块。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:365
#, no-c-format
-msgid ""
-"If the <literal>LoginContext</literal>'s overall authentication fails, "
-"then the <literal>abort</literal> method is invoked on each "
-"<literal>LoginModule</literal>. The <literal>abort</literal> method removes "
-"or destroys any authentication state created by the login or initialize "
-"methods. The signature of the <literal>abort</literal> method is "
-"<literal>boolean abort() throws LoginException</literal>. Failure to "
-"complete the <literal>abort</literal> phase is indicated by throwing a "
-"<literal>LoginException</literal>. A return of true indicates that the "
-"method succeeded, whereas a return of false indicates that the login module "
-"should be ignored."
+msgid "If the <literal>LoginContext</literal>'s overall authentication fails, then the <literal>abort</literal> method is invoked on each <literal>LoginModule</literal>. The <literal>abort</literal> method removes or destroys any authentication state created by the login or initialize methods. The signature of the <literal>abort</literal> method is <literal>boolean abort() throws LoginException</literal>. Failure to complete the <literal>abort</literal> phase is indicated by throwing a <literal>LoginException</literal>. A return of true indicates that the method succeeded, whereas a return of false indicates that the login module should be ignored."
msgstr "如果总的 <literal>LoginContext</literal> 验证失败了,每个 <literal>LoginModule</literal> 的 <literal>abort</literal> 方法将被调用。<literal>abort</literal> 方法删除或销毁 login 或 initialize 方法创建的任何验证状态。<literal>abort</literal> 方法的签名是 <literal>boolean abort() throws LoginException</literal>。抛出 <literal>LoginException</literal> 表示 <literal>abort</literal> 阶段没有完成。返回值为 true 表示方法成功执行,而 false 表示应该忽略这个登录模块。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:370
#, no-c-format
-msgid ""
-"To remove the authentication state after a successful login, the application "
-"invokes <literal>logout</literal> on the <literal>LoginContext</literal>. "
-"This in turn results in a <literal>logout</literal> method invocation on "
-"each <literal>LoginModule</literal>. The <literal>logout</literal> method "
-"removes the principals and credentials originally associated with the "
-"subject during the <literal>commit</literal> operation. Credentials should "
-"be destroyed upon removal. The signature of the <literal>logout</literal> "
-"method is: <literal>boolean logout() throws LoginException</literal>. "
-"Failure to complete the logout process is indicated by throwing a "
-"<literal>LoginException</literal>. A return of true indicates that the "
-"method succeeded, whereas a return of false indicates that the login module "
-"should be ignored."
+msgid "To remove the authentication state after a successful login, the application invokes <literal>logout</literal> on the <literal>LoginContext</literal>. This in turn results in a <literal>logout</literal> method invocation on each <literal>LoginModule</literal>. The <literal>logout</literal> method removes the principals and credentials originally associated with the subject during the <literal>commit</literal> operation. Credentials should be destroyed upon removal. The signature of the <literal>logout</literal> method is: <literal>boolean logout() throws LoginException</literal>. Failure to complete the logout process is indicated by throwing a <literal>LoginException</literal>. A return of true indicates that the method succeeded, whereas a return of false indicates that the login module should be ignored."
msgstr "为了在成功登录后删除验证状态,应用程序会调用 <literal>LoginContext</literal> 上的 <literal>logout</literal>。然后每个 <literal>LoginModule</literal> 上的 <literal>logout</literal> 方法将被调用。<literal>logout</literal> 方法删除原来在 <literal>commit</literal> 操作期间和 subject 相关联的 principal 和 credential。Credential 在删除后应该被销毁。<literal>logout</literal> 的签名是:<literal>boolean logout() throws LoginException</literal>。抛出 <literal>LoginException</literal> 表示 logout 过程没有完成。返回值为 true 表示方法执行成功,而 false 表示忽略这个登录模块。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:375
#, no-c-format
-msgid ""
-"When a <literal>LoginModule</literal> must communicate with the user to "
-"obtain authentication information, it uses a <literal>CallbackHandler</"
-"literal> object. Applications implement the <literal>CallbackHandler</"
-"literal> interface and pass it to the LoginContext, which forwards it "
-"directly to the underlying login modules. Login modules use the "
-"<literal>CallbackHandler</literal> both to gather input from users, such as "
-"a password or smart card PIN, and to supply information to users, such as "
-"status information. By allowing the application to specify the "
-"<literal>CallbackHandler</literal>, underlying <literal>LoginModule</"
-"literal>s remain independent from the different ways applications interact "
-"with users. For example, a <literal>CallbackHandler</literal>'s "
-"implementation for a GUI application might display a window to solicit user "
-"input. On the other hand, a <literal>callbackhandler</literal>'s "
-"implementation for a non-GUI environment, such as an application server, "
-"might simply obtain credential information by using an application server "
-"API. The <literal>callbackhandler</literal> interface has one method to "
-"implement:"
-msgstr ""
-"当 <literal>LoginModule</literal> 必须和用户通信以获取验证信息时,它会使用一个 <literal>CallbackHandler</"
-"literal> 对象。应用程序实现 <literal>CallbackHandler</"
-"literal> 接口并把它传递给 LoginContext,然后再转发给底层的登录模块。登录模块使用 <literal>CallbackHandler</literal> 来采集用户的输入,如密码或智能卡 PIN,且为用户提供信息,如状态信息。允许应用程序指定 <literal>CallbackHandler</literal>,底层的 <literal>LoginModule</"
-"literal> 可以和应用程序和用户交互的途径保持独立。例如,GUI 应用程序里对 <literal>CallbackHandler</literal> 的实现可能显示一个窗口供用户输入。从另一方面来说,非 GUI 程序里的 <literal>callbackhandler</literal> 实现,如应用服务器,可能只是简单地使用 API 来获取 credential 信息。<literal>callbackhandler</literal> 接口里有一个方法需要实现:"
+msgid "When a <literal>LoginModule</literal> must communicate with the user to obtain authentication information, it uses a <literal>CallbackHandler</literal> object. Applications implement the <literal>CallbackHandler</literal> interface and pass it to the LoginContext, which forwards it directly to the underlying login modules. Login modules use the <literal>CallbackHandler</literal> both to gather input from users, such as a password or smart card PIN, and to supply information to users, such as status information. By allowing the application to specify the <literal>CallbackHandler</literal>, underlying <literal>LoginModule</literal>s remain independent from the different ways applications interact with users. For example, a <literal>CallbackHandler</literal>'s implementation for a GUI application might display a window to solicit user input. On the other hand, a <literal>callbackhandler</literal>'s implementation for a non-GUI environment, such as an application!
server, might simply obtain credential information by using an application server API. The <literal>callbackhandler</literal> interface has one method to implement:"
+msgstr "当 <literal>LoginModule</literal> 必须和用户通信以获取验证信息时,它会使用一个 <literal>CallbackHandler</literal> 对象。应用程序实现 <literal>CallbackHandler</literal> 接口并把它传递给 LoginContext,然后再转发给底层的登录模块。登录模块使用 <literal>CallbackHandler</literal> 来采集用户的输入,如密码或智能卡 PIN,且为用户提供信息,如状态信息。允许应用程序指定 <literal>CallbackHandler</literal>,底层的 <literal>LoginModule</literal> 可以和应用程序和用户交互的途径保持独立。例如,GUI 应用程序里对 <literal>CallbackHandler</literal> 的实现可能显示一个窗口供用户输入。从另一方面来说,非 GUI 程序里的 <literal>callbackhandler</literal> 实现,如应用服务器,可能只是简单地使用 API 来获取 credential 信息。<literal>callbackhandler</literal> 接口里有一个方法需要实现:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:378
@@ -1653,24 +1149,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:379
#, no-c-format
-msgid ""
-"The <literal>Callback</literal> interface is the last authentication class "
-"we will look at. This is a tagging interface for which several default "
-"implementations are provided, including the <literal>NameCallback</literal> "
-"and <literal>PasswordCallback</literal> used in an earlier example. A "
-"<literal>LoginModule</literal> uses a <literal>Callback</literal> to request "
-"information required by the authentication mechanism. <literal>LoginModule</"
-"literal>s pass an array of <literal>Callback</literal>s directly to the "
-"<literal>CallbackHandler.handle</literal> method during the "
-"authentication's login phase. If a <literal>callbackhandler</literal> "
-"does not understand how to use a <literal>Callback</literal> object passed "
-"into the handle method, it throws an <literal>UnsupportedCallbackException</"
-"literal> to abort the login call."
-msgstr ""
-"<literal>Callback</literal> 接口是我们将讨论的最后一个验证类。这是一个标记接口,它提供了几个缺省的实现,包括签名例子里使用的 <literal>NameCallback</literal> "
-"和 <literal>PasswordCallback</literal>。<literal>LoginModule</literal> 使用 <literal>Callback</literal> 来请求验证机制所要求的信息。在验证的登录阶段,<literal>LoginModule</"
-"literal> 把 <literal>Callback</literal> 队列直接传递给 <literal>CallbackHandler.handle</literal> 方法。如果 <literal>callbackhandler</literal> 不理解如何使用传递到 handle 方法里的 <literal>Callback</literal> 对象,它会抛出 <literal>UnsupportedCallbackException</"
-"literal> 来终止对 login 的调用。"
+msgid "The <literal>Callback</literal> interface is the last authentication class we will look at. This is a tagging interface for which several default implementations are provided, including the <literal>NameCallback</literal> and <literal>PasswordCallback</literal> used in an earlier example. A <literal>LoginModule</literal> uses a <literal>Callback</literal> to request information required by the authentication mechanism. <literal>LoginModule</literal>s pass an array of <literal>Callback</literal>s directly to the <literal>CallbackHandler.handle</literal> method during the authentication's login phase. If a <literal>callbackhandler</literal> does not understand how to use a <literal>Callback</literal> object passed into the handle method, it throws an <literal>UnsupportedCallbackException</literal> to abort the login call."
+msgstr "<literal>Callback</literal> 接口是我们将讨论的最后一个验证类。这是一个标记接口,它提供了几个缺省的实现,包括签名例子里使用的 <literal>NameCallback</literal> 和 <literal>PasswordCallback</literal>。<literal>LoginModule</literal> 使用 <literal>Callback</literal> 来请求验证机制所要求的信息。在验证的登录阶段,<literal>LoginModule</literal> 把 <literal>Callback</literal> 队列直接传递给 <literal>CallbackHandler.handle</literal> 方法。如果 <literal>callbackhandler</literal> 不理解如何使用传递到 handle 方法里的 <literal>Callback</literal> 对象,它会抛出 <literal>UnsupportedCallbackException</literal> 来终止对 login 的调用。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:391
@@ -1681,154 +1161,61 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:392
#, no-c-format
-msgid ""
-"Similar to the rest of the JBoss architecture, security at the lowest level "
-"is defined as a set of interfaces for which alternate implementations may be "
-"provided. Three basic interfaces define the JBoss server security layer: "
-"<literal>org.jboss.security.AuthenticationManager</literal>, <literal>org."
-"jboss.security.RealmMapping</literal>, and <literal>org.jboss.security."
-"SecurityProxy</literal>. <xref linkend=\"The_JBoss_Security_Model-"
-"The_key_security_model_interfaces_and_their_relationship_to_the_JBoss_server_EJB_container_elements."
-"\"/> shows a class diagram of the security interfaces and their relationship "
-"to the EJB container architecture."
-msgstr ""
-"和 JBoss 架构的其他部分类似,最底层的安全性定义为一系列的接口,我们可以根据这些接口提供其他实现。三个基本的接口定义了 JBoss 服务器的安全层:<literal>org.jboss.security.AuthenticationManager</literal>、<literal>org."
-"jboss.security.RealmMapping</literal> 和 <literal>org.jboss.security."
-"SecurityProxy</literal>。<xref linkend=\"The_JBoss_Security_Model-"
-"The_key_security_model_interfaces_and_their_relationship_to_the_JBoss_server_EJB_container_elements."
-"\"/> 显示了一个安全性接口的类图以及和 EJB 容器架构间的关系。"
+msgid "Similar to the rest of the JBoss architecture, security at the lowest level is defined as a set of interfaces for which alternate implementations may be provided. Three basic interfaces define the JBoss server security layer: <literal>org.jboss.security.AuthenticationManager</literal>, <literal>org.jboss.security.RealmMapping</literal>, and <literal>org.jboss.security.SecurityProxy</literal>. <xref linkend=\"The_JBoss_Security_Model-The_key_security_model_interfaces_and_their_relationship_to_the_JBoss_server_EJB_container_elements.\"/> shows a class diagram of the security interfaces and their relationship to the EJB container architecture."
+msgstr "和 JBoss 架构的其他部分类似,最底层的安全性定义为一系列的接口,我们可以根据这些接口提供其他实现。三个基本的接口定义了 JBoss 服务器的安全层:<literal>org.jboss.security.AuthenticationManager</literal>、<literal>org.jboss.security.RealmMapping</literal> 和 <literal>org.jboss.security.SecurityProxy</literal>。<xref linkend=\"The_JBoss_Security_Model-The_key_security_model_interfaces_and_their_relationship_to_the_JBoss_server_EJB_container_elements.\"/> 显示了一个安全性接口的类图以及和 EJB 容器架构间的关系。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:396
#, no-c-format
-msgid ""
-"The key security model interfaces and their relationship to the JBoss server "
-"EJB container elements."
+msgid "The key security model interfaces and their relationship to the JBoss server EJB container elements."
msgstr "key security model 接口以及它们和 JBoss 服务器 EJB 容器元素间的关系。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:403
#, no-c-format
-msgid ""
-"The light blue classes represent the security interfaces while the yellow "
-"classes represent the EJB container layer. The two interfaces required for "
-"the implementation of the J2EE security model are <literal>org.jboss."
-"security.AuthenticationManager</literal> and <literal>org.jboss.security."
-"RealmMapping</literal>. The roles of the security interfaces presented in "
-"<xref linkend=\"The_JBoss_Security_Model-"
-"The_key_security_model_interfaces_and_their_relationship_to_the_JBoss_server_EJB_container_elements."
-"\"/> are summarized in the following list."
-msgstr ""
-"淡蓝色的类代表了安全性接口,而黄色的类代表了 EJB 容器层。实现 J2EE 安全模型所要求的两个安全接口是:<literal>org.jboss."
-"security.AuthenticationManager</literal> 和 <literal>org.jboss.security."
-"RealmMapping</literal>。下面的列表总结了 <xref linkend=\"The_JBoss_Security_Model-"
-"The_key_security_model_interfaces_and_their_relationship_to_the_JBoss_server_EJB_container_elements."
-"\"/> 里出现的安全性接口的角色。"
+msgid "The light blue classes represent the security interfaces while the yellow classes represent the EJB container layer. The two interfaces required for the implementation of the J2EE security model are <literal>org.jboss.security.AuthenticationManager</literal> and <literal>org.jboss.security.RealmMapping</literal>. The roles of the security interfaces presented in <xref linkend=\"The_JBoss_Security_Model-The_key_security_model_interfaces_and_their_relationship_to_the_JBoss_server_EJB_container_elements.\"/> are summarized in the following list."
+msgstr "淡蓝色的类代表了安全性接口,而黄色的类代表了 EJB 容器层。实现 J2EE 安全模型所要求的两个安全接口是:<literal>org.jboss.security.AuthenticationManager</literal> 和 <literal>org.jboss.security.RealmMapping</literal>。下面的列表总结了 <xref linkend=\"The_JBoss_Security_Model-The_key_security_model_interfaces_and_their_relationship_to_the_JBoss_server_EJB_container_elements.\"/> 里出现的安全性接口的角色。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:408
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">AuthenticationManager</emphasis>: This interface is "
-"responsible for validating credentials associated with principals. "
-"Principals are identities, such as usernames, employee numbers, and social "
-"security numbers. Credentials are proof of the identity, such as passwords, "
-"session keys, and digital signatures. The <literal>isValid</literal> method "
-"is invoked to determine whether a user identity and associated credentials "
-"as known in the operational environment are valid proof of the user's "
-"identity."
+msgid "<emphasis role=\"bold\">AuthenticationManager</emphasis>: This interface is responsible for validating credentials associated with principals. Principals are identities, such as usernames, employee numbers, and social security numbers. Credentials are proof of the identity, such as passwords, session keys, and digital signatures. The <literal>isValid</literal> method is invoked to determine whether a user identity and associated credentials as known in the operational environment are valid proof of the user's identity."
msgstr "<emphasis role=\"bold\">AuthenticationManager</emphasis>:这个接口负责校验和 principal 关联的 credential。Principal 是标识符,如用户名、员工号码和社保号码。Credential 是标识符的证明,如密码、会话密钥和数字签名。调用 <literal>isValid</literal> 方法可以决定操作环境里与用户标识符相关联的 credential 是否是其合理证明。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:413
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">RealmMapping</emphasis>: This interface is "
-"responsible for principal mapping and role mapping. The "
-"<literal>getPrincipal</literal> method takes a user identity as known in the "
-"operational environment and returns the application domain identity. The "
-"<literal>doesUserHaveRole</literal> method validates that the user identity "
-"in the operation environment has been assigned the indicated role from the "
-"application domain."
+msgid "<emphasis role=\"bold\">RealmMapping</emphasis>: This interface is responsible for principal mapping and role mapping. The <literal>getPrincipal</literal> method takes a user identity as known in the operational environment and returns the application domain identity. The <literal>doesUserHaveRole</literal> method validates that the user identity in the operation environment has been assigned the indicated role from the application domain."
msgstr "<emphasis role=\"bold\">RealmMapping</emphasis>:这个接口负责 principal 映射和角色的映射。<literal>getPrincipal</literal> 方法使用操作环境里已知的用户标识符并返回对应的应用程序域标识符。<literal>doesUserHaveRole</literal> 方法校验操作环境里的用户标识符是否已经分配了应用程序域里的角色。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:418
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">SecurityProxy</emphasis>: This interface describes "
-"the requirements for a custom <literal>SecurityProxyInterceptor</literal> "
-"plugin. A <literal>SecurityProxy</literal> allows for the externalization of "
-"custom security checks on a per-method basis for both the EJB home and "
-"remote interface methods."
+msgid "<emphasis role=\"bold\">SecurityProxy</emphasis>: This interface describes the requirements for a custom <literal>SecurityProxyInterceptor</literal> plugin. A <literal>SecurityProxy</literal> allows for the externalization of custom security checks on a per-method basis for both the EJB home and remote interface methods."
msgstr "<emphasis role=\"bold\">SecurityProxy</emphasis>:这个接口描述了自定义 <literal>SecurityProxyInterceptor</literal> 插件的要求。<literal>SecurityProxy</literal> 允许对 EJB 的 home 和 remote 接口方法自定义每个方法的安全性检查。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:423
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">SubjectSecurityManager</emphasis>: This is a "
-"subinterface of <literal>AuthenticationManager</literal> that adds accessor "
-"methods for obtaining the security domain name of the security manager and "
-"the current thread's authenticated <literal>Subject</literal>."
+msgid "<emphasis role=\"bold\">SubjectSecurityManager</emphasis>: This is a subinterface of <literal>AuthenticationManager</literal> that adds accessor methods for obtaining the security domain name of the security manager and the current thread's authenticated <literal>Subject</literal>."
msgstr "<emphasis role=\"bold\">SubjectSecurityManager</emphasis>:这是 <literal>AuthenticationManager</literal> 的子接口,它添加了 accessor 方法以获取安全管理者的安全域和当前线程的已验证 <literal>Subject</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:428
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">SecurityDomain</emphasis>: This is an extension of "
-"the <literal>AuthenticationManager</literal>, <literal>RealmMapping</"
-"literal>, and <literal>SubjectSecurityManager</literal> interfaces. It is a "
-"move to a comprehensive security interface based on the JAAS Subject, a "
-"<literal>java.security.KeyStore</literal>, and the JSSE <literal>com.sun.net."
-"ssl.KeyManagerFactory</literal> and <literal>com.sun.net.ssl."
-"TrustManagerFactory</literal> interfaces. This interface is a work in "
-"progress that will be the basis of a multi-domain security architecture that "
-"will better support ASP style deployments of applications and resources."
-msgstr ""
-"<emphasis role=\"bold\">SecurityDomain</emphasis>:这是 <literal>AuthenticationManager</literal>、<literal>RealmMapping</"
-"literal> 和 <literal>SubjectSecurityManager</literal> 接口的扩展。其目的是迈向基于 JAAS Subject、<literal>java.security.KeyStore</literal>、JSSE <literal>com.sun.net."
-"ssl.KeyManagerFactory</literal> 和 <literal>com.sun.net.ssl."
-"TrustManagerFactory</literal> 接口的安全性接口。这个接口仍然在开发中,它将成为多域安全架构的基础,它将更好地支持应用程序和资源的 ASP 风格的部署。"
+msgid "<emphasis role=\"bold\">SecurityDomain</emphasis>: This is an extension of the <literal>AuthenticationManager</literal>, <literal>RealmMapping</literal>, and <literal>SubjectSecurityManager</literal> interfaces. It is a move to a comprehensive security interface based on the JAAS Subject, a <literal>java.security.KeyStore</literal>, and the JSSE <literal>com.sun.net.ssl.KeyManagerFactory</literal> and <literal>com.sun.net.ssl.TrustManagerFactory</literal> interfaces. This interface is a work in progress that will be the basis of a multi-domain security architecture that will better support ASP style deployments of applications and resources."
+msgstr "<emphasis role=\"bold\">SecurityDomain</emphasis>:这是 <literal>AuthenticationManager</literal>、<literal>RealmMapping</literal> 和 <literal>SubjectSecurityManager</literal> 接口的扩展。其目的是迈向基于 JAAS Subject、<literal>java.security.KeyStore</literal>、JSSE <literal>com.sun.net.ssl.KeyManagerFactory</literal> 和 <literal>com.sun.net.ssl.TrustManagerFactory</literal> 接口的安全性接口。这个接口仍然在开发中,它将成为多域安全架构的基础,它将更好地支持应用程序和资源的 ASP 风格的部署。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:433
#, no-c-format
-msgid ""
-"Note that the <literal>AuthenticationManager</literal>, "
-"<literal>RealmMapping</literal> and <literal>SecurityProxy</literal> "
-"interfaces have no association to JAAS related classes. Although the JBossSX "
-"framework is heavily dependent on JAAS, the basic security interfaces "
-"required for implementation of the J2EE security model are not. The JBossSX "
-"framework is simply an implementation of the basic security plug-in "
-"interfaces that are based on JAAS. The component diagram presented in <xref "
-"linkend=\"The_JBoss_Security_Model-"
-"The_relationship_between_the_JBossSX_framework_implementation_classes_and_the_JBoss_server_EJB_container_layer."
-"\"/> illustrates this fact. The implication of this plug-in architecture is "
-"that you are free to replace the JAAS-based JBossSX implementation classes "
-"with your own custom security manager implementation that does not make use "
-"of JAAS, if you so desire. You'll see how to do this when you look at "
-"the JBossSX MBeans available for the configuration of JBossSX in <xref "
-"linkend=\"The_JBoss_Security_Model-"
-"The_relationship_between_the_JBossSX_framework_implementation_classes_and_the_JBoss_server_EJB_container_layer."
-"\"/>."
-msgstr ""
-"请注意,<literal>AuthenticationManager</literal>、"
-"<literal>RealmMapping</literal> 和 <literal>SecurityProxy</literal> 接口和 JAAS 相关的类没有任何关联。虽然 JBossSX 框架极其依赖 JAAS,但实现 J2EE 安全模型的基本安全性接口并不是这样。JBossSX 框架只是一个简单的基于 JAAS 的基本安全插件接口的实现。<xref "
-"linkend=\"The_JBoss_Security_Model-"
-"The_relationship_between_the_JBossSX_framework_implementation_classes_and_the_JBoss_server_EJB_container_layer."
-"\"/> 里出现的组件图表解释了这个事实。插件架构的意思是,你可以自由地根据需要用不使用 JAAS 的自定义安全管理者实现替代基于 JAAS 的 JBossSX 实现类。根据 <xref "
-"linkend=\"The_JBoss_Security_Model-"
-"The_relationship_between_the_JBossSX_framework_implementation_classes_and_the_JBoss_server_EJB_container_layer."
-"\"/> 里用于 JBossSX 配置的 JBossSX MBean,你会看到如何实现这一点。"
+msgid "Note that the <literal>AuthenticationManager</literal>, <literal>RealmMapping</literal> and <literal>SecurityProxy</literal> interfaces have no association to JAAS related classes. Although the JBossSX framework is heavily dependent on JAAS, the basic security interfaces required for implementation of the J2EE security model are not. The JBossSX framework is simply an implementation of the basic security plug-in interfaces that are based on JAAS. The component diagram presented in <xref linkend=\"The_JBoss_Security_Model-The_relationship_between_the_JBossSX_framework_implementation_classes_and_the_JBoss_server_EJB_container_layer.\"/> illustrates this fact. The implication of this plug-in architecture is that you are free to replace the JAAS-based JBossSX implementation classes with your own custom security manager implementation that does not make use of JAAS, if you so desire. You'll see how to do this when you look at the JBossSX MBeans available for the confi!
guration of JBossSX in <xref linkend=\"The_JBoss_Security_Model-The_relationship_between_the_JBossSX_framework_implementation_classes_and_the_JBoss_server_EJB_container_layer.\"/>."
+msgstr "请注意,<literal>AuthenticationManager</literal>、<literal>RealmMapping</literal> 和 <literal>SecurityProxy</literal> 接口和 JAAS 相关的类没有任何关联。虽然 JBossSX 框架极其依赖 JAAS,但实现 J2EE 安全模型的基本安全性接口并不是这样。JBossSX 框架只是一个简单的基于 JAAS 的基本安全插件接口的实现。<xref linkend=\"The_JBoss_Security_Model-The_relationship_between_the_JBossSX_framework_implementation_classes_and_the_JBoss_server_EJB_container_layer.\"/> 里出现的组件图表解释了这个事实。插件架构的意思是,你可以自由地根据需要用不使用 JAAS 的自定义安全管理者实现替代基于 JAAS 的 JBossSX 实现类。根据 <xref linkend=\"The_JBoss_Security_Model-The_relationship_between_the_JBossSX_framework_implementation_classes_and_the_JBoss_server_EJB_container_layer.\"/> 里用于 JBossSX 配置的 JBossSX MBean,你会看到如何实现这一点。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:437
#, no-c-format
-msgid ""
-"The relationship between the JBossSX framework implementation classes and "
-"the JBoss server EJB container layer."
+msgid "The relationship between the JBossSX framework implementation classes and the JBoss server EJB container layer."
msgstr "JBossSX 框架实现类和 JBoss 服务器 EJB 容器层之间的关系。"
#. Tag: title
@@ -1840,117 +1227,49 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:446
#, no-c-format
-msgid ""
-"Earlier in this chapter, the discussion of the J2EE standard security model "
-"ended with a requirement for the use of JBoss server-specific deployment "
-"descriptor to enable security. The details of this configuration are "
-"presented here. <xref linkend="
-"\"Enabling_Declarative_Security_in_JBoss_Revisited-"
-"The_security_element_subsets_of_the_JBoss_server_jboss.xml_and_jboss_web."
-"xml_deployment_descriptors.\"/> shows the JBoss-specific EJB and web "
-"application deployment descriptor's security-related elements."
-msgstr ""
-"在本章的前面,对 J2EE 标准安全模型的讨论以使用 Boss 服务器专有的部署描述符来启用安全性为结束。相关的配置细节会在这里提及。<xref linkend="
-"\"Enabling_Declarative_Security_in_JBoss_Revisited-"
-"The_security_element_subsets_of_the_JBoss_server_jboss.xml_and_jboss_web."
-"xml_deployment_descriptors.\"/> 显示了 JBoss 专有的 EJB 和 web 应用程序部署描述符里的和安全性相关的元素。"
+msgid "Earlier in this chapter, the discussion of the J2EE standard security model ended with a requirement for the use of JBoss server-specific deployment descriptor to enable security. The details of this configuration are presented here. <xref linkend=\"Enabling_Declarative_Security_in_JBoss_Revisited-The_security_element_subsets_of_the_JBoss_server_jboss.xml_and_jboss_web.xml_deployment_descriptors.\"/> shows the JBoss-specific EJB and web application deployment descriptor's security-related elements."
+msgstr "在本章的前面,对 J2EE 标准安全模型的讨论以使用 Boss 服务器专有的部署描述符来启用安全性为结束。相关的配置细节会在这里提及。<xref linkend=\"Enabling_Declarative_Security_in_JBoss_Revisited-The_security_element_subsets_of_the_JBoss_server_jboss.xml_and_jboss_web.xml_deployment_descriptors.\"/> 显示了 JBoss 专有的 EJB 和 web 应用程序部署描述符里的和安全性相关的元素。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:450
#, no-c-format
-msgid ""
-"The security element subsets of the JBoss server jboss.xml and jboss-web.xml "
-"deployment descriptors."
+msgid "The security element subsets of the JBoss server jboss.xml and jboss-web.xml deployment descriptors."
msgstr "JBoss 服务器的 jboss.xml 和 jboss-web.xml 的部署描述符的安全方面的元素的子集。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:457
#, no-c-format
-msgid ""
-"The value of a <literal>security-domain</literal> element specifies the JNDI "
-"name of the security manager interface implementation that JBoss uses for "
-"the EJB and web containers. This is an object that implements both of the "
-"<literal>AuthenticationManager</literal> and <literal>RealmMapping</literal> "
-"interfaces. When specified as a top-level element it defines what security "
-"domain in effect for all EJBs in the deployment unit. This is the typical "
-"usage because mixing security managers within a deployment unit complicates "
-"inter-component operation and administration."
+msgid "The value of a <literal>security-domain</literal> element specifies the JNDI name of the security manager interface implementation that JBoss uses for the EJB and web containers. This is an object that implements both of the <literal>AuthenticationManager</literal> and <literal>RealmMapping</literal> interfaces. When specified as a top-level element it defines what security domain in effect for all EJBs in the deployment unit. This is the typical usage because mixing security managers within a deployment unit complicates inter-component operation and administration."
msgstr "<literal>security-domain</literal> 元素指定 JBoss 用于 EJB 和 web 容器的安全管理者接口实现的 JNDI 名称。这是一个实现 <literal>AuthenticationManager</literal> 和 <literal>RealmMapping</literal> 接口的对象。当被指定为顶层元素时,它定义哪个安全域适用于部署单元里的所有 EJB。这是典型的用法,因为在同一个部署单元里混合安全管理者会使内部组件的操作和管理复杂化。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:460
#, no-c-format
-msgid ""
-"To specify the security domain for an individual EJB, you specify the "
-"<literal>security-domain</literal> at the container configuration level. "
-"This will override any top-level security-domain element."
+msgid "To specify the security domain for an individual EJB, you specify the <literal>security-domain</literal> at the container configuration level. This will override any top-level security-domain element."
msgstr "要为单独的 EJB 指定安全域,你需要在容器配置级别指定 <literal>security-domain</literal>。这将覆盖任何顶层的 security-domain 元素。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:463
#, no-c-format
-msgid ""
-"The <literal>unauthenticated-principal</literal> element specifies the name "
-"to use for the <literal>Principal</literal> object returned by the "
-"<literal>EJBContext.getUserPrincipal</literal> method when an "
-"unauthenticated user invokes an EJB. Note that this conveys no special "
-"permissions to an unauthenticated caller. Its primary purpose is to allow "
-"unsecured servlets and JSP pages to invoke unsecured EJBs and allow the "
-"target EJB to obtain a non-null <literal>Principal</literal> for the caller "
-"using the <literal>getUserPrincipal</literal> method. This is a J2EE "
-"specification requirement."
+msgid "The <literal>unauthenticated-principal</literal> element specifies the name to use for the <literal>Principal</literal> object returned by the <literal>EJBContext.getUserPrincipal</literal> method when an unauthenticated user invokes an EJB. Note that this conveys no special permissions to an unauthenticated caller. Its primary purpose is to allow unsecured servlets and JSP pages to invoke unsecured EJBs and allow the target EJB to obtain a non-null <literal>Principal</literal> for the caller using the <literal>getUserPrincipal</literal> method. This is a J2EE specification requirement."
msgstr "<literal>unauthenticated-principal</literal> 元素指定用于当未验证的用户调用 EJB 时 <literal>EJBContext.getUserPrincipal</literal> 方法返回的 <literal>Principal</literal> 对象的名称。请注意这不会传递任何特殊的权限给未验证的调用者。它的主要目的是允许未设置安全性的 servlet 和 JSP 页面调用未设置安全性的 EJB 且允许目标 EJB 为使用 <literal>getUserPrincipal</literal> 方法的调用者获取非空的 <literal>Principal</literal>。这是遵循 J2EE 规格的要求的。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:466
#, no-c-format
-msgid ""
-"The <literal>security-proxy</literal> element identifies a custom security "
-"proxy implementation that allows per-request security checks outside the "
-"scope of the EJB declarative security model without embedding security logic "
-"into the EJB implementation. This may be an implementation of the "
-"<literal>org.jboss.security.SecurityProxy</literal> interface, or just an "
-"object that implements methods in the home, remote, local home or local "
-"interfaces of the EJB to secure without implementing any common interface. "
-"If the given class does not implement the <literal>SecurityProxy</literal> "
-"interface, the instance must be wrapped in a <literal>SecurityProxy</"
-"literal> implementation that delegates the method invocations to the object. "
-"The <literal>org.jboss.security.SubjectSecurityProxy</literal> is an example "
-"<literal>SecurityProxy</literal> implementation used by the default JBossSX "
-"installation."
-msgstr ""
-"<literal>security-proxy</literal> 元素指定自定义的安全代理实现,它允许 EJB 声明式安全模式之外的 pre-request 的安全检查而无需在 EJB 实现里嵌入安全逻辑。它可以是 <literal>org.jboss.security.SecurityProxy</literal> 接口的实现,或者是实现 EJB 的 home、remote 或 local home 或 local 接口里的方法而无需实现公用接口来设置安全性的对象。如果给定的类不实现 <literal>SecurityProxy</literal> 接口,该实例必须包裹在 <literal>SecurityProxy</"
-"literal> 实现里,从而把方法调用委托给它。<literal>org.jboss.security.SubjectSecurityProxy</literal> 是缺省的 JBossSX 使用的 <literal>SecurityProxy</literal> 实现示例。"
+msgid "The <literal>security-proxy</literal> element identifies a custom security proxy implementation that allows per-request security checks outside the scope of the EJB declarative security model without embedding security logic into the EJB implementation. This may be an implementation of the <literal>org.jboss.security.SecurityProxy</literal> interface, or just an object that implements methods in the home, remote, local home or local interfaces of the EJB to secure without implementing any common interface. If the given class does not implement the <literal>SecurityProxy</literal> interface, the instance must be wrapped in a <literal>SecurityProxy</literal> implementation that delegates the method invocations to the object. The <literal>org.jboss.security.SubjectSecurityProxy</literal> is an example <literal>SecurityProxy</literal> implementation used by the default JBossSX installation."
+msgstr "<literal>security-proxy</literal> 元素指定自定义的安全代理实现,它允许 EJB 声明式安全模式之外的 pre-request 的安全检查而无需在 EJB 实现里嵌入安全逻辑。它可以是 <literal>org.jboss.security.SecurityProxy</literal> 接口的实现,或者是实现 EJB 的 home、remote 或 local home 或 local 接口里的方法而无需实现公用接口来设置安全性的对象。如果给定的类不实现 <literal>SecurityProxy</literal> 接口,该实例必须包裹在 <literal>SecurityProxy</literal> 实现里,从而把方法调用委托给它。<literal>org.jboss.security.SubjectSecurityProxy</literal> 是缺省的 JBossSX 使用的 <literal>SecurityProxy</literal> 实现示例。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:469
#, no-c-format
-msgid ""
-"Take a look at a simple example of a custom <literal>SecurityProxy</literal> "
-"in the context of a trivial stateless session bean. The custom "
-"<literal>SecurityProxy</literal> validates that no one invokes the bean'"
-"s <literal>echo</literal> method with a four-letter word as its argument. "
-"This is a check that is not possible with role-based security; you cannot "
-"define a <literal>FourLetterEchoInvoker</literal> role because the security "
-"context is the method argument, not a property of the caller. The code for "
-"the custom <literal>SecurityProxy</literal> is given in <xref linkend="
-"\"Enabling_Declarative_Security_in_JBoss_Revisited-"
-"The_example_1_custom_EchoSecurityProxy_implementation_that_enforces_the_echo_argument_based_security_constraint."
-"\"/>, and the full source code is available in the <literal>src/main/org/"
-"jboss/book/security/ex1</literal> directory of the book examples."
-msgstr ""
-"让我们来看看一个 stateless session bean 里的自定义 <literal>SecurityProxy</literal> 示例。这个自定义的 <literal>SecurityProxy</literal> 检验是否调用了 bean 的带有四个单词作为参数的 <literal>echo</literal> 方法。基于角色的安全性是不可能进行这样的检查的;你不可能定义一个 <literal>FourLetterEchoInvoker</literal> 角色,因为安全性上下文是方法的参数而不是调用者的属性。<xref linkend="
-"\"Enabling_Declarative_Security_in_JBoss_Revisited-"
-"The_example_1_custom_EchoSecurityProxy_implementation_that_enforces_the_echo_argument_based_security_constraint."
-"\"/> 里给出了自定义的 <literal>SecurityProxy</literal> 的代码,完整的代码可在 book 例程的 <literal>src/main/org/"
-"jboss/book/security/ex1</literal> 目录下找到。"
+msgid "Take a look at a simple example of a custom <literal>SecurityProxy</literal> in the context of a trivial stateless session bean. The custom <literal>SecurityProxy</literal> validates that no one invokes the bean's <literal>echo</literal> method with a four-letter word as its argument. This is a check that is not possible with role-based security; you cannot define a <literal>FourLetterEchoInvoker</literal> role because the security context is the method argument, not a property of the caller. The code for the custom <literal>SecurityProxy</literal> is given in <xref linkend=\"Enabling_Declarative_Security_in_JBoss_Revisited-The_example_1_custom_EchoSecurityProxy_implementation_that_enforces_the_echo_argument_based_security_constraint.\"/>, and the full source code is available in the <literal>src/main/org/jboss/book/security/ex1</literal> directory of the book examples."
+msgstr "让我们来看看一个 stateless session bean 里的自定义 <literal>SecurityProxy</literal> 示例。这个自定义的 <literal>SecurityProxy</literal> 检验是否调用了 bean 的带有四个单词作为参数的 <literal>echo</literal> 方法。基于角色的安全性是不可能进行这样的检查的;你不可能定义一个 <literal>FourLetterEchoInvoker</literal> 角色,因为安全性上下文是方法的参数而不是调用者的属性。<xref linkend=\"Enabling_Declarative_Security_in_JBoss_Revisited-The_example_1_custom_EchoSecurityProxy_implementation_that_enforces_the_echo_argument_based_security_constraint.\"/> 里给出了自定义的 <literal>SecurityProxy</literal> 的代码,完整的代码可在 book 例程的 <literal>src/main/org/jboss/book/security/ex1</literal> 目录下找到。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:472
#, no-c-format
-msgid ""
-"The example 1 custom EchoSecurityProxy implementation that enforces the echo "
-"argument-based security constraint."
+msgid "The example 1 custom EchoSecurityProxy implementation that enforces the echo argument-based security constraint."
msgstr "例程 1 里强制应用基于 echo 参数的安全约束的自定义 EchoSecurityProxy 实现。"
#. Tag: programlisting
@@ -2086,47 +1405,19 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:474
#, no-c-format
-msgid ""
-"The <literal>EchoSecurityProxy</literal> checks that the method to be "
-"invoked on the bean instance corresponds to the <literal>echo(String)</"
-"literal> method loaded the init method. If there is a match, the method "
-"argument is obtained and its length compared against 4 or null. Either case "
-"results in a <literal>SecurityException</literal> being thrown. Certainly "
-"this is a contrived example, but only in its application. It is a common "
-"requirement that applications must perform security checks based on the "
-"value of method arguments. The point of the example is to demonstrate how "
-"custom security beyond the scope of the standard declarative security model "
-"can be introduced independent of the bean implementation. This allows the "
-"specification and coding of the security requirements to be delegated to "
-"security experts. Since the security proxy layer can be done independent of "
-"the bean implementation, security can be changed to match the deployment "
-"environment requirements."
-msgstr ""
-"<literal>EchoSecurityProxy</literal> 检查 bean 实例被调用的方法是否对应 init 方法加载的 <literal>echo(String)</"
-"literal> 方法。如果是,将获取该方法的参数并和 4 或 null 进行比较。无论哪种结果都会导致 <literal>SecurityException</literal> 的抛出。根据方法参数来执行安全性检查是对应用程序的常见要求。这个例子的作用是演示超出标准声明式安全模型的自定义安全性是如何独立于 bean 的实现被引入的。这允许把安全性要求的规格和编码委托给安全专家。既然安全代理层可以独立于 bean 实现来完成,安全性可以进行修改以满足部署环境的要求。"
+msgid "The <literal>EchoSecurityProxy</literal> checks that the method to be invoked on the bean instance corresponds to the <literal>echo(String)</literal> method loaded the init method. If there is a match, the method argument is obtained and its length compared against 4 or null. Either case results in a <literal>SecurityException</literal> being thrown. Certainly this is a contrived example, but only in its application. It is a common requirement that applications must perform security checks based on the value of method arguments. The point of the example is to demonstrate how custom security beyond the scope of the standard declarative security model can be introduced independent of the bean implementation. This allows the specification and coding of the security requirements to be delegated to security experts. Since the security proxy layer can be done independent of the bean implementation, security can be changed to match the deployment environment requirements."
+msgstr "<literal>EchoSecurityProxy</literal> 检查 bean 实例被调用的方法是否对应 init 方法加载的 <literal>echo(String)</literal> 方法。如果是,将获取该方法的参数并和 4 或 null 进行比较。无论哪种结果都会导致 <literal>SecurityException</literal> 的抛出。根据方法参数来执行安全性检查是对应用程序的常见要求。这个例子的作用是演示超出标准声明式安全模型的自定义安全性是如何独立于 bean 的实现被引入的。这允许把安全性要求的规格和编码委托给安全专家。既然安全代理层可以独立于 bean 实现来完成,安全性可以进行修改以满足部署环境的要求。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:477
#, no-c-format
-msgid ""
-"The associated <literal>jboss.xml</literal> descriptor that installs the "
-"<literal>EchoSecurityProxy</literal> as the custom proxy for the "
-"<literal>EchoBean</literal> is given in <xref linkend="
-"\"Enabling_Declarative_Security_in_JBoss_Revisited-The_jboss."
-"xml_descriptor_which_configures_the_EchoSecurityProxy_as_the_custom_security_proxy_for_the_EchoBean."
-"\"/>."
-msgstr ""
-"<xref linkend="
-"\"Enabling_Declarative_Security_in_JBoss_Revisited-The_jboss."
-"xml_descriptor_which_configures_the_EchoSecurityProxy_as_the_custom_security_proxy_for_the_EchoBean."
-"\"/> 里给出了把 <literal>EchoSecurityProxy</literal> 安装为 <literal>EchoBean</literal> 的自定义代理的 <literal>jboss.xml</literal> 描述符。"
+msgid "The associated <literal>jboss.xml</literal> descriptor that installs the <literal>EchoSecurityProxy</literal> as the custom proxy for the <literal>EchoBean</literal> is given in <xref linkend=\"Enabling_Declarative_Security_in_JBoss_Revisited-The_jboss.xml_descriptor_which_configures_the_EchoSecurityProxy_as_the_custom_security_proxy_for_the_EchoBean.\"/>."
+msgstr "<xref linkend=\"Enabling_Declarative_Security_in_JBoss_Revisited-The_jboss.xml_descriptor_which_configures_the_EchoSecurityProxy_as_the_custom_security_proxy_for_the_EchoBean.\"/> 里给出了把 <literal>EchoSecurityProxy</literal> 安装为 <literal>EchoBean</literal> 的自定义代理的 <literal>jboss.xml</literal> 描述符。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:480
#, no-c-format
-msgid ""
-"The jboss.xml descriptor, which configures the EchoSecurityProxy as the "
-"custom security proxy for the EchoBean."
+msgid "The jboss.xml descriptor, which configures the EchoSecurityProxy as the custom security proxy for the EchoBean."
msgstr "把 EchoSecurityProxy 配置为 EchoBean 的自定义安全性代理的 jboss.xml 描述符。"
#. Tag: programlisting
@@ -2139,8 +1430,7 @@
" <enterprise-beans>\n"
" <session>\n"
" <ejb-name>EchoBean</ejb-name>\n"
-" <security-proxy>org.jboss.book.security.ex1."
-"EchoSecurityProxy</security-proxy>\n"
+" <security-proxy>org.jboss.book.security.ex1.EchoSecurityProxy</security-proxy>\n"
" </session>\n"
" </enterprise-beans>\n"
"</jboss>"
@@ -2151,8 +1441,7 @@
" <enterprise-beans>\n"
" <session>\n"
" <ejb-name>EchoBean</ejb-name>\n"
-" <security-proxy>org.jboss.book.security.ex1."
-"EchoSecurityProxy</security-proxy>\n"
+" <security-proxy>org.jboss.book.security.ex1.EchoSecurityProxy</security-proxy>\n"
" </session>\n"
" </enterprise-beans>\n"
"</jboss>"
@@ -2160,13 +1449,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:482
#, no-c-format
-msgid ""
-"Now test the custom proxy by running a client that attempts to invoke the "
-"<literal>EchoBean.echo</literal> method with the arguments <literal>Hello</"
-"literal> and <literal>Four</literal> as illustrated in this fragment:"
-msgstr ""
-"现在运行客户端来测试这个自定义代理,它会调用带有 <literal>Hello</"
-"literal> 和 <literal>Four</literal> 参数的 <literal>EchoBean.echo</literal> 方法,如:"
+msgid "Now test the custom proxy by running a client that attempts to invoke the <literal>EchoBean.echo</literal> method with the arguments <literal>Hello</literal> and <literal>Four</literal> as illustrated in this fragment:"
+msgstr "现在运行客户端来测试这个自定义代理,它会调用带有 <literal>Hello</literal> 和 <literal>Four</literal> 参数的 <literal>EchoBean.echo</literal> 方法,如:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:485
@@ -2213,10 +1497,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:486
#, no-c-format
-msgid ""
-"The first call should succeed, while the second should fail due to the fact "
-"that <literal>Four</literal> is a four-letter word. Run the client as "
-"follows using Ant from the examples directory:"
+msgid "The first call should succeed, while the second should fail due to the fact that <literal>Four</literal> is a four-letter word. Run the client as follows using Ant from the examples directory:"
msgstr "第一个调用应该会成功,而第二个应该会失败,因为 <literal>Four</literal> 是一个四个字符的单词。用 examples 目录里的 Ant 运行客户端:"
#. Tag: programlisting
@@ -2230,8 +1511,7 @@
" [java] [INFO,ExClient] Looking up EchoBean\n"
" [java] [INFO,ExClient] Created Echo\n"
" [java] [INFO,ExClient] Echo.echo('Hello') = Hello\n"
-" [java] Exception in thread \"main\" java.rmi.AccessException: "
-"SecurityException; nested exception is: \n"
+" [java] Exception in thread \"main\" java.rmi.AccessException: SecurityException; nested exception is: \n"
" [java] java.lang.SecurityException: No 4 letter words\n"
"...\n"
" [java] Caused by: java.lang.SecurityException: No 4 letter words\n"
@@ -2244,8 +1524,7 @@
" [java] [INFO,ExClient] Looking up EchoBean\n"
" [java] [INFO,ExClient] Created Echo\n"
" [java] [INFO,ExClient] Echo.echo('Hello') = Hello\n"
-" [java] Exception in thread \"main\" java.rmi.AccessException: "
-"SecurityException; nested exception is: \n"
+" [java] Exception in thread \"main\" java.rmi.AccessException: SecurityException; nested exception is: \n"
" [java] java.lang.SecurityException: No 4 letter words\n"
"...\n"
" [java] Caused by: java.lang.SecurityException: No 4 letter words\n"
@@ -2254,17 +1533,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:490
#, no-c-format
-msgid ""
-"The result is that the <literal>echo('Hello')</literal> method call "
-"succeeds as expected and the <literal>echo('Four')</literal> method "
-"call results in a rather messy looking exception, which is also expected. "
-"The above output has been truncated to fit in the book. The key part to the "
-"exception is that the <literal>SecurityException(\"No 4 letter words\")</"
-"literal> generated by the <literal>EchoSecurityProxy</literal> was thrown to "
-"abort the attempted method invocation as desired."
-msgstr ""
-"结果是 <literal>echo('Hello')</literal> 方法如所预期的一样调用成功,而<literal>echo('Four')</literal> 则出现了相当混乱的异常,这也是我们所预料的。为了编排需要,上面的输出已经进行了裁剪。异常的关键部分是 <literal>EchoSecurityProxy</literal> 生成的 <literal>SecurityException(\"No 4 letter words\")</"
-"literal> 被抛出以终止之后的方法调用。"
+msgid "The result is that the <literal>echo('Hello')</literal> method call succeeds as expected and the <literal>echo('Four')</literal> method call results in a rather messy looking exception, which is also expected. The above output has been truncated to fit in the book. The key part to the exception is that the <literal>SecurityException(\"No 4 letter words\")</literal> generated by the <literal>EchoSecurityProxy</literal> was thrown to abort the attempted method invocation as desired."
+msgstr "结果是 <literal>echo('Hello')</literal> 方法如所预期的一样调用成功,而<literal>echo('Four')</literal> 则出现了相当混乱的异常,这也是我们所预料的。为了编排需要,上面的输出已经进行了裁剪。异常的关键部分是 <literal>EchoSecurityProxy</literal> 生成的 <literal>SecurityException(\"No 4 letter words\")</literal> 被抛出以终止之后的方法调用。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:498
@@ -2275,76 +1545,32 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:499
#, no-c-format
-msgid ""
-"The preceding discussion of the general JBoss security layer has stated that "
-"the JBossSX security extension framework is an implementation of the "
-"security layer interfaces. This is the primary purpose of the JBossSX "
-"framework. The details of the implementation are interesting in that it "
-"offers a great deal of customization for integration into existing security "
-"infrastructures. A security infrastructure can be anything from a database "
-"or LDAP server to a sophisticated security software suite. The integration "
-"flexibility is achieved using the pluggable authentication model available "
-"in the JAAS framework."
+msgid "The preceding discussion of the general JBoss security layer has stated that the JBossSX security extension framework is an implementation of the security layer interfaces. This is the primary purpose of the JBossSX framework. The details of the implementation are interesting in that it offers a great deal of customization for integration into existing security infrastructures. A security infrastructure can be anything from a database or LDAP server to a sophisticated security software suite. The integration flexibility is achieved using the pluggable authentication model available in the JAAS framework."
msgstr "前面对普通 JBoss 安全层的讨论已经指出 JBossSX 的安全扩展框架是对安全层接口的实现。这是 JBossSX 框架的主要目的。实现的细节很令人感兴趣,因为它提供了大量的定制以集成到现有的安全性基础结构里。安全性基础结构可以是任何东西,从数据库或 LDAP 服务器到复杂的安全软件套件。使用 JAAS 框架里的可插拔验证模块实现了集成的灵活性。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:502
#, no-c-format
-msgid ""
-"The heart of the JBossSX framework is <literal>org.jboss.security.plugins."
-"JaasSecurityManager</literal>. This is the default implementation of the "
-"<literal>AuthenticationManager</literal> and <literal>RealmMapping</literal> "
-"interfaces. <xref linkend=\"The_JBoss_Security_Extension_Architecture-"
-"The_relationship_between_the_security_domain_component_deployment_descriptor_value_the_component_container_and_the_JaasSecurityManager."
-"\"/> shows how the <literal>JaasSecurityManager</literal> integrates into "
-"the EJB and web container layers based on the <literal>security-domain</"
-"literal> element of the corresponding component deployment descriptor."
-msgstr ""
-"JBossSX 框架的核心是 <literal>org.jboss.security.plugins."
-"JaasSecurityManager</literal>。这是 <literal>AuthenticationManager</literal> 和 <literal>RealmMapping</literal> 接口的缺省实现。<xref linkend=\"The_JBoss_Security_Extension_Architecture-"
-"The_relationship_between_the_security_domain_component_deployment_descriptor_value_the_component_container_and_the_JaasSecurityManager."
-"\"/> 演示了如何根据对应组件部署描述符里的 <literal>security-domain</"
-"literal> 元素把 <literal>JaasSecurityManager</literal> 集成到 EJB 和 Web 容器层。"
+msgid "The heart of the JBossSX framework is <literal>org.jboss.security.plugins.JaasSecurityManager</literal>. This is the default implementation of the <literal>AuthenticationManager</literal> and <literal>RealmMapping</literal> interfaces. <xref linkend=\"The_JBoss_Security_Extension_Architecture-The_relationship_between_the_security_domain_component_deployment_descriptor_value_the_component_container_and_the_JaasSecurityManager.\"/> shows how the <literal>JaasSecurityManager</literal> integrates into the EJB and web container layers based on the <literal>security-domain</literal> element of the corresponding component deployment descriptor."
+msgstr "JBossSX 框架的核心是 <literal>org.jboss.security.plugins.JaasSecurityManager</literal>。这是 <literal>AuthenticationManager</literal> 和 <literal>RealmMapping</literal> 接口的缺省实现。<xref linkend=\"The_JBoss_Security_Extension_Architecture-The_relationship_between_the_security_domain_component_deployment_descriptor_value_the_component_container_and_the_JaasSecurityManager.\"/> 演示了如何根据对应组件部署描述符里的 <literal>security-domain</literal> 元素把 <literal>JaasSecurityManager</literal> 集成到 EJB 和 Web 容器层。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:506
#, no-c-format
-msgid ""
-"The relationship between the security-domain component deployment descriptor "
-"value, the component container and the JaasSecurityManager."
+msgid "The relationship between the security-domain component deployment descriptor value, the component container and the JaasSecurityManager."
msgstr "安全域组件的部署描述符值、组件容器和 JaasSecurityManager 之间的关系。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:513
#, no-c-format
-msgid ""
-"depicts an enterprise application that contains both EJBs and web content "
-"secured under the security domain <literal>jwdomain</literal>. The EJB and "
-"web containers have a request interceptor architecture that includes a "
-"security interceptor, which enforces the container security model. At "
-"deployment time, the <literal>security-domain</literal> element value in the "
-"<literal>jboss.xml</literal> and <literal>jboss-web.xml</literal> "
-"descriptors is used to obtain the security manager instance associated with "
-"the container. The security interceptor then uses the security manager to "
-"perform its role. When a secured component is requested, the security "
-"interceptor delegates security checks to the security manager instance "
-"associated with the container."
+msgid "depicts an enterprise application that contains both EJBs and web content secured under the security domain <literal>jwdomain</literal>. The EJB and web containers have a request interceptor architecture that includes a security interceptor, which enforces the container security model. At deployment time, the <literal>security-domain</literal> element value in the <literal>jboss.xml</literal> and <literal>jboss-web.xml</literal> descriptors is used to obtain the security manager instance associated with the container. The security interceptor then uses the security manager to perform its role. When a secured component is requested, the security interceptor delegates security checks to the security manager instance associated with the container."
msgstr "描述了一个包含 EJB 和以 <literal>jwdomain</literal> 安全域而设置了安全性的 Web 内容的企业级应用程序。EJB 和 Web 容器具有一个包括安全性拦截器的请求拦截器架构,这会强制实施容器安全模型。在部署的时候,<literal>jboss.xml</literal> 和 <literal>jboss-web.xml</literal> 描述符里的 <literal>security-domain</literal> 元素值被用来获取和容器相关联的安全管理者实例。然后安全性拦截器使用安全管理者来执行这个角色。当请求一个设置了安全性的组件时,安全性拦截器将把安全检查委托给和容器相关联的安全管理者实例。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:516
#, no-c-format
-msgid ""
-"The JBossSX <literal>JaasSecurityManager</literal> implementation performs "
-"security checks based on the information associated with the "
-"<literal>Subject</literal> instance that results from executing the JAAS "
-"login modules configured under the name matching the <literal>security-"
-"domain</literal> element value. We will drill into the "
-"<literal>JaasSecurityManager</literal> implementation and its use of JAAS in "
-"the following section."
-msgstr ""
-"JBossSX <literal>JaasSecurityManager</literal> 实现执行基于和 <literal>Subject</literal> 实例相关联的信息的安全检查,这个实例是执行基于 <literal>security-"
-"domain</literal> 元素值配置的 JAAS 登录模块的结果。我们将在后续章节里介绍 <literal>JaasSecurityManager</literal> 实现及 JAAS 的用法。"
+msgid "The JBossSX <literal>JaasSecurityManager</literal> implementation performs security checks based on the information associated with the <literal>Subject</literal> instance that results from executing the JAAS login modules configured under the name matching the <literal>security-domain</literal> element value. We will drill into the <literal>JaasSecurityManager</literal> implementation and its use of JAAS in the following section."
+msgstr "JBossSX <literal>JaasSecurityManager</literal> 实现执行基于和 <literal>Subject</literal> 实例相关联的信息的安全检查,这个实例是执行基于 <literal>security-domain</literal> 元素值配置的 JAAS 登录模块的结果。我们将在后续章节里介绍 <literal>JaasSecurityManager</literal> 实现及 JAAS 的用法。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:520
@@ -2355,236 +1581,98 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:521
#, no-c-format
-msgid ""
-"The <literal>JaasSecurityManager</literal> uses the JAAS packages to "
-"implement the <literal>AuthenticationManager</literal> and "
-"<literal>RealmMapping</literal> interface behavior. In particular, its "
-"behavior derives from the execution of the login module instances that are "
-"configured under the name that matches the security domain to which the "
-"<literal>JaasSecurityManager</literal> has been assigned. The login modules "
-"implement the security domain's principal authentication and role-"
-"mapping behavior. Thus, you can use the <literal>JaasSecurityManager</"
-"literal> across different security domains simply by plugging in different "
-"login module configurations for the domains."
-msgstr ""
-"<literal>JaasSecurityManager</literal> 使用 JAAS 包来实现 <literal>AuthenticationManager</literal> 和 "
-"<literal>RealmMapping</literal> 接口的行为。特别是,它的行为源自根据 <literal>JaasSecurityManager</literal> 已经分配的安全域的名称配置的登录模块实例的执行结果。登录模块实现安全域的 Principal 验证和角色映射行为。因此,你可以使用跨安全域的 <literal>JaasSecurityManager</"
-"literal>,只要为每个域简单地插入不同的登录模块配置就可以了。"
+msgid "The <literal>JaasSecurityManager</literal> uses the JAAS packages to implement the <literal>AuthenticationManager</literal> and <literal>RealmMapping</literal> interface behavior. In particular, its behavior derives from the execution of the login module instances that are configured under the name that matches the security domain to which the <literal>JaasSecurityManager</literal> has been assigned. The login modules implement the security domain's principal authentication and role-mapping behavior. Thus, you can use the <literal>JaasSecurityManager</literal> across different security domains simply by plugging in different login module configurations for the domains."
+msgstr "<literal>JaasSecurityManager</literal> 使用 JAAS 包来实现 <literal>AuthenticationManager</literal> 和 <literal>RealmMapping</literal> 接口的行为。特别是,它的行为源自根据 <literal>JaasSecurityManager</literal> 已经分配的安全域的名称配置的登录模块实例的执行结果。登录模块实现安全域的 Principal 验证和角色映射行为。因此,你可以使用跨安全域的 <literal>JaasSecurityManager</literal>,只要为每个域简单地插入不同的登录模块配置就可以了。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:524
#, no-c-format
-msgid ""
-"To illustrate the details of the <literal>JaasSecurityManager</literal>'"
-"s usage of the JAAS authentication process, you will walk through a client "
-"invocation of an EJB home method invocation. The prerequisite setting is "
-"that the EJB has been deployed in the JBoss server and its home interface "
-"methods have been secured using <literal>method-permission</literal> "
-"elements in the <literal>ejb-jar.xml</literal> descriptor, and it has been "
-"assigned a security domain named <literal>jwdomain</literal> using the "
-"<literal>jboss.xml</literal> descriptor <literal>security-domain</literal> "
-"element."
+msgid "To illustrate the details of the <literal>JaasSecurityManager</literal>'s usage of the JAAS authentication process, you will walk through a client invocation of an EJB home method invocation. The prerequisite setting is that the EJB has been deployed in the JBoss server and its home interface methods have been secured using <literal>method-permission</literal> elements in the <literal>ejb-jar.xml</literal> descriptor, and it has been assigned a security domain named <literal>jwdomain</literal> using the <literal>jboss.xml</literal> descriptor <literal>security-domain</literal> element."
msgstr "为了解释 <literal>JaasSecurityManager</literal> 对 JAAS 验证过程的使用的细节,你将看到一个对 EJB home 方法的客户端调用。前提是 EJB 已经部署在 JBoss 服务器里且其 home 接口方法用 <literal>ejb-jar.xml</literal> 描述符里的 <literal>method-permission</literal> 元素设置了安全性,而且它已经用 <literal>jboss.xml</literal> 描述符里的 <literal>security-domain</literal> 元素分配了名为 <literal>jwdomain</literal> 的安全域。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:528
#, no-c-format
-msgid ""
-"An illustration of the steps involved in the authentication and "
-"authorization of a secured EJB home method invocation."
+msgid "An illustration of the steps involved in the authentication and authorization of a secured EJB home method invocation."
msgstr "对已设置了安全性的 EJB home 方法调用的验证和授权里涉及的步骤的解释。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:535
#, no-c-format
-msgid ""
-"provides a view of the client to server communication we will discuss. The "
-"numbered steps shown are:"
+msgid "provides a view of the client to server communication we will discuss. The numbered steps shown are:"
msgstr "提供了我们即将讨论的客户和服务器通讯的视图。其相关的步骤是:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:540
#, no-c-format
-msgid ""
-"The client first has to perform a JAAS login to establish the principal and "
-"credentials for authentication, and this is labeled <emphasis>Client Side "
-"Login</emphasis> in the figure. This is how clients establish their login "
-"identities in JBoss. Support for presenting the login information via JNDI "
-"<literal>InitialContext</literal> properties is provided via an alternate "
-"configuration. A JAAS login entails creating a <literal>LoginContext</"
-"literal> instance and passing the name of the configuration to use. The "
-"configuration name is <literal>other</literal>. This one-time login "
-"associates the login principal and credentials with all subsequent EJB "
-"method invocations. Note that the process might not authenticate the user. "
-"The nature of the client-side login depends on the login module "
-"configuration that the client uses. In this example, the <literal>other</"
-"literal> client-side login configuration entry is set up to use the "
-"<literal>ClientLoginModule</literal> module (an <literal>org.jboss.security."
-"ClientLoginModule</literal>). This is the default client side module that "
-"simply binds the username and password to the JBoss EJB invocation layer for "
-"later authentication on the server. The identity of the client is not "
-"authenticated on the client."
-msgstr ""
-"客户首先得执行一个 JAAS 登录来建立用于验证的的 principal 和 credential,在图例里这标记为 <emphasis>Client Side "
-"Login</emphasis>。这是客户在 JBoss 里建立登录标识符的过程。对通过 JNDI <literal>InitialContext</literal> 属性指定登录信息的支持是通过其他的配置来提供的。JAAS 登录创建一个 <literal>LoginContext</"
-"literal> 实例并传递要使用的配置名。这个配置名是 <literal>other</literal>。这个一次性的登录把登录 principal 和 credential 以及所有后续的 EJB 方法调用关联起来。请注意,这个过程可能不会验证用户。客户端登录的性质取决于客户使用的登录模块的配置。在这个例子里,<literal>other</"
-"literal> 客户端登录配置条目使用了 <literal>ClientLoginModule</literal> 模块(<literal>org.jboss.security."
-"ClientLoginModule</literal>)。这是缺省的客户端模块,它简单的把用户名和密码捆绑到 JBoss EJB 调用层以供后续的验证。客户的标识符不在客户端进行验证。"
+msgid "The client first has to perform a JAAS login to establish the principal and credentials for authentication, and this is labeled <emphasis>Client Side Login</emphasis> in the figure. This is how clients establish their login identities in JBoss. Support for presenting the login information via JNDI <literal>InitialContext</literal> properties is provided via an alternate configuration. A JAAS login entails creating a <literal>LoginContext</literal> instance and passing the name of the configuration to use. The configuration name is <literal>other</literal>. This one-time login associates the login principal and credentials with all subsequent EJB method invocations. Note that the process might not authenticate the user. The nature of the client-side login depends on the login module configuration that the client uses. In this example, the <literal>other</literal> client-side login configuration entry is set up to use the <literal>ClientLoginModule</literal> module (an!
<literal>org.jboss.security.ClientLoginModule</literal>). This is the default client side module that simply binds the username and password to the JBoss EJB invocation layer for later authentication on the server. The identity of the client is not authenticated on the client."
+msgstr "客户首先得执行一个 JAAS 登录来建立用于验证的的 principal 和 credential,在图例里这标记为 <emphasis>Client Side Login</emphasis>。这是客户在 JBoss 里建立登录标识符的过程。对通过 JNDI <literal>InitialContext</literal> 属性指定登录信息的支持是通过其他的配置来提供的。JAAS 登录创建一个 <literal>LoginContext</literal> 实例并传递要使用的配置名。这个配置名是 <literal>other</literal>。这个一次性的登录把登录 principal 和 credential 以及所有后续的 EJB 方法调用关联起来。请注意,这个过程可能不会验证用户。客户端登录的性质取决于客户使用的登录模块的配置。在这个例子里,<literal>other</literal> 客户端登录配置条目使用了 <literal>ClientLoginModule</literal> 模块(<literal>org.jboss.security.ClientLoginModule</literal>)。这是缺省的客户端模块,它简单的把用户名和密码捆绑到!
JBoss EJB 调用层以供后续的验证。客户的标识符不在客户端进行验证。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:545
#, no-c-format
-msgid ""
-"Later, the client obtains the EJB home interface and attempts to create a "
-"bean. This event is labeled as <emphasis>Home Method Invocation</emphasis>. "
-"This results in a home interface method invocation being sent to the JBoss "
-"server. The invocation includes the method arguments passed by the client "
-"along with the user identity and credentials from the client-side JAAS login "
-"performed in step 1."
+msgid "Later, the client obtains the EJB home interface and attempts to create a bean. This event is labeled as <emphasis>Home Method Invocation</emphasis>. This results in a home interface method invocation being sent to the JBoss server. The invocation includes the method arguments passed by the client along with the user identity and credentials from the client-side JAAS login performed in step 1."
msgstr "之后,客户获得 EJB 的 home 接口并试图创建一个 bean。这个事件标记为 <emphasis>Home Method Invocation</emphasis>。这导致 home 接口方法调用被发送到 JBoss 服务器。这个调用包括客户传递的方法参数以及用户标识符和步骤 1 里执行的客户端 JAAS 登录产生的 credential。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:550
#, no-c-format
-msgid ""
-"On the server side, the security interceptor first requires authentication "
-"of the user invoking the call, which, as on the client side, involves a JAAS "
-"login."
+msgid "On the server side, the security interceptor first requires authentication of the user invoking the call, which, as on the client side, involves a JAAS login."
msgstr "在服务器端,安全拦截器首先要求对执行调用的用户进行验证,而在客户端,则调用 JAAS 登录。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:555
#, no-c-format
-msgid ""
-"The security domain under which the EJB is secured determines the choice of "
-"login modules. The security domain name is used as the login configuration "
-"entry name passed to the <literal>LoginContext</literal> constructor. The "
-"EJB security domain is <literal>jwdomain</literal>. If the JAAS login "
-"authenticates the user, a JAAS <literal>Subject</literal> is created that "
-"contains the following in its <literal>PrincipalsSet</literal>:"
+msgid "The security domain under which the EJB is secured determines the choice of login modules. The security domain name is used as the login configuration entry name passed to the <literal>LoginContext</literal> constructor. The EJB security domain is <literal>jwdomain</literal>. If the JAAS login authenticates the user, a JAAS <literal>Subject</literal> is created that contains the following in its <literal>PrincipalsSet</literal>:"
msgstr "EJB 设置安全性所基于的安全域决定了登录模块的选择。安全域的名字用作传递给 <literal>LoginContext</literal> 构造器的登录配置条目的名称。这个 EJB 的安全域是 <literal>jwdomain</literal>。如果 JAAS 登录验证了这个用户,一个 JAAS 的 <literal>Subject</literal> 将被创建,在其 <literal>PrincipalsSet</literal> 里包含下列内容的:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:560
#, no-c-format
-msgid ""
-"A <literal>java.security.Principal</literal> that corresponds to the client "
-"identity as known in the deployment security environment."
+msgid "A <literal>java.security.Principal</literal> that corresponds to the client identity as known in the deployment security environment."
msgstr "对应部署安全环境里已知的客户标识符的 <literal>java.security.Principal</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:565
#, no-c-format
-msgid ""
-"A <literal>java.security.acl.Group</literal> named <literal>Roles</literal> "
-"that contains the role names from the application domain to which the user "
-"has been assigned. <literal>org.jboss.security.SimplePrincipal</literal> "
-"objects are used to represent the role names; <literal>SimplePrincipal</"
-"literal> is a simple string-based implementation of <literal>Principal</"
-"literal>. These roles are used to validate the roles assigned to methods in "
-"<literal>ejb-jar.xml</literal> and the <literal>EJBContext.isCallerInRole"
-"(String)</literal> method implementation."
-msgstr ""
-"包含已经分配给用户的应用程序域里的角色名的名为 <literal>Roles</literal> 的 <literal>java.security.acl.Group</literal>。<literal>org.jboss.security.SimplePrincipal</literal> 对象用于代表角色名;<literal>SimplePrincipal</"
-"literal> 是一个简单的 <literal>Principal</"
-"literal> 基于字符串的实现。这些角色用于验证分配给 <literal>ejb-jar.xml</literal> 里的方法和 <literal>EJBContext.isCallerInRole"
-"(String)</literal> 方法实现的角色。"
+msgid "A <literal>java.security.acl.Group</literal> named <literal>Roles</literal> that contains the role names from the application domain to which the user has been assigned. <literal>org.jboss.security.SimplePrincipal</literal> objects are used to represent the role names; <literal>SimplePrincipal</literal> is a simple string-based implementation of <literal>Principal</literal>. These roles are used to validate the roles assigned to methods in <literal>ejb-jar.xml</literal> and the <literal>EJBContext.isCallerInRole(String)</literal> method implementation."
+msgstr "包含已经分配给用户的应用程序域里的角色名的名为 <literal>Roles</literal> 的 <literal>java.security.acl.Group</literal>。<literal>org.jboss.security.SimplePrincipal</literal> 对象用于代表角色名;<literal>SimplePrincipal</literal> 是一个简单的 <literal>Principal</literal> 基于字符串的实现。这些角色用于验证分配给 <literal>ejb-jar.xml</literal> 里的方法和 <literal>EJBContext.isCallerInRole(String)</literal> 方法实现的角色。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:570
#, no-c-format
-msgid ""
-"An optional <literal>java.security.acl.Group</literal> named "
-"<literal>CallerPrincipal</literal>, which contains a single <literal>org."
-"jboss.security.SimplePrincipal</literal> that corresponds to the identity of "
-"the application domain's caller. The <literal>CallerPrincipal</literal> "
-"sole group member will be the value returned by the <literal>EJBContext."
-"getCallerPrincipal()</literal> method. The purpose of this mapping is to "
-"allow a <literal>Principal</literal> as known in the operational security "
-"environment to map to a <literal>Principal</literal> with a name known to "
-"the application. In the absence of a <literal>CallerPrincipal</literal> "
-"mapping the deployment security environment principal is used as the "
-"<literal>getCallerPrincipal</literal> method value. That is, the operational "
-"principal is the same as the application domain principal."
-msgstr ""
-"名为 <literal>CallerPrincipal</literal> 的可选的 <literal>java.security.acl.Group</literal>,它包含单个的对应应用程序域的调用者的标识符的 <literal>org."
-"jboss.security.SimplePrincipal</literal>。<literal>CallerPrincipal</literal> 的单个组成员将是 <literal>EJBContext."
-"getCallerPrincipal()</literal> 方法返回的值。这个映射的目的是允许操作性安全环境里已知的 <literal>Principal</literal> 映射到应用程序已知的 <literal>Principal</literal>。缺乏<literal>CallerPrincipal</literal> 映射的情况下,部署安全环境的 principal 被用作 <literal>getCallerPrincipal</literal> 方法的值。那就是,操作性 principal 和应用程序域的 principal 相同。"
+msgid "An optional <literal>java.security.acl.Group</literal> named <literal>CallerPrincipal</literal>, which contains a single <literal>org.jboss.security.SimplePrincipal</literal> that corresponds to the identity of the application domain's caller. The <literal>CallerPrincipal</literal> sole group member will be the value returned by the <literal>EJBContext.getCallerPrincipal()</literal> method. The purpose of this mapping is to allow a <literal>Principal</literal> as known in the operational security environment to map to a <literal>Principal</literal> with a name known to the application. In the absence of a <literal>CallerPrincipal</literal> mapping the deployment security environment principal is used as the <literal>getCallerPrincipal</literal> method value. That is, the operational principal is the same as the application domain principal."
+msgstr "名为 <literal>CallerPrincipal</literal> 的可选的 <literal>java.security.acl.Group</literal>,它包含单个的对应应用程序域的调用者的标识符的 <literal>org.jboss.security.SimplePrincipal</literal>。<literal>CallerPrincipal</literal> 的单个组成员将是 <literal>EJBContext.getCallerPrincipal()</literal> 方法返回的值。这个映射的目的是允许操作性安全环境里已知的 <literal>Principal</literal> 映射到应用程序已知的 <literal>Principal</literal>。缺乏<literal>CallerPrincipal</literal> 映射的情况下,部署安全环境的 principal 被用作 <literal>getCallerPrincipal</literal> 方法的值。那就是,操作性 principal 和应用程序域的 principal 相同。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:577
#, no-c-format
-msgid ""
-"The final step of the security interceptor check is to verify that the "
-"authenticated user has permission to invoke the requested method This is "
-"labeled as <emphasis>Server Side Authorization</emphasis> in <xref linkend="
-"\"How_the_JaasSecurityManager_Uses_JAAS-"
-"An_illustration_of_the_steps_involved_in_the_authentication_and_authorization_of_a_secured_EJB_home_method_invocation."
-"\"/>. Performing the authorization this entails the following steps:"
-msgstr ""
-"安全拦截器检查的最后一步是检验已验证的用户是否具有调用被请求的方法的权限,这在 <xref linkend="
-"\"How_the_JaasSecurityManager_Uses_JAAS-"
-"An_illustration_of_the_steps_involved_in_the_authentication_and_authorization_of_a_secured_EJB_home_method_invocation."
-"\"/> 里标记为 <emphasis>Server Side Authorization</emphasis>。为了执行授权,它采用下列的步骤:"
+msgid "The final step of the security interceptor check is to verify that the authenticated user has permission to invoke the requested method This is labeled as <emphasis>Server Side Authorization</emphasis> in <xref linkend=\"How_the_JaasSecurityManager_Uses_JAAS-An_illustration_of_the_steps_involved_in_the_authentication_and_authorization_of_a_secured_EJB_home_method_invocation.\"/>. Performing the authorization this entails the following steps:"
+msgstr "安全拦截器检查的最后一步是检验已验证的用户是否具有调用被请求的方法的权限,这在 <xref linkend=\"How_the_JaasSecurityManager_Uses_JAAS-An_illustration_of_the_steps_involved_in_the_authentication_and_authorization_of_a_secured_EJB_home_method_invocation.\"/> 里标记为 <emphasis>Server Side Authorization</emphasis>。为了执行授权,它采用下列的步骤:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:582
#, no-c-format
-msgid ""
-"Obtain the names of the roles allowed to access the EJB method from the EJB "
-"container. The role names are determined by <literal>ejb-jar.xml</literal> "
-"descriptor role-name elements of all <literal>method-permission</literal> "
-"elements containing the invoked method."
+msgid "Obtain the names of the roles allowed to access the EJB method from the EJB container. The role names are determined by <literal>ejb-jar.xml</literal> descriptor role-name elements of all <literal>method-permission</literal> elements containing the invoked method."
msgstr "获取被允许从 EJB 容器里访问 EJB 的角色的名称。角色名由 <literal>ejb-jar.xml</literal> 描述符所有包含被调用方法的 <literal>method-permission</literal> 元素的 role-name 元素指定。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:587
#, no-c-format
-msgid ""
-"If no roles have been assigned, or the method is specified in an "
-"<literal>exclude-list</literal> element, then access to the method is "
-"denied. Otherwise, the <literal>doesUserHaveRole</literal> method is invoked "
-"on the security manager by the security interceptor to see if the caller has "
-"one of the assigned role names. This method iterates through the role names "
-"and checks if the authenticated user's Subject <literal>Roles</literal> "
-"group contains a <literal>SimplePrincipal</literal> with the assigned role "
-"name. Access is allowed if any role name is a member of the <literal>Roles</"
-"literal> group. Access is denied if none of the role names are members."
-msgstr ""
-"如果没有分配角色,或者在 <literal>exclude-list</literal> 元素里指定了这个方法,它就会拒绝访问。否则,安全拦截器将调用安全管理者上的 <literal>doesUserHaveRole</literal> 方法来查看调用者是否具有其中一个角色名。这个方法迭代所有的角色名并检查被验证的用户的 Subject <literal>Roles</literal> 组是否包含带有被分配角色的 <literal>SimplePrincipal</literal>。如果任何角色名是 <literal>Roles</"
-"literal> 组的成员,访问将被允许。如果都是不是,访问则被拒绝。"
+msgid "If no roles have been assigned, or the method is specified in an <literal>exclude-list</literal> element, then access to the method is denied. Otherwise, the <literal>doesUserHaveRole</literal> method is invoked on the security manager by the security interceptor to see if the caller has one of the assigned role names. This method iterates through the role names and checks if the authenticated user's Subject <literal>Roles</literal> group contains a <literal>SimplePrincipal</literal> with the assigned role name. Access is allowed if any role name is a member of the <literal>Roles</literal> group. Access is denied if none of the role names are members."
+msgstr "如果没有分配角色,或者在 <literal>exclude-list</literal> 元素里指定了这个方法,它就会拒绝访问。否则,安全拦截器将调用安全管理者上的 <literal>doesUserHaveRole</literal> 方法来查看调用者是否具有其中一个角色名。这个方法迭代所有的角色名并检查被验证的用户的 Subject <literal>Roles</literal> 组是否包含带有被分配角色的 <literal>SimplePrincipal</literal>。如果任何角色名是 <literal>Roles</literal> 组的成员,访问将被允许。如果都是不是,访问则被拒绝。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:592
#, no-c-format
-msgid ""
-"If the EJB was configured with a custom security proxy, the method "
-"invocation is delegated to it. If the security proxy wants to deny access to "
-"the caller, it will throw a <literal>java.lang.SecurityException</literal>. "
-"If no <literal>SecurityException</literal> is thrown, access to the EJB "
-"method is allowed and the method invocation passes to the next container "
-"interceptor. Note that the <literal>SecurityProxyInterceptor</literal> "
-"handles this check and this interceptor is not shown."
+msgid "If the EJB was configured with a custom security proxy, the method invocation is delegated to it. If the security proxy wants to deny access to the caller, it will throw a <literal>java.lang.SecurityException</literal>. If no <literal>SecurityException</literal> is thrown, access to the EJB method is allowed and the method invocation passes to the next container interceptor. Note that the <literal>SecurityProxyInterceptor</literal> handles this check and this interceptor is not shown."
msgstr "如果 EJB 配置了自定义的安全性代理,它将对方法调用进行委托。如果安全代理想拒绝对调用者的访问,它将抛出 <literal>java.lang.SecurityException</literal>。如果没有抛出 <literal>SecurityException</literal>,对 EJB 方法的访问将被允许并被传递给下一个容器拦截器。请注意,<literal>SecurityProxyInterceptor</literal> 处理这个检查且没有显示这个拦截器。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:599
#, no-c-format
-msgid ""
-"Every secured EJB method invocation, or secured web content access, requires "
-"the authentication and authorization of the caller because security "
-"information is handled as a stateless attribute of the request that must be "
-"presented and validated on each request. This can be an expensive operation "
-"if the JAAS login involves client-to-server communication. Because of this, "
-"the <literal>JaasSecurityManager</literal> supports the notion of an "
-"authentication cache that is used to store principal and credential "
-"information from previous successful logins. You can specify the "
-"authentication cache instance to use as part of the "
-"<literal>JaasSecurityManager</literal> configuration as you will see when "
-"the associated MBean service is discussed in following section. In the "
-"absence of any user-defined cache, a default cache that maintains credential "
-"information for a configurable period of time is used."
-msgstr ""
+msgid "Every secured EJB method invocation, or secured web content access, requires the authentication and authorization of the caller because security information is handled as a stateless attribute of the request that must be presented and validated on each request. This can be an expensive operation if the JAAS login involves client-to-server communication. Because of this, the <literal>JaasSecurityManager</literal> supports the notion of an authentication cache that is used to store principal and credential information from previous successful logins. You can specify the authentication cache instance to use as part of the <literal>JaasSecurityManager</literal> configuration as you will see when the associated MBean service is discussed in following section. In the absence of any user-defined cache, a default cache that maintains credential information for a configurable period of time is used."
+msgstr "每个对设置了安全性的 EJB 方法、或者是 web 内容的调用和访问,都要求对调用者的验证和授权,这是因为安全信息作为请求的无状态属性来处理,对每个请求都必须进行检验。如果 JAAS 登录调用客户端到服务器端的通信,这会是很耗资源的操作。因此,<literal>JaasSecurityManager</literal> 支持验证缓存,以用于存储前一成功登录的 principal 和 credential。你可以在 <literal>JaasSecurityManager</literal> 配置里指定验证缓存实例,相关的 MBean 服务将在后面的章节里进行讨论。如果没有用户自定义的缓存,保存 credential 信息的缺省缓存将被使用。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:605
@@ -2595,44 +1683,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:606
#, no-c-format
-msgid ""
-"The <literal>JaasSecurityManagerService</literal> MBean service manages "
-"security managers. Although its name begins with <emphasis>Jaas</emphasis>, "
-"the security managers it handles need not use JAAS in their implementation. "
-"The name arose from the fact that the default security manager "
-"implementation is the <literal>JaasSecurityManager</literal>. The primary "
-"role of the <literal>JaasSecurityManagerService</literal> is to externalize "
-"the security manager implementation. You can change the security manager "
-"implementation by providing an alternate implementation of the "
-"<literal>AuthenticationManager</literal> and <literal>RealmMapping</literal> "
-"interfaces."
-msgstr ""
+msgid "The <literal>JaasSecurityManagerService</literal> MBean service manages security managers. Although its name begins with <emphasis>Jaas</emphasis>, the security managers it handles need not use JAAS in their implementation. The name arose from the fact that the default security manager implementation is the <literal>JaasSecurityManager</literal>. The primary role of the <literal>JaasSecurityManagerService</literal> is to externalize the security manager implementation. You can change the security manager implementation by providing an alternate implementation of the <literal>AuthenticationManager</literal> and <literal>RealmMapping</literal> interfaces."
+msgstr " <literal>JaasSecurityManagerService</literal> MBean 服务管理安全管理者。虽然它的名称是以 <emphasis>Jaas</emphasis> 开始的,但它处理的安全管理者不需要在其实现里使用 JAAS。它的名字来自缺省的安全管理者实现是 <literal>JaasSecurityManager</literal>。<literal>JaasSecurityManagerService</literal> 的主要作用是扩展安全管理者实现。你可以通过提供 <literal>AuthenticationManager</literal> 和 <literal>RealmMapping</literal> 接口的其他实现来修改安全管理者实现。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:609
#, no-c-format
-msgid ""
-"The second fundamental role of the <literal>JaasSecurityManagerService</"
-"literal> is to provide a JNDI <literal>javax.naming.spi.ObjectFactory</"
-"literal> implementation to allow for simple code-free management of the JNDI "
-"name to security manager implementation mapping. It has been mentioned that "
-"security is enabled by specifying the JNDI name of the security manager "
-"implementation via the <literal>security-domain</literal> deployment "
-"descriptor element. When you specify a JNDI name, there has to be an object-"
-"binding there to use. To simplify the setup of the JNDI name to security "
-"manager bindings, the <literal>JaasSecurityManagerService</literal> manages "
-"the association of security manager instances to names by binding a next "
-"naming system reference with itself as the JNDI ObjectFactory under the name "
-"<literal>java:/jaas</literal>. This allows one to use a naming convention of "
-"the form <literal>java:/jaas/XYZ</literal> as the value for the "
-"<literal>security-domain</literal> element, and the security manager "
-"instance for the <literal>XYZ</literal> security domain will be created as "
-"needed for you. The security manager for the domain <literal>XYZ</literal> "
-"is created on the first lookup against the <literal>java:/jaas/XYZ</literal> "
-"binding by creating an instance of the class specified by the "
-"<literal>SecurityManagerClassName</literal> attribute using a constructor "
-"that takes the name of the security domain. For example, consider the "
-"following container security configuration snippet:"
+msgid "The second fundamental role of the <literal>JaasSecurityManagerService</literal> is to provide a JNDI <literal>javax.naming.spi.ObjectFactory</literal> implementation to allow for simple code-free management of the JNDI name to security manager implementation mapping. It has been mentioned that security is enabled by specifying the JNDI name of the security manager implementation via the <literal>security-domain</literal> deployment descriptor element. When you specify a JNDI name, there has to be an object-binding there to use. To simplify the setup of the JNDI name to security manager bindings, the <literal>JaasSecurityManagerService</literal> manages the association of security manager instances to names by binding a next naming system reference with itself as the JNDI ObjectFactory under the name <literal>java:/jaas</literal>. This allows one to use a naming convention of the form <literal>java:/jaas/XYZ</literal> as the value for the <literal>security-domain</li!
teral> element, and the security manager instance for the <literal>XYZ</literal> security domain will be created as needed for you. The security manager for the domain <literal>XYZ</literal> is created on the first lookup against the <literal>java:/jaas/XYZ</literal> binding by creating an instance of the class specified by the <literal>SecurityManagerClassName</literal> attribute using a constructor that takes the name of the security domain. For example, consider the following container security configuration snippet:"
msgstr ""
#. Tag: programlisting
@@ -2640,15 +1697,13 @@
#, no-c-format
msgid ""
"<jboss>\n"
-" <!-- Configure all containers to be secured under the \"hades\" "
-"security domain -->\n"
+" <!-- Configure all containers to be secured under the \"hades\" security domain -->\n"
" <security-domain>java:/jaas/hades</security-domain>\n"
" <!-- ... -->\n"
"</jboss>"
msgstr ""
"<jboss>\n"
-" <!-- Configure all containers to be secured under the \"hades\" "
-"security domain -->\n"
+" <!-- Configure all containers to be secured under the \"hades\" security domain -->\n"
" <security-domain>java:/jaas/hades</security-domain>\n"
" <!-- ... -->\n"
"</jboss>"
@@ -2656,140 +1711,72 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:613
#, no-c-format
-msgid ""
-"Any lookup of the name <literal>java:/jaas/hades</literal> will return a "
-"security manager instance that has been associated with the security domain "
-"named <literal>hades</literal>. This security manager will implement the "
-"AuthenticationManager and RealmMapping security interfaces and will be of "
-"the type specified by the <literal>JaasSecurityManagerService</"
-"literal><literal>SecurityManagerClassName</literal> attribute."
+msgid "Any lookup of the name <literal>java:/jaas/hades</literal> will return a security manager instance that has been associated with the security domain named <literal>hades</literal>. This security manager will implement the AuthenticationManager and RealmMapping security interfaces and will be of the type specified by the <literal>JaasSecurityManagerService</literal><literal>SecurityManagerClassName</literal> attribute."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:616
#, no-c-format
-msgid ""
-"The <literal>JaasSecurityManagerService</literal> MBean is configured by "
-"default for use in the standard JBoss distribution, and you can often use "
-"the default configuration as is. The configurable attributes of the "
-"<literal>JaasSecurityManagerService</literal> include:"
+msgid "The <literal>JaasSecurityManagerService</literal> MBean is configured by default for use in the standard JBoss distribution, and you can often use the default configuration as is. The configurable attributes of the <literal>JaasSecurityManagerService</literal> include:"
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:621
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">SecurityManagerClassName</emphasis>: The name of the "
-"class that provides the security manager implementation. The implementation "
-"must support both the <literal>org.jboss.security.AuthenticationManager</"
-"literal> and <literal>org.jboss.security.RealmMapping</literal> interfaces. "
-"If not specified this defaults to the JAAS-based <literal>org.jboss.security."
-"plugins.JaasSecurityManager</literal>."
+msgid "<emphasis role=\"bold\">SecurityManagerClassName</emphasis>: The name of the class that provides the security manager implementation. The implementation must support both the <literal>org.jboss.security.AuthenticationManager</literal> and <literal>org.jboss.security.RealmMapping</literal> interfaces. If not specified this defaults to the JAAS-based <literal>org.jboss.security.plugins.JaasSecurityManager</literal>."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:626
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">CallbackHandlerClassName</emphasis>: The name of the "
-"class that provides the <literal>javax.security.auth.callback."
-"CallbackHandler</literal> implementation used by the "
-"<literal>JaasSecurityManager</literal>. You can override the handler used by "
-"the <literal>JaasSecurityManager</literal> if the default implementation "
-"(<literal>org.jboss.security.auth.callback.SecurityAssociationHandler</"
-"literal>) does not meet your needs. This is a rather deep configuration that "
-"generally should not be set unless you know what you are doing."
+msgid "<emphasis role=\"bold\">CallbackHandlerClassName</emphasis>: The name of the class that provides the <literal>javax.security.auth.callback.CallbackHandler</literal> implementation used by the <literal>JaasSecurityManager</literal>. You can override the handler used by the <literal>JaasSecurityManager</literal> if the default implementation (<literal>org.jboss.security.auth.callback.SecurityAssociationHandler</literal>) does not meet your needs. This is a rather deep configuration that generally should not be set unless you know what you are doing."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:631
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">SecurityProxyFactoryClassName</emphasis>: The name "
-"of the class that provides the <literal>org.jboss.security."
-"SecurityProxyFactory</literal> implementation. If not specified this "
-"defaults to <literal>org.jboss.security.SubjectSecurityProxyFactory</"
-"literal>."
-msgstr ""
-"<literal>RMIClientSocketFactory</literal>:可选的自定义 <literal>java.rmi."
-"server.RMIServerSocketFactory</literal> 实现的类名。如果它没有指定,将使用缺"
-"省的 <literal>RMIServerSocketFactory</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">SecurityProxyFactoryClassName</emphasis>: The name of the class that provides the <literal>org.jboss.security.SecurityProxyFactory</literal> implementation. If not specified this defaults to <literal>org.jboss.security.SubjectSecurityProxyFactory</literal>."
+msgstr "<emphasis role=\"bold\">SecurityProxyFactoryClassName</emphasis>:提供 <literal>org.jboss.security.SecurityProxyFactory</literal> 实现的类的名称。如果它没有指定,将使用缺省的 <literal>org.jboss.security.SubjectSecurityProxyFactory</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:636
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">AuthenticationCacheJndiName</emphasis>: Specifies "
-"the location of the security credential cache policy. This is first treated "
-"as an <literal>ObjectFactory</literal> location capable of returning "
-"<literal>CachePolicy</literal> instances on a per-security-domain basis. "
-"This is done by appending the name of the security domain to this name when "
-"looking up the <literal>CachePolicy</literal> for a domain. If this fails, "
-"the location is treated as a single <literal>CachePolicy</literal> for all "
-"security domains. As a default, a timed cache policy is used."
+msgid "<emphasis role=\"bold\">AuthenticationCacheJndiName</emphasis>: Specifies the location of the security credential cache policy. This is first treated as an <literal>ObjectFactory</literal> location capable of returning <literal>CachePolicy</literal> instances on a per-security-domain basis. This is done by appending the name of the security domain to this name when looking up the <literal>CachePolicy</literal> for a domain. If this fails, the location is treated as a single <literal>CachePolicy</literal> for all security domains. As a default, a timed cache policy is used."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:641
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">DefaultCacheTimeout</emphasis>: Specifies the "
-"default timed cache policy timeout in seconds. The default value is 1800 "
-"seconds (30 minutes). The value you use for the timeout is a tradeoff "
-"between frequent authentication operations and how long credential "
-"information may be out of sync with respect to the security information "
-"store. If you want to disable caching of security credentials, set this to 0 "
-"to force authentication to occur every time. This has no affect if the "
-"<literal>AuthenticationCacheJndiName</literal> has been changed from the "
-"default value."
+msgid "<emphasis role=\"bold\">DefaultCacheTimeout</emphasis>: Specifies the default timed cache policy timeout in seconds. The default value is 1800 seconds (30 minutes). The value you use for the timeout is a tradeoff between frequent authentication operations and how long credential information may be out of sync with respect to the security information store. If you want to disable caching of security credentials, set this to 0 to force authentication to occur every time. This has no affect if the <literal>AuthenticationCacheJndiName</literal> has been changed from the default value."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:646
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">DefaultCacheResolution</emphasis>: Specifies the "
-"default timed cache policy resolution in seconds. This controls the interval "
-"at which the cache current timestamp is updated and should be less than the "
-"<literal>DefaultCacheTimeout</literal> in order for the timeout to be "
-"meaningful. The default resolution is 60 seconds(1 minute). This has no "
-"affect if the <literal>AuthenticationCacheJndiName</literal> has been "
-"changed from the default value."
+msgid "<emphasis role=\"bold\">DefaultCacheResolution</emphasis>: Specifies the default timed cache policy resolution in seconds. This controls the interval at which the cache current timestamp is updated and should be less than the <literal>DefaultCacheTimeout</literal> in order for the timeout to be meaningful. The default resolution is 60 seconds(1 minute). This has no affect if the <literal>AuthenticationCacheJndiName</literal> has been changed from the default value."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:651
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">DefaultUnauthenticatedPrincipal</emphasis>: "
-"Specifies the principal to use for unauthenticated users. This setting makes "
-"it possible to set default permissions for users who have not been "
-"authenticated."
+msgid "<emphasis role=\"bold\">DefaultUnauthenticatedPrincipal</emphasis>: Specifies the principal to use for unauthenticated users. This setting makes it possible to set default permissions for users who have not been authenticated."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:656
#, no-c-format
-msgid ""
-"The <literal>JaasSecurityManagerService</literal> also supports a number of "
-"useful operations. These include flushing any security domain authentication "
-"cache at runtime, getting the list of active users in a security domain "
-"authentication cache, and any of the security manager interface methods."
+msgid "The <literal>JaasSecurityManagerService</literal> also supports a number of useful operations. These include flushing any security domain authentication cache at runtime, getting the list of active users in a security domain authentication cache, and any of the security manager interface methods."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:659
#, no-c-format
-msgid ""
-"Flushing a security domain authentication cache can be used to drop all "
-"cached credentials when the underlying store has been updated and you want "
-"the store state to be used immediately. The MBean operation signature is: "
-"<literal>public void flushAuthenticationCache(String securityDomain)</"
-"literal>."
+msgid "Flushing a security domain authentication cache can be used to drop all cached credentials when the underlying store has been updated and you want the store state to be used immediately. The MBean operation signature is: <literal>public void flushAuthenticationCache(String securityDomain)</literal>."
msgstr ""
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:662 J2EE_Security_On_JBOSS.xml:669
+#: J2EE_Security_On_JBOSS.xml:662
+#: J2EE_Security_On_JBOSS.xml:669
#, no-c-format
msgid "This can be invoked programmatically using the following code snippet:"
msgstr ""
@@ -2815,11 +1802,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:666
#, no-c-format
-msgid ""
-"Getting the list of active users provides a snapshot of the "
-"<literal>Principals</literal> keys in a security domain authentication cache "
-"that are not expired. The MBean operation signature is: <literal>public List "
-"getAuthenticationCachePrincipals(String securityDomain)</literal>."
+msgid "Getting the list of active users provides a snapshot of the <literal>Principals</literal> keys in a security domain authentication cache that are not expired. The MBean operation signature is: <literal>public List getAuthenticationCachePrincipals(String securityDomain)</literal>."
msgstr ""
#. Tag: programlisting
@@ -2831,8 +1814,7 @@
"ObjectName jaasMgr = new ObjectName(jaasMgrName);\n"
"Object[] params = {domainName};\n"
"String[] signature = {\"java.lang.String\"};\n"
-"List users = (List) server.invoke(jaasMgr, \"getAuthenticationCachePrincipals"
-"\", \n"
+"List users = (List) server.invoke(jaasMgr, \"getAuthenticationCachePrincipals\", \n"
" params, signature);"
msgstr ""
"MBeanServer server = ...;\n"
@@ -2840,8 +1822,7 @@
"ObjectName jaasMgr = new ObjectName(jaasMgrName);\n"
"Object[] params = {domainName};\n"
"String[] signature = {\"java.lang.String\"};\n"
-"List users = (List) server.invoke(jaasMgr, \"getAuthenticationCachePrincipals"
-"\", \n"
+"List users = (List) server.invoke(jaasMgr, \"getAuthenticationCachePrincipals\", \n"
" params, signature);"
#. Tag: para
@@ -2854,35 +1835,23 @@
#: J2EE_Security_On_JBOSS.xml:676
#, no-c-format
msgid ""
-"public boolean isValid(String securityDomain, Principal principal, Object "
-"credential);\n"
+"public boolean isValid(String securityDomain, Principal principal, Object credential);\n"
"public Principal getPrincipal(String securityDomain, Principal principal);\n"
-"public boolean doesUserHaveRole(String securityDomain, Principal "
-"principal, \n"
+"public boolean doesUserHaveRole(String securityDomain, Principal principal, \n"
" Object credential, Set roles);\n"
-"public Set getUserRoles(String securityDomain, Principal principal, Object "
-"credential);"
+"public Set getUserRoles(String securityDomain, Principal principal, Object credential);"
msgstr ""
-"public boolean isValid(String securityDomain, Principal principal, Object "
-"credential);\n"
+"public boolean isValid(String securityDomain, Principal principal, Object credential);\n"
"public Principal getPrincipal(String securityDomain, Principal principal);\n"
-"public boolean doesUserHaveRole(String securityDomain, Principal "
-"principal, \n"
+"public boolean doesUserHaveRole(String securityDomain, Principal principal, \n"
" Object credential, Set roles);\n"
-"public Set getUserRoles(String securityDomain, Principal principal, Object "
-"credential);"
+"public Set getUserRoles(String securityDomain, Principal principal, Object credential);"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:677
#, no-c-format
-msgid ""
-"They provide access to the corresponding <literal>AuthenticationManager</"
-"literal> and <literal>RealmMapping</literal> interface method of the "
-"associated security domain named by the <literal>securityDomain</literal> "
-"argument."
-msgstr ""
-"它们提供对相应的 <literal>securityDomain</literal> 参数命名的安全域的 <literal>AuthenticationManager</"
-"literal> 和 <literal>RealmMapping</literal> 接口的访问。"
+msgid "They provide access to the corresponding <literal>AuthenticationManager</literal> and <literal>RealmMapping</literal> interface method of the associated security domain named by the <literal>securityDomain</literal> argument."
+msgstr "它们提供对相应的 <literal>securityDomain</literal> 参数命名的安全域的 <literal>AuthenticationManager</literal> 和 <literal>RealmMapping</literal> 接口的访问。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:683
@@ -2893,152 +1862,80 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:684
#, no-c-format
-msgid ""
-"The <literal>org.jboss.security.plugins.JaasSecurityDomain</literal> is an "
-"extension of <literal>JaasSecurityManager</literal> that adds the notion of "
-"a <literal>KeyStore</literal>, a JSSE <literal>KeyManagerFactory</literal> "
-"and a <literal>TrustManagerFactory</literal> for supporting SSL and other "
-"cryptographic use cases. The additional configurable attributes of the "
-"<literal>JaasSecurityDomain</literal> include:"
+msgid "The <literal>org.jboss.security.plugins.JaasSecurityDomain</literal> is an extension of <literal>JaasSecurityManager</literal> that adds the notion of a <literal>KeyStore</literal>, a JSSE <literal>KeyManagerFactory</literal> and a <literal>TrustManagerFactory</literal> for supporting SSL and other cryptographic use cases. The additional configurable attributes of the <literal>JaasSecurityDomain</literal> include:"
msgstr "<literal>org.jboss.security.plugins.JaasSecurityDomain</literal> 是 <literal>JaasSecurityManager</literal> 的扩展,它添加了 <literal>KeyStore</literal>、JSSE <literal>KeyManagerFactory</literal> 和 <literal>TrustManagerFactory</literal> 以支持 SSL 和其他加密技术。<literal>JaasSecurityDomain</literal> 的其他可配置属性包括:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:689
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">KeyStoreType</emphasis>: The type of the "
-"<literal>KeyStore</literal> implementation. This is the type argument passed "
-"to the <literal>java.security.KeyStore.getInstance(String type)</literal> "
-"factory method. The default is <literal>JKS</literal>."
+msgid "<emphasis role=\"bold\">KeyStoreType</emphasis>: The type of the <literal>KeyStore</literal> implementation. This is the type argument passed to the <literal>java.security.KeyStore.getInstance(String type)</literal> factory method. The default is <literal>JKS</literal>."
msgstr "<emphasis role=\"bold\">KeyStoreType</emphasis>:<literal>KeyStore</literal> 实现的类型。它是传递给 <literal>java.security.KeyStore.getInstance(String type)</literal> 工厂方法的类型参数。它的缺省值是 <literal>JKS</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:694
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">KeyStoreURL</emphasis>: A URL to the location of the "
-"<literal>KeyStore</literal> database. This is used to obtain an "
-"<literal>InputStream</literal> to initialize the <literal>KeyStore</"
-"literal>. If the string is not a value URL, it is treated as a file."
-msgstr ""
-"<emphasis role=\"bold\">KeyStoreURL</emphasis>:指向 <literal>KeyStore</literal> 数据库的位置的 URL。它用于获取 <literal>InputStream</literal> 以初始化 <literal>KeyStore</"
-"literal>。如果这个字符串不是有效的 URL,它将被视为文件名。"
+msgid "<emphasis role=\"bold\">KeyStoreURL</emphasis>: A URL to the location of the <literal>KeyStore</literal> database. This is used to obtain an <literal>InputStream</literal> to initialize the <literal>KeyStore</literal>. If the string is not a value URL, it is treated as a file."
+msgstr "<emphasis role=\"bold\">KeyStoreURL</emphasis>:指向 <literal>KeyStore</literal> 数据库的位置的 URL。它用于获取 <literal>InputStream</literal> 以初始化 <literal>KeyStore</literal>。如果这个字符串不是有效的 URL,它将被视为文件名。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:699
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">KeyStorePass</emphasis>: The password associated "
-"with the <literal>KeyStore</literal> database contents. The "
-"<literal>KeyStorePass</literal> is also used in combination with the "
-"<literal>Salt</literal> and <literal>IterationCount</literal> attributes to "
-"create a PBE secret key used with the encode/decode operations. The "
-"<literal>KeyStorePass</literal> attribute value format is one of the "
-"following:"
+msgid "<emphasis role=\"bold\">KeyStorePass</emphasis>: The password associated with the <literal>KeyStore</literal> database contents. The <literal>KeyStorePass</literal> is also used in combination with the <literal>Salt</literal> and <literal>IterationCount</literal> attributes to create a PBE secret key used with the encode/decode operations. The <literal>KeyStorePass</literal> attribute value format is one of the following:"
msgstr "<emphasis role=\"bold\">KeyStorePass</emphasis>:和 <literal>KeyStore</literal> 数据库内容相关联的密码。<literal>KeyStorePass</literal> 也和 <literal>Salt</literal> 以及 <literal>IterationCount</literal> 属性一起使用来创建加密/解密操作所使用的 PBE 密钥。<literal>KeyStorePass</literal> 属性的格式如下:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:704
#, no-c-format
-msgid ""
-"The plaintext password for the <literal>KeyStore</literal> The "
-"<literal>toCharArray()</literal> value of the string is used without any "
-"manipulation."
+msgid "The plaintext password for the <literal>KeyStore</literal> The <literal>toCharArray()</literal> value of the string is used without any manipulation."
msgstr "<literal>KeyStore</literal> 的明文密码。将使用不经任何转换的字符串的 <literal>toCharArray()</literal> 值。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:709
#, no-c-format
-msgid ""
-"A command to execute to obtain the plaintext password. The format is "
-"<literal>{EXT}...</literal> where the <literal>...</literal> is the exact "
-"command line that will be passed to the <literal>Runtime.exec(String)</"
-"literal> method to execute a platform-specific command. The first line of "
-"the command output is used as the password."
-msgstr ""
-"执行命令以获取明文密码。其格式是 <literal>{EXT}...</literal>,这里的 <literal>...</literal> 是将传递给 <literal>Runtime.exec(String)</"
-"literal> 方法以执行平台专有命令的命令行。命令输出的第一行被用作密码。"
+msgid "A command to execute to obtain the plaintext password. The format is <literal>{EXT}...</literal> where the <literal>...</literal> is the exact command line that will be passed to the <literal>Runtime.exec(String)</literal> method to execute a platform-specific command. The first line of the command output is used as the password."
+msgstr "执行命令以获取明文密码。其格式是 <literal>{EXT}...</literal>,这里的 <literal>...</literal> 是将传递给 <literal>Runtime.exec(String)</literal> 方法以执行平台专有命令的命令行。命令输出的第一行被用作密码。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:714
#, no-c-format
-msgid ""
-"A class to create to obtain the plaintext password. The format is <literal>"
-"{CLASS}classname[:ctorarg]</literal> where the <literal>[:ctorarg]</literal> "
-"is an optional string that will be passed to the constructor when "
-"instantiating the <literal>classname</literal>. The password is obtained "
-"from classname by invoking a <literal>toCharArray()</literal> method if "
-"found, otherwise, the <literal>toString()</literal> method is used."
-msgstr ""
-"创建获取明文密码的类。其格式是 <literal>"
-"{CLASS}classname[:ctorarg]</literal>,这里的 <literal>[:ctorarg]</literal> 是一个在实例化 <literal>classname</literal> 时将传递给构造器的可选字符串。密码通过调用 <literal>toCharArray()</literal> 方法(如果能找到)从 classname 获得,否则使用 <literal>toString()</literal> 方法。"
+msgid "A class to create to obtain the plaintext password. The format is <literal>{CLASS}classname[:ctorarg]</literal> where the <literal>[:ctorarg]</literal> is an optional string that will be passed to the constructor when instantiating the <literal>classname</literal>. The password is obtained from classname by invoking a <literal>toCharArray()</literal> method if found, otherwise, the <literal>toString()</literal> method is used."
+msgstr "创建获取明文密码的类。其格式是 <literal>{CLASS}classname[:ctorarg]</literal>,这里的 <literal>[:ctorarg]</literal> 是一个在实例化 <literal>classname</literal> 时将传递给构造器的可选字符串。密码通过调用 <literal>toCharArray()</literal> 方法(如果能找到)从 classname 获得,否则使用 <literal>toString()</literal> 方法。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:721
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">Salt</emphasis>: The <literal>PBEParameterSpec</"
-"literal> salt value."
-msgstr ""
-"<emphasis role=\"bold\">Salt</emphasis>:<literal>PBEParameterSpec</"
-"literal> 的 salt 值。"
+msgid "<emphasis role=\"bold\">Salt</emphasis>: The <literal>PBEParameterSpec</literal> salt value."
+msgstr "<emphasis role=\"bold\">Salt</emphasis>:<literal>PBEParameterSpec</literal> 的 salt 值。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:726
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">IterationCount</emphasis>: The "
-"<literal>PBEParameterSpec</literal> iteration count value."
+msgid "<emphasis role=\"bold\">IterationCount</emphasis>: The <literal>PBEParameterSpec</literal> iteration count value."
msgstr "<emphasis role=\"bold\">IterationCount</emphasis>:<literal>PBEParameterSpec</literal> 迭代计数值。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:731
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">TrustStoreType</emphasis>: The type of the "
-"<literal>TrustStore</literal> implementation. This is the type argument "
-"passed to the <literal>java.security.KeyStore.getInstance(String type)</"
-"literal> factory method. The default is <literal>JKS</literal>."
-msgstr ""
-"<emphasis role=\"bold\">TrustStoreType</emphasis>:<literal>TrustStore</literal> 实现的类型。这是传递给 <literal>java.security.KeyStore.getInstance(String type)</"
-"literal> 工厂方法的类型参数。它的缺省值是 <literal>JKS</literal>。"
+msgid "<emphasis role=\"bold\">TrustStoreType</emphasis>: The type of the <literal>TrustStore</literal> implementation. This is the type argument passed to the <literal>java.security.KeyStore.getInstance(String type)</literal> factory method. The default is <literal>JKS</literal>."
+msgstr "<emphasis role=\"bold\">TrustStoreType</emphasis>:<literal>TrustStore</literal> 实现的类型。这是传递给 <literal>java.security.KeyStore.getInstance(String type)</literal> 工厂方法的类型参数。它的缺省值是 <literal>JKS</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:736
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">TrustStoreURL</emphasis>: A URL to the location of "
-"the <literal>TrustStore</literal> database. This is used to obtain an "
-"<literal>InputStream</literal> to initialize the <literal>KeyStore</"
-"literal>. If the string is not a value URL, it is treated as a file."
-msgstr ""
-"<emphasis role=\"bold\">TrustStoreURL</emphasis>:指向 <literal>TrustStore</literal> 数据库的位置的 URL。它用于获取 <literal>InputStream</literal> 以初始化 <literal>KeyStore</"
-"literal>。如果这个字符串不是有效的 URL,它将被视为文件名。"
+msgid "<emphasis role=\"bold\">TrustStoreURL</emphasis>: A URL to the location of the <literal>TrustStore</literal> database. This is used to obtain an <literal>InputStream</literal> to initialize the <literal>KeyStore</literal>. If the string is not a value URL, it is treated as a file."
+msgstr "<emphasis role=\"bold\">TrustStoreURL</emphasis>:指向 <literal>TrustStore</literal> 数据库的位置的 URL。它用于获取 <literal>InputStream</literal> 以初始化 <literal>KeyStore</literal>。如果这个字符串不是有效的 URL,它将被视为文件名。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:741
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">TrustStorePass</emphasis>: The password associated "
-"with the trust store database contents. The <literal>TrustStorePass</"
-"literal> is a simple password and doesn't have the same configuration "
-"options as the <literal>KeyStorePass</literal>."
+msgid "<emphasis role=\"bold\">TrustStorePass</emphasis>: The password associated with the trust store database contents. The <literal>TrustStorePass</literal> is a simple password and doesn't have the same configuration options as the <literal>KeyStorePass</literal>."
msgstr "<emphasis role=\"bold\">TrustStorePass</emphasis>:和信任库内容相关联的密码。<literal>TrustStorePass</literal> 是一个简单的密码,它没有和 <literal>KeyStorePass</literal> 一样的配置选项。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:746
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">ManagerServiceName</emphasis>: Sets the JMX object "
-"name string of the security manager service MBean. This is used to register "
-"the defaults to register the <literal>JaasSecurityDomain</literal> as a the "
-"security manager under <literal>java:/jaas/<domain></literal> where "
-"<literal><domain></literal> is the name passed to the MBean "
-"constructor. The name defaults to <literal>jboss.security:"
-"service=JaasSecurityManager</literal>."
-msgstr ""
-"<emphasis role=\"bold\">ManagerServiceName</emphasis>:设置安全管理者服务 MBean 的 JMX 对象名称字符串。它用于把 <literal>JaasSecurityDomain</literal> 注册为 <literal>java:/jaas/<domain></literal> 下缺省的安全管理者,这里的 <literal><domain></literal> 是传递给 MBean 构造器的名称。这个名称缺省为 <literal>jboss.security:"
-"service=JaasSecurityManager</literal>。"
+msgid "<emphasis role=\"bold\">ManagerServiceName</emphasis>: Sets the JMX object name string of the security manager service MBean. This is used to register the defaults to register the <literal>JaasSecurityDomain</literal> as a the security manager under <literal>java:/jaas/<domain></literal> where <literal><domain></literal> is the name passed to the MBean constructor. The name defaults to <literal>jboss.security:service=JaasSecurityManager</literal>."
+msgstr "<emphasis role=\"bold\">ManagerServiceName</emphasis>:设置安全管理者服务 MBean 的 JMX 对象名称字符串。它用于把 <literal>JaasSecurityDomain</literal> 注册为 <literal>java:/jaas/<domain></literal> 下缺省的安全管理者,这里的 <literal><domain></literal> 是传递给 MBean 构造器的名称。这个名称缺省为 <literal>jboss.security:service=JaasSecurityManager</literal>。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:756
@@ -3049,24 +1946,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:757
#, no-c-format
-msgid ""
-"The standard way of configuring security domains for authentication and "
-"authorization in JBoss is to use the XML login configuration file. The login "
-"configuration policy defines a set of named security domains that each "
-"define a stack of login modules that will be called upon to authenticate and "
-"authorize users."
+msgid "The standard way of configuring security domains for authentication and authorization in JBoss is to use the XML login configuration file. The login configuration policy defines a set of named security domains that each define a stack of login modules that will be called upon to authenticate and authorize users."
msgstr "在 JBoss 里配置用于验证和授权的安全域的标准途径是使用 XML 登录配置文件。 这个登录配置文件的策略定义了一系列的命名安全域,每个都定义了一个登录模块栈供调用以验证用户和授权。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:760
#, no-c-format
-msgid ""
-"The XML configuration file conforms to the DTD given by <xref linkend="
-"\"Defining_Security_Domains-The_XMLLoginConfig_DTD\"/>. This DTD can be "
-"found in <literal>docs/dtd/security_config.dtd</literal>."
-msgstr ""
-"XML 配置文件遵循 <xref linkend="
-"\"Defining_Security_Domains-The_XMLLoginConfig_DTD\"/> 里给出的 DTD。这个 DTD 可以在 <literal>docs/dtd/security_config.dtd</literal> 里找到。"
+msgid "The XML configuration file conforms to the DTD given by <xref linkend=\"Defining_Security_Domains-The_XMLLoginConfig_DTD\"/>. This DTD can be found in <literal>docs/dtd/security_config.dtd</literal>."
+msgstr "XML 配置文件遵循 <xref linkend=\"Defining_Security_Domains-The_XMLLoginConfig_DTD\"/> 里给出的 DTD。这个 DTD 可以在 <literal>docs/dtd/security_config.dtd</literal> 里找到。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:764
@@ -3077,12 +1964,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:776
#, no-c-format
-msgid ""
-"The following example shows a simple configuration named jmx-console that is "
-"backed by a single login module. The login module is configured by a simple "
-"set of name/value configuration pairs that have meaning to the login module "
-"in question. We'll see what these options mean later, for now we'll "
-"just be concerned with the structure of the configuration file."
+msgid "The following example shows a simple configuration named jmx-console that is backed by a single login module. The login module is configured by a simple set of name/value configuration pairs that have meaning to the login module in question. We'll see what these options mean later, for now we'll just be concerned with the structure of the configuration file."
msgstr "下面的例子显示了一个简单 jmx-console 配置,它由单个的登录模块所支持。这个登录模块由一系列简单的名称/值配置对来配置。之后我们会明白这些选项的意思,现在我们将只关心配置文件的结构。"
#. Tag: programlisting
@@ -3091,24 +1973,18 @@
msgid ""
"<application-policy name=\"jmx-console\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\" flag=\"required\">\n"
-" <module-option name=\"usersProperties\">props/jmx-console-"
-"users.properties</module-option>\n"
-" <module-option name=\"rolesProperties\">props/jmx-console-"
-"roles.properties</module-option>\n"
+" <login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\" flag=\"required\">\n"
+" <module-option name=\"usersProperties\">props/jmx-console-users.properties</module-option>\n"
+" <module-option name=\"rolesProperties\">props/jmx-console-roles.properties</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
msgstr ""
"<application-policy name=\"jmx-console\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\" flag=\"required\">\n"
-" <module-option name=\"usersProperties\">props/jmx-console-"
-"users.properties</module-option>\n"
-" <module-option name=\"rolesProperties\">props/jmx-console-"
-"roles.properties</module-option>\n"
+" <login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\" flag=\"required\">\n"
+" <module-option name=\"usersProperties\">props/jmx-console-users.properties</module-option>\n"
+" <module-option name=\"rolesProperties\">props/jmx-console-roles.properties</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
@@ -3116,70 +1992,43 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:780
#, no-c-format
-msgid ""
-"The <literal>name</literal> attribute of the <literal>application-policy</"
-"literal> is the login configuration name. Applications policy elements will "
-"be bound by that name in JNDI under the the <literal>java:/jaas</literal> "
-"context. Applications will link to security domains through this JNDI name "
-"in their deployment descriptors. (See the <literal>security-domain</literal> "
-"elements in <literal>jboss.xml</literal>, <literal>jboss-web.xml</literal> "
-"and <literal>jboss-service.xml</literal> files for examples)"
+msgid "The <literal>name</literal> attribute of the <literal>application-policy</literal> is the login configuration name. Applications policy elements will be bound by that name in JNDI under the the <literal>java:/jaas</literal> context. Applications will link to security domains through this JNDI name in their deployment descriptors. (See the <literal>security-domain</literal> elements in <literal>jboss.xml</literal>, <literal>jboss-web.xml</literal> and <literal>jboss-service.xml</literal> files for examples)"
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:783
#, no-c-format
-msgid ""
-"The <literal>code</literal> attribute of the <literal>login-module</literal> "
-"element specifies the class name of the login module implementation. The "
-"<literal>required</literal> flag attribute controls the overall behavior of "
-"the authentication stack. The allowed values and meanings are:"
+msgid "The <literal>code</literal> attribute of the <literal>login-module</literal> element specifies the class name of the login module implementation. The <literal>required</literal> flag attribute controls the overall behavior of the authentication stack. The allowed values and meanings are:"
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:788
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">required</emphasis>: The login module is required to "
-"succeed for the authentication to be successful. If any required module "
-"fails, the authentication will fail. The remaining login modules in the "
-"stack will be called regardless of the outcome of the authentication."
+msgid "<emphasis role=\"bold\">required</emphasis>: The login module is required to succeed for the authentication to be successful. If any required module fails, the authentication will fail. The remaining login modules in the stack will be called regardless of the outcome of the authentication."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:793
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">requisite</emphasis>: The login module is required "
-"to succeed. If it succeeds, authentication continues down the login stack. "
-"If it fails, control immediately returns to the application."
+msgid "<emphasis role=\"bold\">requisite</emphasis>: The login module is required to succeed. If it succeeds, authentication continues down the login stack. If it fails, control immediately returns to the application."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:798
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">sufficient</emphasis>: The login module is not "
-"required to succeed. If it does succeed, control immediately returns to the "
-"application. If it fails, authentication continues down the login stack."
+msgid "<emphasis role=\"bold\">sufficient</emphasis>: The login module is not required to succeed. If it does succeed, control immediately returns to the application. If it fails, authentication continues down the login stack."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:803
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">optional</emphasis>: The login module is not "
-"required to succeed. Authentication still continues to proceed down the "
-"login stack regardless of whether the login module succeeds or fails."
+msgid "<emphasis role=\"bold\">optional</emphasis>: The login module is not required to succeed. Authentication still continues to proceed down the login stack regardless of whether the login module succeeds or fails."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:808
#, no-c-format
-msgid ""
-"The following example shows the definition of a security domain that uses "
-"multiple login modules. Since both modules are marked as sufficient, only "
-"one of them need to succeed for login to proceed."
+msgid "The following example shows the definition of a security domain that uses multiple login modules. Since both modules are marked as sufficient, only one of them need to succeed for login to proceed."
msgstr ""
#. Tag: programlisting
@@ -3188,13 +2037,11 @@
msgid ""
"<application-policy name=\"todo\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule"
-"\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule\" \n"
" flag=\"sufficient\">\n"
" <!-- LDAP configuration -->\n"
" </login-module>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"DatabaseServerLoginModule\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.DatabaseServerLoginModule\" \n"
" flag=\"sufficient\">\n"
" <!-- database configuration -->\n"
" </login-module>\n"
@@ -3203,13 +2050,11 @@
msgstr ""
"<application-policy name=\"todo\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule"
-"\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule\" \n"
" flag=\"sufficient\">\n"
" <!-- LDAP configuration -->\n"
" </login-module>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"DatabaseServerLoginModule\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.DatabaseServerLoginModule\" \n"
" flag=\"sufficient\">\n"
" <!-- database configuration -->\n"
" </login-module>\n"
@@ -3219,11 +2064,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:812
#, no-c-format
-msgid ""
-"Each login module has its own set of configuration options. These are set as "
-"name/value pairs using the <literal>module-option</literal> elements. We'"
-"ll cover module options in more depth when we look at the individual login "
-"modules available in JBoss AS."
+msgid "Each login module has its own set of configuration options. These are set as name/value pairs using the <literal>module-option</literal> elements. We'll cover module options in more depth when we look at the individual login modules available in JBoss AS."
msgstr ""
#. Tag: title
@@ -3235,12 +2076,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:817
#, no-c-format
-msgid ""
-"Authentication security domains are configured statically in the "
-"<literal>conf/login-config.xml</literal> file. The <literal>XMLLoginConfig</"
-"literal> MBean is responsible for loading security configurations from this "
-"configurations from a local configuration file. The MBean is defined as "
-"shown below."
+msgid "Authentication security domains are configured statically in the <literal>conf/login-config.xml</literal> file. The <literal>XMLLoginConfig</literal> MBean is responsible for loading security configurations from this configurations from a local configuration file. The MBean is defined as shown below."
msgstr ""
#. Tag: programlisting
@@ -3249,14 +2085,12 @@
msgid ""
"<mbean code=\"org.jboss.security.auth.login.XMLLoginConfig\"\n"
" name=\"jboss.security:service=XMLLoginConfig\">\n"
-" <attribute name=\"ConfigResource\">login-config.xml</"
-"attribute>\n"
+" <attribute name=\"ConfigResource\">login-config.xml</attribute>\n"
"</mbean>"
msgstr ""
"<mbean code=\"org.jboss.security.auth.login.XMLLoginConfig\"\n"
" name=\"jboss.security:service=XMLLoginConfig\">\n"
-" <attribute name=\"ConfigResource\">login-config.xml</"
-"attribute>\n"
+" <attribute name=\"ConfigResource\">login-config.xml</attribute>\n"
"</mbean>"
#. Tag: para
@@ -3268,101 +2102,62 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:826
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">ConfigURL</emphasis>: specifies the URL of the XML "
-"login configuration file that should be loaded by this MBean on startup. "
-"This must be a valid URL string representation."
+msgid "<emphasis role=\"bold\">ConfigURL</emphasis>: specifies the URL of the XML login configuration file that should be loaded by this MBean on startup. This must be a valid URL string representation."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:831
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">ConfigResource</emphasis>: specifies the resource "
-"name of the XML login configuration file that should be loaded by this MBean "
-"on startup. The name is treated as a classpath resource for which a URL is "
-"located using the thread context class loader."
+msgid "<emphasis role=\"bold\">ConfigResource</emphasis>: specifies the resource name of the XML login configuration file that should be loaded by this MBean on startup. The name is treated as a classpath resource for which a URL is located using the thread context class loader."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:836
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">ValidateDTD</emphasis>: a flag indicating if the XML "
-"configuration should be validated against its DTD. This defaults to true."
-msgstr ""
-"<emphasis role=\"bold\">cookies</emphasis>:这个标记表示是否用 cookies 记录会"
-"话。它的缺省值是 true。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">ValidateDTD</emphasis>: a flag indicating if the XML configuration should be validated against its DTD. This defaults to true."
+msgstr "<emphasis role=\"bold\">ValidateDTD</emphasis>:这个标记表示 XML 配置是否应该根据 DTD 进行检验。它的缺省值是 true。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:841
#, no-c-format
-msgid ""
-"The MBean also supports the following operations that allow one to "
-"dynamically extend the login configurations at runtime. Note that any "
-"operation that attempts to alter login configuration requires a "
-"<literal>javax.security.auth.AuthPermission(\"refreshLoginConfiguration\")</"
-"literal> when running with a security manager. The <literal>org.jboss.book."
-"security.service.SecurityConfig</literal> service demonstrates how this can "
-"be used to add/remove a deployment specific security configuration "
-"dynamically."
+msgid "The MBean also supports the following operations that allow one to dynamically extend the login configurations at runtime. Note that any operation that attempts to alter login configuration requires a <literal>javax.security.auth.AuthPermission(\"refreshLoginConfiguration\")</literal> when running with a security manager. The <literal>org.jboss.book.security.service.SecurityConfig</literal> service demonstrates how this can be used to add/remove a deployment specific security configuration dynamically."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:846
#, no-c-format
-msgid ""
-"<literal>void addAppConfig(String appName, AppConfigurationEntry[] entries)</"
-"literal>: this adds the given login module configuration stack to the "
-"current configuration under the given <literal>appName</literal>. This "
-"replaces any existing entry under that name."
+msgid "<literal>void addAppConfig(String appName, AppConfigurationEntry[] entries)</literal>: this adds the given login module configuration stack to the current configuration under the given <literal>appName</literal>. This replaces any existing entry under that name."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:851
#, no-c-format
-msgid ""
-"<literal>void removeAppConfig(String appName)</literal>: this removes the "
-"login module configuration registered under the given <literal>appName</"
-"literal>."
-msgstr ""
+msgid "<literal>void removeAppConfig(String appName)</literal>: this removes the login module configuration registered under the given <literal>appName</literal>."
+msgstr "<literal>void removeAppConfig(String appName)</literal>:它删除注册在 <literal>appName</literal> 下的登录模块配置。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:856
#, no-c-format
-msgid ""
-"<literal>String[] loadConfig(URL configURL) throws Exception</literal>: this "
-"loads one or more login configurations from a URL representing either an XML "
-"or legacy Sun login configuration file. Note that all login configurations "
-"must be added or none will be added. It returns the names of the login "
-"configurations that were added."
-msgstr ""
+msgid "<literal>String[] loadConfig(URL configURL) throws Exception</literal>: this loads one or more login configurations from a URL representing either an XML or legacy Sun login configuration file. Note that all login configurations must be added or none will be added. It returns the names of the login configurations that were added."
+msgstr "<literal>String[] loadConfig(URL configURL) throws Exception</literal>:它从代表 XML 或旧的 Sun 登录配置文件的 URL 加载一个或多个登录配置。请注意,所有的登录配置必须被添加或者是都不添加。它返回被添加的登录配置的名称。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:861
#, no-c-format
-msgid ""
-"<literal>void removeConfigs(String[] appNames)</literal>: this removes the "
-"login configurations specified <literal>appNames</literal> array."
-msgstr ""
+msgid "<literal>void removeConfigs(String[] appNames)</literal>: this removes the login configurations specified <literal>appNames</literal> array."
+msgstr "<literal>void removeConfigs(String[] appNames)</literal>:它删除用 <literal>appNames</literal> 队列指定的登录配置。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:866
#, no-c-format
-msgid ""
-"<literal>String displayAppConfig(String appName)</literal>: this operation "
-"displays a simple string format of the named configuration if it exists."
-msgstr ""
+msgid "<literal>String displayAppConfig(String appName)</literal>: this operation displays a simple string format of the named configuration if it exists."
+msgstr "<literal>String displayAppConfig(String appName)</literal>:这个操作显示了命名配置(如果存在)的简单字符串格式。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:871
#, no-c-format
-msgid ""
-"The <literal>SecurityConfig</literal> MBean is responsible for selecting the "
-"<literal>javax.security.auth.login.Configuration</literal> to be used. The "
-"default configuration simply references the <literal>XMLLoginConfig</"
-"literal> MBean."
-msgstr ""
+msgid "The <literal>SecurityConfig</literal> MBean is responsible for selecting the <literal>javax.security.auth.login.Configuration</literal> to be used. The default configuration simply references the <literal>XMLLoginConfig</literal> MBean."
+msgstr "<literal>SecurityConfig</literal> MBean 负责选择所使用的 <literal>javax.security.auth.login.Configuration</literal>。缺省配置简单地引用 <literal>XMLLoginConfig</literal> MBean。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:874
@@ -3370,42 +2165,30 @@
msgid ""
"<mbean code=\"org.jboss.security.plugins.SecurityConfig\" \n"
" name=\"jboss.security:service=SecurityConfig\">\n"
-" <attribute name=\"LoginConfig\">jboss.security:"
-"service=XMLLoginConfig</attribute>\n"
+" <attribute name=\"LoginConfig\">jboss.security:service=XMLLoginConfig</attribute>\n"
" </mbean>"
msgstr ""
+"<mbean code=\"org.jboss.security.plugins.SecurityConfig\" \n"
+" name=\"jboss.security:service=SecurityConfig\">\n"
+" <attribute name=\"LoginConfig\">jboss.security:service=XMLLoginConfig</attribute>\n"
+" </mbean>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:875
-#, fuzzy, no-c-format
+#, no-c-format
msgid "There is one configurable attribute:"
-msgstr "可配置的属性如下:"
+msgstr "下面是一个可配置属性如下:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:880
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">LoginConfig</emphasis>: Specifies the JMX "
-"<literal>ObjectName</literal> string of the MBean that provides the default "
-"JAAS login configuration. When the <literal>SecurityConfig</literal> is "
-"started, this MBean is queried for its <literal>javax.security.auth.login."
-"Configuration</literal> by calling its <literal>getConfiguration"
-"(Configuration currentConfig)</literal> operation. If the "
-"<literal>LoginConfig</literal> attribute is not specified then the default "
-"Sun <literal>Configuration</literal> implementation described in the "
-"<literal>Configuration</literal> class JavaDocs is used."
+msgid "<emphasis role=\"bold\">LoginConfig</emphasis>: Specifies the JMX <literal>ObjectName</literal> string of the MBean that provides the default JAAS login configuration. When the <literal>SecurityConfig</literal> is started, this MBean is queried for its <literal>javax.security.auth.login.Configuration</literal> by calling its <literal>getConfiguration(Configuration currentConfig)</literal> operation. If the <literal>LoginConfig</literal> attribute is not specified then the default Sun <literal>Configuration</literal> implementation described in the <literal>Configuration</literal> class JavaDocs is used."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:885
#, no-c-format
-msgid ""
-"In addition to allowing for a custom JAAS login configuration "
-"implementation, this service allows configurations to be chained together in "
-"a stack at runtime. This allows one to push a login configuration onto the "
-"stack and latter pop it. This is a feature used by the security unit tests "
-"to install custom login configurations into a default JBoss installation. "
-"Pushing a new configuration is done using:"
+msgid "In addition to allowing for a custom JAAS login configuration implementation, this service allows configurations to be chained together in a stack at runtime. This allows one to push a login configuration onto the stack and latter pop it. This is a feature used by the security unit tests to install custom login configurations into a default JBoss installation. Pushing a new configuration is done using:"
msgstr ""
#. Tag: programlisting
@@ -3415,101 +2198,72 @@
"public void pushLoginConfig(String objectName) throws\n"
" JMException, MalformedObjectNameException;"
msgstr ""
+"public void pushLoginConfig(String objectName) throws\n"
+" JMException, MalformedObjectNameException;"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:889
#, no-c-format
-msgid ""
-"The <literal>objectName</literal> parameters specifies an MBean similar to "
-"the <literal>LoginConfig</literal> attribute. The current login "
-"configuration may be removed using:"
-msgstr ""
+msgid "The <literal>objectName</literal> parameters specifies an MBean similar to the <literal>LoginConfig</literal> attribute. The current login configuration may be removed using:"
+msgstr "<literal>objectName</literal> 参数指定和 <literal>LoginConfig</literal> 属性类似的 MBean。当前的登录配置可以这样进行删除:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:892
#, no-c-format
msgid "public void popLoginConfig() throws JMException;"
-msgstr ""
+msgstr "public void popLoginConfig() throws JMException;"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:896
-#, fuzzy, no-c-format
+#, no-c-format
msgid "The DynamicLoginConfig service"
-msgstr "JNDI 命名服务"
+msgstr "DynamicLoginConfig 服务"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:897
#, no-c-format
-msgid ""
-"Security domains defined in the <literal>login-config.xml</literal> file are "
-"essentially static. They are read when JBoss starts up, but there is no easy "
-"way to add a new security domain or change the definition for an existing "
-"one. The <literal>DynamicLoginConfig</literal> service allows you to "
-"dynamically deploy security domains. This allows you to specify JAAS login "
-"configuration as part of a deployment (or just as a standalone service) "
-"rather than having to edit the static <literal>login-config.xml</literal> "
-"file."
+msgid "Security domains defined in the <literal>login-config.xml</literal> file are essentially static. They are read when JBoss starts up, but there is no easy way to add a new security domain or change the definition for an existing one. The <literal>DynamicLoginConfig</literal> service allows you to dynamically deploy security domains. This allows you to specify JAAS login configuration as part of a deployment (or just as a standalone service) rather than having to edit the static <literal>login-config.xml</literal> file."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:900
-#, fuzzy, no-c-format
+#, no-c-format
msgid "The service supports the following attributes:"
-msgstr "HttpInvoker 支持下面的属性:"
+msgstr "这个服务支持下面的属性:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:905
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">AuthConfig</emphasis>: The resource path to the JAAS "
-"login configuration file to use. This defaults to <literal>login-config.xml</"
-"literal>"
-msgstr ""
-"<emphasis role=\"bold\">prefix</emphasis>:这是每个日志文件名的前缀。它的缺省"
-"值是 <literal>access_log</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">AuthConfig</emphasis>: The resource path to the JAAS login configuration file to use. This defaults to <literal>login-config.xml</literal>"
+msgstr "<emphasis role=\"bold\">AuthConfig</emphasis>:JAAS登录配置文件使用的资源路径。它的缺省值是 <literal>login-config.xml</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:910
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">LoginConfigService</emphasis>: the "
-"<literal>XMLLoginConfig</literal> service name to use for loading. This "
-"service must support a <literal>String loadConfig(URL)</literal> operation "
-"to load the configurations."
-msgstr ""
+msgid "<emphasis role=\"bold\">LoginConfigService</emphasis>: the <literal>XMLLoginConfig</literal> service name to use for loading. This service must support a <literal>String loadConfig(URL)</literal> operation to load the configurations."
+msgstr "<emphasis role=\"bold\">LoginConfigService</emphasis>:用于加载的 <literal>XMLLoginConfig</literal> 服务名称。这个服务必须支持 <literal>String loadConfig(URL)</literal> 操作来加载配置。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:915
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">SecurityManagerService</emphasis>: The "
-"<literal>SecurityManagerService</literal> name used to flush the registered "
-"security domains. This service must support a "
-"<literal>flushAuthenticationCache(String)</literal> operation to flush the "
-"case for the argument security domain. Setting this triggers the flush of "
-"the authentication caches when the service is stopped."
+msgid "<emphasis role=\"bold\">SecurityManagerService</emphasis>: The <literal>SecurityManagerService</literal> name used to flush the registered security domains. This service must support a <literal>flushAuthenticationCache(String)</literal> operation to flush the case for the argument security domain. Setting this triggers the flush of the authentication caches when the service is stopped."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:920
#, no-c-format
-msgid ""
-"Here is an example MBean definition using the <literal>DynamicLoginConfig</"
-"literal> service."
-msgstr ""
+msgid "Here is an example MBean definition using the <literal>DynamicLoginConfig</literal> service."
+msgstr "下面是一个使用 <literal>DynamicLoginConfig</literal> 服务的 MBean 的定义:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:923
#, no-c-format
msgid ""
"<server>\n"
-" <mbean code=\"org.jboss.security.auth.login.DynamicLoginConfig\" name="
-"\"...\">\n"
-" <attribute name=\"AuthConfig\">login-config.xml</"
-"attribute>\n"
+" <mbean code=\"org.jboss.security.auth.login.DynamicLoginConfig\" name=\"...\">\n"
+" <attribute name=\"AuthConfig\">login-config.xml</attribute>\n"
"\n"
-" <!-- The service which supports dynamic processing of login-"
-"config.xml\n"
+" <!-- The service which supports dynamic processing of login-config.xml\n"
" configurations.\n"
" -->\n"
" <depends optional-attribute-name=\"LoginConfigService\">\n"
@@ -3525,13 +2279,10 @@
"</server>"
msgstr ""
"<server>\n"
-" <mbean code=\"org.jboss.security.auth.login.DynamicLoginConfig\" name="
-"\"...\">\n"
-" <attribute name=\"AuthConfig\">login-config.xml</"
-"attribute>\n"
+" <mbean code=\"org.jboss.security.auth.login.DynamicLoginConfig\" name=\"...\">\n"
+" <attribute name=\"AuthConfig\">login-config.xml</attribute>\n"
"\n"
-" <!-- The service which supports dynamic processing of login-"
-"config.xml\n"
+" <!-- The service which supports dynamic processing of login-config.xml\n"
" configurations.\n"
" -->\n"
" <depends optional-attribute-name=\"LoginConfigService\">\n"
@@ -3549,12 +2300,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:924
#, no-c-format
-msgid ""
-"This will load the specified <literal>AuthConfig</literal> resource using "
-"the specified <literal>LoginConfigService</literal> MBean by invoking "
-"<literal>loadConfig</literal> with the appropriate resource URL. When the "
-"service is stopped the configurations are removed. The resource specified "
-"may be either an XML file, or a Sun JAAS login configuration."
+msgid "This will load the specified <literal>AuthConfig</literal> resource using the specified <literal>LoginConfigService</literal> MBean by invoking <literal>loadConfig</literal> with the appropriate resource URL. When the service is stopped the configurations are removed. The resource specified may be either an XML file, or a Sun JAAS login configuration."
msgstr ""
#. Tag: title
@@ -3566,14 +2312,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:931
#, no-c-format
-msgid ""
-"JBoss includes several bundled login modules suitable for most user "
-"management needs. JBoss can read user information from a relational "
-"database, an LDAP server or flat files. In addition to these core login "
-"modules, JBoss provides several other login modules that provide user "
-"information for very customized needs in JBoss. Before we explore the "
-"individual login modules, let's take a look at a few login module "
-"configuration options that are common to multiple modules."
+msgid "JBoss includes several bundled login modules suitable for most user management needs. JBoss can read user information from a relational database, an LDAP server or flat files. In addition to these core login modules, JBoss provides several other login modules that provide user information for very customized needs in JBoss. Before we explore the individual login modules, let's take a look at a few login module configuration options that are common to multiple modules."
msgstr "JBoss 带有几个满足大多数管理需要的登录模块。JBoss 可以从关系性数据库、LDAP 服务器或普通文件中阅读用户信息。除了这些核心的登录模块,JBoss 也提供几个其他的登录模块以满足自定义的需要。在我们探讨单独的登录模块之前,让我们看看登录模块所共有的一些配置选项。"
#. Tag: title
@@ -3585,51 +2324,20 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:936
#, no-c-format
-msgid ""
-"Multiple login modules can be chained together in a stack, with each login "
-"module providing both the authentication and authorization components. This "
-"works for many use cases, but sometimes authentication and authorization are "
-"split across multiple user management stores. A previous example showed how "
-"to combine LDAP and a relational database, allowing a user to be "
-"authenticated by either system. However, consider the case where users are "
-"managed in a central LDAP server but application-specific roles are stored "
-"in the application's relational database. The password-stacking module "
-"option captures this relationship."
+msgid "Multiple login modules can be chained together in a stack, with each login module providing both the authentication and authorization components. This works for many use cases, but sometimes authentication and authorization are split across multiple user management stores. A previous example showed how to combine LDAP and a relational database, allowing a user to be authenticated by either system. However, consider the case where users are managed in a central LDAP server but application-specific roles are stored in the application's relational database. The password-stacking module option captures this relationship."
msgstr "多个登录模块可以链接在一个栈里,每个模块都提供验证和授权组件。这可用于许多情况之下,但有时候验证和授权分布在多个用户管理库里。前面的例子展示了如何组合 LDAP 和关系型数据库,允许两者中的任意一个验证用户。然而,我们也必须考虑到中央 LDAP 服务器管理用户而应用程序专有的角色存储在关系性数据库里的情况。password-stacking 模块选项可以处理这种关系。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:941
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">password-stacking</emphasis>: When <literal>password-"
-"stacking</literal> option is set to <literal>useFirstPass</literal>, this "
-"module first looks for a shared username and password under the property "
-"names <literal>javax.security.auth.login.name</literal> and <literal>javax."
-"security.auth.login.password</literal> respectively in the login module "
-"shared state map. If found these are used as the principal name and "
-"password. If not found the principal name and password are set by this login "
-"module and stored under the property names <literal>javax.security.auth."
-"login.name</literal> and <literal>javax.security.auth.login.password</"
-"literal> respectively."
-msgstr ""
-"<emphasis role=\"bold\">password-stacking</emphasis>:当 <literal>password-"
-"stacking</literal> 选项被设置为 <literal>useFirstPass</literal> 时,这个模块首先分别寻找登录模块共享状态表里的属性名 <literal>javax.security.auth.login.name</literal> 和 <literal>javax."
-"security.auth.login.password</literal> 下共享的用户名和密码。如果找到,它们就被用作 principal 名和密码。如果没有找到,principal 名和密码则通过这个登录模块进行设置并分别存储在属性名 <literal>javax.security.auth."
-"login.name</literal> 和 <literal>javax.security.auth.login.password</"
-"literal> 下。"
+msgid "<emphasis role=\"bold\">password-stacking</emphasis>: When <literal>password-stacking</literal> option is set to <literal>useFirstPass</literal>, this module first looks for a shared username and password under the property names <literal>javax.security.auth.login.name</literal> and <literal>javax.security.auth.login.password</literal> respectively in the login module shared state map. If found these are used as the principal name and password. If not found the principal name and password are set by this login module and stored under the property names <literal>javax.security.auth.login.name</literal> and <literal>javax.security.auth.login.password</literal> respectively."
+msgstr "<emphasis role=\"bold\">password-stacking</emphasis>:当 <literal>password-stacking</literal> 选项被设置为 <literal>useFirstPass</literal> 时,这个模块首先分别寻找登录模块共享状态表里的属性名 <literal>javax.security.auth.login.name</literal> 和 <literal>javax.security.auth.login.password</literal> 下共享的用户名和密码。如果找到,它们就被用作 principal 名和密码。如果没有找到,principal 名和密码则通过这个登录模块进行设置并分别存储在属性名 <literal>javax.security.auth.login.name</literal> 和 <literal>javax.security.auth.login.password</literal> 下。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:946
#, no-c-format
-msgid ""
-"To use password stacking, each login module should set <literal>password-"
-"stacking</literal> to <literal>useFirstPass</literal>. If a previous module "
-"configured for password stacking has authenticated the user, all the other "
-"stacking modules will consider the user authenticated and only attempt to "
-"provide a set of roles for the authorization step."
-msgstr ""
-"要使用密码栈,每个登录模块都应该把 <literal>password-"
-"stacking</literal> 设置为 <literal>useFirstPass</literal>。如果前面已配置密码栈的模块已经验证了用户,所有其他的模块都将认为该用户是已验证的并只为授权步骤提供相应角色。"
+msgid "To use password stacking, each login module should set <literal>password-stacking</literal> to <literal>useFirstPass</literal>. If a previous module configured for password stacking has authenticated the user, all the other stacking modules will consider the user authenticated and only attempt to provide a set of roles for the authorization step."
+msgstr "要使用密码栈,每个登录模块都应该把 <literal>password-stacking</literal> 设置为 <literal>useFirstPass</literal>。如果前面已配置密码栈的模块已经验证了用户,所有其他的模块都将认为该用户是已验证的并只为授权步骤提供相应角色。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:949
@@ -3643,38 +2351,30 @@
msgid ""
"<application-policy name=\"todo\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule"
-"\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule\" \n"
" flag=\"required\">\n"
" <!-- LDAP configuration -->\n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
" </login-module>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"DatabaseServerLoginModule\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.DatabaseServerLoginModule\" \n"
" flag=\"required\">\n"
" <!-- database configuration --> \n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
msgstr ""
"<application-policy name=\"todo\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule"
-"\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule\" \n"
" flag=\"required\">\n"
" <!-- LDAP configuration -->\n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
" </login-module>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"DatabaseServerLoginModule\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.DatabaseServerLoginModule\" \n"
" flag=\"required\">\n"
" <!-- database configuration --> \n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
@@ -3682,10 +2382,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:953
#, no-c-format
-msgid ""
-"When using password stacking, it is usually appropriate to set all modules "
-"to be required to make sure that all modules are considered and have chance "
-"to contribute roles to the authorization process."
+msgid "When using password stacking, it is usually appropriate to set all modules to be required to make sure that all modules are considered and have chance to contribute roles to the authorization process."
msgstr "在使用密码栈时,我们通常需要把所有模块设置为必需的,这样可以确保所有模块都有机会为授权过程贡献相应的角色。"
#. Tag: title
@@ -3697,83 +2394,44 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:960
#, no-c-format
-msgid ""
-"Most of the login modules need to compare a client-supplied password to a "
-"password stored in a user management system. These modules generally work "
-"with plain text passwords, but can also be configured to support hashed "
-"passwords to prevent plain text passwords from being stored on the server "
-"side."
+msgid "Most of the login modules need to compare a client-supplied password to a password stored in a user management system. These modules generally work with plain text passwords, but can also be configured to support hashed passwords to prevent plain text passwords from being stored on the server side."
msgstr "大多数登录模块都需要将客户提供的密码和存储在用户管理系统里的密码进行比较。这些模块通常使用明文密码,但也可以支持 hashed 密码来防止在服务器端存储明文密码。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:965
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">hashAlgorithm</emphasis>: The name of the "
-"<literal>java.security.MessageDigest</literal> algorithm to use to hash the "
-"password. There is no default so this option must be specified to enable "
-"hashing. Typical values are <literal>MD5</literal> and <literal>SHA</"
-"literal>."
-msgstr ""
-"<emphasis role=\"bold\">hashAlgorithm</emphasis>:设置 hash 密码的 <literal>java.security.MessageDigest</literal> 算法的名称。这个选项没有缺省值,要启用 hashing 就必须设置它。典型的值有 <literal>MD5</literal> 和 <literal>SHA</"
-"literal>。"
+msgid "<emphasis role=\"bold\">hashAlgorithm</emphasis>: The name of the <literal>java.security.MessageDigest</literal> algorithm to use to hash the password. There is no default so this option must be specified to enable hashing. Typical values are <literal>MD5</literal> and <literal>SHA</literal>."
+msgstr "<emphasis role=\"bold\">hashAlgorithm</emphasis>:设置 hash 密码的 <literal>java.security.MessageDigest</literal> 算法的名称。这个选项没有缺省值,要启用 hashing 就必须设置它。典型的值有 <literal>MD5</literal> 和 <literal>SHA</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:970
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">hashEncoding</emphasis>: The string format for the "
-"hashed pass and must be either <literal>base64</literal>, <literal>hex</"
-"literal> or <literal>rfc2617</literal>. The default is <literal>base64</"
-"literal>."
-msgstr ""
-"<emphasis role=\"bold\">hashEncoding</emphasis>:hashed 密码的字符串格式,它必须是 <literal>base64</literal>, <literal>hex</"
-"literal> 或 <literal>rfc2617</literal>。它的缺省值是 <literal>base64</"
-"literal>。"
+msgid "<emphasis role=\"bold\">hashEncoding</emphasis>: The string format for the hashed pass and must be either <literal>base64</literal>, <literal>hex</literal> or <literal>rfc2617</literal>. The default is <literal>base64</literal>."
+msgstr "<emphasis role=\"bold\">hashEncoding</emphasis>:hashed 密码的字符串格式,它必须是 <literal>base64</literal>, <literal>hex</literal> 或 <literal>rfc2617</literal>。它的缺省值是 <literal>base64</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:975
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">hashCharset</emphasis>: The encoding used to convert "
-"the clear text password to a byte array. The platform default encoding is "
-"the default."
+msgid "<emphasis role=\"bold\">hashCharset</emphasis>: The encoding used to convert the clear text password to a byte array. The platform default encoding is the default."
msgstr "<emphasis role=\"bold\">hashCharset</emphasis>:把明文么转换为字节队列时所用的编码。其缺省值是平台的缺省编码。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:980
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">hashUserPassword</emphasis>: This indicates that the "
-"hashing algorithm should be applied to the password the user submits. The "
-"hashed user password will be compared against the value in the login module, "
-"which is expected to be a hash of the password. The default is true."
+msgid "<emphasis role=\"bold\">hashUserPassword</emphasis>: This indicates that the hashing algorithm should be applied to the password the user submits. The hashed user password will be compared against the value in the login module, which is expected to be a hash of the password. The default is true."
msgstr "<emphasis role=\"bold\">hashUserPassword</emphasis>:指定是否应该将 hashing 算法应用于用户提交的密码。hashed 密码将和登录模块里的值(密码的 hash 值)进行比较。缺省为 true。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:985
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">hashStorePassword</emphasis>: This indicates that "
-"the hashing algorithm should be applied to the password stored on the server "
-"side. This is used for digest authentication where the user submits a hash "
-"of the user password along with a request-specific tokens from the server to "
-"be comare. JBoss uses the hash algorithm (for digest, this would be "
-"<literal>rfc2617</literal>) to compute a server-side hash that should match "
-"the hashed value sent from the client."
+msgid "<emphasis role=\"bold\">hashStorePassword</emphasis>: This indicates that the hashing algorithm should be applied to the password stored on the server side. This is used for digest authentication where the user submits a hash of the user password along with a request-specific tokens from the server to be comare. JBoss uses the hash algorithm (for digest, this would be <literal>rfc2617</literal>) to compute a server-side hash that should match the hashed value sent from the client."
msgstr "<emphasis role=\"bold\">hashStorePassword</emphasis>:指定是否应该将 hashing 算法应用于服务器端存储的密码。这用于用户提交 hash 密码以及请求专有的令牌时使用的 DIGEST 验证。JBoss 使用 hash 算法(对于 DIGEST 而言,这是<literal>rfc2617</literal>)来计算服务器端的 hash,它应该和客户端发出的 hashed 值相匹配。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:990
#, no-c-format
-msgid ""
-"The following is an login module configuration that assigns unauthenticated "
-"users the principal name <literal>nobody</literal> and contains based64-"
-"encoded, MD5 hashes of the passwords in a <literal>usersb64.properties</"
-"literal> file."
-msgstr ""
-"下面是一个登录模块的配置,它给未验证的用户分配 principal 名 <literal>nobody</literal> 且在 <literal>usersb64.properties</"
-"literal> 文件里包含使用 based64 编码的密码的 MD5 hash 值。"
+msgid "The following is an login module configuration that assigns unauthenticated users the principal name <literal>nobody</literal> and contains based64-encoded, MD5 hashes of the passwords in a <literal>usersb64.properties</literal> file."
+msgstr "下面是一个登录模块的配置,它给未验证的用户分配 principal 名 <literal>nobody</literal> 且在 <literal>usersb64.properties</literal> 文件里包含使用 based64 编码的密码的 MD5 hash 值。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:993
@@ -3782,13 +2440,10 @@
"<policy>\n"
" <application-policy name=\"testUsersRoles\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\"\n"
" flag=\"required\">\n"
-" <module-option name=\"hashAlgorithm\">MD5</module-"
-"option>\n"
-" <module-option name=\"hashEncoding\">base64</module-"
-"option> \n"
+" <module-option name=\"hashAlgorithm\">MD5</module-option>\n"
+" <module-option name=\"hashEncoding\">base64</module-option> \n"
" </login-module>\n"
" </authentication>\n"
" </application-policy>\n"
@@ -3797,13 +2452,10 @@
"<policy>\n"
" <application-policy name=\"testUsersRoles\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\"\n"
" flag=\"required\">\n"
-" <module-option name=\"hashAlgorithm\">MD5</module-"
-"option>\n"
-" <module-option name=\"hashEncoding\">base64</module-"
-"option> \n"
+" <module-option name=\"hashAlgorithm\">MD5</module-option>\n"
+" <module-option name=\"hashEncoding\">base64</module-option> \n"
" </login-module>\n"
" </authentication>\n"
" </application-policy>\n"
@@ -3812,13 +2464,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:994
#, no-c-format
-msgid ""
-"If you need to generate passwords in code, <literal>the org.jboss.security."
-"Util</literal> class provides a static helper method that will hash a "
-"password using a given encoding."
-msgstr ""
-"如果你需要在代码里生成密码,<literal>the org.jboss.security."
-"Util</literal> 类提供了一个静态的 helper 方法,它可以用指定的编码生成密码的 hash 值。"
+msgid "If you need to generate passwords in code, <literal>the org.jboss.security.Util</literal> class provides a static helper method that will hash a password using a given encoding."
+msgstr "如果你需要在代码里生成密码,<literal>the org.jboss.security.Util</literal> 类提供了一个静态的 helper 方法,它可以用指定的编码生成密码的 hash 值。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:997
@@ -3851,12 +2498,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1002
#, no-c-format
-msgid ""
-"In both cases, the text password should hash to \"X03MO1qnZdYdgyfeuILPmQ=="
-"\". This is the value that would need to be stored in the user store."
-msgstr ""
-"在这两种情况下,文本密码都应该生成 hash 值为 \"X03MO1qnZdYdgyfeuILPmQ=="
-"\"。这是应该存储在用户库里的值。"
+msgid "In both cases, the text password should hash to \"X03MO1qnZdYdgyfeuILPmQ==\". This is the value that would need to be stored in the user store."
+msgstr "在这两种情况下,文本密码都应该生成 hash 值为 \"X03MO1qnZdYdgyfeuILPmQ==\"。这是应该存储在用户库里的值。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1008
@@ -3867,23 +2510,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1009
#, no-c-format
-msgid ""
-"Not all requests come in authenticated. The unauthenticated identity is a "
-"login module configuration option that assigns a specific identity (guest, "
-"for example) to requests that are made with no associated authentication "
-"information. This can be used to allow unprotected servlets to invoke "
-"methods on EJBs that do not require a specific role. Such a principal has no "
-"associated roles and so can only access either unsecured EJBs or EJB methods "
-"that are associated with the unchecked permission constraint."
+msgid "Not all requests come in authenticated. The unauthenticated identity is a login module configuration option that assigns a specific identity (guest, for example) to requests that are made with no associated authentication information. This can be used to allow unprotected servlets to invoke methods on EJBs that do not require a specific role. Such a principal has no associated roles and so can only access either unsecured EJBs or EJB methods that are associated with the unchecked permission constraint."
msgstr "不是所有请求都能通过验证。unauthenticated identity 是一个登录模块选项,它分配专门的标识符(如 guest)给不带有关联的验证信息的请求。这可以用于允许未受保护的 servlet 来调用不要求专门角色权限的 EJB 方法。这样的 Principal 没有相关联的角色且只能访问未设置安全性的 EJB 或和带有无需检查权限约束的 EJB 方法。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1014
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">unauthenticatedIdentity</emphasis>: This defines the "
-"principal name that should be assigned to requests that contain no "
-"authentication information."
+msgid "<emphasis role=\"bold\">unauthenticatedIdentity</emphasis>: This defines the principal name that should be assigned to requests that contain no authentication information."
msgstr "<emphasis role=\"bold\">unauthenticatedIdentity</emphasis>:定义应该分配给不包含验证信息的请求的 Principal。"
#. Tag: title
@@ -3895,28 +2528,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1023
#, no-c-format
-msgid ""
-"The <literal>UsersRolesLoginModule</literal> is a simple login module that "
-"supports multiple users and user roles loaded from Java properties files. "
-"The username-to-password mapping file is called <literal>users.properties</"
-"literal> and the username-to-roles mapping file is called <literal>roles."
-"properties</literal>. The properties files are loaded during initialization "
-"using the initialize method thread context class loader. This means that "
-"these files can be placed into the J2EE deployment JAR, the JBoss "
-"configuration directory, or any directory on the JBoss server or system "
-"classpath. The primary purpose of this login module is to easily test the "
-"security settings of multiple users and roles using properties files "
-"deployed with the application."
+msgid "The <literal>UsersRolesLoginModule</literal> is a simple login module that supports multiple users and user roles loaded from Java properties files. The username-to-password mapping file is called <literal>users.properties</literal> and the username-to-roles mapping file is called <literal>roles.properties</literal>. The properties files are loaded during initialization using the initialize method thread context class loader. This means that these files can be placed into the J2EE deployment JAR, the JBoss configuration directory, or any directory on the JBoss server or system classpath. The primary purpose of this login module is to easily test the security settings of multiple users and roles using properties files deployed with the application."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1026
#, no-c-format
-msgid ""
-"The <literal>users.properties</literal> file uses a "
-"<literal>username=password</literal> format with each user entry on a "
-"separate line as show here:"
-msgstr ""
+msgid "The <literal>users.properties</literal> file uses a <literal>username=password</literal> format with each user entry on a separate line as show here:"
+msgstr "<literal>users.properties</literal> 文件使用 <literal>username=password</literal> 格式,每个用户对应一行:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1029
@@ -3926,14 +2545,15 @@
"username2=password2\n"
"..."
msgstr ""
+"username1=password1\n"
+"username2=password2\n"
+"..."
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1030
#, no-c-format
-msgid ""
-"The <literal>roles.properties</literal> file uses as <literal>username=role1,"
-"role2,...</literal> format with an optional group name value. For example:"
-msgstr ""
+msgid "The <literal>roles.properties</literal> file uses as <literal>username=role1,role2,...</literal> format with an optional group name value. For example:"
+msgstr " <literal>roles.properties</literal> 文件使用 <literal>username=role1,role2,...</literal> 格式以及一个可选的组名。例如:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1033
@@ -3950,22 +2570,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1034
#, no-c-format
-msgid ""
-"The <literal>username.XXX</literal> form of property name is used to assign "
-"the username roles to a particular named group of roles where the "
-"<literal>XXX</literal> portion of the property name is the group name. The "
-"<literal>username=...</literal> form is an abbreviation for "
-"<literal>username.Roles=...</literal>, where the <literal>Roles</literal> "
-"group name is the standard name the <literal>JaasSecurityManager</literal> "
-"expects to contain the roles which define the users permissions."
+msgid "The <literal>username.XXX</literal> form of property name is used to assign the username roles to a particular named group of roles where the <literal>XXX</literal> portion of the property name is the group name. The <literal>username=...</literal> form is an abbreviation for <literal>username.Roles=...</literal>, where the <literal>Roles</literal> group name is the standard name the <literal>JaasSecurityManager</literal> expects to contain the roles which define the users permissions."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1037
#, no-c-format
-msgid ""
-"The following would be equivalent definitions for the <literal>jduke</"
-"literal> username:"
+msgid "The following would be equivalent definitions for the <literal>jduke</literal> username:"
msgstr ""
#. Tag: programlisting
@@ -3975,302 +2586,179 @@
"jduke=TheDuke,AnimatedCharacter\n"
"jduke.Roles=TheDuke,AnimatedCharacter"
msgstr ""
+"jduke=TheDuke,AnimatedCharacter\n"
+"jduke.Roles=TheDuke,AnimatedCharacter"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1041 J2EE_Security_On_JBOSS.xml:1101
-#: J2EE_Security_On_JBOSS.xml:1210 J2EE_Security_On_JBOSS.xml:1338
-#, fuzzy, no-c-format
+#: J2EE_Security_On_JBOSS.xml:1041
+#: J2EE_Security_On_JBOSS.xml:1101
+#: J2EE_Security_On_JBOSS.xml:1210
+#: J2EE_Security_On_JBOSS.xml:1338
+#, no-c-format
msgid "The supported login module configuration options include the following:"
-msgstr "MBean的管理接口的范围包括:"
+msgstr "所支持的登录模块配置选项包括:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1046
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">usersProperties</emphasis>: The name of the "
-"properties resource containing the username to password mappings. This "
-"defaults to <literal>users.properties</literal>."
-msgstr ""
-"<emphasis role=\"bold\">prefix</emphasis>:这是每个日志文件名的前缀。它的缺省"
-"值是 <literal>access_log</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">usersProperties</emphasis>: The name of the properties resource containing the username to password mappings. This defaults to <literal>users.properties</literal>."
+msgstr "<emphasis role=\"bold\">usersProperties</emphasis>:这是包含用户名和密码的映射的属性资源的名称。它的缺省值是 <literal>users.properties</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1051
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">rolesProperties</emphasis>: The name of the "
-"properties resource containing the username to roles mappings. This defaults "
-"to <literal>roles.properties</literal>."
-msgstr ""
-"<emphasis role=\"bold\">prefix</emphasis>:这是每个日志文件名的前缀。它的缺省"
-"值是 <literal>access_log</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">rolesProperties</emphasis>: The name of the properties resource containing the username to roles mappings. This defaults to <literal>roles.properties</literal>."
+msgstr "<emphasis role=\"bold\">rolesProperties</emphasis>:包含用户和角色的映射的属性资源的名称。它的缺省值是 <literal>roles.properties</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1056
#, no-c-format
-msgid ""
-"This login module supports password stacking, password hashing and "
-"unauthenticated identity."
-msgstr ""
+msgid "This login module supports password stacking, password hashing and unauthenticated identity."
+msgstr "这个登录模块支持密码栈、密码 hashing 和未验证的标识符。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1062
#, no-c-format
msgid "LdapLoginModule"
-msgstr ""
+msgstr "LdapLoginModule"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1063
#, no-c-format
-msgid ""
-"The <literal>LdapLoginModule</literal> is a <literal>LoginModule</literal> "
-"implementation that authenticates against an LDAP server. You would use the "
-"<literal>LdapLoginModule</literal> if your username and credentials are "
-"stored in an LDAP server that is accessible using a JNDI LDAP provider."
+msgid "The <literal>LdapLoginModule</literal> is a <literal>LoginModule</literal> implementation that authenticates against an LDAP server. You would use the <literal>LdapLoginModule</literal> if your username and credentials are stored in an LDAP server that is accessible using a JNDI LDAP provider."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1066
#, no-c-format
-msgid ""
-"The LDAP connectivity information is provided as configuration options that "
-"are passed through to the environment object used to create JNDI initial "
-"context. The standard LDAP JNDI properties used include the following:"
+msgid "The LDAP connectivity information is provided as configuration options that are passed through to the environment object used to create JNDI initial context. The standard LDAP JNDI properties used include the following:"
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1071
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">java.naming.factory.initial</emphasis>: The "
-"classname of the <literal>InitialContextFactory</literal> implementation. "
-"This defaults to the Sun LDAP provider implementation <literal>com.sun.jndi."
-"ldap.LdapCtxFactory</literal>."
-msgstr ""
-"<emphasis role=\"bold\">java.naming.factory.initial</emphasis>:指定初始上下"
-"文工厂(initial context factory)的环境属性名,它必须是 <literal>org.jboss."
-"security.jndi.LoginInitialContextFactory</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">java.naming.factory.initial</emphasis>: The classname of the <literal>InitialContextFactory</literal> implementation. This defaults to the Sun LDAP provider implementation <literal>com.sun.jndi.ldap.LdapCtxFactory</literal>."
+msgstr "<emphasis role=\"bold\">java.naming.factory.initial</emphasis>:<literal>InitialContextFactory</literal> 实现的类名。它缺省为 Sun LDAP 提供者实现 <literal>com.sun.jndi.ldap.LdapCtxFactory</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1076
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">java.naming.provider.url</emphasis>: The LDAP URL "
-"for the LDAP server"
-msgstr "<emphasis role=\"bold\">name</emphasis>:参数的变量名,这是必须的。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">java.naming.provider.url</emphasis>: The LDAP URL for the LDAP server"
+msgstr "<emphasis role=\"bold\">java.naming.provider.url</emphasis>:LDAP 服务器的 LDAP URL。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1081
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">java.naming.security.authentication</emphasis>: The "
-"security level to use. This defaults to <literal>simple</literal>."
-msgstr ""
-"<emphasis role=\"bold\">mcast_port</emphasis> 指定多点传送端口号码。它的缺省"
-"值是 <literal>45566</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">java.naming.security.authentication</emphasis>: The security level to use. This defaults to <literal>simple</literal>."
+msgstr "<emphasis role=\"bold\">java.naming.security.authentication</emphasis>:使用的安全级别。它的缺省值是 <literal>simple</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1086
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">java.naming.security.protocol</emphasis>: The "
-"transport protocol to use for secure access, such as, SSL."
-msgstr ""
-"<emphasis role=\"bold\">protocol</emphasis>:所使用的 SSL 协议的版本。如果没"
-"有指定的话,缺省是 <literal>TLS</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">java.naming.security.protocol</emphasis>: The transport protocol to use for secure access, such as, SSL."
+msgstr "<emphasis role=\"bold\">java.naming.security.protocol</emphasis>:用于设置访问安全性的传输协议,如 SSL。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1091
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">java.naming.security.principal</emphasis>: The "
-"principal for authenticating the caller to the service. This is built from "
-"other properties as described below."
+msgid "<emphasis role=\"bold\">java.naming.security.principal</emphasis>: The principal for authenticating the caller to the service. This is built from other properties as described below."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1096
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">java.naming.security.credentials</emphasis>: The "
-"value of the property depends on the authentication scheme. For example, it "
-"could be a hashed password, clear-text password, key, certificate, and so on."
+msgid "<emphasis role=\"bold\">java.naming.security.credentials</emphasis>: The value of the property depends on the authentication scheme. For example, it could be a hashed password, clear-text password, key, certificate, and so on."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1106
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">principalDNPrefix</emphasis>: A prefix to add to the "
-"username to form the user distinguished name. See "
-"<literal>principalDNSuffix</literal> for more info."
-msgstr ""
-"<emphasis role=\"bold\">prefix</emphasis>:这是每个日志文件名的前缀。它的缺省"
-"值是 <literal>access_log</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">principalDNPrefix</emphasis>: A prefix to add to the username to form the user distinguished name. See <literal>principalDNSuffix</literal> for more info."
+msgstr "<emphasis role=\"bold\">principalDNPrefix</emphasis>:在用户名上添加的前缀以组成可区分的用户名。更多细节请参考 <literal>principalDNSuffix</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1111
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">principalDNSuffix</emphasis>: A suffix to add to the "
-"username when forming the user distinguished name. This is useful if you "
-"prompt a user for a username and you don't want the user to have to "
-"enter the fully distinguished name. Using this property and "
-"<literal>principalDNSuffix</literal> the <literal>userDN</literal> will be "
-"formed as <literal>principalDNPrefix + username + principalDNSuffix</literal>"
+msgid "<emphasis role=\"bold\">principalDNSuffix</emphasis>: A suffix to add to the username when forming the user distinguished name. This is useful if you prompt a user for a username and you don't want the user to have to enter the fully distinguished name. Using this property and <literal>principalDNSuffix</literal> the <literal>userDN</literal> will be formed as <literal>principalDNPrefix + username + principalDNSuffix</literal>"
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1116
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">useObjectCredential</emphasis>: A true/false value "
-"that indicates that the credential should be obtained as an opaque "
-"<literal>Object</literal> using the <literal>org.jboss.security.auth."
-"callback.ObjectCallback</literal> type of <literal>Callback</literal> rather "
-"than as a <literal>char[]</literal> password using a JAAS "
-"<literal>PasswordCallback</literal>. This allows for passing non-"
-"<literal>char[]</literal> credential information to the LDAP server."
+msgid "<emphasis role=\"bold\">useObjectCredential</emphasis>: A true/false value that indicates that the credential should be obtained as an opaque <literal>Object</literal> using the <literal>org.jboss.security.auth.callback.ObjectCallback</literal> type of <literal>Callback</literal> rather than as a <literal>char[]</literal> password using a JAAS <literal>PasswordCallback</literal>. This allows for passing non-<literal>char[]</literal> credential information to the LDAP server."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1121
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">rolesCtxDN</emphasis>: The fixed distinguished name "
-"to the context to search for user roles."
-msgstr "<emphasis role=\"bold\">type</emphasis>:attribute类型的类全名。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">rolesCtxDN</emphasis>: The fixed distinguished name to the context to search for user roles."
+msgstr "<emphasis role=\"bold\">rolesCtxDN</emphasis>:搜索用户角色的固定名称。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1126
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">userRolesCtxDNAttributeName</emphasis>: The name of "
-"an attribute in the user object that contains the distinguished name to the "
-"context to search for user roles. This differs from <literal>rolesCtxDN</"
-"literal> in that the context to search for a user's roles can be unique "
-"for each user."
+msgid "<emphasis role=\"bold\">userRolesCtxDNAttributeName</emphasis>: The name of an attribute in the user object that contains the distinguished name to the context to search for user roles. This differs from <literal>rolesCtxDN</literal> in that the context to search for a user's roles can be unique for each user."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1131
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">roleAttributeID</emphasis>: The name of the "
-"attribute that contains the user roles. If not specified this defaults to "
-"<literal>roles</literal>."
-msgstr ""
-"<emphasis role=\"bold\">protocol</emphasis>:所使用的 SSL 协议的版本。如果没"
-"有指定的话,缺省是 <literal>TLS</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">roleAttributeID</emphasis>: The name of the attribute that contains the user roles. If not specified this defaults to <literal>roles</literal>."
+msgstr "<emphasis role=\"bold\">roleAttributeID</emphasis>:包含用户角色的属性的名称。如果没有指定的话,缺省是 <literal>roles</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1136
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">roleAttributeIsDN</emphasis>: A flag indicating "
-"whether the <literal>roleAttributeID</literal> contains the fully "
-"distinguished name of a role object, or the role name. If false, the role "
-"name is taken from the value of <literal>roleAttributeID</literal>. If true, "
-"the role attribute represents the distinguished name of a role object. The "
-"role name is taken from the value of the <literal>roleNameAttributeId</"
-"literal> attribute of the context name by the distinguished name. In certain "
-"directory schemas (e.g., MS ActiveDirectory), role attributes in the user "
-"object are stored as DNs to role objects instead of as simple names, in "
-"which case, this property should be set to true. The default is false."
+msgid "<emphasis role=\"bold\">roleAttributeIsDN</emphasis>: A flag indicating whether the <literal>roleAttributeID</literal> contains the fully distinguished name of a role object, or the role name. If false, the role name is taken from the value of <literal>roleAttributeID</literal>. If true, the role attribute represents the distinguished name of a role object. The role name is taken from the value of the <literal>roleNameAttributeId</literal> attribute of the context name by the distinguished name. In certain directory schemas (e.g., MS ActiveDirectory), role attributes in the user object are stored as DNs to role objects instead of as simple names, in which case, this property should be set to true. The default is false."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1141
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">roleNameAttributeID</emphasis>: The name of the "
-"attribute of the context pointed to by the <literal>roleCtxDN</literal> "
-"distinguished name value which contains the role name. If the "
-"<literal>roleAttributeIsDN</literal> property is set to true, this property "
-"is used to find the role object's name attribute. The default is "
-"<literal>group</literal>."
+msgid "<emphasis role=\"bold\">roleNameAttributeID</emphasis>: The name of the attribute of the context pointed to by the <literal>roleCtxDN</literal> distinguished name value which contains the role name. If the <literal>roleAttributeIsDN</literal> property is set to true, this property is used to find the role object's name attribute. The default is <literal>group</literal>."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1146
-#, fuzzy, no-c-format
-msgid ""
-"<emphasis role=\"bold\">uidAttributeID</emphasis>: The name of the attribute "
-"in the object containing the user roles that corresponds to the userid. This "
-"is used to locate the user roles. If not specified this defaults to "
-"<literal>uid</literal>."
-msgstr ""
-"<emphasis role=\"bold\">keystoreType</emphasis>:用于服务器证书的 keystore 文"
-"件的类型。如果没有指定的话,它的缺省值是 <literal>JKS</literal>。"
+#, no-c-format
+msgid "<emphasis role=\"bold\">uidAttributeID</emphasis>: The name of the attribute in the object containing the user roles that corresponds to the userid. This is used to locate the user roles. If not specified this defaults to <literal>uid</literal>."
+msgstr "<emphasis role=\"bold\">uidAttributeID</emphasis>:对象里包含对应 userid 的用户角色的名称。它用于定位用户的角色。如果没有指定的话,它的缺省值是 <literal>uid</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1151
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">matchOnUserDN</emphasis>: A true/false flag "
-"indicating if the search for user roles should match on the user's fully "
-"distinguished name. If false, just the username is used as the match value "
-"against the <literal>uidAttributeName</literal> attribute. If true, the full "
-"<literal>userDN</literal> is used as the match value."
+msgid "<emphasis role=\"bold\">matchOnUserDN</emphasis>: A true/false flag indicating if the search for user roles should match on the user's fully distinguished name. If false, just the username is used as the match value against the <literal>uidAttributeName</literal> attribute. If true, the full <literal>userDN</literal> is used as the match value."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1156
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">unauthenticatedIdentity</emphasis>: The principal "
-"name that should be assigned to requests that contain no authentication "
-"information. This behavior is inherited from the "
-"<literal>UsernamePasswordLoginModule</literal> superclass."
+msgid "<emphasis role=\"bold\">unauthenticatedIdentity</emphasis>: The principal name that should be assigned to requests that contain no authentication information. This behavior is inherited from the <literal>UsernamePasswordLoginModule</literal> superclass."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1161
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">allowEmptyPasswords</emphasis>: A flag indicating if "
-"empty (length 0) passwords should be passed to the LDAP server. An empty "
-"password is treated as an anonymous login by some LDAP servers and this may "
-"not be a desirable feature. Set this to false to reject empty passwords or "
-"true to have the LDAP server validate the empty password. The default is "
-"true."
+msgid "<emphasis role=\"bold\">allowEmptyPasswords</emphasis>: A flag indicating if empty (length 0) passwords should be passed to the LDAP server. An empty password is treated as an anonymous login by some LDAP servers and this may not be a desirable feature. Set this to false to reject empty passwords or true to have the LDAP server validate the empty password. The default is true."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1166
#, no-c-format
-msgid ""
-"The authentication of a user is performed by connecting to the LDAP server "
-"based on the login module configuration options. Connecting to the LDAP "
-"server is done by creating an <literal>InitialLdapContext</literal> with an "
-"environment composed of the LDAP JNDI properties described previously in "
-"this section. The <literal>Context.SECURITY_PRINCIPAL</literal> is set to "
-"the distinguished name of the user as obtained by the callback handler in "
-"combination with the <literal>principalDNPrefix</literal> and "
-"<literal>principalDNSuffix</literal> option values, and the <literal>Context."
-"SECURITY_CREDENTIALS</literal> property is either set to the "
-"<literal>String</literal> password or the <literal>Object</literal> "
-"credential depending on the <literal>useObjectCredential</literal> option."
+msgid "The authentication of a user is performed by connecting to the LDAP server based on the login module configuration options. Connecting to the LDAP server is done by creating an <literal>InitialLdapContext</literal> with an environment composed of the LDAP JNDI properties described previously in this section. The <literal>Context.SECURITY_PRINCIPAL</literal> is set to the distinguished name of the user as obtained by the callback handler in combination with the <literal>principalDNPrefix</literal> and <literal>principalDNSuffix</literal> option values, and the <literal>Context.SECURITY_CREDENTIALS</literal> property is either set to the <literal>String</literal> password or the <literal>Object</literal> credential depending on the <literal>useObjectCredential</literal> option."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1169
#, no-c-format
-msgid ""
-"Once authentication has succeeded by virtue of being able to create an "
-"<literal>InitialLdapContext</literal> instance, the user's roles are "
-"queried by performing a search on the <literal>rolesCtxDN</literal> location "
-"with search attributes set to the <literal>roleAttributeName</literal> and "
-"<literal>uidAttributeName</literal> option values. The roles names are "
-"obtaining by invoking the <literal>toString</literal> method on the role "
-"attributes in the search result set."
+msgid "Once authentication has succeeded by virtue of being able to create an <literal>InitialLdapContext</literal> instance, the user's roles are queried by performing a search on the <literal>rolesCtxDN</literal> location with search attributes set to the <literal>roleAttributeName</literal> and <literal>uidAttributeName</literal> option values. The roles names are obtaining by invoking the <literal>toString</literal> method on the role attributes in the search result set."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1172
#, no-c-format
msgid "The following is a sample <literal>login-config.xml</literal> entry."
-msgstr ""
+msgstr "下面是一个 <literal>login-config.xml</literal> 条目的示例。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1175
@@ -4278,8 +2766,7 @@
msgid ""
"<application-policy name=\"testLDAP\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"LdapLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule\"\n"
" flag=\"required\">\n"
" <module-option name=\"java.naming.factory.initial\"> \n"
" com.sun.jndi.ldap.LdapCtxFactory\n"
@@ -4287,12 +2774,10 @@
" <module-option name=\"java.naming.provider.url\">\n"
" ldap://ldaphost.jboss.org:1389/\n"
" </module-option>\n"
-" <module-option name=\"java.naming.security.authentication"
-"\">\n"
+" <module-option name=\"java.naming.security.authentication\">\n"
" simple\n"
" </module-option>\n"
-" <module-option name=\"principalDNPrefix\">uid=</"
-"module-option> \n"
+" <module-option name=\"principalDNPrefix\">uid=</module-option> \n"
" <module-option name=\"principalDNSuffix\">\n"
" ,ou=People,dc=jboss,dc=org\n"
" </module-option>\n"
@@ -4300,23 +2785,18 @@
" <module-option name=\"rolesCtxDN\">\n"
" ou=Roles,dc=jboss,dc=org\n"
" </module-option>\n"
-" <module-option name=\"uidAttributeID\">member</"
-"module-option>\n"
-" <module-option name=\"matchOnUserDN\">true</module-"
-"option>\n"
+" <module-option name=\"uidAttributeID\">member</module-option>\n"
+" <module-option name=\"matchOnUserDN\">true</module-option>\n"
"\n"
-" <module-option name=\"roleAttributeID\">cn</module-"
-"option>\n"
-" <module-option name=\"roleAttributeIsDN\">false </"
-"module-option>\n"
+" <module-option name=\"roleAttributeID\">cn</module-option>\n"
+" <module-option name=\"roleAttributeIsDN\">false </module-option>\n"
" </login-module>\n"
" </authentication>\n"
" </application-policy>"
msgstr ""
"<application-policy name=\"testLDAP\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"LdapLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule\"\n"
" flag=\"required\">\n"
" <module-option name=\"java.naming.factory.initial\"> \n"
" com.sun.jndi.ldap.LdapCtxFactory\n"
@@ -4324,12 +2804,10 @@
" <module-option name=\"java.naming.provider.url\">\n"
" ldap://ldaphost.jboss.org:1389/\n"
" </module-option>\n"
-" <module-option name=\"java.naming.security.authentication"
-"\">\n"
+" <module-option name=\"java.naming.security.authentication\">\n"
" simple\n"
" </module-option>\n"
-" <module-option name=\"principalDNPrefix\">uid=</"
-"module-option> \n"
+" <module-option name=\"principalDNPrefix\">uid=</module-option> \n"
" <module-option name=\"principalDNSuffix\">\n"
" ,ou=People,dc=jboss,dc=org\n"
" </module-option>\n"
@@ -4337,15 +2815,11 @@
" <module-option name=\"rolesCtxDN\">\n"
" ou=Roles,dc=jboss,dc=org\n"
" </module-option>\n"
-" <module-option name=\"uidAttributeID\">member</"
-"module-option>\n"
-" <module-option name=\"matchOnUserDN\">true</module-"
-"option>\n"
+" <module-option name=\"uidAttributeID\">member</module-option>\n"
+" <module-option name=\"matchOnUserDN\">true</module-option>\n"
"\n"
-" <module-option name=\"roleAttributeID\">cn</module-"
-"option>\n"
-" <module-option name=\"roleAttributeIsDN\">false </"
-"module-option>\n"
+" <module-option name=\"roleAttributeID\">cn</module-option>\n"
+" <module-option name=\"roleAttributeIsDN\">false </module-option>\n"
" </login-module>\n"
" </authentication>\n"
" </application-policy>"
@@ -4353,9 +2827,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1176
#, no-c-format
-msgid ""
-"An LDIF file representing the structure of the directory this data operates "
-"against is shown below."
+msgid "An LDIF file representing the structure of the directory this data operates against is shown below."
msgstr ""
#. Tag: programlisting
@@ -4431,81 +2903,37 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1180
#, no-c-format
-msgid ""
-"Looking back at the <literal>testLDAP</literal> login module configuration, "
-"the <literal>java.naming.factory.initial</literal>, <literal>java.naming."
-"factory.url</literal> and <literal>java.naming.security</literal> options "
-"indicate the Sun LDAP JNDI provider implementation will be used, the LDAP "
-"server is located on host <literal>ldaphost.jboss.org</literal> on port "
-"1389, and that the LDAP simple authentication method will be use to connect "
-"to the LDAP server."
+msgid "Looking back at the <literal>testLDAP</literal> login module configuration, the <literal>java.naming.factory.initial</literal>, <literal>java.naming.factory.url</literal> and <literal>java.naming.security</literal> options indicate the Sun LDAP JNDI provider implementation will be used, the LDAP server is located on host <literal>ldaphost.jboss.org</literal> on port 1389, and that the LDAP simple authentication method will be use to connect to the LDAP server."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1183
#, no-c-format
-msgid ""
-"The login module attempts to connect to the LDAP server using a DN "
-"representing the user it is trying to authenticate. This DN is constructed "
-"from the <literal>principalDNPrefix</literal>, passed in, the username of "
-"the user and the <literal>principalDNSuffix</literal> as described above. In "
-"this example, the username <literal>jduke</literal> would map to "
-"<literal>uid=jduke,ou=People,dc=jboss,dc=org</literal>. We've assumed "
-"the LDAP server authenticates users using the <literal>userPassword</"
-"literal> attribute of the user's entry (<literal>theduke</literal> in "
-"this example). This is the way most LDAP servers work, however, if your LDAP "
-"server handles authentication differently you will need to set the "
-"authentication credentials in a way that makes sense for your server."
+msgid "The login module attempts to connect to the LDAP server using a DN representing the user it is trying to authenticate. This DN is constructed from the <literal>principalDNPrefix</literal>, passed in, the username of the user and the <literal>principalDNSuffix</literal> as described above. In this example, the username <literal>jduke</literal> would map to <literal>uid=jduke,ou=People,dc=jboss,dc=org</literal>. We've assumed the LDAP server authenticates users using the <literal>userPassword</literal> attribute of the user's entry (<literal>theduke</literal> in this example). This is the way most LDAP servers work, however, if your LDAP server handles authentication differently you will need to set the authentication credentials in a way that makes sense for your server."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1186
#, no-c-format
-msgid ""
-"Once authentication succeeds, the roles on which authorization will be based "
-"are retrieved by performing a subtree search of the <literal>rolesCtxDN</"
-"literal> for entries whose <literal>uidAttributeID</literal> match the user. "
-"If <literal>matchOnUserDN</literal> is true the search will be based on the "
-"full DN of the user. Otherwise the search will be based on the actual user "
-"name entered. In this example, the search is under <literal>ou=Roles,"
-"dc=jboss,dc=org</literal> for any entries that have a <literal>member</"
-"literal> attribute equal to <literal>uid=jduke,ou=People,dc=jboss,dc=org</"
-"literal>. The search would locate <literal>cn=JBossAdmin</literal> under the "
-"roles entry."
+msgid "Once authentication succeeds, the roles on which authorization will be based are retrieved by performing a subtree search of the <literal>rolesCtxDN</literal> for entries whose <literal>uidAttributeID</literal> match the user. If <literal>matchOnUserDN</literal> is true the search will be based on the full DN of the user. Otherwise the search will be based on the actual user name entered. In this example, the search is under <literal>ou=Roles,dc=jboss,dc=org</literal> for any entries that have a <literal>member</literal> attribute equal to <literal>uid=jduke,ou=People,dc=jboss,dc=org</literal>. The search would locate <literal>cn=JBossAdmin</literal> under the roles entry."
msgstr ""
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1189
#, no-c-format
-msgid ""
-"The search returns the attribute specified in the <literal>roleAttributeID</"
-"literal> option. In this example, the attribute is <literal>cn</literal>. "
-"The value returned would be <literal>JBossAdmin</literal>, so the jduke user "
-"is assigned to the <literal>JBossAdmin</literal> role."
-msgstr ""
-"这个搜索返回 <literal>roleAttributeID</"
-"literal> 选项里执行的属性。在这个例子里,这个属性是 <literal>cn</literal>。返回的值将是 <literal>JBossAdmin</literal>,所以 jduke 用户被分配为 <literal>JBossAdmin</literal> 角色。"
+msgid "The search returns the attribute specified in the <literal>roleAttributeID</literal> option. In this example, the attribute is <literal>cn</literal>. The value returned would be <literal>JBossAdmin</literal>, so the jduke user is assigned to the <literal>JBossAdmin</literal> role."
+msgstr "这个搜索返回 <literal>roleAttributeID</literal> 选项里执行的属性。在这个例子里,这个属性是 <literal>cn</literal>。返回的值将是 <literal>JBossAdmin</literal>,所以 jduke 用户被分配为 <literal>JBossAdmin</literal> 角色。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1192
#, no-c-format
-msgid ""
-"It's often the case that a local LDAP server provides identity and "
-"authentication services but is unable to use the authorization services. "
-"This is because application roles don't always map well onto LDAP "
-"groups, and LDAP administrators are often hesitant to allow external "
-"application-specific data in central LDAP servers. For this reason, the LDAP "
-"authentication module is often paired with another login module, such as the "
-"database login module, that can provide roles more suitable to the "
-"application being developed."
+msgid "It's often the case that a local LDAP server provides identity and authentication services but is unable to use the authorization services. This is because application roles don't always map well onto LDAP groups, and LDAP administrators are often hesitant to allow external application-specific data in central LDAP servers. For this reason, the LDAP authentication module is often paired with another login module, such as the database login module, that can provide roles more suitable to the application being developed."
msgstr "本地的 LDAP 服务器提供标识符和验证服务但不能使用授权服务是很常见的。这是因为应用程序角色并不总是很好的映射到 LDAP 组里,且 LDAP 管理员经常对允许外部的应用程序专有的数据存放于中央 LDAP 服务器很犹豫。因此,LDAPO 验证模块经常和其他登录模块配对,如数据库登录模块,以提供更适合于所开放的应用程序的角色。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1195
#, no-c-format
-msgid ""
-"This login module also supports unauthenticated identity and password "
-"stacking."
+msgid "This login module also supports unauthenticated identity and password stacking."
msgstr "登录模块也支持未经验证的标识符和密码栈。"
#. Tag: title
@@ -4517,12 +2945,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1202
#, no-c-format
-msgid ""
-"The <literal>DatabaseServerLoginModule</literal> is a JDBC based login "
-"module that supports authentication and role mapping. You would use this "
-"login module if you have your username, password and role information "
-"relational database. The <literal>DatabaseServerLoginModule</literal> is "
-"based on two logical tables:"
+msgid "The <literal>DatabaseServerLoginModule</literal> is a JDBC based login module that supports authentication and role mapping. You would use this login module if you have your username, password and role information relational database. The <literal>DatabaseServerLoginModule</literal> is based on two logical tables:"
msgstr "<literal>DatabaseServerLoginModule</literal> 是一个基于 JDBC 的登录模块,它支持验证和角色的映射。如果你有一个存储用户名、密码和角色信息的关系型数据库,你可以使用这个登录模块。<literal>DatabaseServerLoginModule</literal> 基于两个逻辑表:"
#. Tag: programlisting
@@ -4538,35 +2961,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1206
#, no-c-format
-msgid ""
-"The <literal>Principals</literal> table associates the user "
-"<literal>PrincipalID</literal> with the valid password and the "
-"<literal>Roles</literal> table associates the user <literal>PrincipalID</"
-"literal> with its role sets. The roles used for user permissions must be "
-"contained in rows with a <literal>RoleGroup</literal> column value of "
-"<literal>Roles</literal>. The tables are logical in that you can specify the "
-"SQL query that the login module uses. All that is required is that the "
-"<literal>java.sql.ResultSet</literal> has the same logical structure as the "
-"<literal>Principals</literal> and <literal>Roles</literal> tables described "
-"previously. The actual names of the tables and columns are not relevant as "
-"the results are accessed based on the column index. To clarify this notion, "
-"consider a database with two tables, <literal>Principals</literal> and "
-"<literal>Roles</literal>, as already declared. The following statements "
-"build the tables to contain a <literal>PrincipalID</literal><literal>java</"
-"literal> with a <literal>Password</literal> of <literal>echoman</literal> in "
-"the <literal>Principals</literal> table, a <literal>PrincipalID</"
-"literal><literal>java</literal> with a role named <literal>Echo</literal> in "
-"the <literal>Roles</literal><literal>RoleGroup</literal> in the "
-"<literal>Roles</literal> table, and a <literal>PrincipalID</"
-"literal><literal>java</literal> with a role named <literal>caller_java</"
-"literal> in the <literal>CallerPrincipal</literal><literal>RoleGroup</"
-"literal> in the <literal>Roles</literal> table:"
-msgstr ""
-"<literal>Principals</literal> 表将用户的 <literal>PrincipalID</literal> 和有效密码相关联,而 <literal>Roles</literal> 则把用户的 <literal>PrincipalID</literal> 和其角色集相关联。用于用户权限的角色必须包含在带有 <literal>Roles</literal> 的 <literal>RoleGroup</literal> 字段值的记录里。这些表是逻辑上的,所以你可以指定登录模块使用的 SQL 查询。<literal>java.sql.ResultSet</literal> 具有和前面所述的 <literal>Principals</literal> 和 <literal>Roles</literal> 表相同的逻辑结构。为了阐明这种概念,我们设想有一个带有两个表 <literal>Principals</literal> 和 <literal>Roles</literal> 的数据库。下面的语句构建这些表,使 <literal>Principals</literal> 表包含带有 <literal>echoman</literal> <literal>Password</literal> 的 <literal>PrincipalID</literal><literal>java</"
-"literal>,<literal>Roles</literal> 表里的 <literal>Roles</literal><literal>RoleGroup</literal> 包含带有角色 <literal>Echo</literal> 的 <literal>PrincipalID</"
-"literal><literal>java</literal>,以及 <literal>Roles</literal> 表里的 <literal>CallerPrincipal</literal><literal>RoleGroup</"
-"literal> 包含带有角色 <literal>caller_java</literal> 的 <literal>PrincipalID</"
-"literal><literal>java</literal>:"
+msgid "The <literal>Principals</literal> table associates the user <literal>PrincipalID</literal> with the valid password and the <literal>Roles</literal> table associates the user <literal>PrincipalID</literal> with its role sets. The roles used for user permissions must be contained in rows with a <literal>RoleGroup</literal> column value of <literal>Roles</literal>. The tables are logical in that you can specify the SQL query that the login module uses. All that is required is that the <literal>java.sql.ResultSet</literal> has the same logical structure as the <literal>Principals</literal> and <literal>Roles</literal> tables described previously. The actual names of the tables and columns are not relevant as the results are accessed based on the column index. To clarify this notion, consider a database with two tables, <literal>Principals</literal> and <literal>Roles</literal>, as already declared. The following statements build the tables to contain a <literal>Principal!
ID</literal><literal>java</literal> with a <literal>Password</literal> of <literal>echoman</literal> in the <literal>Principals</literal> table, a <literal>PrincipalID</literal><literal>java</literal> with a role named <literal>Echo</literal> in the <literal>Roles</literal><literal>RoleGroup</literal> in the <literal>Roles</literal> table, and a <literal>PrincipalID</literal><literal>java</literal> with a role named <literal>caller_java</literal> in the <literal>CallerPrincipal</literal><literal>RoleGroup</literal> in the <literal>Roles</literal> table:"
+msgstr "<literal>Principals</literal> 表将用户的 <literal>PrincipalID</literal> 和有效密码相关联,而 <literal>Roles</literal> 则把用户的 <literal>PrincipalID</literal> 和其角色集相关联。用于用户权限的角色必须包含在带有 <literal>Roles</literal> 的 <literal>RoleGroup</literal> 字段值的记录里。这些表是逻辑上的,所以你可以指定登录模块使用的 SQL 查询。<literal>java.sql.ResultSet</literal> 具有和前面所述的 <literal>Principals</literal> 和 <literal>Roles</literal> 表相同的逻辑结构。为了阐明这种概念,我们设想有一个带有两个表 <literal>Principals</literal> 和 <literal>Roles</literal> 的数据库。下面的语句构建这些表,使 <literal>Principals</literal> 表包含带有 <literal>echoman</literal> <literal>Password</literal> 的 <literal>PrincipalID</literal><literal>java</literal>,<literal>Roles</literal> 表里的 <literal>Roles</literal><literal>RoleGr!
oup</literal> 包含带有角色 <literal>Echo</literal> 的 <literal>PrincipalID</literal><literal>java</literal>,以及 <literal>Roles</literal> 表里的 <literal>CallerPrincipal</literal><literal>RoleGroup</literal> 包含带有角色 <literal>caller_java</literal> 的 <literal>PrincipalID</literal><literal>java</literal>:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1209
@@ -4574,75 +2970,46 @@
msgid ""
"INSERT INTO Principals VALUES('java', 'echoman')\n"
"INSERT INTO Roles VALUES('java', 'Echo', 'Roles')\n"
-"INSERT INTO Roles VALUES('java', 'caller_java', '"
-"CallerPrincipal')"
+"INSERT INTO Roles VALUES('java', 'caller_java', 'CallerPrincipal')"
msgstr ""
"INSERT INTO Principals VALUES('java', 'echoman')\n"
"INSERT INTO Roles VALUES('java', 'Echo', 'Roles')\n"
-"INSERT INTO Roles VALUES('java', 'caller_java', '"
-"CallerPrincipal')"
+"INSERT INTO Roles VALUES('java', 'caller_java', 'CallerPrincipal')"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1215
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">dsJndiName</emphasis>: The JNDI name for the "
-"<literal>DataSource</literal> of the database containing the logical "
-"<literal>Principals</literal> and <literal>Roles</literal> tables. If not "
-"specified this defaults to <literal>java:/DefaultDS</literal>."
-msgstr ""
-"<emphasis role=\"bold\">dsJndiName</emphasis>:包含逻辑 <literal>Principals</literal> 和 <literal>Roles</literal> 表的数据库的 "
-"<literal>DataSource</literal> 的 JNDI 名称。如果未指定,它缺省为 <literal>java:/DefaultDS</literal>。"
+msgid "<emphasis role=\"bold\">dsJndiName</emphasis>: The JNDI name for the <literal>DataSource</literal> of the database containing the logical <literal>Principals</literal> and <literal>Roles</literal> tables. If not specified this defaults to <literal>java:/DefaultDS</literal>."
+msgstr "<emphasis role=\"bold\">dsJndiName</emphasis>:包含逻辑 <literal>Principals</literal> 和 <literal>Roles</literal> 表的数据库的 <literal>DataSource</literal> 的 JNDI 名称。如果未指定,它缺省为 <literal>java:/DefaultDS</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1220
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">principalsQuery</emphasis>: The prepared statement "
-"query equivalent to: <literal>select Password from Principals where "
-"PrincipalID=?</literal>. If not specified this is the exact prepared "
-"statement that will be used."
-msgstr ""
-"<emphasis role=\"bold\">principalsQuery</emphasis>:等同于 <literal>select Password from Principals where "
-"PrincipalID=?</literal> 的预处理语句。如果未指定,这就是将被使用的预处理语句。"
+msgid "<emphasis role=\"bold\">principalsQuery</emphasis>: The prepared statement query equivalent to: <literal>select Password from Principals where PrincipalID=?</literal>. If not specified this is the exact prepared statement that will be used."
+msgstr "<emphasis role=\"bold\">principalsQuery</emphasis>:等同于 <literal>select Password from Principals where PrincipalID=?</literal> 的预处理语句。如果未指定,这就是将被使用的预处理语句。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1225
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">rolesQuery</emphasis>: The prepared statement query "
-"equivalent to: <literal>select Role, RoleGroup from Roles where PrincipalID=?"
-"</literal>. If not specified this is the exact prepared statement that will "
-"be used."
-msgstr ""
-"<emphasis role=\"bold\">rolesQuery</emphasis>:等同于 <literal>select Role, RoleGroup from Roles where PrincipalID=?"
-"</literal> 的预处理语句。如果未指定,它就是将使用的预处理语句。"
+msgid "<emphasis role=\"bold\">rolesQuery</emphasis>: The prepared statement query equivalent to: <literal>select Role, RoleGroup from Roles where PrincipalID=?</literal>. If not specified this is the exact prepared statement that will be used."
+msgstr "<emphasis role=\"bold\">rolesQuery</emphasis>:等同于 <literal>select Role, RoleGroup from Roles where PrincipalID=?</literal> 的预处理语句。如果未指定,它就是将使用的预处理语句。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1230
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">ignorePasswordCase</emphasis>: A boolean flag "
-"indicating if the password comparison should ignore case. This can be useful "
-"for hashed password encoding where the case of the hashed password is not "
-"significant."
+msgid "<emphasis role=\"bold\">ignorePasswordCase</emphasis>: A boolean flag indicating if the password comparison should ignore case. This can be useful for hashed password encoding where the case of the hashed password is not significant."
msgstr "<emphasis role=\"bold\">ignorePasswordCase</emphasis>:布尔值标记,指定密码比较是否应该忽略大小写。对于 hashed 密码编码而言,因为 hashed 密码并非临时的,这是很有用的。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1235
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">principalClass</emphasis>: An option that specifies "
-"a <literal>Principal</literal> implementation class. This must support a "
-"constructor taking a string argument for the principal name."
+msgid "<emphasis role=\"bold\">principalClass</emphasis>: An option that specifies a <literal>Principal</literal> implementation class. This must support a constructor taking a string argument for the principal name."
msgstr "<emphasis role=\"bold\">principalClass</emphasis>:指定 <literal>Principal</literal> 实现类的选项。这必须支持把字符串参数作为 principal 名称的构造器。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1240
#, no-c-format
-msgid ""
-"As an example <literal>DatabaseServerLoginModule</literal> configuration, "
-"consider a custom table schema like the following:"
+msgid "As an example <literal>DatabaseServerLoginModule</literal> configuration, consider a custom table schema like the following:"
msgstr "作为一个 <literal>DatabaseServerLoginModule</literal> 配置示例,请参考类似下面的自定义表模式:"
#. Tag: programlisting
@@ -4668,17 +3035,13 @@
"<policy>\n"
" <application-policy name=\"testDB\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"DatabaseServerLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.DatabaseServerLoginModule\"\n"
" flag=\"required\">\n"
-" <module-option name=\"dsJndiName\">java:/"
-"MyDatabaseDS</module-option>\n"
+" <module-option name=\"dsJndiName\">java:/MyDatabaseDS</module-option>\n"
" <module-option name=\"principalsQuery\">\n"
-" select passwd from Users username where username=?</"
-"module-option>\n"
+" select passwd from Users username where username=?</module-option>\n"
" <module-option name=\"rolesQuery\">\n"
-" select userRoles, 'Roles' from UserRoles where "
-"username=?</module-option>\n"
+" select userRoles, 'Roles' from UserRoles where username=?</module-option>\n"
" </login-module>\n"
" </authentication>\n"
" </application-policy>\n"
@@ -4687,17 +3050,13 @@
"<policy>\n"
" <application-policy name=\"testDB\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"DatabaseServerLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.DatabaseServerLoginModule\"\n"
" flag=\"required\">\n"
-" <module-option name=\"dsJndiName\">java:/"
-"MyDatabaseDS</module-option>\n"
+" <module-option name=\"dsJndiName\">java:/MyDatabaseDS</module-option>\n"
" <module-option name=\"principalsQuery\">\n"
-" select passwd from Users username where username=?</"
-"module-option>\n"
+" select passwd from Users username where username=?</module-option>\n"
" <module-option name=\"rolesQuery\">\n"
-" select userRoles, 'Roles' from UserRoles where "
-"username=?</module-option>\n"
+" select userRoles, 'Roles' from UserRoles where username=?</module-option>\n"
" </login-module>\n"
" </authentication>\n"
" </application-policy>\n"
@@ -4706,9 +3065,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1248
#, no-c-format
-msgid ""
-"This module supports password stacking, password hashing and unathenticated "
-"identity."
+msgid "This module supports password stacking, password hashing and unathenticated identity."
msgstr "这个模块支持密码栈、密码 hashing 和未验证的标识符。"
#. Tag: title
@@ -4720,34 +3077,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1255
#, no-c-format
-msgid ""
-"This is a login module which authenticates users based on X509 certificates. "
-"A typical use case for this login module is <literal>CLIENT-CERT</literal> "
-"authentication in the web tier. This login module only performs "
-"authentication. You need to combine it with another login module capable of "
-"acquiring the authorization roles to completely define access to a secured "
-"web or EJB component. Two subclasses of this login module, "
-"<literal>CertRolesLoginModule</literal> and "
-"<literal>DatabaseCertLoginModule</literal> extend the behavior to obtain the "
-"authorization roles from either a properties file or database."
-msgstr ""
-"这是一个基于 X509 证书验证用户的登录模块。典型的用法是 web 层的 <literal>CLIENT-CERT</literal> 验证。这个登录模块只执行验证。你需要把它和其他具有获取授权角色能力的登录模块结合一起来完整的定义对设置了安全性的 Web 或 EJB 组件进行的访问。这个登录模块的子类 <literal>CertRolesLoginModule</literal> 和 "
-"<literal>DatabaseCertLoginModule</literal> 继承了它的行为以从属性文件或数据库里获得授权角色。"
+msgid "This is a login module which authenticates users based on X509 certificates. A typical use case for this login module is <literal>CLIENT-CERT</literal> authentication in the web tier. This login module only performs authentication. You need to combine it with another login module capable of acquiring the authorization roles to completely define access to a secured web or EJB component. Two subclasses of this login module, <literal>CertRolesLoginModule</literal> and <literal>DatabaseCertLoginModule</literal> extend the behavior to obtain the authorization roles from either a properties file or database."
+msgstr "这是一个基于 X509 证书验证用户的登录模块。典型的用法是 web 层的 <literal>CLIENT-CERT</literal> 验证。这个登录模块只执行验证。你需要把它和其他具有获取授权角色能力的登录模块结合一起来完整的定义对设置了安全性的 Web 或 EJB 组件进行的访问。这个登录模块的子类 <literal>CertRolesLoginModule</literal> 和 <literal>DatabaseCertLoginModule</literal> 继承了它的行为以从属性文件或数据库里获得授权角色。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1258
#, no-c-format
-msgid ""
-"The <literal>BaseCertLoginModule</literal> needs a <literal>KeyStore</"
-"literal> to perform user validation. This is obtained through a <literal>org."
-"jboss.security.SecurityDomain</literal> implementation. Typically, the "
-"<literal>SecurityDomain</literal> implementation is configured using the "
-"<literal>org.jboss.security.plugins.JaasSecurityDomain</literal> MBean as "
-"shown in this <literal>jboss-service.xml</literal> configuration fragment:"
-msgstr ""
-"<literal>BaseCertLoginModule</literal> 需要一个 <literal>KeyStore</"
-"literal> 来执行用户验证。这是通过 <literal>org."
-"jboss.security.SecurityDomain</literal> 实现来获得的。通常,<literal>SecurityDomain</literal> 实现是通过 <literal>org.jboss.security.plugins.JaasSecurityDomain</literal> MBean 来配置的,如下面的 <literal>jboss-service.xml</literal> 配置片段:"
+msgid "The <literal>BaseCertLoginModule</literal> needs a <literal>KeyStore</literal> to perform user validation. This is obtained through a <literal>org.jboss.security.SecurityDomain</literal> implementation. Typically, the <literal>SecurityDomain</literal> implementation is configured using the <literal>org.jboss.security.plugins.JaasSecurityDomain</literal> MBean as shown in this <literal>jboss-service.xml</literal> configuration fragment:"
+msgstr "<literal>BaseCertLoginModule</literal> 需要一个 <literal>KeyStore</literal> 来执行用户验证。这是通过 <literal>org.jboss.security.SecurityDomain</literal> 实现来获得的。通常,<literal>SecurityDomain</literal> 实现是通过 <literal>org.jboss.security.plugins.JaasSecurityDomain</literal> MBean 来配置的,如下面的 <literal>jboss-service.xml</literal> 配置片段:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1261
@@ -4758,10 +3095,8 @@
" <constructor>\n"
" <arg type=\"java.lang.String\" value=\"jmx-console\"/>\n"
" </constructor>\n"
-" <attribute name=\"KeyStoreURL\">resource:localhost.keystore</"
-"attribute>\n"
-" <attribute name=\"KeyStorePass\">unit-tests-server</"
-"attribute>\n"
+" <attribute name=\"KeyStoreURL\">resource:localhost.keystore</attribute>\n"
+" <attribute name=\"KeyStorePass\">unit-tests-server</attribute>\n"
"</mbean>"
msgstr ""
"<mbean code=\"org.jboss.security.plugins.JaasSecurityDomain\"\n"
@@ -4769,24 +3104,14 @@
" <constructor>\n"
" <arg type=\"java.lang.String\" value=\"jmx-console\"/>\n"
" </constructor>\n"
-" <attribute name=\"KeyStoreURL\">resource:localhost.keystore</"
-"attribute>\n"
-" <attribute name=\"KeyStorePass\">unit-tests-server</"
-"attribute>\n"
+" <attribute name=\"KeyStoreURL\">resource:localhost.keystore</attribute>\n"
+" <attribute name=\"KeyStorePass\">unit-tests-server</attribute>\n"
"</mbean>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1262
#, no-c-format
-msgid ""
-"This creates a security domain with the name <literal>jmx-console</literal> "
-"whose <literal>SecurityDomain</literal> implementation is available via JNDI "
-"under the name <literal>java:/jaas/jmx-console</literal> following the "
-"JBossSX security domain naming pattern. To secure a web application such as "
-"the <literal>jmx-console.war</literal> using client certs and role based "
-"authorization, one would first modify the <literal>web.xml</literal> to "
-"declare the resources to be secured, along with the allowed roles and "
-"security domain to be used for authentication and authorization."
+msgid "This creates a security domain with the name <literal>jmx-console</literal> whose <literal>SecurityDomain</literal> implementation is available via JNDI under the name <literal>java:/jaas/jmx-console</literal> following the JBossSX security domain naming pattern. To secure a web application such as the <literal>jmx-console.war</literal> using client certs and role based authorization, one would first modify the <literal>web.xml</literal> to declare the resources to be secured, along with the allowed roles and security domain to be used for authentication and authorization."
msgstr "这创建了一个名为 <literal>jmx-console</literal> 的安全域,它的 <literal>SecurityDomain</literal> 实现通过 <literal>java:/jaas/jmx-console</literal> 以及 JBossSX 安全域命名模式的 JNDI 可用。要设置 Web 应用程序的安全性,如使用客户端证书和基于角色的授权的 <literal>jmx-console.war</literal>,你首先需要修改 <literal>web.xml</literal> 来声明需要设置安全性的资源,以及所允许的角色和用于验证和授权的安全域。"
#. Tag: programlisting
@@ -4795,16 +3120,14 @@
msgid ""
"<?xml version=\"1.0\"?>\n"
"<!DOCTYPE web-app PUBLIC\n"
-" \"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
-"\"\n"
+" \"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN\"\n"
" \"http://java.sun.com/dtd/web-app_2_3.dtd\">\n"
"<web-app> \n"
" ... \n"
" <security-constraint>\n"
" <web-resource-collection>\n"
" <web-resource-name>HtmlAdaptor</web-resource-name>\n"
-" <description>An example security config that only allows "
-"users with\n"
+" <description>An example security config that only allows users with\n"
" the role JBossAdmin to access the HTML JMX console web\n"
" application </description>\n"
" <url-pattern>/*</url-pattern>\n"
@@ -4826,16 +3149,14 @@
msgstr ""
"<?xml version=\"1.0\"?>\n"
"<!DOCTYPE web-app PUBLIC\n"
-" \"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
-"\"\n"
+" \"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN\"\n"
" \"http://java.sun.com/dtd/web-app_2_3.dtd\">\n"
"<web-app> \n"
" ... \n"
" <security-constraint>\n"
" <web-resource-collection>\n"
" <web-resource-name>HtmlAdaptor</web-resource-name>\n"
-" <description>An example security config that only allows "
-"users with\n"
+" <description>An example security config that only allows users with\n"
" the role JBossAdmin to access the HTML JMX console web\n"
" application </description>\n"
" <url-pattern>/*</url-pattern>\n"
@@ -4858,15 +3179,12 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1266
#, no-c-format
-msgid ""
-"Next we, need to specify the JBoss security domain in <literal>jboss-web."
-"xml</literal>:"
-msgstr ""
-"接下来,我们需要在 <literal>jboss-web."
-"xml</literal> 里指定 JBoss 安全域:"
+msgid "Next we, need to specify the JBoss security domain in <literal>jboss-web.xml</literal>:"
+msgstr "接下来,我们需要在 <literal>jboss-web.xml</literal> 里指定 JBoss 安全域:"
#. Tag: programlisting
-#: J2EE_Security_On_JBOSS.xml:1269, no-c-format
+#: J2EE_Security_On_JBOSS.xml:1269,
+#: no-c-format
msgid ""
"<jboss-web>\n"
" <security-domain>java:/jaas/jmx-console</security-domain>\n"
@@ -4879,13 +3197,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1270
#, no-c-format
-msgid ""
-"Finally, you need to define the login module configuration for the jmx-"
-"console security domain you just specified. This is done in the "
-"<literal>conf/login-config.xml</literal> file."
-msgstr ""
-"最后,你需要为刚才指定的 jmx-"
-"console 安全域定义登录模块配置。这是在 <literal>conf/login-config.xml</literal> 文件里完成的。"
+msgid "Finally, you need to define the login module configuration for the jmx-console security domain you just specified. This is done in the <literal>conf/login-config.xml</literal> file."
+msgstr "最后,你需要为刚才指定的 jmx-console 安全域定义登录模块配置。这是在 <literal>conf/login-config.xml</literal> 文件里完成的。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1273
@@ -4893,46 +3206,32 @@
msgid ""
"<application-policy name=\"jmx-console\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"BaseCertLoginModule\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.BaseCertLoginModule\" \n"
" flag=\"required\">\n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
-" <module-option name=\"securityDomain\">java:/jaas/jmx-"
-"console</module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
+" <module-option name=\"securityDomain\">java:/jaas/jmx-console</module-option>\n"
" </login-module>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\" \n"
" flag=\"required\">\n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
-" <module-option name=\"usersProperties\">jmx-console-users."
-"properties</module-option>\n"
-" <module-option name=\"rolesProperties\">jmx-console-roles."
-"properties</module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
+" <module-option name=\"usersProperties\">jmx-console-users.properties</module-option>\n"
+" <module-option name=\"rolesProperties\">jmx-console-roles.properties</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
msgstr ""
"<application-policy name=\"jmx-console\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"BaseCertLoginModule\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.BaseCertLoginModule\" \n"
" flag=\"required\">\n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
-" <module-option name=\"securityDomain\">java:/jaas/jmx-"
-"console</module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
+" <module-option name=\"securityDomain\">java:/jaas/jmx-console</module-option>\n"
" </login-module>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\" \n"
+" <login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\" \n"
" flag=\"required\">\n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
-" <module-option name=\"usersProperties\">jmx-console-users."
-"properties</module-option>\n"
-" <module-option name=\"rolesProperties\">jmx-console-roles."
-"properties</module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
+" <module-option name=\"usersProperties\">jmx-console-users.properties</module-option>\n"
+" <module-option name=\"rolesProperties\">jmx-console-roles.properties</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
@@ -4940,47 +3239,29 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1274
#, no-c-format
-msgid ""
-"Here the <literal>BaseCertLoginModule</literal> is used for authentication "
-"of the client cert, and the <literal>UsersRolesLoginModule</literal> is only "
-"used for authorization due to the <literal>password-stacking=useFirstPass</"
-"literal> option. Both the <literal>localhost.keystore</literal> and the "
-"<literal>jmx-console-roles.properties</literal> need an entry that maps to "
-"the principal associated with the client cert. By default, the principal is "
-"created using the client certificate distinguished name. Consider the "
-"following certificate:"
-msgstr ""
-"这里的 <literal>BaseCertLoginModule</literal> 用于客户证书的验证,而 <literal>UsersRolesLoginModule</literal> 只用于授权,因为 <literal>password-stacking=useFirstPass</"
-"literal> 选项的设定,<literal>UsersRolesLoginModule</literal> 只用于授权。<literal>localhost.keystore</literal> 和 <literal>jmx-console-roles.properties</literal> 都需要一个条目以映射和客户证书关联的 principal。在缺省情况下,principal 用客户证书名创建以示区分。看看下面的证书:"
+msgid "Here the <literal>BaseCertLoginModule</literal> is used for authentication of the client cert, and the <literal>UsersRolesLoginModule</literal> is only used for authorization due to the <literal>password-stacking=useFirstPass</literal> option. Both the <literal>localhost.keystore</literal> and the <literal>jmx-console-roles.properties</literal> need an entry that maps to the principal associated with the client cert. By default, the principal is created using the client certificate distinguished name. Consider the following certificate:"
+msgstr "这里的 <literal>BaseCertLoginModule</literal> 用于客户证书的验证,而 <literal>UsersRolesLoginModule</literal> 只用于授权,因为 <literal>password-stacking=useFirstPass</literal> 选项的设定,<literal>UsersRolesLoginModule</literal> 只用于授权。<literal>localhost.keystore</literal> 和 <literal>jmx-console-roles.properties</literal> 都需要一个条目以映射和客户证书关联的 principal。在缺省情况下,principal 用客户证书名创建以示区分。看看下面的证书:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1277
#, no-c-format
msgid ""
-"[starksm at banshee9100 conf]$ keytool -printcert -file unit-tests-client."
-"export\n"
-"Owner: CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, "
-"C=US\n"
-"Issuer: CN=jboss.com, C=US, ST=Washington, L=Snoqualmie Pass, "
-"EMAILADDRESS=admin\n"
+"[starksm at banshee9100 conf]$ keytool -printcert -file unit-tests-client.export\n"
+"Owner: CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, C=US\n"
+"Issuer: CN=jboss.com, C=US, ST=Washington, L=Snoqualmie Pass, EMAILADDRESS=admin\n"
"@jboss.com, OU=QA, O=JBoss Inc.\n"
"Serial number: 100103\n"
-"Valid from: Wed May 26 07:34:34 PDT 2004 until: Thu May 26 07:34:34 PDT "
-"2005\n"
+"Valid from: Wed May 26 07:34:34 PDT 2004 until: Thu May 26 07:34:34 PDT 2005\n"
"Certificate fingerprints:\n"
" MD5: 4A:9C:2B:CD:1B:50:AA:85:DD:89:F6:1D:F5:AF:9E:AB\n"
" SHA1: DE:DE:86:59:05:6C:00:E8:CC:C0:16:D3:C2:68:BF:95:B8:83:E9:58"
msgstr ""
-"[starksm at banshee9100 conf]$ keytool -printcert -file unit-tests-client."
-"export\n"
-"Owner: CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, "
-"C=US\n"
-"Issuer: CN=jboss.com, C=US, ST=Washington, L=Snoqualmie Pass, "
-"EMAILADDRESS=admin\n"
+"[starksm at banshee9100 conf]$ keytool -printcert -file unit-tests-client.export\n"
+"Owner: CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, C=US\n"
+"Issuer: CN=jboss.com, C=US, ST=Washington, L=Snoqualmie Pass, EMAILADDRESS=admin\n"
"@jboss.com, OU=QA, O=JBoss Inc.\n"
"Serial number: 100103\n"
-"Valid from: Wed May 26 07:34:34 PDT 2004 until: Thu May 26 07:34:34 PDT "
-"2005\n"
+"Valid from: Wed May 26 07:34:34 PDT 2004 until: Thu May 26 07:34:34 PDT 2005\n"
"Certificate fingerprints:\n"
" MD5: 4A:9C:2B:CD:1B:50:AA:85:DD:89:F6:1D:F5:AF:9E:AB\n"
" SHA1: DE:DE:86:59:05:6C:00:E8:CC:C0:16:D3:C2:68:BF:95:B8:83:E9:58"
@@ -4988,32 +3269,19 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1278
#, no-c-format
-msgid ""
-"The <literal>localhost.keystore</literal> would need this cert stored with "
-"an alias of <literal>CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., "
-"ST=Washington, C=US</literal> and the <literal>jmx-console-roles.properties</"
-"literal> would also need an entry for the same entry. Since the DN contains "
-"many characters that are normally treated as delimiters, you will need to "
-"escape the problem characters using a backslash ('<literal>\\</"
-"literal>') as shown here:"
-msgstr ""
-"<literal>localhost.keystore</literal> 将以别名 <literal>CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., "
-"ST=Washington, C=US</literal> 存储这个证书,而 <literal>jmx-console-roles.properties</"
-"literal> 也需要一个条目。既然 DN 包含许多通常被视为限界符的特征,你需要用反斜杠('<literal>\\</"
-"literal>')来注解这些字符,如下所示:"
+msgid "The <literal>localhost.keystore</literal> would need this cert stored with an alias of <literal>CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, C=US</literal> and the <literal>jmx-console-roles.properties</literal> would also need an entry for the same entry. Since the DN contains many characters that are normally treated as delimiters, you will need to escape the problem characters using a backslash ('<literal>\\</literal>') as shown here:"
+msgstr "<literal>localhost.keystore</literal> 将以别名 <literal>CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, C=US</literal> 存储这个证书,而 <literal>jmx-console-roles.properties</literal> 也需要一个条目。既然 DN 包含许多通常被视为限界符的特征,你需要用反斜杠('<literal>\\</literal>')来注解这些字符,如下所示:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1281
#, no-c-format
msgid ""
"# A sample roles.properties file for use with the UsersRolesLoginModule\n"
-"CN\\=unit-tests-client,\\ OU\\=JBoss\\ Inc.,\\ O\\=JBoss\\ Inc.,\\ ST"
-"\\=Washington,\\ C\\=US=JBossAdmin\n"
+"CN\\=unit-tests-client,\\ OU\\=JBoss\\ Inc.,\\ O\\=JBoss\\ Inc.,\\ ST\\=Washington,\\ C\\=US=JBossAdmin\n"
"admin=JBossAdmin"
msgstr ""
"# A sample roles.properties file for use with the UsersRolesLoginModule\n"
-"CN\\=unit-tests-client,\\ OU\\=JBoss\\ Inc.,\\ O\\=JBoss\\ Inc.,\\ ST"
-"\\=Washington,\\ C\\=US=JBossAdmin\n"
+"CN\\=unit-tests-client,\\ OU\\=JBoss\\ Inc.,\\ O\\=JBoss\\ Inc.,\\ ST\\=Washington,\\ C\\=US=JBossAdmin\n"
"admin=JBossAdmin"
#. Tag: title
@@ -5025,14 +3293,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1286
#, no-c-format
-msgid ""
-"The <literal>IdentityLoginModule</literal> is a simple login module that "
-"associates a hard-coded user name a to any subject authenticated against the "
-"module. It creates a <literal>SimplePrincipal</literal> instance using the "
-"name specified by the <literal>principal</literal> option. This login module "
-"is useful when you need to provide a fixed identity to a service and in "
-"development environments when you want to test the security associated with "
-"a given principal and associated roles."
+msgid "The <literal>IdentityLoginModule</literal> is a simple login module that associates a hard-coded user name a to any subject authenticated against the module. It creates a <literal>SimplePrincipal</literal> instance using the name specified by the <literal>principal</literal> option. This login module is useful when you need to provide a fixed identity to a service and in development environments when you want to test the security associated with a given principal and associated roles."
msgstr "<literal>IdentityLoginModule</literal> 是一个简单的登录模块,它把一个硬编码的用户名关联到任何验证的 subject。它用 <literal>principal</literal> 选项指定的名字创建一个 <literal>SimplePrincipal</literal> 实。例。当你需要为服务提供固定标识符以及在开发环境里你想要测试和指定 principal 相关的安全性和角色时,这个登录模块很有用。"
#. Tag: para
@@ -5042,28 +3303,21 @@
msgstr "所支持登录模块配置选项包括:"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1294, no-c-format
-msgid ""
-"<emphasis role=\"bold\">principal</emphasis>: This is the name to use for "
-"the <literal>SimplePrincipal</literal> all users are authenticated as. The "
-"principal name defaults to <literal>guest</literal> if no principal option "
-"is specified."
+#: J2EE_Security_On_JBOSS.xml:1294,
+#: no-c-format
+msgid "<emphasis role=\"bold\">principal</emphasis>: This is the name to use for the <literal>SimplePrincipal</literal> all users are authenticated as. The principal name defaults to <literal>guest</literal> if no principal option is specified."
msgstr "<emphasis role=\"bold\">principal</emphasis>:用于所有用户验证用到的 <literal>SimplePrincipal</literal> 所使用的名称。如果没有指定任何 principal 选项,principal 名称缺省为 <literal>guest</literal>。"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1299, no-c-format
-msgid ""
-"<emphasis role=\"bold\">roles</emphasis>: This is a comma-delimited list of "
-"roles that will be assigned to the user."
+#: J2EE_Security_On_JBOSS.xml:1299,
+#: no-c-format
+msgid "<emphasis role=\"bold\">roles</emphasis>: This is a comma-delimited list of roles that will be assigned to the user."
msgstr "<emphasis role=\"bold\">roles</emphasis>:这是一个包含分配给用户的角色的以逗号隔开的列表。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1304
#, no-c-format
-msgid ""
-"A sample XMLLoginConfig configuration entry that would authenticate all "
-"users as the principal named <literal>jduke</literal> and assign role names "
-"of <literal>TheDuke</literal>, and <literal>AnimatedCharacter</literal> is:"
+msgid "A sample XMLLoginConfig configuration entry that would authenticate all users as the principal named <literal>jduke</literal> and assign role names of <literal>TheDuke</literal>, and <literal>AnimatedCharacter</literal> is:"
msgstr "下面是以名为 <literal>jduke</literal> 的 principal 验证所有用户并分配角色 <literal>TheDuke</literal> 和 <literal>AnimatedCharacter</literal> 的 XMLLoginConfig 配置示例::"
#. Tag: programlisting
@@ -5073,13 +3327,10 @@
"<policy>\n"
" <application-policy name=\"testIdentity\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"IdentityLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.IdentityLoginModule\"\n"
" flag=\"required\">\n"
-" <module-option name=\"principal\">jduke</module-"
-"option>\n"
-" <module-option name=\"roles\">TheDuke,"
-"AnimatedCharater</module-option>\n"
+" <module-option name=\"principal\">jduke</module-option>\n"
+" <module-option name=\"roles\">TheDuke,AnimatedCharater</module-option>\n"
" </login-module>\n"
" </authentication>\n"
" </application-policy>\n"
@@ -5088,13 +3339,10 @@
"<policy>\n"
" <application-policy name=\"testIdentity\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"IdentityLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.IdentityLoginModule\"\n"
" flag=\"required\">\n"
-" <module-option name=\"principal\">jduke</module-"
-"option>\n"
-" <module-option name=\"roles\">TheDuke,"
-"AnimatedCharater</module-option>\n"
+" <module-option name=\"principal\">jduke</module-option>\n"
+" <module-option name=\"roles\">TheDuke,AnimatedCharater</module-option>\n"
" </login-module>\n"
" </authentication>\n"
" </application-policy>\n"
@@ -5115,31 +3363,20 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1315
#, no-c-format
-msgid ""
-"JBoss has a helper login module called <literal>RunAsLoginModule</literal> "
-"that pushes a run as role for the duration of the login phase of "
-"authentication, and pops the run as role in either the commit or abort "
-"phase. The purpose of this login module is to provide a role for other login "
-"modules that need to access secured resources in order to perform their "
-"authentication. An example would be a login module that accesses an secured "
-"EJB. This login module must be configured ahead of the login module(s) that "
-"need a run as role established."
+msgid "JBoss has a helper login module called <literal>RunAsLoginModule</literal> that pushes a run as role for the duration of the login phase of authentication, and pops the run as role in either the commit or abort phase. The purpose of this login module is to provide a role for other login modules that need to access secured resources in order to perform their authentication. An example would be a login module that accesses an secured EJB. This login module must be configured ahead of the login module(s) that need a run as role established."
msgstr "JBoss 有一个名为 <literal>RunAsLoginModule</literal> 的 helper 登录模块,它为验证的登录阶段推行 Run As 角色,并在提交或终止(Abort)阶段推行 Run As 角色。这个登录模块的目的是为其他需要访问加密资源以执行验证的登录模块提供角色。访问设置了安全性的 EJB 的登录模块就是一个例子。这个登录模块必须在需要建立 Run As 角色的登录模块之前进行配置。"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1318, no-c-format
+#: J2EE_Security_On_JBOSS.xml:1318,
+#: no-c-format
msgid "The only login module configuration option is:"
msgstr "登录模块唯一的配置选项是:"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1323, no-c-format
-msgid ""
-"<emphasis role=\"bold\">roleName</emphasis>: the name of the role to use as "
-"the run as role during login phase. If not specified a default of "
-"<literal>nobody</literal> is used."
-msgstr ""
-"<emphasis role=\"bold\">roleName</emphasis>:在登录阶段作为 run as role 的角色的名字。缺省值是 "
-"<literal>nobody</literal>。"
+#: J2EE_Security_On_JBOSS.xml:1323,
+#: no-c-format
+msgid "<emphasis role=\"bold\">roleName</emphasis>: the name of the role to use as the run as role during login phase. If not specified a default of <literal>nobody</literal> is used."
+msgstr "<emphasis role=\"bold\">roleName</emphasis>:在登录阶段作为 run as role 的角色的名字。缺省值是 <literal>nobody</literal>。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1331
@@ -5148,98 +3385,40 @@
msgstr "ClientLoginModule"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1332, no-c-format
-msgid ""
-"The <literal>ClientLoginModule</literal> is an implementation of "
-"<literal>LoginModule</literal> for use by JBoss clients for the "
-"establishment of the caller identity and credentials. This simply sets the "
-"<literal>org.jboss.security.SecurityAssociation.principal</literal> to the "
-"value of the <literal>NameCallback</literal> filled in by the "
-"<literal>callbackhandler</literal>, and the <literal>org.jboss.security."
-"SecurityAssociation.credential</literal> to the value of the "
-"<literal>PasswordCallback</literal> filled in by the "
-"<literal>callbackhandler</literal>. This is the only supported mechanism for "
-"a client to establish the current thread's caller. Both stand-alone "
-"client applications and server environments, acting as JBoss EJB clients "
-"where the security environment has not been configured to use JBossSX "
-"transparently, need to use the <literal>ClientLoginModule</literal>. Of "
-"course, you could always set the <literal>org.jboss.security."
-"SecurityAssociation</literal> information directly, but this is considered "
-"an internal API that is subject to change without notice."
-msgstr ""
-"<literal>ClientLoginModule</literal> 是一个 <literal>LoginModule</literal> 的实现,JBoss 客户使用它来建立调用者的标识符和 credential。它简单地把 <literal>org.jboss.security.SecurityAssociation.principal</literal> 设置为 <literal>callbackhandler</literal> 填充的 <literal>NameCallback</literal> 的值,并把 <literal>org.jboss.security."
-"SecurityAssociation.credential</literal> 设置为 <literal>callbackhandler</literal> 填充的 <literal>PasswordCallback</literal> 的值。这是唯一支持客户建立当前线程的调用者的机制。独立的客户应用程序和服务器环境,作为 JBoss EJB 客户来说其安全环境都没有配置成透明地使用 JBossSX,它们都需要使用 <literal>ClientLoginModule</literal>。当然,你可以直接设置 <literal>org.jboss.security."
-"SecurityAssociation</literal> 信息,但这被认为是一个内部 API,容易被修改且不给出通知。"
+#: J2EE_Security_On_JBOSS.xml:1332,
+#: no-c-format
+msgid "The <literal>ClientLoginModule</literal> is an implementation of <literal>LoginModule</literal> for use by JBoss clients for the establishment of the caller identity and credentials. This simply sets the <literal>org.jboss.security.SecurityAssociation.principal</literal> to the value of the <literal>NameCallback</literal> filled in by the <literal>callbackhandler</literal>, and the <literal>org.jboss.security.SecurityAssociation.credential</literal> to the value of the <literal>PasswordCallback</literal> filled in by the <literal>callbackhandler</literal>. This is the only supported mechanism for a client to establish the current thread's caller. Both stand-alone client applications and server environments, acting as JBoss EJB clients where the security environment has not been configured to use JBossSX transparently, need to use the <literal>ClientLoginModule</literal>. Of course, you could always set the <literal>org.jboss.security.SecurityAssociation</literal>!
information directly, but this is considered an internal API that is subject to change without notice."
+msgstr "<literal>ClientLoginModule</literal> 是一个 <literal>LoginModule</literal> 的实现,JBoss 客户使用它来建立调用者的标识符和 credential。它简单地把 <literal>org.jboss.security.SecurityAssociation.principal</literal> 设置为 <literal>callbackhandler</literal> 填充的 <literal>NameCallback</literal> 的值,并把 <literal>org.jboss.security.SecurityAssociation.credential</literal> 设置为 <literal>callbackhandler</literal> 填充的 <literal>PasswordCallback</literal> 的值。这是唯一支持客户建立当前线程的调用者的机制。独立的客户应用程序和服务器环境,作为 JBoss EJB 客户来说其安全环境都没有配置成透明地使用 JBossSX,它们都需要使用 <literal>ClientLoginModule</literal>。当然,你可以直接设置 <literal>org.jboss.security.SecurityAssociation</literal> 信息,但这被认为是一个内部 API,容易被修改且不给出通知。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1335
#, no-c-format
-msgid ""
-"Note that this login module does not perform any authentication. It merely "
-"copies the login information provided to it into the JBoss server EJB "
-"invocation layer for subsequent authentication on the server. If you need to "
-"perform client-side authentication of users you would need to configure "
-"another login module in addition to the <literal>ClientLoginModule</literal>."
+msgid "Note that this login module does not perform any authentication. It merely copies the login information provided to it into the JBoss server EJB invocation layer for subsequent authentication on the server. If you need to perform client-side authentication of users you would need to configure another login module in addition to the <literal>ClientLoginModule</literal>."
msgstr "请注意,这个登录模块不执行任何验证。它只是为随后的验证把登录信息复制到 JBoss 服务器的 EJB 调用层。如果你需要执行客户端的用户验证,你需要配置 <literal>ClientLoginModule</literal> 以外的登录模块。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1343
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">multi-threaded</emphasis>: When the multi-threaded "
-"option is set to true, each login thread has its own principal and "
-"credential storage. This is useful in client environments where multiple "
-"user identities are active in separate threads. When true, each separate "
-"thread must perform its own login. When set to false the login identity and "
-"credentials are global variables that apply to all threads in the VM. The "
-"default for this option is false."
+msgid "<emphasis role=\"bold\">multi-threaded</emphasis>: When the multi-threaded option is set to true, each login thread has its own principal and credential storage. This is useful in client environments where multiple user identities are active in separate threads. When true, each separate thread must perform its own login. When set to false the login identity and credentials are global variables that apply to all threads in the VM. The default for this option is false."
msgstr "<emphasis role=\"bold\">multi-threaded</emphasis>:当 multi-threaded 选项设置为 true 时,每个登录线程都具有自己的 principal 和 credential 库。对于多用户标识符用在不同的线程里的客户环境来说,这很有用。这个选项为 true 时,每个独立的线程都必需执行自己的登录。当为 false 时,登录标识符和 credential 都成为全局变量,可应用于 VM 里的所有线程。其缺省设置为 false。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1348
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">password-stacking</emphasis>: When <literal>password-"
-"stacking</literal> option is set to <literal>useFirstPass</literal>, this "
-"module first looks for a shared username and password using <literal>javax."
-"security.auth.login.name</literal> and <literal>javax.security.auth.login."
-"password</literal> respectively in the login module shared state map. This "
-"allows a module configured prior to this one to establish a valid username "
-"and password that should be passed to JBoss. You would use this option if "
-"you want to perform client-side authentication of clients using some other "
-"login module such as the <literal>LdapLoginModule</literal>."
-msgstr ""
-"<emphasis role=\"bold\">password-stacking</emphasis>:当 <literal>password-"
-"stacking</literal> 选项为 <literal>useFirstPass</literal> 时,这个模块首先用登录模块共享状态表里的 <literal>javax."
-"security.auth.login.name</literal> 和 <literal>javax.security.auth.login."
-"password</literal> 查找共享的用户名和密码。这允许之前配置的模块建立传递给 JBoss 的有效的用户名和密码。如果你想用其他登录模块如 <literal>LdapLoginModule</literal> 执行客户端验证,你可以使用这个选项。"
+msgid "<emphasis role=\"bold\">password-stacking</emphasis>: When <literal>password-stacking</literal> option is set to <literal>useFirstPass</literal>, this module first looks for a shared username and password using <literal>javax.security.auth.login.name</literal> and <literal>javax.security.auth.login.password</literal> respectively in the login module shared state map. This allows a module configured prior to this one to establish a valid username and password that should be passed to JBoss. You would use this option if you want to perform client-side authentication of clients using some other login module such as the <literal>LdapLoginModule</literal>."
+msgstr "<emphasis role=\"bold\">password-stacking</emphasis>:当 <literal>password-stacking</literal> 选项为 <literal>useFirstPass</literal> 时,这个模块首先用登录模块共享状态表里的 <literal>javax.security.auth.login.name</literal> 和 <literal>javax.security.auth.login.password</literal> 查找共享的用户名和密码。这允许之前配置的模块建立传递给 JBoss 的有效的用户名和密码。如果你想用其他登录模块如 <literal>LdapLoginModule</literal> 执行客户端验证,你可以使用这个选项。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1353
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">restore-login-identity</emphasis>: When "
-"<literal>restore-login-identity</literal> is true, the "
-"<literal>SecurityAssociation</literal> principal and credential seen on "
-"entry to the <literal>login()</literal> method are saved and restored on "
-"either abort or logout. When false (the default), the abort and logout "
-"simply clear the <literal>SecurityAssociation</literal>. A <literal>restore-"
-"login-identity</literal> of true is needed if one need to change identities "
-"and then restore the original caller identity."
-msgstr ""
-"<emphasis role=\"bold\">restore-login-identity</emphasis>:当 <literal>restore-login-identity</literal> 为 true 时, <literal>login()</literal> 方法里的 <literal>SecurityAssociation</literal> principal 和 credential 都在终止或登出时被保存或恢复。当它为 false(缺省值),终止和登出只是简单地清除 <literal>SecurityAssociation</literal>。如果需要修改标识符并恢复原来的调用者标识符,就要把 <literal>restore-"
-"login-identity</literal> 设置为 true。"
+msgid "<emphasis role=\"bold\">restore-login-identity</emphasis>: When <literal>restore-login-identity</literal> is true, the <literal>SecurityAssociation</literal> principal and credential seen on entry to the <literal>login()</literal> method are saved and restored on either abort or logout. When false (the default), the abort and logout simply clear the <literal>SecurityAssociation</literal>. A <literal>restore-login-identity</literal> of true is needed if one need to change identities and then restore the original caller identity."
+msgstr "<emphasis role=\"bold\">restore-login-identity</emphasis>:当 <literal>restore-login-identity</literal> 为 true 时, <literal>login()</literal> 方法里的 <literal>SecurityAssociation</literal> principal 和 credential 都在终止或登出时被保存或恢复。当它为 false(缺省值),终止和登出只是简单地清除 <literal>SecurityAssociation</literal>。如果需要修改标识符并恢复原来的调用者标识符,就要把 <literal>restore-login-identity</literal> 设置为 true。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1358
#, no-c-format
-msgid ""
-"A sample login configuration for <literal>ClientLoginModule</literal> is the "
-"default configuration entry found in the JBoss distribution <literal>client/"
-"auth.conf</literal> file. The configuration is:"
-msgstr ""
-"JBoss 的 <literal>client/"
-"auth.conf</literal> 文件里有一个缺省的用于 <literal>ClientLoginModule</literal> 的配置条目示例。这个配置是:"
+msgid "A sample login configuration for <literal>ClientLoginModule</literal> is the default configuration entry found in the JBoss distribution <literal>client/auth.conf</literal> file. The configuration is:"
+msgstr "JBoss 的 <literal>client/auth.conf</literal> 文件里有一个缺省的用于 <literal>ClientLoginModule</literal> 的配置条目示例。这个配置是:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1361
@@ -5272,29 +3451,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1368
#, no-c-format
-msgid ""
-"If the login modules bundled with the JBossSX framework do not work with "
-"your security environment, you can write your own custom login module "
-"implementation that does. Recall from the section on the "
-"<literal>JaasSecurityManager</literal> architecture that the "
-"<literal>JaasSecurityManager</literal> expected a particular usage pattern "
-"of the <literal>Subject</literal> principals set. You need to understand the "
-"JAAS Subject class's information storage features and the expected usage "
-"of these features to be able to write a login module that works with the "
-"<literal>JaasSecurityManager</literal>. This section examines this "
-"requirement and introduces two abstract base <literal>LoginModule</literal> "
-"implementations that can help you implement your own custom login modules."
+msgid "If the login modules bundled with the JBossSX framework do not work with your security environment, you can write your own custom login module implementation that does. Recall from the section on the <literal>JaasSecurityManager</literal> architecture that the <literal>JaasSecurityManager</literal> expected a particular usage pattern of the <literal>Subject</literal> principals set. You need to understand the JAAS Subject class's information storage features and the expected usage of these features to be able to write a login module that works with the <literal>JaasSecurityManager</literal>. This section examines this requirement and introduces two abstract base <literal>LoginModule</literal> implementations that can help you implement your own custom login modules."
msgstr "如果 JBossSX 框架捆绑的登录模块不适合你的安全环境,你可以编写自定义的登录模块实现。在 <literal>JaasSecurityManager</literal> 架构章节里,<literal>JaasSecurityManager</literal> 需要一个特定的 <literal>Subject</literal> principal 集合的使用模式。你需要理解 JAAS Subject 类的信息存储功能并使用这些功能来编写可和 <literal>JaasSecurityManager</literal> 一起工作的登录模块。本节讨论相关的要求并介绍两个抽象的 <literal>LoginModule</literal> 实现以帮助你实现自己的登录模块。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1371
#, no-c-format
-msgid ""
-"You can obtain security information associated with a <literal>Subject</"
-"literal> in six ways in JBoss using the following methods:"
-msgstr ""
-"你可以用下面的方法以 6 种方式获取和 <literal>Subject</"
-"literal> 相关联的安全信息:"
+msgid "You can obtain security information associated with a <literal>Subject</literal> in six ways in JBoss using the following methods:"
+msgstr "你可以用下面的方法以 6 种方式获取和 <literal>Subject</literal> 相关联的安全信息:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1374
@@ -5317,70 +3481,20 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1375
#, no-c-format
-msgid ""
-"For <literal>Subject</literal> identities and roles, JBossSX has selected "
-"the most natural choice: the principals sets obtained via "
-"<literal>getPrincipals()</literal> and <literal>getPrincipals(java.lang."
-"Class)</literal>. The usage pattern is as follows:"
-msgstr ""
-"对于 <literal>Subject</literal> 的标识符和角色,JBossSX 已经选择了最自然的选项:通过 <literal>getPrincipals()</literal> 和 <literal>getPrincipals(java.lang."
-"Class)</literal> 获得的 Principal 集。其用法如下:"
+msgid "For <literal>Subject</literal> identities and roles, JBossSX has selected the most natural choice: the principals sets obtained via <literal>getPrincipals()</literal> and <literal>getPrincipals(java.lang.Class)</literal>. The usage pattern is as follows:"
+msgstr "对于 <literal>Subject</literal> 的标识符和角色,JBossSX 已经选择了最自然的选项:通过 <literal>getPrincipals()</literal> 和 <literal>getPrincipals(java.lang.Class)</literal> 获得的 Principal 集。其用法如下:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1380
#, no-c-format
-msgid ""
-"User identities (username, social security number, employee ID, and so on) "
-"are stored as <literal>java.security.Principal</literal> objects in the "
-"<literal>Subject</literal><literal>Principals</literal> set. The "
-"<literal>Principal</literal> implementation that represents the user "
-"identity must base comparisons and equality on the name of the principal. A "
-"suitable implementation is available as the <literal>org.jboss.security."
-"SimplePrincipal</literal> class. Other <literal>Principal</literal> "
-"instances may be added to the <literal>Subject</literal><literal>Principals</"
-"literal> set as needed."
-msgstr ""
-"用户标识符(用户名、社会保险号、雇员号等)存储为 <literal>Subject</literal><literal>Principals</literal> 集里的 <literal>java.security.Principal</literal> 对象。代表用户标识的 <literal>Principal</literal> 实现必须和 principal 相等。<literal>org.jboss.security."
-"SimplePrincipal</literal> 作为一个合适的实现。其他 <literal>Principal</literal> 实例可以根据需要添加到 <literal>Subject</literal><literal>Principals</"
-"literal> 集里。"
+msgid "User identities (username, social security number, employee ID, and so on) are stored as <literal>java.security.Principal</literal> objects in the <literal>Subject</literal><literal>Principals</literal> set. The <literal>Principal</literal> implementation that represents the user identity must base comparisons and equality on the name of the principal. A suitable implementation is available as the <literal>org.jboss.security.SimplePrincipal</literal> class. Other <literal>Principal</literal> instances may be added to the <literal>Subject</literal><literal>Principals</literal> set as needed."
+msgstr "用户标识符(用户名、社会保险号、雇员号等)存储为 <literal>Subject</literal><literal>Principals</literal> 集里的 <literal>java.security.Principal</literal> 对象。代表用户标识的 <literal>Principal</literal> 实现必须和 principal 相等。<literal>org.jboss.security.SimplePrincipal</literal> 作为一个合适的实现。其他 <literal>Principal</literal> 实例可以根据需要添加到 <literal>Subject</literal><literal>Principals</literal> 集里。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1385
#, no-c-format
-msgid ""
-"The assigned user roles are also stored in the <literal>Principals</literal> "
-"set, but they are grouped in named role sets using <literal>java.security."
-"acl.Group</literal> instances. The <literal>Group</literal> interface "
-"defines a collection of <literal>Principal</literal>s and/or <literal>Group</"
-"literal>s, and is a subinterface of <literal>java.security.Principal</"
-"literal>. Any number of role sets can be assigned to a <literal>Subject</"
-"literal>. Currently, the JBossSX framework uses two well-known role sets "
-"with the names <literal>Roles</literal> and <literal>CallerPrincipal</"
-"literal>. The <literal>Roles</literal> Group is the collection of "
-"<literal>Principal</literal>s for the named roles as known in the "
-"application domain under which the <literal>Subject</literal> has been "
-"authenticated. This role set is used by methods like the <literal>EJBContext."
-"isCallerInRole(String)</literal>, which EJBs can use to see if the current "
-"caller belongs to the named application domain role. The security "
-"interceptor logic that performs method permission checks also uses this role "
-"set. The <literal>CallerPrincipal</literal><literal>Group</literal> consists "
-"of the single <literal>Principal</literal> identity assigned to the user in "
-"the application domain. The <literal>EJBContext.getCallerPrincipal() </"
-"literal>method uses the <literal>CallerPrincipal</literal> to allow the "
-"application domain to map from the operation environment identity to a user "
-"identity suitable for the application. If a <literal>Subject</literal> does "
-"not have a <literal>CallerPrincipal</literal><literal>Group</literal>, the "
-"application identity is the same as operational environment identity."
-msgstr ""
-"分配的用户角色也存储在 <literal>Principals</literal> 集里,但它们以使用 <literal>java.security."
-"acl.Group</literal> 实例的角色集进行分组。<literal>Group</literal> 接口定义了一个 <literal>Principal</literal> 和/或 <literal>Group</"
-"literal> 的集合,它是 <literal>java.security.Principal</"
-"literal> 的子接口。目前,JBossSX 框架使用两个角色集:<literal>Roles</literal> 和 <literal>CallerPrincipal</"
-"literal>。 "
-"<literal>Roles</literal> 组是命名角色所用的 <literal>Principal</literal> 的集合。"
-"这个角色集被 <literal>EJBContext."
-"isCallerInRole(String)</literal> 等方法使用,EJB 可以用来查看当前的调用者是否属于应用程序域的角色。执行方法权限检查的安全拦截器逻辑也使用这个角色集。<literal>CallerPrincipal</literal><literal>Group</literal> 由分配给应用程序域里的用户的单个的 <literal>Principal</literal> 标识符组成。<literal>EJBContext.getCallerPrincipal() </"
-"literal> 方法使用 <literal>CallerPrincipal</literal> 来允许应用程序域从操作环境标识符映射到适合于应用程序的用户标识符。如果 <literal>Subject</literal> 没有 <literal>CallerPrincipal</literal><literal>Group</literal>,应用程序标识符将和操作环境的标识符一样。"
+msgid "The assigned user roles are also stored in the <literal>Principals</literal> set, but they are grouped in named role sets using <literal>java.security.acl.Group</literal> instances. The <literal>Group</literal> interface defines a collection of <literal>Principal</literal>s and/or <literal>Group</literal>s, and is a subinterface of <literal>java.security.Principal</literal>. Any number of role sets can be assigned to a <literal>Subject</literal>. Currently, the JBossSX framework uses two well-known role sets with the names <literal>Roles</literal> and <literal>CallerPrincipal</literal>. The <literal>Roles</literal> Group is the collection of <literal>Principal</literal>s for the named roles as known in the application domain under which the <literal>Subject</literal> has been authenticated. This role set is used by methods like the <literal>EJBContext.isCallerInRole(String)</literal>, which EJBs can use to see if the current caller belongs to the named application do!
main role. The security interceptor logic that performs method permission checks also uses this role set. The <literal>CallerPrincipal</literal><literal>Group</literal> consists of the single <literal>Principal</literal> identity assigned to the user in the application domain. The <literal>EJBContext.getCallerPrincipal() </literal>method uses the <literal>CallerPrincipal</literal> to allow the application domain to map from the operation environment identity to a user identity suitable for the application. If a <literal>Subject</literal> does not have a <literal>CallerPrincipal</literal><literal>Group</literal>, the application identity is the same as operational environment identity."
+msgstr "分配的用户角色也存储在 <literal>Principals</literal> 集里,但它们以使用 <literal>java.security.acl.Group</literal> 实例的角色集进行分组。<literal>Group</literal> 接口定义了一个 <literal>Principal</literal> 和/或 <literal>Group</literal> 的集合,它是 <literal>java.security.Principal</literal> 的子接口。目前,JBossSX 框架使用两个角色集:<literal>Roles</literal> 和 <literal>CallerPrincipal</literal>。 <literal>Roles</literal> 组是命名角色所用的 <literal>Principal</literal> 的集合。这个角色集被 <literal>EJBContext.isCallerInRole(String)</literal> 等方法使用,EJB 可以用来查看当前的调用者是否属于应用程序域的角色。执行方法权限检查的安全拦截器逻辑也使用这个角色集。<literal>CallerPrincipal</literal><literal>Group</literal> 由分配给应用程序域里的用户的单个的 <literal>Principal</literal> 标识符组成。<literal>EJBCont!
ext.getCallerPrincipal() </literal> 方法使用 <literal>CallerPrincipal</literal> 来允许应用程序域从操作环境标识符映射到适合于应用程序的用户标识符。如果 <literal>Subject</literal> 没有 <literal>CallerPrincipal</literal><literal>Group</literal>,应用程序标识符将和操作环境的标识符一样。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1391
@@ -5391,21 +3505,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1392
#, no-c-format
-msgid ""
-"To simplify correct implementation of the <literal>Subject</literal> usage "
-"patterns described in the preceding section, JBossSX includes two abstract "
-"login modules that handle the population of the authenticated "
-"<literal>Subject</literal> with a template pattern that enforces correct "
-"<literal>Subject</literal> usage. The most generic of the two is the "
-"<literal>org.jboss.security.auth.spi.AbstractServerLoginModule</literal> "
-"class. It provides a concrete implementation of the <literal>javax.security."
-"auth.spi.LoginModule</literal> interface and offers abstract methods for the "
-"key tasks specific to an operation environment security infrastructure. The "
-"key details of the class are highlighted in the following class fragment. "
-"The JavaDoc comments detail the responsibilities of subclasses."
-msgstr ""
-"为了简化前面章节描述的 <literal>Subject</literal> 用法模式的正确实现,JBossSX 包括了两个抽象登录模块,它们可以处理已验证的带有强制正确使用 <literal>Subject</literal> 的模板模式的 <literal>Subject</literal>。其中最常用的是 <literal>org.jboss.security.auth.spi.AbstractServerLoginModule</literal> 类。它提供对 <literal>javax.security."
-"auth.spi.LoginModule</literal> 接口的实现,并为操作环境安全基础结果所专有的关键任务提供抽象方法。这个类的关键细节在下面的代码里被高亮显示。JavaDoc 注释详述了其子类的职责。"
+msgid "To simplify correct implementation of the <literal>Subject</literal> usage patterns described in the preceding section, JBossSX includes two abstract login modules that handle the population of the authenticated <literal>Subject</literal> with a template pattern that enforces correct <literal>Subject</literal> usage. The most generic of the two is the <literal>org.jboss.security.auth.spi.AbstractServerLoginModule</literal> class. It provides a concrete implementation of the <literal>javax.security.auth.spi.LoginModule</literal> interface and offers abstract methods for the key tasks specific to an operation environment security infrastructure. The key details of the class are highlighted in the following class fragment. The JavaDoc comments detail the responsibilities of subclasses."
+msgstr "为了简化前面章节描述的 <literal>Subject</literal> 用法模式的正确实现,JBossSX 包括了两个抽象登录模块,它们可以处理已验证的带有强制正确使用 <literal>Subject</literal> 的模板模式的 <literal>Subject</literal>。其中最常用的是 <literal>org.jboss.security.auth.spi.AbstractServerLoginModule</literal> 类。它提供对 <literal>javax.security.auth.spi.LoginModule</literal> 接口的实现,并为操作环境安全基础结果所专有的关键任务提供抽象方法。这个类的关键细节在下面的代码里被高亮显示。JavaDoc 注释详述了其子类的职责。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1395
@@ -5446,22 +3547,16 @@
" * made in the case of an override.\n"
" *\n"
" * <p>\n"
-" * The options are checked for the <em>password-stacking</"
-"em> parameter.\n"
-" * If this is set to \"useFirstPass\", the login identity will be taken "
-"from the\n"
-" * <code>javax.security.auth.login.name</code> value of the "
-"sharedState map,\n"
+" * The options are checked for the <em>password-stacking</em> parameter.\n"
+" * If this is set to \"useFirstPass\", the login identity will be taken from the\n"
+" * <code>javax.security.auth.login.name</code> value of the sharedState map,\n"
" * and the proof of identity from the\n"
-" * <code>javax.security.auth.login.password</code> value of "
-"the sharedState map.\n"
+" * <code>javax.security.auth.login.password</code> value of the sharedState map.\n"
" *\n"
" * @param subject the Subject to update after a successful login.\n"
-" * @param callbackHandler the CallbackHandler that will be used to "
-"obtain the\n"
+" * @param callbackHandler the CallbackHandler that will be used to obtain the\n"
" * the user identity and credentials.\n"
-" * @param sharedState a Map shared between all configured login module "
-"instances\n"
+" * @param sharedState a Map shared between all configured login module instances\n"
" * @param options the parameters passed to the login module.\n"
" */\n"
" public void initialize(Subject subject,\n"
@@ -5545,22 +3640,16 @@
" * made in the case of an override.\n"
" *\n"
" * <p>\n"
-" * The options are checked for the <em>password-stacking</"
-"em> parameter.\n"
-" * If this is set to \"useFirstPass\", the login identity will be taken "
-"from the\n"
-" * <code>javax.security.auth.login.name</code> value of the "
-"sharedState map,\n"
+" * The options are checked for the <em>password-stacking</em> parameter.\n"
+" * If this is set to \"useFirstPass\", the login identity will be taken from the\n"
+" * <code>javax.security.auth.login.name</code> value of the sharedState map,\n"
" * and the proof of identity from the\n"
-" * <code>javax.security.auth.login.password</code> value of "
-"the sharedState map.\n"
+" * <code>javax.security.auth.login.password</code> value of the sharedState map.\n"
" *\n"
" * @param subject the Subject to update after a successful login.\n"
-" * @param callbackHandler the CallbackHandler that will be used to "
-"obtain the\n"
+" * @param callbackHandler the CallbackHandler that will be used to obtain the\n"
" * the user identity and credentials.\n"
-" * @param sharedState a Map shared between all configured login module "
-"instances\n"
+" * @param sharedState a Map shared between all configured login module instances\n"
" * @param options the parameters passed to the login module.\n"
" */\n"
" public void initialize(Subject subject,\n"
@@ -5612,33 +3701,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1396
#, no-c-format
-msgid ""
-"You'll need to pay attention to the <literal>loginOk</literal> instance "
-"variable. This must be set to true if the login succeeds, false otherwise by "
-"any subclasses that override the login method. Failure to set this variable "
-"correctly will result in the commit method either not updating the subject "
-"when it should, or updating the subject when it should not. Tracking the "
-"outcome of the login phase was added to allow login modules to be chained "
-"together with control flags that do not require that the login module "
-"succeed in order for the overall login to succeed."
+msgid "You'll need to pay attention to the <literal>loginOk</literal> instance variable. This must be set to true if the login succeeds, false otherwise by any subclasses that override the login method. Failure to set this variable correctly will result in the commit method either not updating the subject when it should, or updating the subject when it should not. Tracking the outcome of the login phase was added to allow login modules to be chained together with control flags that do not require that the login module succeed in order for the overall login to succeed."
msgstr "你需要注意 <literal>loginOk</literal> 实例变量。如果登录成功,它必须设置为 true,否则为 false。没有正确设置这个变量将导致提交方法在需要时未更新 Subject,或是在不应该时却更新了 Subject。添加对登录阶段结果的跟踪使得登录模块可以用控制标记链接在一起,从而使得总体登录的成功并不要求每个登录模块都登录成功。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1399
#, no-c-format
-msgid ""
-"The second abstract base login module suitable for custom login modules is "
-"the <literal>org.jboss.security.auth.spi.UsernamePasswordLoginModule</"
-"literal>. This login module further simplifies custom login module "
-"implementation by enforcing a string-based username as the user identity and "
-"a <literal>char[]</literal> password as the authentication credentials. It "
-"also supports the mapping of anonymous users (indicated by a null username "
-"and password) to a principal with no roles. The key details of the class are "
-"highlighted in the following class fragment. The JavaDoc comments detail the "
-"responsibilities of subclasses."
-msgstr ""
-"第二个登录模块的抽象基类是 <literal>org.jboss.security.auth.spi.UsernamePasswordLoginModule</"
-"literal>。这个登录模块通过强制基于字符串的用户名为用户标识符以及强制 <literal>char[]</literal> 密码为验证 credential 而进一步简化了自定义登录模块的实现。它也支持匿名用户(由空的用户名和密码表示)到不具有角色的 Principal 的映射。下面的代码高亮显示了这个类的关键细节。JavaDoc 注释详述了其子类的职责。"
+msgid "The second abstract base login module suitable for custom login modules is the <literal>org.jboss.security.auth.spi.UsernamePasswordLoginModule</literal>. This login module further simplifies custom login module implementation by enforcing a string-based username as the user identity and a <literal>char[]</literal> password as the authentication credentials. It also supports the mapping of anonymous users (indicated by a null username and password) to a principal with no roles. The key details of the class are highlighted in the following class fragment. The JavaDoc comments detail the responsibilities of subclasses."
+msgstr "第二个登录模块的抽象基类是 <literal>org.jboss.security.auth.spi.UsernamePasswordLoginModule</literal>。这个登录模块通过强制基于字符串的用户名为用户标识符以及强制 <literal>char[]</literal> 密码为验证 credential 而进一步简化了自定义登录模块的实现。它也支持匿名用户(由空的用户名和密码表示)到不具有角色的 Principal 的映射。下面的代码高亮显示了这个类的关键细节。JavaDoc 注释详述了其子类的职责。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1402
@@ -5831,99 +3901,58 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1403
#, no-c-format
-msgid ""
-"The choice of subclassing the <literal>AbstractServerLoginModule</literal> "
-"versus <literal>UsernamePasswordLoginModule</literal> is simply based on "
-"whether a string-based username and credentials are usable for the "
-"authentication technology you are writing the login module for. If the "
-"string-based semantic is valid, then subclass "
-"<literal>UsernamePasswordLoginModule</literal>, otherwise subclass "
-"<literal>AbstractServerLoginModule</literal>."
-msgstr ""
-"创建 <literal>AbstractServerLoginModule</literal> "
-"还是 <literal>UsernamePasswordLoginModule</literal> 的子类取决于使用基于字符串的密码和 credential 是否可用于你编写登录模块所使用的验证技术。如果基于字符串的模式是有效的,那就创建 <literal>UsernamePasswordLoginModule</literal> 的子类,否则就创建 <literal>AbstractServerLoginModule</literal> 的子类。"
+msgid "The choice of subclassing the <literal>AbstractServerLoginModule</literal> versus <literal>UsernamePasswordLoginModule</literal> is simply based on whether a string-based username and credentials are usable for the authentication technology you are writing the login module for. If the string-based semantic is valid, then subclass <literal>UsernamePasswordLoginModule</literal>, otherwise subclass <literal>AbstractServerLoginModule</literal>."
+msgstr "创建 <literal>AbstractServerLoginModule</literal> 还是 <literal>UsernamePasswordLoginModule</literal> 的子类取决于使用基于字符串的密码和 credential 是否可用于你编写登录模块所使用的验证技术。如果基于字符串的模式是有效的,那就创建 <literal>UsernamePasswordLoginModule</literal> 的子类,否则就创建 <literal>AbstractServerLoginModule</literal> 的子类。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1406
#, no-c-format
-msgid ""
-"The steps you are required to perform when writing a custom login module are "
-"summarized in the following depending on which base login module class you "
-"choose. When writing a custom login module that integrates with your "
-"security infrastructure, you should start by subclassing "
-"<literal>AbstractServerLoginModule</literal> or "
-"<literal>UsernamePasswordLoginModule</literal> to ensure that your login "
-"module provides the authenticated <literal>Principal</literal> information "
-"in the form expected by the JBossSX security manager."
+msgid "The steps you are required to perform when writing a custom login module are summarized in the following depending on which base login module class you choose. When writing a custom login module that integrates with your security infrastructure, you should start by subclassing <literal>AbstractServerLoginModule</literal> or <literal>UsernamePasswordLoginModule</literal> to ensure that your login module provides the authenticated <literal>Principal</literal> information in the form expected by the JBossSX security manager."
msgstr "下面总结了编写自定义登录模块所需的执行步骤,这取决于你选择的登录模块的基类。当编写和你的安全基础结构集成的自定义登录模块时,你应该从创建 <literal>AbstractServerLoginModule</literal> 或 <literal>UsernamePasswordLoginModule</literal> 的子类开始以确保你的登录模块提供 符合 JBossSX 安全管理者所期望的格式的已验证的 <literal>Principal</literal> 信息。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1409
#, no-c-format
-msgid ""
-"When subclassing the <literal>AbstractServerLoginModule</literal>, you need "
-"to override the following:"
+msgid "When subclassing the <literal>AbstractServerLoginModule</literal>, you need to override the following:"
msgstr "当创建 <literal>AbstractServerLoginModule</literal> 的子类时,你需要覆盖下面的方法:"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1414 J2EE_Security_On_JBOSS.xml:1439
+#: J2EE_Security_On_JBOSS.xml:1414
+#: J2EE_Security_On_JBOSS.xml:1439
#, no-c-format
-msgid ""
-"<literal>void initialize(Subject, CallbackHandler, Map, Map)</literal>: if "
-"you have custom options to parse."
+msgid "<literal>void initialize(Subject, CallbackHandler, Map, Map)</literal>: if you have custom options to parse."
msgstr "<literal>void initialize(Subject, CallbackHandler, Map, Map)</literal>:如果要解析自定义的选项。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1419
#, no-c-format
-msgid ""
-"<literal>boolean login()</literal>: to perform the authentication activity. "
-"Be sure to set the <literal>loginOk</literal> instance variable to true if "
-"login succeeds, false if it fails."
+msgid "<literal>boolean login()</literal>: to perform the authentication activity. Be sure to set the <literal>loginOk</literal> instance variable to true if login succeeds, false if it fails."
msgstr "<literal>boolean login()</literal>:执行验证。如果登录成功,请确保设置 <literal>loginOk</literal> 实例变量为 true,或在失败时设置为 false。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1424
#, no-c-format
-msgid ""
-"<literal>Principal getIdentity()</literal>: to return the "
-"<literal>Principal</literal> object for the user authenticated by the "
-"<literal>log()</literal> step."
+msgid "<literal>Principal getIdentity()</literal>: to return the <literal>Principal</literal> object for the user authenticated by the <literal>log()</literal> step."
msgstr "<literal>Principal getIdentity()</literal>:为 <literal>login()</literal> 步骤验证的用户返回 <literal>Principal</literal> 对象。"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1429 J2EE_Security_On_JBOSS.xml:1444
+#: J2EE_Security_On_JBOSS.xml:1429
+#: J2EE_Security_On_JBOSS.xml:1444
#, no-c-format
-msgid ""
-"<literal>Group[] getRoleSets()</literal>: to return at least one "
-"<literal>Group</literal> named <literal>Roles</literal> that contains the "
-"roles assigned to the <literal>Principal</literal> authenticated during "
-"<literal>login()</literal>. A second common <literal>Group</literal> is "
-"named <literal>CallerPrincipal</literal> and provides the user's "
-"application identity rather than the security domain identity."
+msgid "<literal>Group[] getRoleSets()</literal>: to return at least one <literal>Group</literal> named <literal>Roles</literal> that contains the roles assigned to the <literal>Principal</literal> authenticated during <literal>login()</literal>. A second common <literal>Group</literal> is named <literal>CallerPrincipal</literal> and provides the user's application identity rather than the security domain identity."
msgstr "<literal>Group[] getRoleSets()</literal>:返回至少一个名为 <literal>Roles</literal> 的 <literal>Group</literal>,它包含分配给 <literal>login()</literal> 期间验证的 <literal>Principal</literal> 的角色。第二个公用的 <literal>Group</literal> 的名称是 <literal>CallerPrincipal</literal>,它提供用户的应用程序标识而不是安全域标识。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1434
#, no-c-format
-msgid ""
-"When subclassing the <literal>UsernamePasswordLoginModule</literal>, you "
-"need to override the following:"
+msgid "When subclassing the <literal>UsernamePasswordLoginModule</literal>, you need to override the following:"
msgstr "当创建 <literal>UsernamePasswordLoginModule</literal> 的子类时,你需要覆盖:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1449
#, no-c-format
-msgid ""
-"<literal>String getUsersPassword()</literal>: to return the expected "
-"password for the current username available via the <literal>getUsername()</"
-"literal> method. The <literal>getUsersPassword()</literal> method is called "
-"from within <literal>login()</literal> after the <literal>callbackhandler</"
-"literal> returns the username and candidate password."
-msgstr ""
-"<literal>String getUsersPassword()</literal>:返回通过 <literal>getUsername()</"
-"literal> 获得的当前用户的密码。<literal>getUsersPassword()</literal> 方法是在 <literal>login()</literal> 里并在 <literal>callbackhandler</"
-"literal> 返回用户名和候选密码后被调用的。"
+msgid "<literal>String getUsersPassword()</literal>: to return the expected password for the current username available via the <literal>getUsername()</literal> method. The <literal>getUsersPassword()</literal> method is called from within <literal>login()</literal> after the <literal>callbackhandler</literal> returns the username and candidate password."
+msgstr "<literal>String getUsersPassword()</literal>:返回通过 <literal>getUsername()</literal> 获得的当前用户的密码。<literal>getUsersPassword()</literal> 方法是在 <literal>login()</literal> 里并在 <literal>callbackhandler</literal> 返回用户名和候选密码后被调用的。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1457
@@ -5934,38 +3963,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1458
#, no-c-format
-msgid ""
-"In this section we will develop a custom login module example. It will "
-"extend the <literal>UsernamePasswordLoginModule</literal> and obtains a "
-"user's password and role names from a JNDI lookup. The idea is that "
-"there is a JNDI context that will return a user's password if you "
-"perform a lookup on the context using a name of the form <literal>password/"
-"<username></literal> where <literal><username></literal> is the "
-"current user being authenticated. Similarly, a lookup of the form "
-"<literal>roles/<username></literal> returns the requested user's "
-"roles."
-msgstr ""
-"在本节,我们将开发一个自定义的登录模块例子。它将继承 <literal>UsernamePasswordLoginModule</literal> 并通过 JNDI 查找获取用户的密码和角色名。如果你用 <literal>password/"
-"<username></literal> 的形式执行一个查找,其中的 <literal><username></literal> 是已经验证的当前用户,JNDI 上下文将返回用户的密码。类似地,<literal>roles/<username></literal> 形式的查找将返回用户的角色。"
+msgid "In this section we will develop a custom login module example. It will extend the <literal>UsernamePasswordLoginModule</literal> and obtains a user's password and role names from a JNDI lookup. The idea is that there is a JNDI context that will return a user's password if you perform a lookup on the context using a name of the form <literal>password/<username></literal> where <literal><username></literal> is the current user being authenticated. Similarly, a lookup of the form <literal>roles/<username></literal> returns the requested user's roles."
+msgstr "在本节,我们将开发一个自定义的登录模块例子。它将继承 <literal>UsernamePasswordLoginModule</literal> 并通过 JNDI 查找获取用户的密码和角色名。如果你用 <literal>password/<username></literal> 的形式执行一个查找,其中的 <literal><username></literal> 是已经验证的当前用户,JNDI 上下文将返回用户的密码。类似地,<literal>roles/<username></literal> 形式的查找将返回用户的角色。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1461
#, no-c-format
-msgid ""
-"The source code for the example is located in the <literal>src/main/org/"
-"jboss/book/security/ex2</literal> directory of the book examples. <xref "
-"linkend=\"A_Custom_LoginModule_Example-_A_JndiUserAndPass_custom_login_module"
-"\"/> shows the source code for the <literal>JndiUserAndPass</literal> custom "
-"login module. Note that because this extends the JBoss "
-"<literal>UsernamePasswordLoginModule</literal>, all the "
-"<literal>JndiUserAndPass</literal> does is obtain the user's password "
-"and roles from the JNDI store. The <literal>JndiUserAndPass</literal> does "
-"not concern itself with the JAAS <literal>LoginModule</literal> operations."
-msgstr ""
-"这个例子的源码位于 book 例程的 <literal>src/main/org/"
-"jboss/book/security/ex2</literal> 目录下。<xref "
-"linkend=\"A_Custom_LoginModule_Example-_A_JndiUserAndPass_custom_login_module"
-"\"/> 展示了 <literal>JndiUserAndPass</literal> 自定义登录模块的源代码。请注意,因为这继承了 JBoss 的 <literal>UsernamePasswordLoginModule</literal>,<literal>JndiUserAndPass</literal> 所做的只是从 JNDI 库里获取用户的密码和角色。<literal>JndiUserAndPass</literal> 不涉及 JAAS <literal>LoginModule</literal> 操作。"
+msgid "The source code for the example is located in the <literal>src/main/org/jboss/book/security/ex2</literal> directory of the book examples. <xref linkend=\"A_Custom_LoginModule_Example-_A_JndiUserAndPass_custom_login_module\"/> shows the source code for the <literal>JndiUserAndPass</literal> custom login module. Note that because this extends the JBoss <literal>UsernamePasswordLoginModule</literal>, all the <literal>JndiUserAndPass</literal> does is obtain the user's password and roles from the JNDI store. The <literal>JndiUserAndPass</literal> does not concern itself with the JAAS <literal>LoginModule</literal> operations."
+msgstr "这个例子的源码位于 book 例程的 <literal>src/main/org/jboss/book/security/ex2</literal> 目录下。<xref linkend=\"A_Custom_LoginModule_Example-_A_JndiUserAndPass_custom_login_module\"/> 展示了 <literal>JndiUserAndPass</literal> 自定义登录模块的源代码。请注意,因为这继承了 JBoss 的 <literal>UsernamePasswordLoginModule</literal>,<literal>JndiUserAndPass</literal> 所做的只是从 JNDI 库里获取用户的密码和角色。<literal>JndiUserAndPass</literal> 不涉及 JAAS <literal>LoginModule</literal> 操作。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1464
@@ -6001,18 +4006,15 @@
"public class JndiUserAndPass \n"
" extends UsernamePasswordLoginModule\n"
"{\n"
-" /** The JNDI name to the context that handles the password/username "
-"lookup */\n"
+" /** The JNDI name to the context that handles the password/username lookup */\n"
" private String userPathPrefix;\n"
-" /** The JNDI name to the context that handles the roles/ username lookup "
-"*/\n"
+" /** The JNDI name to the context that handles the roles/ username lookup */\n"
" private String rolesPathPrefix;\n"
" \n"
" /**\n"
" * Override to obtain the userPathPrefix and rolesPathPrefix options.\n"
" */\n"
-" public void initialize(Subject subject, CallbackHandler "
-"callbackHandler,\n"
+" public void initialize(Subject subject, CallbackHandler callbackHandler,\n"
" Map sharedState, Map options)\n"
" {\n"
" super.initialize(subject, callbackHandler, sharedState, options);\n"
@@ -6028,8 +4030,7 @@
" {\n"
" try {\n"
" InitialContext ctx = new InitialContext();\n"
-" String rolesPath = rolesPathPrefix + '/' + super."
-"getUsername();\n"
+" String rolesPath = rolesPathPrefix + '/' + super.getUsername();\n"
"\n"
" String[] roles = (String[]) ctx.lookup(rolesPath);\n"
" Group[] groups = {new SimpleGroup(\"Roles\")};\n"
@@ -6056,8 +4057,7 @@
" {\n"
" try {\n"
" InitialContext ctx = new InitialContext();\n"
-" String userPath = userPathPrefix + '/' + super."
-"getUsername();\n"
+" String userPath = userPathPrefix + '/' + super.getUsername();\n"
" log.info(\"Getting password for user=\"+super.getUsername());\n"
" String passwd = (String) ctx.lookup(userPath);\n"
" log.info(\"Found password=\"+passwd);\n"
@@ -6094,18 +4094,15 @@
"public class JndiUserAndPass \n"
" extends UsernamePasswordLoginModule\n"
"{\n"
-" /** The JNDI name to the context that handles the password/username "
-"lookup */\n"
+" /** The JNDI name to the context that handles the password/username lookup */\n"
" private String userPathPrefix;\n"
-" /** The JNDI name to the context that handles the roles/ username lookup "
-"*/\n"
+" /** The JNDI name to the context that handles the roles/ username lookup */\n"
" private String rolesPathPrefix;\n"
" \n"
" /**\n"
" * Override to obtain the userPathPrefix and rolesPathPrefix options.\n"
" */\n"
-" public void initialize(Subject subject, CallbackHandler "
-"callbackHandler,\n"
+" public void initialize(Subject subject, CallbackHandler callbackHandler,\n"
" Map sharedState, Map options)\n"
" {\n"
" super.initialize(subject, callbackHandler, sharedState, options);\n"
@@ -6121,8 +4118,7 @@
" {\n"
" try {\n"
" InitialContext ctx = new InitialContext();\n"
-" String rolesPath = rolesPathPrefix + '/' + super."
-"getUsername();\n"
+" String rolesPath = rolesPathPrefix + '/' + super.getUsername();\n"
"\n"
" String[] roles = (String[]) ctx.lookup(rolesPath);\n"
" Group[] groups = {new SimpleGroup(\"Roles\")};\n"
@@ -6149,8 +4145,7 @@
" {\n"
" try {\n"
" InitialContext ctx = new InitialContext();\n"
-" String userPath = userPathPrefix + '/' + super."
-"getUsername();\n"
+" String userPath = userPathPrefix + '/' + super.getUsername();\n"
" log.info(\"Getting password for user=\"+super.getUsername());\n"
" String passwd = (String) ctx.lookup(userPath);\n"
" log.info(\"Found password=\"+passwd);\n"
@@ -6166,31 +4161,13 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1466
#, no-c-format
-msgid ""
-"The details of the JNDI store are found in the <literal>org.jboss.book."
-"security.ex2.service.JndiStore</literal> MBean. This service binds an "
-"<literal>ObjectFactory</literal> that returns a <literal>javax.naming."
-"Context</literal> proxy into JNDI. The proxy handles lookup operations done "
-"against it by checking the prefix of the lookup name against "
-"<literal>password</literal> and <literal>roles</literal>. When the name "
-"begins with <literal>password</literal>, a user's password is being "
-"requested. When the name begins with <literal>roles</literal> the user's "
-"roles are being requested. The example implementation always returns a "
-"password of <literal>theduke</literal> and an array of roles names equal to "
-"<literal>{\"TheDuke\", \"Echo\"}</literal> regardless of what the username "
-"is. You can experiment with other implementations as you wish."
-msgstr ""
-"JNDI 库的细节可以在 <literal>org.jboss.book."
-"security.ex2.service.JndiStore</literal> MBean 里找到。这个服务绑定了<literal>ObjectFactory</literal>,它往 JNDI 返回 <literal>javax.naming."
-"Context</literal> 代理。这个代理通过检查查找名的前缀里的 <literal>password</literal> 和 <literal>roles</literal> 来处理查找操作。当名称以 <literal>password</literal> 开始时,用户的密码将被请求。当名称以 <literal>roles</literal> 开始时,用户的角色将别请求。示例实现总是返回 <literal>theduke</literal> 的密码和角色名称的队列 <literal>{\"TheDuke\", \"Echo\"}</literal> 而不管用户名是什么。你也可以使用其他实现。"
+msgid "The details of the JNDI store are found in the <literal>org.jboss.book.security.ex2.service.JndiStore</literal> MBean. This service binds an <literal>ObjectFactory</literal> that returns a <literal>javax.naming.Context</literal> proxy into JNDI. The proxy handles lookup operations done against it by checking the prefix of the lookup name against <literal>password</literal> and <literal>roles</literal>. When the name begins with <literal>password</literal>, a user's password is being requested. When the name begins with <literal>roles</literal> the user's roles are being requested. The example implementation always returns a password of <literal>theduke</literal> and an array of roles names equal to <literal>{\"TheDuke\", \"Echo\"}</literal> regardless of what the username is. You can experiment with other implementations as you wish."
+msgstr "JNDI 库的细节可以在 <literal>org.jboss.book.security.ex2.service.JndiStore</literal> MBean 里找到。这个服务绑定了<literal>ObjectFactory</literal>,它往 JNDI 返回 <literal>javax.naming.Context</literal> 代理。这个代理通过检查查找名的前缀里的 <literal>password</literal> 和 <literal>roles</literal> 来处理查找操作。当名称以 <literal>password</literal> 开始时,用户的密码将被请求。当名称以 <literal>roles</literal> 开始时,用户的角色将别请求。示例实现总是返回 <literal>theduke</literal> 的密码和角色名称的队列 <literal>{\"TheDuke\", \"Echo\"}</literal> 而不管用户名是什么。你也可以使用其他实现。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1469
#, no-c-format
-msgid ""
-"The example code includes a simple session bean for testing the custom login "
-"module. To build, deploy and run the example, execute the following command "
-"in the examples directory."
+msgid "The example code includes a simple session bean for testing the custom login module. To build, deploy and run the example, execute the following command in the examples directory."
msgstr "示例代码包括了一个用于测试自定义登录模块的简单的 session bean。要构建、部署和运行这个例子,你可以在 examples 目录里执行下列命令。"
#. Tag: programlisting
@@ -6218,11 +4195,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1473
#, no-c-format
-msgid ""
-"The choice of using the <literal>JndiUserAndPass</literal> custom login "
-"module for the server side authentication of the user is determined by the "
-"login configuration for the example security domain. The EJB JAR "
-"<literal>META-INF/jboss.xml</literal> descriptor sets the security domain"
+msgid "The choice of using the <literal>JndiUserAndPass</literal> custom login module for the server side authentication of the user is determined by the login configuration for the example security domain. The EJB JAR <literal>META-INF/jboss.xml</literal> descriptor sets the security domain"
msgstr "为服务器端用户的验证选择 <literal>JndiUserAndPass</literal> 自定义登录模块是由示例安全域的登录配置决定的。EJB JAR 的 <literal>META-INF/jboss.xml</literal> 描述符设置了安全域。"
#. Tag: programlisting
@@ -6242,9 +4215,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1477
#, no-c-format
-msgid ""
-"The SAR <literal>META-INF/login-config.xml</literal> descriptor defines the "
-"login module configuration."
+msgid "The SAR <literal>META-INF/login-config.xml</literal> descriptor defines the login module configuration."
msgstr "SAR <literal>META-INF/login-config.xml</literal> 描述符定义了登录模块配置。"
#. Tag: programlisting
@@ -6253,26 +4224,20 @@
msgid ""
"<application-policy name = \"security-ex2\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.book.security.ex2.JndiUserAndPass"
-"\"\n"
+" <login-module code=\"org.jboss.book.security.ex2.JndiUserAndPass\"\n"
" flag=\"required\">\n"
-" <module-option name = \"userPathPrefix\">/security/store/"
-"password</module-option>\n"
-" <module-option name = \"rolesPathPrefix\">/security/store/"
-"roles</module-option>\n"
+" <module-option name = \"userPathPrefix\">/security/store/password</module-option>\n"
+" <module-option name = \"rolesPathPrefix\">/security/store/roles</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
msgstr ""
"<application-policy name = \"security-ex2\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.book.security.ex2.JndiUserAndPass"
-"\"\n"
+" <login-module code=\"org.jboss.book.security.ex2.JndiUserAndPass\"\n"
" flag=\"required\">\n"
-" <module-option name = \"userPathPrefix\">/security/store/"
-"password</module-option>\n"
-" <module-option name = \"rolesPathPrefix\">/security/store/"
-"roles</module-option>\n"
+" <module-option name = \"userPathPrefix\">/security/store/password</module-option>\n"
+" <module-option name = \"rolesPathPrefix\">/security/store/roles</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
@@ -6286,126 +4251,73 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1489
#, no-c-format
-msgid ""
-"The SRP protocol is an implementation of a public key exchange handshake "
-"described in the Internet standards working group request for comments 2945"
-"(RFC2945). The RFC2945 abstract states:"
+msgid "The SRP protocol is an implementation of a public key exchange handshake described in the Internet standards working group request for comments 2945(RFC2945). The RFC2945 abstract states:"
msgstr "SRP 协议是对关于 RFC2945 标准里描述的公共密钥交换握手协议的实现。RFC2945 表明:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1492
#, no-c-format
-msgid ""
-"This document describes a cryptographically strong network authentication "
-"mechanism known as the Secure Remote Password (SRP) protocol. This mechanism "
-"is suitable for negotiating secure connections using a user-supplied "
-"password, while eliminating the security problems traditionally associated "
-"with reusable passwords. This system also performs a secure key exchange in "
-"the process of authentication, allowing security layers (privacy and/or "
-"integrity protection) to be enabled during the session. Trusted key servers "
-"and certificate infrastructures are not required, and clients are not "
-"required to store or manage any long-term keys. SRP offers both security and "
-"deployment advantages over existing challenge-response techniques, making it "
-"an ideal drop-in replacement where secure password authentication is needed."
+msgid "This document describes a cryptographically strong network authentication mechanism known as the Secure Remote Password (SRP) protocol. This mechanism is suitable for negotiating secure connections using a user-supplied password, while eliminating the security problems traditionally associated with reusable passwords. This system also performs a secure key exchange in the process of authentication, allowing security layers (privacy and/or integrity protection) to be enabled during the session. Trusted key servers and certificate infrastructures are not required, and clients are not required to store or manage any long-term keys. SRP offers both security and deployment advantages over existing challenge-response techniques, making it an ideal drop-in replacement where secure password authentication is needed."
msgstr "这个文档描述了一个强加密的网络验证机制,就是 SRP(Secure Remote Password)协议。这个机制适合于使用用户提供的密码协商安全连接,从而消除了传统的可重用密码的安全隐患。这个系统也在验证过程中执行安全密钥交换,允许在会话中启用安全层(隐私和/或完整性保护)。它不要求信任的密钥服务器和证书结构,也不要求客户存储或管理任何长期的密钥。相对现有的 challenge-response 技术,SRP 提供了安全性和部署优势,当需要安全密码验证时,它是一个理想的替代方案。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1495
#, no-c-format
-msgid ""
-"Note: The complete RFC2945 specification can be obtained from <ulink url="
-"\"http://www.rfc-editor.org/rfc.html\"></ulink>. Additional information on "
-"the SRP algorithm and its history can be found at <ulink url=\"http://www-cs-"
-"students.stanford.edu/~tjw/srp/\"></ulink>."
-msgstr ""
-"请注意:你可以从 <ulink url="
-"\"http://www.rfc-editor.org/rfc.html\"></ulink> 获得完整的 RFC2945 规格。SRP 算法的其他信息及其历史可以在 <ulink url=\"http://www-cs-"
-"students.stanford.edu/~tjw/srp/\"></ulink> 里找到。"
+msgid "Note: The complete RFC2945 specification can be obtained from <ulink url=\"http://www.rfc-editor.org/rfc.html\"></ulink>. Additional information on the SRP algorithm and its history can be found at <ulink url=\"http://www-cs-students.stanford.edu/~tjw/srp/\"></ulink>."
+msgstr "请注意:你可以从 <ulink url=\"http://www.rfc-editor.org/rfc.html\"></ulink> 获得完整的 RFC2945 规格。SRP 算法的其他信息及其历史可以在 <ulink url=\"http://www-cs-students.stanford.edu/~tjw/srp/\"></ulink> 里找到。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1498
#, no-c-format
-msgid ""
-"SRP is similar in concept and security to other public key exchange "
-"algorithms, such as Diffie-Hellman and RSA. SRP is based on simple string "
-"passwords in a way that does not require a clear text password to exist on "
-"the server. This is in contrast to other public key-based algorithms that "
-"require client certificates and the corresponding certificate management "
-"infrastructure."
+msgid "SRP is similar in concept and security to other public key exchange algorithms, such as Diffie-Hellman and RSA. SRP is based on simple string passwords in a way that does not require a clear text password to exist on the server. This is in contrast to other public key-based algorithms that require client certificates and the corresponding certificate management infrastructure."
msgstr "SRP 从概念和安全性上来说和其他公共密钥交换算法类似,如 Diffie-Hellman 和 RSA。SRP 基于简单的字符串密码,它不需要在服务器上存放明文密码。这和需要客户端证书和对应的证书管理基础结构的其他基于密钥的算法是相反的。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1501
#, no-c-format
-msgid ""
-"Algorithms like Diffie-Hellman and RSA are known as public key exchange "
-"algorithms. The concept of public key algorithms is that you have two keys, "
-"one public that is available to everyone, and one that is private and known "
-"only to you. When someone wants to send encrypted information to you, then "
-"encrpyt the information using your public key. Only you are able to decrypt "
-"the information using your private key. Contrast this with the more "
-"traditional shared password based encryption schemes that require the sender "
-"and receiver to know the shared password. Public key algorithms eliminate "
-"the need to share passwords."
+msgid "Algorithms like Diffie-Hellman and RSA are known as public key exchange algorithms. The concept of public key algorithms is that you have two keys, one public that is available to everyone, and one that is private and known only to you. When someone wants to send encrypted information to you, then encrpyt the information using your public key. Only you are able to decrypt the information using your private key. Contrast this with the more traditional shared password based encryption schemes that require the sender and receiver to know the shared password. Public key algorithms eliminate the need to share passwords."
msgstr "Diffie-Hellman 和 RSA 等算法通称为公共密钥交换算法。公共密钥算法的概念是你有两个密钥,其中一个对于所有人都是公开的,另外一个则是私有的且只有你自己知道。当某人希望给你发送加密的信息时,他会使用公共密钥进行加密。只有你才能用私有密钥对这些信息进行解密。它和更传统的基于共享密码的加密模式相反,那需要发送者和接收者的都知道共享的密码。公共密钥算法消除了对共享密码的需要。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1504
#, no-c-format
-msgid ""
-"The JBossSX framework includes an implementation of SRP that consists of the "
-"following elements:"
+msgid "The JBossSX framework includes an implementation of SRP that consists of the following elements:"
msgstr "JBossSX 框架包括了一个 SRP 的实现,它由下列元素组成:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1509
#, no-c-format
-msgid ""
-"An implementation of the SRP handshake protocol that is independent of any "
-"particular client/server protocol"
+msgid "An implementation of the SRP handshake protocol that is independent of any particular client/server protocol"
msgstr "独立于任何客户/服务器协议的 SRP 握手协议的实现"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1514
#, no-c-format
-msgid ""
-"An RMI implementation of the handshake protocol as the default client/server "
-"SRP implementation"
+msgid "An RMI implementation of the handshake protocol as the default client/server SRP implementation"
msgstr "作为缺省客户/服务器 SRP 实现的握手协议的 RMI 实现"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1519
#, no-c-format
-msgid ""
-"A client side JAAS <literal>LoginModule</literal> implementation that uses "
-"the RMI implementation for use in authenticating clients in a secure fashion"
+msgid "A client side JAAS <literal>LoginModule</literal> implementation that uses the RMI implementation for use in authenticating clients in a secure fashion"
msgstr "使用 RMI 实现以安全方式验证客户的客户端的 JAAS <literal>LoginModule</literal> 实现"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1524
#, no-c-format
-msgid ""
-"A JMX MBean for managing the RMI server implementation. The MBean allows the "
-"RMI server implementation to be plugged into a JMX framework and "
-"externalizes the configuration of the verification information store. It "
-"also establishes an authentication cache that is bound into the JBoss server "
-"JNDI namespace."
+msgid "A JMX MBean for managing the RMI server implementation. The MBean allows the RMI server implementation to be plugged into a JMX framework and externalizes the configuration of the verification information store. It also establishes an authentication cache that is bound into the JBoss server JNDI namespace."
msgstr "管理 RMI 服务器实现的 JMX MBean。这个 MBean 允许 RMI 服务器实现插入到 JMX 框架里并扩展了验证信息库的配置。它也建立了一个绑定在 JBoss 服务器的 JNDI 命名空间里的验证缓存。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1529
#, no-c-format
-msgid ""
-"A server side JAAS <literal>LoginModule</literal> implementation that uses "
-"the authentication cache managed by the SRP JMX MBean."
+msgid "A server side JAAS <literal>LoginModule</literal> implementation that uses the authentication cache managed by the SRP JMX MBean."
msgstr "使用 SRP JMX MBean 管理的验证缓存的服务器端的 JAAS <literal>LoginModule</literal> 实现。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1534
#, no-c-format
-msgid ""
-"gives a diagram of the key components involved in the JBossSX implementation "
-"of the SRP client/server framework."
+msgid "gives a diagram of the key components involved in the JBossSX implementation of the SRP client/server framework."
msgstr "给出了 SRP 客户/服务器框架的 JBossSX 实现里涉及的密钥组件的图表。"
#. Tag: title
@@ -6417,108 +4329,55 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1545
#, no-c-format
-msgid ""
-"On the client side, SRP shows up as a custom JAAS <literal>LoginModule</"
-"literal> implementation that communicates to the authentication server "
-"through an <literal>org.jboss.security.srp.SRPServerInterface</literal> "
-"proxy. A client enables authentication using SRP by creating a login "
-"configuration entry that includes the <literal>org.jboss.security.srp.jaas."
-"SRPLoginModule</literal>. This module supports the following configuration "
-"options:"
-msgstr ""
-"在客户端,SRP 显示了一个自定义的 JAAS <literal>LoginModule</"
-"literal> 实现,它通过 <literal>org.jboss.security.srp.SRPServerInterface</literal> 代理和验证服务器进行通讯。客户通过创建包含 <literal>org.jboss.security.srp.jaas."
-"SRPLoginModule</literal> 的登录配置条目启用 SRP 验证。这个模块支持下列的配置选项:"
+msgid "On the client side, SRP shows up as a custom JAAS <literal>LoginModule</literal> implementation that communicates to the authentication server through an <literal>org.jboss.security.srp.SRPServerInterface</literal> proxy. A client enables authentication using SRP by creating a login configuration entry that includes the <literal>org.jboss.security.srp.jaas.SRPLoginModule</literal>. This module supports the following configuration options:"
+msgstr "在客户端,SRP 显示了一个自定义的 JAAS <literal>LoginModule</literal> 实现,它通过 <literal>org.jboss.security.srp.SRPServerInterface</literal> 代理和验证服务器进行通讯。客户通过创建包含 <literal>org.jboss.security.srp.jaas.SRPLoginModule</literal> 的登录配置条目启用 SRP 验证。这个模块支持下列的配置选项:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1550
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">principalClassName</emphasis>: This option is no "
-"longer supported. The principal class is now always <literal>org.jboss."
-"security.srp.jaas.SRPPrincipal</literal>."
-msgstr ""
-"<emphasis role=\"bold\">principalClassName</emphasis>:这个选项不再被支持。principal 类现在变成了 <literal>org.jboss."
-"security.srp.jaas.SRPPrincipal</literal>。"
+msgid "<emphasis role=\"bold\">principalClassName</emphasis>: This option is no longer supported. The principal class is now always <literal>org.jboss.security.srp.jaas.SRPPrincipal</literal>."
+msgstr "<emphasis role=\"bold\">principalClassName</emphasis>:这个选项不再被支持。principal 类现在变成了 <literal>org.jboss.security.srp.jaas.SRPPrincipal</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1555
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">srpServerJndiName</emphasis>: The JNDI name of the "
-"<literal>SRPServerInterface</literal> object to use for communicating with "
-"the SRP authentication server. If both <literal>srpServerJndiName</literal> "
-"and <literal>srpServerRmiUrl</literal> options are specified, the "
-"<literal>srpServerJndiName</literal> is tried before "
-"<literal>srpServerRmiUrl</literal>."
-msgstr ""
-"<emphasis role=\"bold\">srpServerJndiName</emphasis>:用于和 SRP 验证服务器通讯的 <literal>SRPServerInterface</literal> 对象的 JNDI 名称。如果 <literal>srpServerJndiName</literal> "
-"和 <literal>srpServerRmiUrl</literal> 都被指定,<literal>srpServerJndiName</literal> 将在 <literal>srpServerRmiUrl</literal> 之前被尝试。"
+msgid "<emphasis role=\"bold\">srpServerJndiName</emphasis>: The JNDI name of the <literal>SRPServerInterface</literal> object to use for communicating with the SRP authentication server. If both <literal>srpServerJndiName</literal> and <literal>srpServerRmiUrl</literal> options are specified, the <literal>srpServerJndiName</literal> is tried before <literal>srpServerRmiUrl</literal>."
+msgstr "<emphasis role=\"bold\">srpServerJndiName</emphasis>:用于和 SRP 验证服务器通讯的 <literal>SRPServerInterface</literal> 对象的 JNDI 名称。如果 <literal>srpServerJndiName</literal> 和 <literal>srpServerRmiUrl</literal> 都被指定,<literal>srpServerJndiName</literal> 将在 <literal>srpServerRmiUrl</literal> 之前被尝试。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1560
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">srpServerRmiUrl</emphasis>: The RMI protocol URL "
-"string for the location of the <literal>SRPServerInterface</literal> proxy "
-"to use for communicating with the SRP authentication server."
+msgid "<emphasis role=\"bold\">srpServerRmiUrl</emphasis>: The RMI protocol URL string for the location of the <literal>SRPServerInterface</literal> proxy to use for communicating with the SRP authentication server."
msgstr "<emphasis role=\"bold\">srpServerRmiUrl</emphasis>:用于和 SRP 验证服务器通讯的 <literal>SRPServerInterface</literal> 代理的位置的 RMI 协议 URL 字符串。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1565
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">externalRandomA</emphasis>: A true/false flag "
-"indicating if the random component of the client public key A should come "
-"from the user callback. This can be used to input a strong cryptographic "
-"random number coming from a hardware token for example."
+msgid "<emphasis role=\"bold\">externalRandomA</emphasis>: A true/false flag indicating if the random component of the client public key A should come from the user callback. This can be used to input a strong cryptographic random number coming from a hardware token for example."
msgstr "<emphasis role=\"bold\">externalRandomA</emphasis>:true/false 标记,表示是否从用户的回调方法里获取客户公共密钥的随机组件。这可用于输入强加密的随机数字,如硬件令牌产生的数字。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1570
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">hasAuxChallenge</emphasis>: A true/false flag "
-"indicating that a string will be sent to the server as an additional "
-"challenge for the server to validate. If the client session supports an "
-"encryption cipher then a temporary cipher will be created using the session "
-"private key and the challenge object sent as a <literal>javax.crypto."
-"SealedObject</literal>."
-msgstr ""
-"<emphasis role=\"bold\">hasAuxChallenge</emphasis>:true/false 标记,表示是否把字符串作为额外的 challenge 发送到服务器发进行验证。如果客户会话支持加密密码,那临时的密码将用会话的私有密钥进行创建并以 <literal>javax.crypto."
-"SealedObject</literal> 发送 challenge 对象。"
+msgid "<emphasis role=\"bold\">hasAuxChallenge</emphasis>: A true/false flag indicating that a string will be sent to the server as an additional challenge for the server to validate. If the client session supports an encryption cipher then a temporary cipher will be created using the session private key and the challenge object sent as a <literal>javax.crypto.SealedObject</literal>."
+msgstr "<emphasis role=\"bold\">hasAuxChallenge</emphasis>:true/false 标记,表示是否把字符串作为额外的 challenge 发送到服务器发进行验证。如果客户会话支持加密密码,那临时的密码将用会话的私有密钥进行创建并以 <literal>javax.crypto.SealedObject</literal> 发送 challenge 对象。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1575
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">multipleSessions</emphasis>: a true/false flag "
-"indicating if a given client may have multiple SRP login sessions active "
-"simultaneously."
+msgid "<emphasis role=\"bold\">multipleSessions</emphasis>: a true/false flag indicating if a given client may have multiple SRP login sessions active simultaneously."
msgstr "<emphasis role=\"bold\">multipleSessions</emphasis>:true/false 标记,指出给定客户是否同时具有多个活动的 SRP 登录会话。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1580
#, no-c-format
-msgid ""
-"Any other options passed in that do not match one of the previous named "
-"options is treated as a JNDI property to use for the environment passed to "
-"the <literal>InitialContext</literal> constructor. This is useful if the SRP "
-"server interface is not available from the default <literal>InitialContext</"
-"literal>."
-msgstr ""
-"任不符合前面的命名选的任何其他选项都被当作 JNDI 属性且传入 <literal>InitialContext</literal> 构造器。如果通过缺省的 <literal>InitialContext</"
-"literal> 使用 SRP 服务器接口的话,这就很有用。"
+msgid "Any other options passed in that do not match one of the previous named options is treated as a JNDI property to use for the environment passed to the <literal>InitialContext</literal> constructor. This is useful if the SRP server interface is not available from the default <literal>InitialContext</literal>."
+msgstr "任不符合前面的命名选的任何其他选项都被当作 JNDI 属性且传入 <literal>InitialContext</literal> 构造器。如果通过缺省的 <literal>InitialContext</literal> 使用 SRP 服务器接口的话,这就很有用。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1583
#, no-c-format
-msgid ""
-"The <literal>SRPLoginModule</literal> needs to be configured along with the "
-"standard <literal>ClientLoginModule</literal> to allow the SRP "
-"authentication credentials to be used for validation of access to security "
-"J2EE components. An example login configuration entry that demonstrates such "
-"a setup is:"
+msgid "The <literal>SRPLoginModule</literal> needs to be configured along with the standard <literal>ClientLoginModule</literal> to allow the SRP authentication credentials to be used for validation of access to security J2EE components. An example login configuration entry that demonstrates such a setup is:"
msgstr "<literal>SRPLoginModule</literal> 需要和标准的 <literal>ClientLoginModule</literal> 一起配置来允许对安全性 J2EE 组件访问使用 SRP 验证 credential。"
#. Tag: programlisting
@@ -6548,181 +4407,91 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1587
#, no-c-format
-msgid ""
-"On the JBoss server side, there are two MBeans that manage the objects that "
-"collectively make up the SRP server. The primary service is the <literal>org."
-"jboss.security.srp.SRPService</literal> MBean, and it is responsible for "
-"exposing an RMI accessible version of the SRPServerInterface as well as "
-"updating the SRP authentication session cache. The configurable SRPService "
-"MBean attributes include the following:"
-msgstr ""
-"在 JBoss 的服务器端有两个管理组成 SRP 服务器的对象的 MBean。主要的服务是 <literal>org."
-"jboss.security.srp.SRPService</literal> MBean,它负责开放 SRPServerInterface 的 RMI 版本并更新 SRP 验证会话缓存。可配置的 SRPService "
-"MBean 属性包括:"
+msgid "On the JBoss server side, there are two MBeans that manage the objects that collectively make up the SRP server. The primary service is the <literal>org.jboss.security.srp.SRPService</literal> MBean, and it is responsible for exposing an RMI accessible version of the SRPServerInterface as well as updating the SRP authentication session cache. The configurable SRPService MBean attributes include the following:"
+msgstr "在 JBoss 的服务器端有两个管理组成 SRP 服务器的对象的 MBean。主要的服务是 <literal>org.jboss.security.srp.SRPService</literal> MBean,它负责开放 SRPServerInterface 的 RMI 版本并更新 SRP 验证会话缓存。可配置的 SRPService MBean 属性包括:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1592
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">JndiName</emphasis>: The JNDI name from which the "
-"SRPServerInterface proxy should be available. This is the location where the "
-"<literal>SRPService</literal> binds the serializable dynamic proxy to the "
-"<literal>SRPServerInterface</literal>. If not specified it defaults to "
-"<literal>srp/SRPServerInterface</literal>."
+msgid "<emphasis role=\"bold\">JndiName</emphasis>: The JNDI name from which the SRPServerInterface proxy should be available. This is the location where the <literal>SRPService</literal> binds the serializable dynamic proxy to the <literal>SRPServerInterface</literal>. If not specified it defaults to <literal>srp/SRPServerInterface</literal>."
msgstr "<emphasis role=\"bold\">JndiName</emphasis>:SRPServerInterface 代理所在的 JNDI 名称。这是 <literal>SRPService</literal> 把可序列化动态代理绑定到 <literal>SRPServerInterface</literal> 里的位置。如果没有指定,其缺省值为 <literal>srp/SRPServerInterface</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1597
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">VerifierSourceJndiName</emphasis>: The JNDI name of "
-"the <literal>SRPVerifierSource</literal> implementation that should be used "
-"by the <literal>SRPService</literal>. If not set it defaults to <literal>srp/"
-"DefaultVerifierSource</literal>."
-msgstr ""
-"<emphasis role=\"bold\">VerifierSourceJndiName</emphasis>:<literal>SRPService</literal> 应该使用的 <literal>SRPVerifierSource</literal> 实现的 JNDI 名称。缺省值为 <literal>srp/"
-"DefaultVerifierSource</literal>。"
+msgid "<emphasis role=\"bold\">VerifierSourceJndiName</emphasis>: The JNDI name of the <literal>SRPVerifierSource</literal> implementation that should be used by the <literal>SRPService</literal>. If not set it defaults to <literal>srp/DefaultVerifierSource</literal>."
+msgstr "<emphasis role=\"bold\">VerifierSourceJndiName</emphasis>:<literal>SRPService</literal> 应该使用的 <literal>SRPVerifierSource</literal> 实现的 JNDI 名称。缺省值为 <literal>srp/DefaultVerifierSource</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1602
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">AuthenticationCacheJndiName</emphasis>: The JNDI "
-"name under which the authentication <literal>org.jboss.util.CachePolicy</"
-"literal> implementation to be used for caching authentication information is "
-"bound. The SRP session cache is made available for use through this binding. "
-"If not specified it defaults to <literal>srp/AuthenticationCache</literal>."
-msgstr ""
-"<emphasis role=\"bold\">AuthenticationCacheJndiName</emphasis>:用于缓存验证信息的 <literal>org.jboss.util.CachePolicy</"
-"literal> 实现被绑定的 JNDI 名称。SRP 会话缓存通过这个绑定来被使用。如果没有指定,其缺省值是 <literal>srp/AuthenticationCache</literal>。"
+msgid "<emphasis role=\"bold\">AuthenticationCacheJndiName</emphasis>: The JNDI name under which the authentication <literal>org.jboss.util.CachePolicy</literal> implementation to be used for caching authentication information is bound. The SRP session cache is made available for use through this binding. If not specified it defaults to <literal>srp/AuthenticationCache</literal>."
+msgstr "<emphasis role=\"bold\">AuthenticationCacheJndiName</emphasis>:用于缓存验证信息的 <literal>org.jboss.util.CachePolicy</literal> 实现被绑定的 JNDI 名称。SRP 会话缓存通过这个绑定来被使用。如果没有指定,其缺省值是 <literal>srp/AuthenticationCache</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1607
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">ServerPort</emphasis>: RMI port for the "
-"<literal>SRPRemoteServerInterface</literal>. If not specified it defaults to "
-"10099."
-msgstr ""
-"<emphasis role=\"bold\">ServerPort</emphasis>:<literal>SRPRemoteServerInterface</literal> 的 RMI 端口。如果没有指定,其缺省值是 "
-"10099。"
+msgid "<emphasis role=\"bold\">ServerPort</emphasis>: RMI port for the <literal>SRPRemoteServerInterface</literal>. If not specified it defaults to 10099."
+msgstr "<emphasis role=\"bold\">ServerPort</emphasis>:<literal>SRPRemoteServerInterface</literal> 的 RMI 端口。如果没有指定,其缺省值是 10099。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1612
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">ClientSocketFactory</emphasis>: An optional custom "
-"<literal>java.rmi.server.RMIClientSocketFactory</literal> implementation "
-"class name used during the export of the <literal>SRPServerInterface</"
-"literal>. If not specified the default <literal>RMIClientSocketFactory</"
-"literal> is used."
-msgstr ""
-"<emphasis role=\"bold\">ClientSocketFactory</emphasis>:可选的自定义 "
-"<literal>java.rmi.server.RMIClientSocketFactory</literal> 实现的类名,它在 <literal>SRPServerInterface</"
-"literal> 的导出过程中被使用。如果它"
-"没有指定,将使用缺省的 <literal>RMIClientSocketFactory</literal>。"
+msgid "<emphasis role=\"bold\">ClientSocketFactory</emphasis>: An optional custom <literal>java.rmi.server.RMIClientSocketFactory</literal> implementation class name used during the export of the <literal>SRPServerInterface</literal>. If not specified the default <literal>RMIClientSocketFactory</literal> is used."
+msgstr "<emphasis role=\"bold\">ClientSocketFactory</emphasis>:可选的自定义 <literal>java.rmi.server.RMIClientSocketFactory</literal> 实现的类名,它在 <literal>SRPServerInterface</literal> 的导出过程中被使用。如果它没有指定,将使用缺省的 <literal>RMIClientSocketFactory</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1617
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">ServerSocketFactory</emphasis>: An optional custom "
-"<literal>java.rmi.server.RMIServerSocketFactory</literal> implementation "
-"class name used during the export of the <literal>SRPServerInterface</"
-"literal>. If not specified the default <literal>RMIServerSocketFactory</"
-"literal> is used."
-msgstr ""
-"<emphasis role=\"bold\">ServerSocketFactory</emphasis>:可选的自定义 "
-"<literal>java.rmi.server.RMIServerSocketFactory</literal> 实现的类名,它在 <literal>SRPServerInterface</"
-"literal> 的导出过程中被使用。如果它"
-"没有指定,将使用缺省的 <literal>RMIServerSocketFactory</literal>。"
+msgid "<emphasis role=\"bold\">ServerSocketFactory</emphasis>: An optional custom <literal>java.rmi.server.RMIServerSocketFactory</literal> implementation class name used during the export of the <literal>SRPServerInterface</literal>. If not specified the default <literal>RMIServerSocketFactory</literal> is used."
+msgstr "<emphasis role=\"bold\">ServerSocketFactory</emphasis>:可选的自定义 <literal>java.rmi.server.RMIServerSocketFactory</literal> 实现的类名,它在 <literal>SRPServerInterface</literal> 的导出过程中被使用。如果它没有指定,将使用缺省的 <literal>RMIServerSocketFactory</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1622
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">AuthenticationCacheTimeout</emphasis>: Specifies the "
-"timed cache policy timeout in seconds. If not specified this defaults to "
-"1800 seconds(30 minutes)."
+msgid "<emphasis role=\"bold\">AuthenticationCacheTimeout</emphasis>: Specifies the timed cache policy timeout in seconds. If not specified this defaults to 1800 seconds(30 minutes)."
msgstr "<emphasis role=\"bold\">AuthenticationCacheTimeout</emphasis>:指定缓存策略的超时时间,以秒为单位。缺省值为 1800 秒(30 分钟)。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1627
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">AuthenticationCacheResolution</emphasis>: Specifies "
-"the timed cache policy resolution in seconds. This controls the interval "
-"between checks for timeouts. If not specified this defaults to 60 seconds(1 "
-"minute)."
+msgid "<emphasis role=\"bold\">AuthenticationCacheResolution</emphasis>: Specifies the timed cache policy resolution in seconds. This controls the interval between checks for timeouts. If not specified this defaults to 60 seconds(1 minute)."
msgstr "<emphasis role=\"bold\">AuthenticationCacheResolution</emphasis>:指定以秒为单位的定时缓存策略。它控制检查超时的间隔。如果没有指定,其缺省值是 60 秒(1 分钟)。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1632
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">RequireAuxChallenge</emphasis>: Set if the client "
-"must supply an auxiliary challenge as part of the verify phase. This gives "
-"control over whether the <literal>SRPLoginModule</literal> configuration "
-"used by the client must have the <literal>useAuxChallenge</literal> option "
-"enabled."
+msgid "<emphasis role=\"bold\">RequireAuxChallenge</emphasis>: Set if the client must supply an auxiliary challenge as part of the verify phase. This gives control over whether the <literal>SRPLoginModule</literal> configuration used by the client must have the <literal>useAuxChallenge</literal> option enabled."
msgstr "<emphasis role=\"bold\">RequireAuxChallenge</emphasis>:如果客户端必须提供一个辅助 challenge 来作为验证阶段的一部分,就可以设置这个选项。它控制客户端使用的 <literal>SRPLoginModule</literal> 配置是否必须启用 <literal>useAuxChallenge</literal> 选项。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1637
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">OverwriteSessions</emphasis>: A flag indicating if a "
-"successful user auth for an existing session should overwrite the current "
-"session. This controls the behavior of the server SRP session cache when "
-"clients have not enabled the multiple session per user mode. The default is "
-"false meaning that the second attempt by a user to authentication will "
-"succeed, but the resulting SRP session will not overwrite the previous SRP "
-"session state."
+msgid "<emphasis role=\"bold\">OverwriteSessions</emphasis>: A flag indicating if a successful user auth for an existing session should overwrite the current session. This controls the behavior of the server SRP session cache when clients have not enabled the multiple session per user mode. The default is false meaning that the second attempt by a user to authentication will succeed, but the resulting SRP session will not overwrite the previous SRP session state."
msgstr "<emphasis role=\"bold\">OverwriteSessions</emphasis>:指出现有会话的成功的用户授权是否应该覆盖当前会话。当客户还没有启用每个用户使用多个会话的模式时,这控制了服务器 SRP 会话缓存的行为。缺省值是 false,表示用户第二次验证尝试将会成功,但结果 SRP 会话将不会覆盖前面的 SRP 会话状态。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1642
#, no-c-format
-msgid ""
-"The one input setting is the <literal>VerifierSourceJndiName</literal> "
-"attribute. This is the location of the SRP password information store "
-"implementation that must be provided and made available through JNDI. The "
-"<literal>org.jboss.security.srp SRPVerifierStoreService</literal> is an "
-"example MBean service that binds an implementation of the "
-"<literal>SRPVerifierStore</literal> interface that uses a file of serialized "
-"objects as the persistent store. Although not realistic for a production "
-"environment, it does allow for testing of the SRP protocol and provides an "
-"example of the requirements for an <literal>SRPVerifierStore</literal> "
-"service. The configurable <literal>SRPVerifierStoreService</literal> MBean "
-"attributes include the following:"
+msgid "The one input setting is the <literal>VerifierSourceJndiName</literal> attribute. This is the location of the SRP password information store implementation that must be provided and made available through JNDI. The <literal>org.jboss.security.srp SRPVerifierStoreService</literal> is an example MBean service that binds an implementation of the <literal>SRPVerifierStore</literal> interface that uses a file of serialized objects as the persistent store. Although not realistic for a production environment, it does allow for testing of the SRP protocol and provides an example of the requirements for an <literal>SRPVerifierStore</literal> service. The configurable <literal>SRPVerifierStoreService</literal> MBean attributes include the following:"
msgstr "输入设置是 <literal>VerifierSourceJndiName</literal> 属性。这是 SRP 密码信息库实现的位置,它必须被提供且可通过 JNDI 使用。<literal>org.jboss.security.srp SRPVerifierStoreService</literal> 是一个示例 MBean 服务,它捆绑了把序列化对象作为持久性存储的 <literal>SRPVerifierStore</literal> 接口的实现。对于产品环境里说,这虽然不现实,但它允许对 SRP 协议进行测试并提供了关于 <literal>SRPVerifierStore</literal> 服务的要求的例子。<literal>SRPVerifierStoreService</literal> MBean 的可配置选项包括:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1647
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">JndiName</emphasis>: The JNDI name from which the "
-"<literal>SRPVerifierStore</literal> implementation should be available. If "
-"not specified it defaults to <literal>srp/DefaultVerifierSource</literal>."
+msgid "<emphasis role=\"bold\">JndiName</emphasis>: The JNDI name from which the <literal>SRPVerifierStore</literal> implementation should be available. If not specified it defaults to <literal>srp/DefaultVerifierSource</literal>."
msgstr "<emphasis role=\"bold\">JndiName</emphasis>:<literal>SRPVerifierStore</literal> 实现的 JNDI 名。如果没有指定,缺省值为 <literal>srp/DefaultVerifierSource</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1652
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">StoreFile</emphasis>: The location of the user "
-"password verifier serialized object store file. This can be either a URL or "
-"a resource name to be found in the classpath. If not specified it defaults "
-"to <literal>SRPVerifierStore.ser</literal>."
+msgid "<emphasis role=\"bold\">StoreFile</emphasis>: The location of the user password verifier serialized object store file. This can be either a URL or a resource name to be found in the classpath. If not specified it defaults to <literal>SRPVerifierStore.ser</literal>."
msgstr "<emphasis role=\"bold\">StoreFile</emphasis>:用户密码 Verifier 序列化的对象库文件的位置。这可以是一个 URL 或者 classpath 里找到的资源名。如果没有指定的话,它的缺省值是 <literal>SRPVerifierStore.ser</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1657
#, no-c-format
-msgid ""
-"The <literal>SRPVerifierStoreService</literal> MBean also supports "
-"<literal>addUser</literal> and <literal>delUser</literal> operations for "
-"addition and deletion of users. The signatures are:"
+msgid "The <literal>SRPVerifierStoreService</literal> MBean also supports <literal>addUser</literal> and <literal>delUser</literal> operations for addition and deletion of users. The signatures are:"
msgstr "<literal>SRPVerifierStoreService</literal> MBean 也支持用于添加和删除用户的 <literal>addUser</literal> 和 <literal>delUser</literal> 操作。其签名是:"
#. Tag: programlisting
@@ -6738,12 +4507,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1661
#, no-c-format
-msgid ""
-"An example configuration of these services is presented in <xref linkend="
-"\"Providing_Password_Information_for_SRP-The_SRPVerifierStore_interface\"/>."
-msgstr ""
-"<xref linkend="
-"\"Providing_Password_Information_for_SRP-The_SRPVerifierStore_interface\"/> 里给出了这些服务的配置示例。"
+msgid "An example configuration of these services is presented in <xref linkend=\"Providing_Password_Information_for_SRP-The_SRPVerifierStore_interface\"/>."
+msgstr "<xref linkend=\"Providing_Password_Information_for_SRP-The_SRPVerifierStore_interface\"/> 里给出了这些服务的配置示例。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1665
@@ -6754,18 +4519,12 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1666
#, no-c-format
-msgid ""
-"The default implementation of the <literal>SRPVerifierStore</literal> "
-"interface is not likely to be suitable for your production security "
-"environment as it requires all password hash information to be available as "
-"a file of serialized objects. You need to provide an MBean service that "
-"provides an implementation of the <literal>SRPVerifierStore</literal> "
-"interface that integrates with your existing security information stores. "
-"The <literal>SRPVerifierStore</literal> interface is shown in."
+msgid "The default implementation of the <literal>SRPVerifierStore</literal> interface is not likely to be suitable for your production security environment as it requires all password hash information to be available as a file of serialized objects. You need to provide an MBean service that provides an implementation of the <literal>SRPVerifierStore</literal> interface that integrates with your existing security information stores. The <literal>SRPVerifierStore</literal> interface is shown in."
msgstr "<literal>SRPVerifierStore</literal> 接口的缺省实现不可能适合于你自己的产品环境,因为它要求密码的 hash 信息以序列化对象文件的形式出现。你需要提供一个 MBean 服务,它具有 <literal>SRPVerifierStore</literal> 接口的实现以集成现有的安全信息库。下面是 <literal>SRPVerifierStore</literal> 接口的定义。"
#. Tag: title
-#: J2EE_Security_On_JBOSS.xml:1669, no-c-format
+#: J2EE_Security_On_JBOSS.xml:1669,
+#: no-c-format
msgid "The SRPVerifierStore interface"
msgstr "SRPVerifierStore 接口"
@@ -6791,8 +4550,7 @@
"\n"
" /** The SRP password verifier hash */\n"
" public byte[] verifier;\n"
-" /** The random password salt originally used to verify the password "
-"*/\n"
+" /** The random password salt originally used to verify the password */\n"
" public byte[] salt;\n"
" /** The SRP algorithm primitive generator */\n"
" public byte[] g;\n"
@@ -6843,8 +4601,7 @@
"\n"
" /** The SRP password verifier hash */\n"
" public byte[] verifier;\n"
-" /** The random password salt originally used to verify the password "
-"*/\n"
+" /** The random password salt originally used to verify the password */\n"
" public byte[] salt;\n"
" /** The SRP algorithm primitive generator */\n"
" public byte[] g;\n"
@@ -6880,114 +4637,55 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1671
#, no-c-format
-msgid ""
-"The primary function of a <literal>SRPVerifierStore</literal> implementation "
-"is to provide access to the <literal>SRPVerifierStore.VerifierInfo</literal> "
-"object for a given username. The <literal>getUserVerifier(String)</literal> "
-"method is called by the <literal>SRPService</literal> at that start of a "
-"user SRP session to obtain the parameters needed by the SRP algorithm. The "
-"elements of the <literal>VerifierInfo</literal> objects are:"
+msgid "The primary function of a <literal>SRPVerifierStore</literal> implementation is to provide access to the <literal>SRPVerifierStore.VerifierInfo</literal> object for a given username. The <literal>getUserVerifier(String)</literal> method is called by the <literal>SRPService</literal> at that start of a user SRP session to obtain the parameters needed by the SRP algorithm. The elements of the <literal>VerifierInfo</literal> objects are:"
msgstr "<literal>SRPVerifierStore</literal> 实现的主要功能是提供对给定用户名的 <literal>SRPVerifierStore.VerifierInfo</literal> 对象的访问。<literal>getUserVerifier(String)</literal> 方法在用户 SRP 会话开始时由 <literal>SRPService</literal> 调用以获取 SRP 算法所需的参数。<literal>VerifierInfo</literal> 对象的元素是:"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1676, no-c-format
-msgid ""
-"<emphasis role=\"bold\">username</emphasis>: The user's name or id used "
-"to login."
+#: J2EE_Security_On_JBOSS.xml:1676,
+#: no-c-format
+msgid "<emphasis role=\"bold\">username</emphasis>: The user's name or id used to login."
msgstr "<emphasis role=\"bold\">username</emphasis>:用户的名称或用于登录的 ID。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1681
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">verifier</emphasis>: This is the one-way hash of the "
-"password or PIN the user enters as proof of their identity. The <literal>org."
-"jboss.security.Util</literal> class has a <literal>calculateVerifier</"
-"literal> method that performs that password hashing algorithm. The output "
-"password <literal>H(salt | H(username | ':' | password))</literal> "
-"as defined by RFC2945. Here <literal>H</literal> is the SHA secure hash "
-"function. The username is converted from a string to a <literal>byte[]</"
-"literal> using the UTF-8 encoding."
-msgstr ""
-"<emphasis role=\"bold\">verifier</emphasis>:这是用户输入为其标识符证明的密码或 PIN 的单向 hash。 <literal>org."
-"jboss.security.Util</literal> 类有一个 <literal>calculateVerifier</"
-"literal> 方法,它执行这个密码 hash 算法。输出的密码格式 <literal>H(salt | H(username | ':' | password))</literal> 由 RFC2945 定义。这里的 <literal>H</literal> 是 SHA 的安全 hash 功能。用户名通过 UTF-8 编码从字符串转换到 <literal>byte[]</"
-"literal>。"
+msgid "<emphasis role=\"bold\">verifier</emphasis>: This is the one-way hash of the password or PIN the user enters as proof of their identity. The <literal>org.jboss.security.Util</literal> class has a <literal>calculateVerifier</literal> method that performs that password hashing algorithm. The output password <literal>H(salt | H(username | ':' | password))</literal> as defined by RFC2945. Here <literal>H</literal> is the SHA secure hash function. The username is converted from a string to a <literal>byte[]</literal> using the UTF-8 encoding."
+msgstr "<emphasis role=\"bold\">verifier</emphasis>:这是用户输入为其标识符证明的密码或 PIN 的单向 hash。 <literal>org.jboss.security.Util</literal> 类有一个 <literal>calculateVerifier</literal> 方法,它执行这个密码 hash 算法。输出的密码格式 <literal>H(salt | H(username | ':' | password))</literal> 由 RFC2945 定义。这里的 <literal>H</literal> 是 SHA 的安全 hash 功能。用户名通过 UTF-8 编码从字符串转换到 <literal>byte[]</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1686
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">salt</emphasis>: This is a random number used to "
-"increase the difficulty of a brute force dictionary attack on the verifier "
-"password database in the event that the database is compromised. It is a "
-"value that should be generated from a cryptographically strong random number "
-"algorithm when the user's existing clear-text password is hashed."
+msgid "<emphasis role=\"bold\">salt</emphasis>: This is a random number used to increase the difficulty of a brute force dictionary attack on the verifier password database in the event that the database is compromised. It is a value that should be generated from a cryptographically strong random number algorithm when the user's existing clear-text password is hashed."
msgstr "<emphasis role=\"bold\">salt</emphasis>:这是一个随机数字,在数据库被破解时,它可以增加 brute 强制字典攻击难度。当用户现有的明文密码被 hash 编码时,它应该通过强加密随机数字算法产生。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1691
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">g</emphasis>: The SRP algorithm primitive generator. "
-"In general this can be a well known fixed parameter rather than a per-user "
-"setting. The <literal>org.jboss.security.srp.SRPConf</literal> utility class "
-"provides several settings for g including a good default which can obtained "
-"via <literal>SRPConf.getDefaultParams().g()</literal>."
+msgid "<emphasis role=\"bold\">g</emphasis>: The SRP algorithm primitive generator. In general this can be a well known fixed parameter rather than a per-user setting. The <literal>org.jboss.security.srp.SRPConf</literal> utility class provides several settings for g including a good default which can obtained via <literal>SRPConf.getDefaultParams().g()</literal>."
msgstr "<emphasis role=\"bold\">g</emphasis>:SRP 算法的主生成器。它通常是一个众所周知的固定参数而不是根据每个用户进行设置。<literal>org.jboss.security.srp.SRPConf</literal> 工具类为 g 提供了几组设定,其中包括一个可以通过 <literal>SRPConf.getDefaultParams().g()</literal> 获得的缺省设置。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1696
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">N</emphasis>: The SRP algorithm safe-prime modulus. "
-"In general this can be a well known fixed parameter rather than a per-user "
-"setting. The <literal>org.jboss.security.srp.SRPConf</literal> utility class "
-"provides several settings for <literal>N</literal> including a good default "
-"which can obtained via <literal>SRPConf.getDefaultParams().N()</literal>."
+msgid "<emphasis role=\"bold\">N</emphasis>: The SRP algorithm safe-prime modulus. In general this can be a well known fixed parameter rather than a per-user setting. The <literal>org.jboss.security.srp.SRPConf</literal> utility class provides several settings for <literal>N</literal> including a good default which can obtained via <literal>SRPConf.getDefaultParams().N()</literal>."
msgstr "<emphasis role=\"bold\">N</emphasis>:SRP 算法的 safe-prime 模块。它通常是众所周知的固定参数而不是根据每个用户进行设置。<literal>org.jboss.security.srp.SRPConf</literal> 工具类为 <literal>N</literal> 提供了几组设定,其中包括一个可以通过 <literal>SRPConf.getDefaultParams().N()</literal> 获得的缺省设置。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1701
#, no-c-format
-msgid ""
-"So, step 1 of integrating your existing password store is the creation of a "
-"hashed version of the password information. If your passwords are already "
-"store in an irreversible hashed form, then this can only be done on a per-"
-"user basis as part of an upgrade procedure for example. Note that the "
-"<literal>setUserVerifier(String, VerifierInfo)</literal> method is not used "
-"by the current SRPSerivce and may be implemented as no-op method, or even "
-"one that throws an exception stating that the store is read-only."
+msgid "So, step 1 of integrating your existing password store is the creation of a hashed version of the password information. If your passwords are already store in an irreversible hashed form, then this can only be done on a per-user basis as part of an upgrade procedure for example. Note that the <literal>setUserVerifier(String, VerifierInfo)</literal> method is not used by the current SRPSerivce and may be implemented as no-op method, or even one that throws an exception stating that the store is read-only."
msgstr "所以,集成现有的密码库的第一步是创建密码信息的 hash 版本。如果你的密码已经存储为不可逆的 hash 形式,那么这只能根据每个用户来完成,如作为升级过程的一部分。请注意,当前 SRPSerivce 不使用 <literal>setUserVerifier(String, VerifierInfo)</literal> 方法,它可以实现为 no-op 的方法,甚至抛出异常以表明这个库是只读的。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1704
#, no-c-format
-msgid ""
-"Step 2 is the creation of the custom <literal>SRPVerifierStore</literal> "
-"interface implementation that knows how to obtain the <literal>VerifierInfo</"
-"literal> from the store you created in step 1. The "
-"<literal>verifyUserChallenge(String, Object)</literal> method of the "
-"interface is only called if the client <literal>SRPLoginModule</literal> "
-"configuration specifies the <literal>hasAuxChallenge</literal> option. This "
-"can be used to integrate existing hardware token based schemes like SafeWord "
-"or Radius into the SRP algorithm."
-msgstr ""
-"第二步是创建自定义的 <literal>SRPVerifierStore</literal> 接口实现,它知道如何从第一步里创建的库里获取 <literal>VerifierInfo</"
-"literal>。这个接口的 <literal>verifyUserChallenge(String, Object)</literal> 方法只有在客户 <literal>SRPLoginModule</literal> 配置指定了 <literal>hasAuxChallenge</literal> 选项时才被调用。这可用来把现有的基于硬件令牌的模式如 SafeWord "
-"或 Radius 集成到 SRP 算法里。"
+msgid "Step 2 is the creation of the custom <literal>SRPVerifierStore</literal> interface implementation that knows how to obtain the <literal>VerifierInfo</literal> from the store you created in step 1. The <literal>verifyUserChallenge(String, Object)</literal> method of the interface is only called if the client <literal>SRPLoginModule</literal> configuration specifies the <literal>hasAuxChallenge</literal> option. This can be used to integrate existing hardware token based schemes like SafeWord or Radius into the SRP algorithm."
+msgstr "第二步是创建自定义的 <literal>SRPVerifierStore</literal> 接口实现,它知道如何从第一步里创建的库里获取 <literal>VerifierInfo</literal>。这个接口的 <literal>verifyUserChallenge(String, Object)</literal> 方法只有在客户 <literal>SRPLoginModule</literal> 配置指定了 <literal>hasAuxChallenge</literal> 选项时才被调用。这可用来把现有的基于硬件令牌的模式如 SafeWord 或 Radius 集成到 SRP 算法里。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1707
#, no-c-format
-msgid ""
-"Step 3 is the creation of an MBean that makes the step 2 implementation of "
-"the <literal>SRPVerifierStore</literal> interface available via JNDI, and "
-"exposes any configurable parameters you need. In addition to the default "
-"<literal>org.jboss.security.srp.SRPVerifierStoreService</literal> example, "
-"the SRP example presented later in this chapter provides a Java properties "
-"file based <literal>SRPVerifierStore</literal> implementation. Between the "
-"two examples you should have enough to integrate your security store."
+msgid "Step 3 is the creation of an MBean that makes the step 2 implementation of the <literal>SRPVerifierStore</literal> interface available via JNDI, and exposes any configurable parameters you need. In addition to the default <literal>org.jboss.security.srp.SRPVerifierStoreService</literal> example, the SRP example presented later in this chapter provides a Java properties file based <literal>SRPVerifierStore</literal> implementation. Between the two examples you should have enough to integrate your security store."
msgstr "第三步是创建一个MBean,它使第二步里的 <literal>SRPVerifierStore</literal> 接口实现通过 JNDI 可用,并开放任何可配置的参数。除了缺省的 <literal>org.jboss.security.srp.SRPVerifierStoreService</literal> 例程以外,本章后面的 SRP 例程提供了一个基于 <literal>SRPVerifierStore</literal> 实现的 Java 属性文件。这两个例子应该足够你集成自己的安全库了。"
#. Tag: title
@@ -6999,184 +4697,79 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1715
#, no-c-format
-msgid ""
-"The appeal of the SRP algorithm is that is allows for mutual authentication "
-"of client and server using simple text passwords without a secure "
-"communication channel. You might be wondering how this is done. If you want "
-"the complete details and theory behind the algorithm, refer to the SRP "
-"references mentioned in a note earlier. There are six steps that are "
-"performed to complete authentication:"
+msgid "The appeal of the SRP algorithm is that is allows for mutual authentication of client and server using simple text passwords without a secure communication channel. You might be wondering how this is done. If you want the complete details and theory behind the algorithm, refer to the SRP references mentioned in a note earlier. There are six steps that are performed to complete authentication:"
msgstr "SRP 算法吸引人的地方就是允许用简单的文本密码而无需安全通讯频道来执行客户和服务器的相互验证。你可能想知道这是怎么完成的。如果你需要这个算法背后的完整细节和理论,你可以查看前面提及的 SRP 参考文档。完成验证需要 6 个步骤:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1720
#, no-c-format
-msgid ""
-"The client side <literal>SRPLoginModule</literal> retrieves the "
-"SRPServerInterface instance for the remote authentication server from the "
-"naming service."
+msgid "The client side <literal>SRPLoginModule</literal> retrieves the SRPServerInterface instance for the remote authentication server from the naming service."
msgstr "客户端的 <literal>SRPLoginModule</literal> 从命名服务获取远程验证服务器的 SRPServerInterface 实例。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1725
#, no-c-format
-msgid ""
-"The client side <literal>SRPLoginModule</literal> next requests the SRP "
-"parameters associated with the username attempting the login. There are a "
-"number of parameters involved in the SRP algorithm that must be chosen when "
-"the user password is first transformed into the verifier form used by the "
-"SRP algorithm. Rather than hard-coding the parameters (which could be done "
-"with minimal security risk), the JBossSX implementation allows a user to "
-"retrieve this information as part of the exchange protocol. The "
-"<literal>getSRPParameters(username)</literal> call retrieves the SRP "
-"parameters for the given username."
+msgid "The client side <literal>SRPLoginModule</literal> next requests the SRP parameters associated with the username attempting the login. There are a number of parameters involved in the SRP algorithm that must be chosen when the user password is first transformed into the verifier form used by the SRP algorithm. Rather than hard-coding the parameters (which could be done with minimal security risk), the JBossSX implementation allows a user to retrieve this information as part of the exchange protocol. The <literal>getSRPParameters(username)</literal> call retrieves the SRP parameters for the given username."
msgstr "然后,客户端的 <literal>SRPLoginModule</literal> 请求和尝试登录的用户相关联的 SRP 参数。SRP 算法涉及大量在用户密码第一次转换为 verifier 形式时必需选择参数。JBossSX 实现允许用户把这些信息作为交换协议的一部分获取而不是将参数硬编码(这样的安全风险最小)。<literal>getSRPParameters(username)</literal> 调用获取给定用户名的 SRP 参数。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1730
#, no-c-format
-msgid ""
-"The client side <literal>SRPLoginModule</literal> begins an SRP session by "
-"creating an <literal>SRPClientSession</literal> object using the login "
-"username, clear-text password, and SRP parameters obtained from step 2. The "
-"client then creates a random number A that will be used to build the private "
-"SRP session key. The client then initializes the server side of the SRP "
-"session by invoking the <literal>SRPServerInterface.init</literal> method "
-"and passes in the username and client generated random number <literal>A</"
-"literal>. The server returns its own random number <literal>B</literal>. "
-"This step corresponds to the exchange of public keys."
-msgstr ""
-"客户端的 <literal>SRPLoginModule</literal> 通过用登录用户名、明文密码和从第二步里获得的 SRP 参数创建 <literal>SRPClientSession</literal> 对象开始一个 SRP 会话。客户端然后创建一个随机数字 A,它用于构建私有的 SRP 会话密钥。客户端然后调用 <literal>SRPServerInterface.init</literal> 方法初始化 SRP 会话的服务器端并传入用户名和随机数字 <literal>A</"
-"literal>。服务器返回自己的随机数字 <literal>B</literal>。这个步骤对应公共密钥的交换。"
+msgid "The client side <literal>SRPLoginModule</literal> begins an SRP session by creating an <literal>SRPClientSession</literal> object using the login username, clear-text password, and SRP parameters obtained from step 2. The client then creates a random number A that will be used to build the private SRP session key. The client then initializes the server side of the SRP session by invoking the <literal>SRPServerInterface.init</literal> method and passes in the username and client generated random number <literal>A</literal>. The server returns its own random number <literal>B</literal>. This step corresponds to the exchange of public keys."
+msgstr "客户端的 <literal>SRPLoginModule</literal> 通过用登录用户名、明文密码和从第二步里获得的 SRP 参数创建 <literal>SRPClientSession</literal> 对象开始一个 SRP 会话。客户端然后创建一个随机数字 A,它用于构建私有的 SRP 会话密钥。客户端然后调用 <literal>SRPServerInterface.init</literal> 方法初始化 SRP 会话的服务器端并传入用户名和随机数字 <literal>A</literal>。服务器返回自己的随机数字 <literal>B</literal>。这个步骤对应公共密钥的交换。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1735
#, no-c-format
-msgid ""
-"The client side <literal>SRPLoginModule</literal> obtains the private SRP "
-"session key that has been generated as a result of the previous messages "
-"exchanges. This is saved as a private credential in the login "
-"<literal>Subject</literal>. The server challenge response <literal>M2</"
-"literal> from step 4 is verified by invoking the <literal>SRPClientSession."
-"verify</literal> method. If this succeeds, mutual authentication of the "
-"client to server, and server to client have been completed. The client side "
-"<literal>SRPLoginModule</literal> next creates a challenge <literal>M1</"
-"literal> to the server by invoking <literal>SRPClientSession.response</"
-"literal> method passing the server random number <literal>B</literal> as an "
-"argument. This challenge is sent to the server via the "
-"<literal>SRPServerInterface.verify</literal> method and server's "
-"response is saved as <literal>M2</literal>. This step corresponds to an "
-"exchange of challenges. At this point the server has verified that the user "
-"is who they say they are."
-msgstr ""
-"客户端的 <literal>SRPLoginModule</literal> 获取前面的消息交换所生成的私有 SRP 会话密钥。这被存储为登录 <literal>Subject</literal> 里的私有 credential。步骤 4 里的服务器的 challenge 响应 <literal>M2</"
-"literal> 通过 <literal>SRPClientSession."
-"verify</literal> 方法调用来验证。如果成功,客户到服务器和服务器到客户的相互验证就已经完成了。客户端的 <literal>SRPLoginModule</literal> 然后调用 <literal>SRPClientSession.response</"
-"literal> 方法并传入参数 <literal>B</literal> 为服务器创建一个 challenge <literal>M1</"
-"literal>。这个 challenge 通过 <literal>SRPServerInterface.verify</literal> 方法被送往服务器,服务器的响应被存储为 <literal>M2</literal>。这个步骤对应 challenge 的交换。此时,服务器已经验证了用户的身份。"
+msgid "The client side <literal>SRPLoginModule</literal> obtains the private SRP session key that has been generated as a result of the previous messages exchanges. This is saved as a private credential in the login <literal>Subject</literal>. The server challenge response <literal>M2</literal> from step 4 is verified by invoking the <literal>SRPClientSession.verify</literal> method. If this succeeds, mutual authentication of the client to server, and server to client have been completed. The client side <literal>SRPLoginModule</literal> next creates a challenge <literal>M1</literal> to the server by invoking <literal>SRPClientSession.response</literal> method passing the server random number <literal>B</literal> as an argument. This challenge is sent to the server via the <literal>SRPServerInterface.verify</literal> method and server's response is saved as <literal>M2</literal>. This step corresponds to an exchange of challenges. At this point the server has verified t!
hat the user is who they say they are."
+msgstr "客户端的 <literal>SRPLoginModule</literal> 获取前面的消息交换所生成的私有 SRP 会话密钥。这被存储为登录 <literal>Subject</literal> 里的私有 credential。步骤 4 里的服务器的 challenge 响应 <literal>M2</literal> 通过 <literal>SRPClientSession.verify</literal> 方法调用来验证。如果成功,客户到服务器和服务器到客户的相互验证就已经完成了。客户端的 <literal>SRPLoginModule</literal> 然后调用 <literal>SRPClientSession.response</literal> 方法并传入参数 <literal>B</literal> 为服务器创建一个 challenge <literal>M1</literal>。这个 challenge 通过 <literal>SRPServerInterface.verify</literal> 方法被送往服务器,服务器的响应被存储为 <literal>M2</literal>。这个步骤对应 challenge 的交换。此时,服务器已经验证了用户的身份。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1740
#, no-c-format
-msgid ""
-"The client side <literal>SRPLoginModule</literal> saves the login username "
-"and <literal>M1</literal> challenge into the <literal>LoginModule</literal> "
-"sharedState map. This is used as the Principal name and credentials by the "
-"standard JBoss <literal>ClientLoginModule</literal>. The <literal>M1</"
-"literal> challenge is used in place of the password as proof of identity on "
-"any method invocations on J2EE components. The <literal>M1</literal> "
-"challenge is a cryptographically strong hash associated with the SRP "
-"session. Its interception via a third partly cannot be used to obtain the "
-"user's password."
-msgstr ""
-"客户端的 <literal>SRPLoginModule</literal> 把登录用户名和 <literal>M1</literal> challenge 保存到 <literal>LoginModule</literal> 的 sharedState 表里。这被标准的 JBoss <literal>ClientLoginModule</literal> 用作 Principal 名和 credential。<literal>M1</"
-"literal> challenge 替代密码作为 J2EE 组件的任何方法调用里的标识符的证明。<literal>M1</literal> "
-"challenge 是一个和 SRP 会话关联的强加密的 hash 值。不能用通过第三方的拦截来获取用户的密码。"
+msgid "The client side <literal>SRPLoginModule</literal> saves the login username and <literal>M1</literal> challenge into the <literal>LoginModule</literal> sharedState map. This is used as the Principal name and credentials by the standard JBoss <literal>ClientLoginModule</literal>. The <literal>M1</literal> challenge is used in place of the password as proof of identity on any method invocations on J2EE components. The <literal>M1</literal> challenge is a cryptographically strong hash associated with the SRP session. Its interception via a third partly cannot be used to obtain the user's password."
+msgstr "客户端的 <literal>SRPLoginModule</literal> 把登录用户名和 <literal>M1</literal> challenge 保存到 <literal>LoginModule</literal> 的 sharedState 表里。这被标准的 JBoss <literal>ClientLoginModule</literal> 用作 Principal 名和 credential。<literal>M1</literal> challenge 替代密码作为 J2EE 组件的任何方法调用里的标识符的证明。<literal>M1</literal> challenge 是一个和 SRP 会话关联的强加密的 hash 值。不能用通过第三方的拦截来获取用户的密码。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1745
#, no-c-format
-msgid ""
-"At the end of this authentication protocol, the SRPServerSession has been "
-"placed into the SRPService authentication cache for subsequent use by the "
-"<literal>SRPCacheLoginModule</literal>."
+msgid "At the end of this authentication protocol, the SRPServerSession has been placed into the SRPService authentication cache for subsequent use by the <literal>SRPCacheLoginModule</literal>."
msgstr "在验证协议的最后,SRPServerSession 已经放入了 SRPService 的验证缓存,之后以供 <literal>SRPCacheLoginModule</literal> 使用。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1750
#, no-c-format
-msgid ""
-"Although SRP has many interesting properties, it is still an evolving "
-"component in the JBossSX framework and has some limitations of which you "
-"should be aware. Issues of note include the following:"
+msgid "Although SRP has many interesting properties, it is still an evolving component in the JBossSX framework and has some limitations of which you should be aware. Issues of note include the following:"
msgstr "虽然 SRP 具有许多令人感兴趣的属性,它仍然是 JBossSX 框架里一个正在改进的组件,你应该意识到它的一些局限性,其中包括:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1755
#, no-c-format
-msgid ""
-"Because of how JBoss detaches the method transport protocol from the "
-"component container where authentication is performed, an unauthorized user "
-"could snoop the SRP <literal>M1</literal> challenge and effectively use the "
-"challenge to make requests as the associated username. Custom interceptors "
-"that encrypt the challenge using the SRP session key can be used to prevent "
-"this issue."
+msgid "Because of how JBoss detaches the method transport protocol from the component container where authentication is performed, an unauthorized user could snoop the SRP <literal>M1</literal> challenge and effectively use the challenge to make requests as the associated username. Custom interceptors that encrypt the challenge using the SRP session key can be used to prevent this issue."
msgstr "由于 JBoss 把方法传输协议从执行验证所在组件容器中分离出来,未授权的用户可以调查 SRP <literal>M1</literal> challenge 并有效地使用它来把请求作为相关用户名。自定义的使用 SRP 会话密钥加密 challenge 的拦截器可以用于防止这样的问题。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1760
#, no-c-format
-msgid ""
-"The SRPService maintains a cache of SRP sessions that time out after a "
-"configurable period. Once they time out, any subsequent J2EE component "
-"access will fail because there is currently no mechanism for transparently "
-"renegotiating the SRP authentication credentials. You must either set the "
-"authentication cache timeout very long (up to 2,147,483,647 seconds, or "
-"approximately 68 years), or handle re-authentication in your code on failure."
+msgid "The SRPService maintains a cache of SRP sessions that time out after a configurable period. Once they time out, any subsequent J2EE component access will fail because there is currently no mechanism for transparently renegotiating the SRP authentication credentials. You must either set the authentication cache timeout very long (up to 2,147,483,647 seconds, or approximately 68 years), or handle re-authentication in your code on failure."
msgstr "SRPService 维护了一个 SRP 会话的缓存,它有指定的过期时间。一旦超时,任何随后的 J2EE 组件访问都会失败,因为目前没有机制可以透明地重新协商 SRP 验证的 credential。你必须把验证缓存过期时间设置得很长(最长为 2,147,483,647 秒,也就是约 68 年),或者用自己的代码处理重验证。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1765
#, no-c-format
-msgid ""
-"By default there can only be one SRP session for a given username. Because "
-"the negotiated SRP session produces a private session key that can be used "
-"for encryption/decryption between the client and server, the session is "
-"effectively a stateful one. JBoss supports for multiple SRP sessions per "
-"user, but you cannot encrypt data with one session key and then decrypt it "
-"with another."
+msgid "By default there can only be one SRP session for a given username. Because the negotiated SRP session produces a private session key that can be used for encryption/decryption between the client and server, the session is effectively a stateful one. JBoss supports for multiple SRP sessions per user, but you cannot encrypt data with one session key and then decrypt it with another."
msgstr "在缺省情况下,每个用户名只对应一个 SRP 会话。因为 SRP 会话产生一个可用于在客户和服务器间加密/解密的私有会话密钥,这个会话实质上是一个有状态的会话。JBoss 支持一个用户对应多个 SRP 会话,但你不能用一个会话密钥加密数据而用另外一个进行解密。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1770
#, no-c-format
-msgid ""
-"To use end-to-end SRP authentication for J2EE component calls, you need to "
-"configure the security domain under which the components are secured to use "
-"the <literal>org.jboss.security.srp.jaas.SRPCacheLoginModule</literal>. The "
-"<literal>SRPCacheLoginModule</literal> has a single configuration option "
-"named <literal>cacheJndiName</literal> that sets the JNDI location of the "
-"SRP authentication <literal>CachePolicy</literal> instance. This must "
-"correspond to the <literal>AuthenticationCacheJndiName</literal> attribute "
-"value of the <literal>SRPService</literal> MBean. The "
-"<literal>SRPCacheLoginModule</literal> authenticates user credentials by "
-"obtaining the client challenge from the <literal>SRPServerSession</literal> "
-"object in the authentication cache and comparing this to the challenge "
-"passed as the user credentials. <xref linkend=\"Inside_of_the_SRP_algorithm-"
-"A_sequence_diagram_illustrating_the_interaction_of_the_SRPCacheLoginModule_with_the_SRP_session_cache."
-"\"/> illustrates the operation of the SRPCacheLoginModule.login method "
-"implementation."
-msgstr ""
-"为了使用 J2EE 组件调用的 end-to-end SRP 验证,你需要配置设置组件安全性以使用 <literal>org.jboss.security.srp.jaas.SRPCacheLoginModule</literal> 所基于的安全域。<literal>SRPCacheLoginModule</literal> 有一个配置选项 <literal>cacheJndiName</literal>,它设置 SRP 验证的 <literal>CachePolicy</literal> 实例的 JNDI 位置。这必须对应 <literal>SRPService</literal> MBean 的 <literal>AuthenticationCacheJndiName</literal> 属性。<literal>SRPCacheLoginModule</literal> 通过获取验证缓存里的 <literal>SRPServerSession</literal> 对象的客户端 challenge 并和作为用户 credential 传入的 challenge 进行比较以验证用户 credential。<xref linkend=\"Inside_of_the_SRP_algorithm-"
-"A_sequence_diagram_illustrating_the_interaction_of_the_SRPCacheLoginModule_with_the_SRP_session_cache."
-"\"/> 解释了 SRPCacheLoginModule.login 方法实现的操作。"
+msgid "To use end-to-end SRP authentication for J2EE component calls, you need to configure the security domain under which the components are secured to use the <literal>org.jboss.security.srp.jaas.SRPCacheLoginModule</literal>. The <literal>SRPCacheLoginModule</literal> has a single configuration option named <literal>cacheJndiName</literal> that sets the JNDI location of the SRP authentication <literal>CachePolicy</literal> instance. This must correspond to the <literal>AuthenticationCacheJndiName</literal> attribute value of the <literal>SRPService</literal> MBean. The <literal>SRPCacheLoginModule</literal> authenticates user credentials by obtaining the client challenge from the <literal>SRPServerSession</literal> object in the authentication cache and comparing this to the challenge passed as the user credentials. <xref linkend=\"Inside_of_the_SRP_algorithm-A_sequence_diagram_illustrating_the_interaction_of_the_SRPCacheLoginModule_with_the_SRP_session_cache.\"/> illus!
trates the operation of the SRPCacheLoginModule.login method implementation."
+msgstr "为了使用 J2EE 组件调用的 end-to-end SRP 验证,你需要配置设置组件安全性以使用 <literal>org.jboss.security.srp.jaas.SRPCacheLoginModule</literal> 所基于的安全域。<literal>SRPCacheLoginModule</literal> 有一个配置选项 <literal>cacheJndiName</literal>,它设置 SRP 验证的 <literal>CachePolicy</literal> 实例的 JNDI 位置。这必须对应 <literal>SRPService</literal> MBean 的 <literal>AuthenticationCacheJndiName</literal> 属性。<literal>SRPCacheLoginModule</literal> 通过获取验证缓存里的 <literal>SRPServerSession</literal> 对象的客户端 challenge 并和作为用户 credential 传入的 challenge 进行比较以验证用户 credential。<xref linkend=\"Inside_of_the_SRP_algorithm-A_sequence_diagram_illustrating_the_interaction_of_the_SRPCacheLoginModule_with_the_SRP_session_cache.\"/> 解释了 SRPCacheLoginModule.login 方法实现的操作。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1774
#, no-c-format
-msgid ""
-"A sequence diagram illustrating the interaction of the SRPCacheLoginModule "
-"with the SRP session cache."
+msgid "A sequence diagram illustrating the interaction of the SRPCacheLoginModule with the SRP session cache."
msgstr "解释 SRPCacheLoginModule 和 SRP 会话缓存间的交互的序列图。"
#. Tag: title
@@ -7188,25 +4781,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1783
#, no-c-format
-msgid ""
-"We have covered quite a bit of material on SRP and now its time to "
-"demonstrate SRP in practice with an example. The example demonstrates client "
-"side authentication of the user via SRP as well as subsequent secured access "
-"to a simple EJB using the SRP session challenge as the user credential. The "
-"test code deploys an EJB JAR that includes a SAR for the configuration of "
-"the server side login module configuration and SRP services. As in the "
-"previous examples we will dynamically install the server side login module "
-"configuration using the <literal>SecurityConfig</literal> MBean. In this "
-"example we also use a custom implementation of the "
-"<literal>SRPVerifierStore</literal> interface that uses an in memory store "
-"that is seeded from a Java properties file rather than a serialized object "
-"store as used by the <literal>SRPVerifierStoreService</literal>. This custom "
-"service is <literal>org.jboss.book.security.ex3.service."
-"PropertiesVerifierStore</literal>. The following shows the contents of the "
-"JAR that contains the example EJB and SRP services."
-msgstr ""
-"我们已经介绍了 SRP 的一些相关内容,现在我们通过一个例子来演示 SRP 的应用。这个例子演示了客户端通过 SRP 验证用户以及把 SRP channenge 作为用户的 credential 来访问一个简单的 EJB。测试代码部署在一个 EJB JAR 文件里,它包括配置服务器端登录模块和 SRP 服务的 SAR 文件。和前面的例子一样,我们将用 <literal>SecurityConfig</literal> MBean 动态地安装服务器端的登录模块配置。在这个例子里,我们也使用一个自定义的 <literal>SRPVerifierStore</literal> 接口实现,它使用源自 Java 属性文件的 In-memory 的存储而不是 <literal>SRPVerifierStoreService</literal> 所使用的序列化的对象库。这个自定义服务是 <literal>org.jboss.book.security.ex3.service."
-"PropertiesVerifierStore</literal>。下面是包含示例 EJB 和 SRP 服务的 JAR 的内容。"
+msgid "We have covered quite a bit of material on SRP and now its time to demonstrate SRP in practice with an example. The example demonstrates client side authentication of the user via SRP as well as subsequent secured access to a simple EJB using the SRP session challenge as the user credential. The test code deploys an EJB JAR that includes a SAR for the configuration of the server side login module configuration and SRP services. As in the previous examples we will dynamically install the server side login module configuration using the <literal>SecurityConfig</literal> MBean. In this example we also use a custom implementation of the <literal>SRPVerifierStore</literal> interface that uses an in memory store that is seeded from a Java properties file rather than a serialized object store as used by the <literal>SRPVerifierStoreService</literal>. This custom service is <literal>org.jboss.book.security.ex3.service.PropertiesVerifierStore</literal>. The following shows th!
e contents of the JAR that contains the example EJB and SRP services."
+msgstr "我们已经介绍了 SRP 的一些相关内容,现在我们通过一个例子来演示 SRP 的应用。这个例子演示了客户端通过 SRP 验证用户以及把 SRP channenge 作为用户的 credential 来访问一个简单的 EJB。测试代码部署在一个 EJB JAR 文件里,它包括配置服务器端登录模块和 SRP 服务的 SAR 文件。和前面的例子一样,我们将用 <literal>SecurityConfig</literal> MBean 动态地安装服务器端的登录模块配置。在这个例子里,我们也使用一个自定义的 <literal>SRPVerifierStore</literal> 接口实现,它使用源自 Java 属性文件的 In-memory 的存储而不是 <literal>SRPVerifierStoreService</literal> 所使用的序列化的对象库。这个自定义服务是 <literal>org.jboss.book.security.ex3.service.PropertiesVerifierStore</literal>。下面是包含示例 EJB 和 SRP 服务的 JAR 的内容。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1786
@@ -7237,25 +4813,12 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1787
#, no-c-format
-msgid ""
-"The key SRP related items in this example are the SRP MBean services "
-"configuration, and the SRP login module configurations. The <literal>jboss-"
-"service.xml</literal> descriptor of the <literal>security-ex3.sar</literal> "
-"is given in <xref linkend=\"An_SRP_example-The_security_ex3."
-"sar_jboss_service.xml_descriptor_for_the_SRP_services\"/>, while <xref "
-"linkend=\"An_SRP_example-The_client_side_standard_JAAS_configuration\"/> and "
-"<xref linkend=\"An_SRP_example-The_server_side_XMLLoginConfig_configuration"
-"\"/> give the example client side and server side login module "
-"configurations."
-msgstr ""
-"这个例子里和 SRP 相关的关键部分是 SRP MBean 服务配置,以及 SRP 登录模块配置。<xref linkend=\"An_SRP_example-The_security_ex3."
-"sar_jboss_service.xml_descriptor_for_the_SRP_services\"/> 里给出了 <literal>security-ex3.sar</literal> 的 <literal>jboss-"
-"service.xml</literal> 描述符,而 <xref "
-"linkend=\"An_SRP_example-The_client_side_standard_JAAS_configuration\"/> 和 <xref linkend=\"An_SRP_example-The_server_side_XMLLoginConfig_configuration"
-"\"/> 给出了一个客户端和服务器端登录模块配置的例子。"
+msgid "The key SRP related items in this example are the SRP MBean services configuration, and the SRP login module configurations. The <literal>jboss-service.xml</literal> descriptor of the <literal>security-ex3.sar</literal> is given in <xref linkend=\"An_SRP_example-The_security_ex3.sar_jboss_service.xml_descriptor_for_the_SRP_services\"/>, while <xref linkend=\"An_SRP_example-The_client_side_standard_JAAS_configuration\"/> and <xref linkend=\"An_SRP_example-The_server_side_XMLLoginConfig_configuration\"/> give the example client side and server side login module configurations."
+msgstr "这个例子里和 SRP 相关的关键部分是 SRP MBean 服务配置,以及 SRP 登录模块配置。<xref linkend=\"An_SRP_example-The_security_ex3.sar_jboss_service.xml_descriptor_for_the_SRP_services\"/> 里给出了 <literal>security-ex3.sar</literal> 的 <literal>jboss-service.xml</literal> 描述符,而 <xref linkend=\"An_SRP_example-The_client_side_standard_JAAS_configuration\"/> 和 <xref linkend=\"An_SRP_example-The_server_side_XMLLoginConfig_configuration\"/> 给出了一个客户端和服务器端登录模块配置的例子。"
#. Tag: title
-#: J2EE_Security_On_JBOSS.xml:1790, no-c-format
+#: J2EE_Security_On_JBOSS.xml:1790,
+#: no-c-format
msgid "The security-ex3.sar jboss-service.xml descriptor for the SRP services"
msgstr "用于 SRP 服务的 security-ex3.sar jboss-service.xml 描述符"
@@ -7270,36 +4833,26 @@
"\n"
" <mbean code=\"org.jboss.book.security.service.SecurityConfig\" \n"
" name=\"jboss.docs.security:service=LoginConfig-EX3\">\n"
-" <attribute name=\"AuthConfig\">META-INF/login-config.xml</"
-"attribute>\n"
-" <attribute name=\"SecurityConfigName\">jboss.security:"
-"name=SecurityConfig</attribute>\n"
+" <attribute name=\"AuthConfig\">META-INF/login-config.xml</attribute>\n"
+" <attribute name=\"SecurityConfigName\">jboss.security:name=SecurityConfig</attribute>\n"
" </mbean>\n"
"\n"
-" <!-- The SRP service that provides the SRP RMI server and server "
-"side\n"
+" <!-- The SRP service that provides the SRP RMI server and server side\n"
" authentication cache -->\n"
" <mbean code=\"org.jboss.security.srp.SRPService\" \n"
" name=\"jboss.docs.security:service=SRPService\">\n"
-" <attribute name=\"VerifierSourceJndiName\">srp-test/security-"
-"ex3</attribute>\n"
-" <attribute name=\"JndiName\">srp-test/SRPServerInterface</"
-"attribute>\n"
-" <attribute name=\"AuthenticationCacheJndiName\">srp-test/"
-"AuthenticationCache</attribute>\n"
+" <attribute name=\"VerifierSourceJndiName\">srp-test/security-ex3</attribute>\n"
+" <attribute name=\"JndiName\">srp-test/SRPServerInterface</attribute>\n"
+" <attribute name=\"AuthenticationCacheJndiName\">srp-test/AuthenticationCache</attribute>\n"
" <attribute name=\"ServerPort\">0</attribute>\n"
-" <depends>jboss.docs.security:"
-"service=PropertiesVerifierStore</depends>\n"
+" <depends>jboss.docs.security:service=PropertiesVerifierStore</depends>\n"
" </mbean>\n"
"\n"
-" <!-- The SRP store handler service that provides the user password "
-"verifier\n"
+" <!-- The SRP store handler service that provides the user password verifier\n"
" information -->\n"
-" <mbean code=\"org.jboss.security.ex3.service.PropertiesVerifierStore"
-"\"\n"
+" <mbean code=\"org.jboss.security.ex3.service.PropertiesVerifierStore\"\n"
" name=\"jboss.docs.security:service=PropertiesVerifierStore\">\n"
-" <attribute name=\"JndiName\">srp-test/security-ex3</"
-"attribute>\n"
+" <attribute name=\"JndiName\">srp-test/security-ex3</attribute>\n"
" </mbean>\n"
"</server>"
msgstr ""
@@ -7310,36 +4863,26 @@
"\n"
" <mbean code=\"org.jboss.book.security.service.SecurityConfig\" \n"
" name=\"jboss.docs.security:service=LoginConfig-EX3\">\n"
-" <attribute name=\"AuthConfig\">META-INF/login-config.xml</"
-"attribute>\n"
-" <attribute name=\"SecurityConfigName\">jboss.security:"
-"name=SecurityConfig</attribute>\n"
+" <attribute name=\"AuthConfig\">META-INF/login-config.xml</attribute>\n"
+" <attribute name=\"SecurityConfigName\">jboss.security:name=SecurityConfig</attribute>\n"
" </mbean>\n"
"\n"
-" <!-- The SRP service that provides the SRP RMI server and server "
-"side\n"
+" <!-- The SRP service that provides the SRP RMI server and server side\n"
" authentication cache -->\n"
" <mbean code=\"org.jboss.security.srp.SRPService\" \n"
" name=\"jboss.docs.security:service=SRPService\">\n"
-" <attribute name=\"VerifierSourceJndiName\">srp-test/security-"
-"ex3</attribute>\n"
-" <attribute name=\"JndiName\">srp-test/SRPServerInterface</"
-"attribute>\n"
-" <attribute name=\"AuthenticationCacheJndiName\">srp-test/"
-"AuthenticationCache</attribute>\n"
+" <attribute name=\"VerifierSourceJndiName\">srp-test/security-ex3</attribute>\n"
+" <attribute name=\"JndiName\">srp-test/SRPServerInterface</attribute>\n"
+" <attribute name=\"AuthenticationCacheJndiName\">srp-test/AuthenticationCache</attribute>\n"
" <attribute name=\"ServerPort\">0</attribute>\n"
-" <depends>jboss.docs.security:"
-"service=PropertiesVerifierStore</depends>\n"
+" <depends>jboss.docs.security:service=PropertiesVerifierStore</depends>\n"
" </mbean>\n"
"\n"
-" <!-- The SRP store handler service that provides the user password "
-"verifier\n"
+" <!-- The SRP store handler service that provides the user password verifier\n"
" information -->\n"
-" <mbean code=\"org.jboss.security.ex3.service.PropertiesVerifierStore"
-"\"\n"
+" <mbean code=\"org.jboss.security.ex3.service.PropertiesVerifierStore\"\n"
" name=\"jboss.docs.security:service=PropertiesVerifierStore\">\n"
-" <attribute name=\"JndiName\">srp-test/security-ex3</"
-"attribute>\n"
+" <attribute name=\"JndiName\">srp-test/security-ex3</attribute>\n"
" </mbean>\n"
"</server>"
@@ -7385,113 +4928,52 @@
msgid ""
"<application-policy name=\"security-ex3\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.srp.jaas."
-"SRPCacheLoginModule\"\n"
+" <login-module code=\"org.jboss.security.srp.jaas.SRPCacheLoginModule\"\n"
" flag = \"required\">\n"
-" <module-option name=\"cacheJndiName\">srp-test/"
-"AuthenticationCache</module-option>\n"
+" <module-option name=\"cacheJndiName\">srp-test/AuthenticationCache</module-option>\n"
" </login-module>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\"\n"
" flag = \"required\">\n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
msgstr ""
"<application-policy name=\"security-ex3\">\n"
" <authentication>\n"
-" <login-module code=\"org.jboss.security.srp.jaas."
-"SRPCacheLoginModule\"\n"
+" <login-module code=\"org.jboss.security.srp.jaas.SRPCacheLoginModule\"\n"
" flag = \"required\">\n"
-" <module-option name=\"cacheJndiName\">srp-test/"
-"AuthenticationCache</module-option>\n"
+" <module-option name=\"cacheJndiName\">srp-test/AuthenticationCache</module-option>\n"
" </login-module>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
+" <login-module code=\"org.jboss.security.auth.spi.UsersRolesLoginModule\"\n"
" flag = \"required\">\n"
-" <module-option name=\"password-stacking\">useFirstPass</"
-"module-option>\n"
+" <module-option name=\"password-stacking\">useFirstPass</module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1796, no-c-format
-msgid ""
-"The example services are the <literal>ServiceConfig</literal> and the "
-"<literal>PropertiesVerifierStore</literal> and <literal>SRPService</literal> "
-"MBeans. Note that the <literal>JndiName</literal> attribute of the "
-"<literal>PropertiesVerifierStore</literal> is equal to the "
-"<literal>VerifierSourceJndiName</literal> attribute of the "
-"<literal>SRPService</literal>, and that the <literal>SRPService</literal> "
-"depends on the <literal>PropertiesVerifierStore</literal>. This is required "
-"because the <literal>SRPService</literal> needs an implementation of the "
-"<literal>SRPVerifierStore</literal> interface for accessing user password "
-"verification information."
+#: J2EE_Security_On_JBOSS.xml:1796,
+#: no-c-format
+msgid "The example services are the <literal>ServiceConfig</literal> and the <literal>PropertiesVerifierStore</literal> and <literal>SRPService</literal> MBeans. Note that the <literal>JndiName</literal> attribute of the <literal>PropertiesVerifierStore</literal> is equal to the <literal>VerifierSourceJndiName</literal> attribute of the <literal>SRPService</literal>, and that the <literal>SRPService</literal> depends on the <literal>PropertiesVerifierStore</literal>. This is required because the <literal>SRPService</literal> needs an implementation of the <literal>SRPVerifierStore</literal> interface for accessing user password verification information."
msgstr "示例服务是 <literal>ServiceConfig</literal>、<literal>PropertiesVerifierStore</literal> 和 <literal>SRPService</literal> MBean。请注意,<literal>PropertiesVerifierStore</literal> 的 <literal>JndiName</literal> 属性和 <literal>SRPService</literal> 的 <literal>VerifierSourceJndiName</literal> 属性相等,且 <literal>SRPService</literal> 依赖于 <literal>PropertiesVerifierStore</literal>。这是必需的,因为 <literal>SRPService</literal> 需要一个 <literal>SRPVerifierStore</literal> 接口的实现来访问用户密码检验信息。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1799
#, no-c-format
-msgid ""
-"The client side login module configuration makes use of the "
-"<literal>SRPLoginModule</literal> with a <literal>srpServerJndiName</"
-"literal> option value that corresponds to the JBoss server component "
-"<literal>SRPService</literal> JndiName attribute value(<literal>srp-test/"
-"SRPServerInterface</literal>). Also needed is the "
-"<literal>ClientLoginModule</literal> configured with the <literal>password-"
-"stacking=\"useFirstPass\"</literal> value to propagate the user "
-"authentication credentials generated by the <literal>SRPLoginModule</"
-"literal> to the EJB invocation layer."
-msgstr ""
-"客户端登录模块配置利用带有对应 JBoss 服务器组件 <literal>SRPService</literal> JndiName 属性值(<literal>srp-test/"
-"SRPServerInterface</literal>)的 <literal>srpServerJndiName</"
-"literal> 选项值的 <literal>SRPLoginModule</literal>。使用"
-" <literal>password-"
-"stacking=\"useFirstPass\"</literal> 配置来把 <literal>SRPLoginModule</"
-"literal> 生成的用户验证"
-" credential 传递给 EJB 调用层的 <literal>ClientLoginModule</literal> 也是必需的。"
+msgid "The client side login module configuration makes use of the <literal>SRPLoginModule</literal> with a <literal>srpServerJndiName</literal> option value that corresponds to the JBoss server component <literal>SRPService</literal> JndiName attribute value(<literal>srp-test/SRPServerInterface</literal>). Also needed is the <literal>ClientLoginModule</literal> configured with the <literal>password-stacking=\"useFirstPass\"</literal> value to propagate the user authentication credentials generated by the <literal>SRPLoginModule</literal> to the EJB invocation layer."
+msgstr "客户端登录模块配置利用带有对应 JBoss 服务器组件 <literal>SRPService</literal> JndiName 属性值(<literal>srp-test/SRPServerInterface</literal>)的 <literal>srpServerJndiName</literal> 选项值的 <literal>SRPLoginModule</literal>。使用 <literal>password-stacking=\"useFirstPass\"</literal> 配置来把 <literal>SRPLoginModule</literal> 生成的用户验证 credential 传递给 EJB 调用层的 <literal>ClientLoginModule</literal> 也是必需的。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1802
#, no-c-format
-msgid ""
-"There are two issues to note about the server side login module "
-"configuration. First, note the <literal>cacheJndiName=srp-test/"
-"AuthenticationCache</literal> configuration option tells the "
-"<literal>SRPCacheLoginModule</literal> the location of the "
-"<literal>CachePolicy</literal> that contains the <literal>SRPServerSession</"
-"literal> for users who have authenticated against the <literal>SRPService</"
-"literal>. This value corresponds to the <literal>SRPService</"
-"literal><literal>AuthenticationCacheJndiName</literal> attribute value. "
-"Second, the configuration includes a <literal>UsersRolesLoginModule</"
-"literal> with the <literal>password-stacking=useFirstPass</literal> "
-"configuration option. It is required to use a second login module with the "
-"<literal>SRPCacheLoginModule</literal> because SRP is only an authentication "
-"technology. A second login module needs to be configured that accepts the "
-"authentication credentials validated by the <literal>SRPCacheLoginModule</"
-"literal> to set the principal's roles that determines the principal'"
-"s permissions. The <literal>UsersRolesLoginModule</literal> is augmenting "
-"the SRP authentication with properties file based authorization. The "
-"user's roles are coming the <literal>roles.properties</literal> file "
-"included in the EJB JAR."
-msgstr ""
-"关于服务器端的登录模块,有两件事情需要注意。首先,请注意 <literal>cacheJndiName=srp-test/"
-"AuthenticationCache</literal> 配置选项,它把包含已经针对 <literal>SRPService</"
-"literal> 进行了验证的用户的 <literal>SRPServerSession</"
-"literal> 的 <literal>CachePolicy</literal> 的位置告诉 <literal>SRPCacheLoginModule</literal>。这个值对应 <literal>SRPService</"
-"literal> 的 <literal>AuthenticationCacheJndiName</literal> 属性值。其次,这个配置包括带有 <literal>password-stacking=useFirstPass</literal> 配置选项的 <literal>UsersRolesLoginModule</"
-"literal>。因为 SRP 只是一个验证技术,它被要求使用带有 <literal>SRPCacheLoginModule</literal> 的其他登录模块。这个登录模块需要进行配置以接受 <literal>SRPCacheLoginModule</"
-"literal> 检验的验证 credential,从而设置决定 principal 的权限的 principal 角色。带有基于属性文件的授权的 SRP 验证将以 <literal>UsersRolesLoginModule</literal> 为参数。用户的角色将出现在 EJB JAR 里包括的 <literal>roles.properties</literal> 文件里。"
+msgid "There are two issues to note about the server side login module configuration. First, note the <literal>cacheJndiName=srp-test/AuthenticationCache</literal> configuration option tells the <literal>SRPCacheLoginModule</literal> the location of the <literal>CachePolicy</literal> that contains the <literal>SRPServerSession</literal> for users who have authenticated against the <literal>SRPService</literal>. This value corresponds to the <literal>SRPService</literal><literal>AuthenticationCacheJndiName</literal> attribute value. Second, the configuration includes a <literal>UsersRolesLoginModule</literal> with the <literal>password-stacking=useFirstPass</literal> configuration option. It is required to use a second login module with the <literal>SRPCacheLoginModule</literal> because SRP is only an authentication technology. A second login module needs to be configured that accepts the authentication credentials validated by the <literal>SRPCacheLoginModule</literal> to s!
et the principal's roles that determines the principal's permissions. The <literal>UsersRolesLoginModule</literal> is augmenting the SRP authentication with properties file based authorization. The user's roles are coming the <literal>roles.properties</literal> file included in the EJB JAR."
+msgstr "关于服务器端的登录模块,有两件事情需要注意。首先,请注意 <literal>cacheJndiName=srp-test/AuthenticationCache</literal> 配置选项,它把包含已经针对 <literal>SRPService</literal> 进行了验证的用户的 <literal>SRPServerSession</literal> 的 <literal>CachePolicy</literal> 的位置告诉 <literal>SRPCacheLoginModule</literal>。这个值对应 <literal>SRPService</literal> 的 <literal>AuthenticationCacheJndiName</literal> 属性值。其次,这个配置包括带有 <literal>password-stacking=useFirstPass</literal> 配置选项的 <literal>UsersRolesLoginModule</literal>。因为 SRP 只是一个验证技术,它被要求使用带有 <literal>SRPCacheLoginModule</literal> 的其他登录模块。这个登录模块需要进行配置以接受 <literal>SRPCacheLoginModule</literal> 检验的验证 credential,从而设置决定 principal 的权限的 principal 角色。带有基于属性文件的授权的 SRP 验证将以!
<literal>UsersRolesLoginModule</literal> 为参数。用户的角色将出现在 EJB JAR 里包括的 <literal>roles.properties</literal> 文件里。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1805
#, no-c-format
-msgid ""
-"Now, run the example 3 client by executing the following command from the "
-"book examples directory:"
+msgid "Now, run the example 3 client by executing the following command from the book examples directory:"
msgstr "现在,通过 book 例程目录里的下列命令来运行 example 3 客户端:"
#. Tag: programlisting
@@ -7519,32 +5001,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1809
#, no-c-format
-msgid ""
-"In the <literal>examples/logs</literal> directory you will find a file "
-"called <literal>ex3-trace.log</literal>. This is a detailed trace of the "
-"client side of the SRP algorithm. The traces show step-by-step the "
-"construction of the public keys, challenges, session key and verification."
+msgid "In the <literal>examples/logs</literal> directory you will find a file called <literal>ex3-trace.log</literal>. This is a detailed trace of the client side of the SRP algorithm. The traces show step-by-step the construction of the public keys, challenges, session key and verification."
msgstr "在 <literal>examples/logs</literal> 目录里,你将发现一个名为 <literal>ex3-trace.log</literal> 的文件。这是 SRP 算法的客户端的详细跟踪信息。这些信息逐步显示了公共密钥、challenge、会话密钥和验证的构造过程。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1812
#, no-c-format
-msgid ""
-"Note that the client has taken a long time to run relative to the other "
-"simple examples. The reason for this is the construction of the client's "
-"public key. This involves the creation of a cryptographically strong random "
-"number, and this process takes quite a bit of time the first time it occurs. "
-"If you were to log out and log in again within the same VM, the process "
-"would be much faster. Also note that <literal>Echo.echo()#2</literal> fails "
-"with an authentication exception. The client code sleeps for 15 seconds "
-"after making the first call to demonstrate the behavior of the "
-"<literal>SRPService</literal> cache expiration. The <literal>SRPService</"
-"literal> cache policy timeout has been set to a mere 10 seconds to force "
-"this issue. As stated earlier, you need to make the cache timeout very long, "
-"or handle re-authentication on failure."
-msgstr ""
-"请注意,相对于其他简单例程,这个客户端已经运行了很长时间。其原因是构造客户的公共密钥。这涉及强加密随机数字的创建,尤其是第一次发生时会花费很长时间。如果你在相同的 VM 里登出并重新登录,这个过程将快得多。也请注意 <literal>Echo.echo()#2</literal> 失败并抛出验证异常。在第一次调用后客户端代码暂停 15 秒以演示<literal>SRPService</literal> 缓存过期的功能。<literal>SRPService</"
-"literal> 缓存超时策略已经设置为 10 秒来强制执行这一点。如前面所指出的,你需要设置很长的缓存超时时间,或者在失败识处理重验证的问题。"
+msgid "Note that the client has taken a long time to run relative to the other simple examples. The reason for this is the construction of the client's public key. This involves the creation of a cryptographically strong random number, and this process takes quite a bit of time the first time it occurs. If you were to log out and log in again within the same VM, the process would be much faster. Also note that <literal>Echo.echo()#2</literal> fails with an authentication exception. The client code sleeps for 15 seconds after making the first call to demonstrate the behavior of the <literal>SRPService</literal> cache expiration. The <literal>SRPService</literal> cache policy timeout has been set to a mere 10 seconds to force this issue. As stated earlier, you need to make the cache timeout very long, or handle re-authentication on failure."
+msgstr "请注意,相对于其他简单例程,这个客户端已经运行了很长时间。其原因是构造客户的公共密钥。这涉及强加密随机数字的创建,尤其是第一次发生时会花费很长时间。如果你在相同的 VM 里登出并重新登录,这个过程将快得多。也请注意 <literal>Echo.echo()#2</literal> 失败并抛出验证异常。在第一次调用后客户端代码暂停 15 秒以演示<literal>SRPService</literal> 缓存过期的功能。<literal>SRPService</literal> 缓存超时策略已经设置为 10 秒来强制执行这一点。如前面所指出的,你需要设置很长的缓存超时时间,或者在失败识处理重验证的问题。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1822
@@ -7555,67 +5019,31 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1823
#, no-c-format
-msgid ""
-"By default the JBoss server does not start with a Java 2 security manager. "
-"If you want to restrict privileges of code using Java 2 permissions you need "
-"to configure the JBoss server to run under a security manager. This is done "
-"by configuring the Java VM options in the <literal>run.bat</literal> or "
-"<literal>run.sh</literal> scripts in the JBoss server distribution bin "
-"directory. The two required VM options are as follows:"
-msgstr ""
-"在缺省情况下,JBoss 服务器不会启动 Java 2 安全管理者。如果你想用 Java 2 来限制代码的权限,你需要配置 JBoss 服务器,使其在安全管理者下运行。这是通过配置 bin 目录下的 <literal>run.bat</literal> 或 "
-"<literal>run.sh</literal> 脚步里的 Java VM 选项完成的。必需的两个 VM 选项是:"
+msgid "By default the JBoss server does not start with a Java 2 security manager. If you want to restrict privileges of code using Java 2 permissions you need to configure the JBoss server to run under a security manager. This is done by configuring the Java VM options in the <literal>run.bat</literal> or <literal>run.sh</literal> scripts in the JBoss server distribution bin directory. The two required VM options are as follows:"
+msgstr "在缺省情况下,JBoss 服务器不会启动 Java 2 安全管理者。如果你想用 Java 2 来限制代码的权限,你需要配置 JBoss 服务器,使其在安全管理者下运行。这是通过配置 bin 目录下的 <literal>run.bat</literal> 或 <literal>run.sh</literal> 脚步里的 Java VM 选项完成的。必需的两个 VM 选项是:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1828
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">java.security.manager</emphasis>: This is used "
-"without any value to specify that the default security manager should be "
-"used. This is the preferred security manager. You can also pass a value to "
-"the <literal>java.security.manager</literal> option to specify a custom "
-"security manager implementation. The value must be the fully qualified class "
-"name of a subclass of <literal>java.lang.SecurityManager</literal>. This "
-"form specifies that the policy file should augment the default security "
-"policy as configured by the VM installation."
+msgid "<emphasis role=\"bold\">java.security.manager</emphasis>: This is used without any value to specify that the default security manager should be used. This is the preferred security manager. You can also pass a value to the <literal>java.security.manager</literal> option to specify a custom security manager implementation. The value must be the fully qualified class name of a subclass of <literal>java.lang.SecurityManager</literal>. This form specifies that the policy file should augment the default security policy as configured by the VM installation."
msgstr "<emphasis role=\"bold\">java.security.manager</emphasis>:如果没有指定则使用缺省的安全管理者。这是首选的安全管理者。你可以设置 <literal>java.security.manager</literal> 选项来指定自定义的安全管理者实现。它的值必须是 <literal>java.lang.SecurityManager</literal> 子类的全限定类名。这种形式指定策略文件必须以缺省的 VM 安装配置的安全性策略为参数。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1833
#, no-c-format
-msgid ""
-"<emphasis role=\"bold\">java.security.policy</emphasis>: This is used to "
-"specify the policy file that will augment the default security policy "
-"information for the VM. This option takes two forms: <literal>java.security."
-"policy=policyFileURL</literal> and <literal>java.security."
-"policy==policyFileURL</literal>. The first form specifies that the policy "
-"file should augment the default security policy as configured by the VM "
-"installation. The second form specifies that only the indicated policy file "
-"should be used. The <literal>policyFileURL</literal> value can be any URL "
-"for which a protocol handler exists, or a file path specification."
-msgstr ""
-"<emphasis role=\"bold\">java.security.policy</emphasis>:它用于指定策略文件必须以缺省的 VM 安装配置的安全性策略为参数。这个选项使用两种形式:<literal>java.security."
-"policy=policyFileURL</literal> 和 <literal>java.security."
-"policy==policyFileURL</literal>。第一种形式指定策略文件应该以缺省的 VM 安装配置的安全性策略为参数。第二种形式指定只能使用专门的策略文件。<literal>policyFileURL</literal> 值可以是任何协议处理程序的 URL 或文件路径。"
+msgid "<emphasis role=\"bold\">java.security.policy</emphasis>: This is used to specify the policy file that will augment the default security policy information for the VM. This option takes two forms: <literal>java.security.policy=policyFileURL</literal> and <literal>java.security.policy==policyFileURL</literal>. The first form specifies that the policy file should augment the default security policy as configured by the VM installation. The second form specifies that only the indicated policy file should be used. The <literal>policyFileURL</literal> value can be any URL for which a protocol handler exists, or a file path specification."
+msgstr "<emphasis role=\"bold\">java.security.policy</emphasis>:它用于指定策略文件必须以缺省的 VM 安装配置的安全性策略为参数。这个选项使用两种形式:<literal>java.security.policy=policyFileURL</literal> 和 <literal>java.security.policy==policyFileURL</literal>。第一种形式指定策略文件应该以缺省的 VM 安装配置的安全性策略为参数。第二种形式指定只能使用专门的策略文件。<literal>policyFileURL</literal> 值可以是任何协议处理程序的 URL 或文件路径。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1838
#, no-c-format
-msgid ""
-"Both the <literal>run.bat</literal> and <literal>run.sh</literal> start "
-"scripts reference an JAVA_OPTS variable which you can use to set the "
-"security manager properties."
+msgid "Both the <literal>run.bat</literal> and <literal>run.sh</literal> start scripts reference an JAVA_OPTS variable which you can use to set the security manager properties."
msgstr "<literal>run.bat</literal> 和 <literal>run.sh</literal> 启动脚本都引用了你可以用来设置安全管理者属性的 JAVA_OPTS。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1841
#, no-c-format
-msgid ""
-"Enabling Java 2 security is the easy part. The difficult part of Java 2 "
-"security is establishing the allowed permissions. If you look at the "
-"<literal>server.policy</literal> file that is contained in the default "
-"configuration file set, you'll see that it contains the following "
-"permission grant statement:"
+msgid "Enabling Java 2 security is the easy part. The difficult part of Java 2 security is establishing the allowed permissions. If you look at the <literal>server.policy</literal> file that is contained in the default configuration file set, you'll see that it contains the following permission grant statement:"
msgstr "启用 Java 2 安全性是很容易的。难做的是建立权限。打开 default 配置文件集里包含的 <literal>server.policy</literal> 文件,你会看到下列的权限赋予语句:"
#. Tag: programlisting
@@ -7635,21 +5063,14 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1845
#, no-c-format
-msgid ""
-"This effectively disables security permission checking for all code as it "
-"says any code can do anything, which is not a reasonable default. What is a "
-"reasonable set of permissions is entirely up to you."
+msgid "This effectively disables security permission checking for all code as it says any code can do anything, which is not a reasonable default. What is a reasonable set of permissions is entirely up to you."
msgstr "这有效地禁止了所有代码的安全权限检查,因为它可让任何代码执行任何事情,这不是一个合理的缺省设置。什么是合理的设置完全取决于你。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1848
#, no-c-format
-msgid ""
-"The current set of JBoss specific <literal>java.lang.RuntimePermissions</"
-"literal> that are required include:"
-msgstr ""
-"当前 JBoss 所专有的 <literal>java.lang.RuntimePermissions</"
-"literal> 集合包括:"
+msgid "The current set of JBoss specific <literal>java.lang.RuntimePermissions</literal> that are required include:"
+msgstr "当前 JBoss 所专有的 <literal>java.lang.RuntimePermissions</literal> 集合包括:"
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:1854
@@ -7678,9 +5099,7 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:1870
#, no-c-format
-msgid ""
-"Access to the org.jboss.security.SecurityAssociation getPrincipal() and "
-"getCredentials() methods."
+msgid "Access to the org.jboss.security.SecurityAssociation getPrincipal() and getCredentials() methods."
msgstr "访问 org.jboss.security.SecurityAssociation getPrincipal() 和 getCredentials() 方法。"
#. Tag: entry
@@ -7698,9 +5117,7 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:1881
#, no-c-format
-msgid ""
-"Access to the org.jboss.security.SecurityAssociation setPrincipal() and "
-"setCredentials() methods."
+msgid "Access to the org.jboss.security.SecurityAssociation setPrincipal() and setCredentials() methods."
msgstr "访问 org.jboss.security.SecurityAssociation setPrincipal() 和 setCredentials() 方法。"
#. Tag: entry
@@ -7724,9 +5141,7 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:1895
#, no-c-format
-msgid ""
-"The ability to enable or disable multithread storage of the caller principal "
-"and credential."
+msgid "The ability to enable or disable multithread storage of the caller principal and credential."
msgstr "启用和禁止调用者的 principal 和 credential 的多线程存储。"
#. Tag: entry
@@ -7738,12 +5153,8 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:1903
#, no-c-format
-msgid ""
-"Access to the org.jboss.security.SecurityAssociation pushRunAsRole and "
-"popRunAsRole methods."
-msgstr ""
-"访问 org.jboss.security.SecurityAssociation 的 pushRunAsRole 和 "
-"popRunAsRole 方法。"
+msgid "Access to the org.jboss.security.SecurityAssociation pushRunAsRole and popRunAsRole methods."
+msgstr "访问 org.jboss.security.SecurityAssociation 的 pushRunAsRole 和 popRunAsRole 方法。"
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:1906
@@ -7754,12 +5165,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1912
#, no-c-format
-msgid ""
-"To conclude this discussion, here is a little-known tidbit on debugging "
-"security policy settings. There are various debugging flag that you can set "
-"to determine how the security manager is using your security policy file as "
-"well as what policy files are contributing permissions. Running the VM as "
-"follows shows the possible debugging flag settings:"
+msgid "To conclude this discussion, here is a little-known tidbit on debugging security policy settings. There are various debugging flag that you can set to determine how the security manager is using your security policy file as well as what policy files are contributing permissions. Running the VM as follows shows the possible debugging flag settings:"
msgstr "总而言之,这是对调试安全策略设置的尝试。这里不同的调试标记决定了安全管理者如何使用策略文件以及哪些策略文件在控制权限。象下面这样运行 VM 可以显示可能的调试设置:"
#. Tag: programlisting
@@ -7809,17 +5215,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1916
#, no-c-format
-msgid ""
-"Running with <literal>-Djava.security.debug=all</literal> provides the most "
-"output, but the output volume is torrential. This might be a good place to "
-"start if you don't understand a given security failure at all. A less "
-"verbose setting that helps debug permission failures is to use <literal>-"
-"Djava.security.debug=access,failure</literal>. This is still relatively "
-"verbose, but not nearly as bad as the all mode as the security domain "
-"information is only displayed on access failures."
-msgstr ""
-"<literal>-Djava.security.debug=all</literal> 参数提供了最多的输出信息,但也很冗余。如果你不理解某个安全设定为什么失败,这可能是一个开始研究的好地方。 使用 <literal>-"
-"Djava.security.debug=access,failure</literal> 可以提供更少的信息,也能帮助调试权限问题。相对而言,这仍然比较冗余,但情况至少没有 all 模式那么坏,因为只显示关于访问失败的安全域信息。"
+msgid "Running with <literal>-Djava.security.debug=all</literal> provides the most output, but the output volume is torrential. This might be a good place to start if you don't understand a given security failure at all. A less verbose setting that helps debug permission failures is to use <literal>-Djava.security.debug=access,failure</literal>. This is still relatively verbose, but not nearly as bad as the all mode as the security domain information is only displayed on access failures."
+msgstr "<literal>-Djava.security.debug=all</literal> 参数提供了最多的输出信息,但也很冗余。如果你不理解某个安全设定为什么失败,这可能是一个开始研究的好地方。 使用 <literal>-Djava.security.debug=access,failure</literal> 可以提供更少的信息,也能帮助调试权限问题。相对而言,这仍然比较冗余,但情况至少没有 all 模式那么坏,因为只显示关于访问失败的安全域信息。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1922
@@ -7836,19 +5233,12 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1925
#, no-c-format
-msgid ""
-"By default JBoss EJB3 uses a socket based invoker layer on port 3878. This "
-"is set up in <filename> $JBOSS_HOME/server/<replaceable><serverconfig>"
-"</replaceable>/deploy/ejb3.deployer/META-INF/jboss-service.xml</filename>. "
-"In some cases you may wish to use SSL as the protocol. In order to do this "
-"you must generate a keystore and then configure your beans to use SSL "
-"transport."
-msgstr ""
-"JBoss EJB3 缺省在端口 3878 使用一个基于套接字的调用者层。这是在 <filename> $JBOSS_HOME/server/<replaceable><serverconfig>"
-"</replaceable>/deploy/ejb3.deployer/META-INF/jboss-service.xml</filename> 里设置的。在有些情况下,你可能希望使用 SSL。为了实现这一点,你必须生成一个密匙库(Keystore)并配置 bean 来使用 SSL 传输。"
+msgid "By default JBoss EJB3 uses a socket based invoker layer on port 3878. This is set up in <filename> $JBOSS_HOME/server/<replaceable><serverconfig></replaceable>/deploy/ejb3.deployer/META-INF/jboss-service.xml</filename>. In some cases you may wish to use SSL as the protocol. In order to do this you must generate a keystore and then configure your beans to use SSL transport."
+msgstr "JBoss EJB3 缺省在端口 3878 使用一个基于套接字的调用者层。这是在 <filename> $JBOSS_HOME/server/<replaceable><serverconfig></replaceable>/deploy/ejb3.deployer/META-INF/jboss-service.xml</filename> 里设置的。在有些情况下,你可能希望使用 SSL。为了实现这一点,你必须生成一个密匙库(Keystore)并配置 bean 来使用 SSL 传输。"
#. Tag: title
-#: J2EE_Security_On_JBOSS.xml:1929 J2EE_Security_On_JBOSS.xml:1983
+#: J2EE_Security_On_JBOSS.xml:1929
+#: J2EE_Security_On_JBOSS.xml:1983
#, no-c-format
msgid "Generating the keystore and truststore"
msgstr "生成密匙库(keystore)和信任库(truststore)"
@@ -7857,12 +5247,9 @@
#: J2EE_Security_On_JBOSS.xml:1930
#, no-c-format
msgid ""
-"For SSL to work you need to create a public/private key pair, which will be "
-"stored in a keystore. Generate this using the <literal>genkey</literal> "
-"command that comes with the JDK. <programlisting>\n"
+"For SSL to work you need to create a public/private key pair, which will be stored in a keystore. Generate this using the <literal>genkey</literal> command that comes with the JDK. <programlisting>\n"
" $cd $JBOSS_HOME/server/production/conf/\n"
-" $keytool -genkey -alias ejb3-ssl -keypass opensource -keystore localhost."
-"keystore\n"
+" $keytool -genkey -alias ejb3-ssl -keypass opensource -keystore localhost.keystore\n"
" Enter keystore password: opensource\n"
" What is your first and last name?\n"
" [Unknown]:\n"
@@ -7876,19 +5263,13 @@
" [Unknown]:\n"
" What is the two-letter country code for this unit?\n"
" [Unknown]:\n"
-" Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown "
-"correct?\n"
+" Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?\n"
" [no]: yes\n"
-"</programlisting> where <literal>alias</literal> is the name (\"ejb2-ssl\") "
-"of the key pair within the keystore. <literal>keypass</literal> is the "
-"password (\"opensource\") for the keystore, and <literal>keystore</literal> "
-"specifies the location (\"localhost.keystore\") of the keystore to create/"
-"add to."
+"</programlisting> where <literal>alias</literal> is the name (\"ejb2-ssl\") of the key pair within the keystore. <literal>keypass</literal> is the password (\"opensource\") for the keystore, and <literal>keystore</literal> specifies the location (\"localhost.keystore\") of the keystore to create/add to."
msgstr ""
"为了使 SSL 正常工作,你需要创建一个 public/private 密钥对,它将存储在密钥库里。使用 JDK 里的附带的 <literal>genkey</literal> 命令来生成密钥对。<programlisting>\n"
" $cd $JBOSS_HOME/server/production/conf/\n"
-" $keytool -genkey -alias ejb3-ssl -keypass opensource -keystore localhost."
-"keystore\n"
+" $keytool -genkey -alias ejb3-ssl -keypass opensource -keystore localhost.keystore\n"
" Enter keystore password: opensource\n"
" What is your first and last name?\n"
" [Unknown]:\n"
@@ -7902,83 +5283,65 @@
" [Unknown]:\n"
" What is the two-letter country code for this unit?\n"
" [Unknown]:\n"
-" Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown "
-"correct?\n"
+" Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?\n"
" [no]: yes\n"
"</programlisting> 这里的 <literal>alias</literal>是密钥库里的密钥对的别名 (\"ejb2-ssl\")。<literal>keypass</literal> 是密钥库的密码 (\"opensource\"),而 <literal>keystore</literal> 指定了密钥库的位置 (\"localhost.keystore\")。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1935
#, no-c-format
-msgid ""
-"Since you have not signed our certificate through any certification "
-"authoritiy, you also need to create a truststore for the client, explicitly "
-"saying that you trust the certificate you just created. The first step is to "
-"export the certificate using the JDK keytool:"
+msgid "Since you have not signed our certificate through any certification authoritiy, you also need to create a truststore for the client, explicitly saying that you trust the certificate you just created. The first step is to export the certificate using the JDK keytool:"
msgstr "既然你还没有通过任何证书授权机构(certification authoritiy)签署证书,你也需要为客户创建一个信任库(truststore),显性地指明你信任刚才创建的证书。第一步是使用 JDK keytool 输出证书:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1937
#, no-c-format
msgid ""
-"$ keytool -export -alias ejb3-ssl -file mycert.cer -keystore localhost."
-"keystore\n"
+"$ keytool -export -alias ejb3-ssl -file mycert.cer -keystore localhost.keystore\n"
" Enter keystore password: opensource\n"
" Certificate stored in file <mycert.cer>"
msgstr ""
-"$ keytool -export -alias ejb3-ssl -file mycert.cer -keystore localhost."
-"keystore\n"
+"$ keytool -export -alias ejb3-ssl -file mycert.cer -keystore localhost.keystore\n"
" Enter keystore password: opensource\n"
" Certificate stored in file <mycert.cer>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1939
#, no-c-format
-msgid ""
-"Then you need to create the truststore if it does not exist and import the "
-"certificate into the trueststore:"
+msgid "Then you need to create the truststore if it does not exist and import the certificate into the trueststore:"
msgstr "然后,如果这个信任库不存在,你就需要创建它并把证书导入到信任库:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1941
#, no-c-format
msgid ""
-"$ keytool -import -alias ejb3-ssl -file mycert.cer -keystore localhost."
-"truststore\n"
+"$ keytool -import -alias ejb3-ssl -file mycert.cer -keystore localhost.truststore\n"
" Enter keystore password: opensource\n"
-" Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, "
-"C=Unknown\n"
-" Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, "
-"C=Unknown\n"
+" Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown\n"
+" Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown\n"
" Serial number: 43bff927\n"
-" Valid from: Sat Jan 07 18:23:51 CET 2006 until: Fri Apr 07 19:23:51 CEST "
-"2006\n"
+" Valid from: Sat Jan 07 18:23:51 CET 2006 until: Fri Apr 07 19:23:51 CEST 2006\n"
" Certificate fingerprints:\n"
" MD5: CF:DC:71:A8:F4:EA:8F:5A:E9:94:E3:E6:5B:A9:C8:F3\n"
-" SHA1: 0E:AD:F3:D6:41:5E:F6:84:9A:D1:54:3D:DE:A9:B2:01:28:"
-"F6:7C:26\n"
+" SHA1: 0E:AD:F3:D6:41:5E:F6:84:9A:D1:54:3D:DE:A9:B2:01:28:F6:7C:26\n"
" Trust this certificate? [no]: yes\n"
" Certificate was added to keystore"
msgstr ""
-"$ keytool -import -alias ejb3-ssl -file mycert.cer -keystore localhost."
-"truststore\n"
+"$ keytool -import -alias ejb3-ssl -file mycert.cer -keystore localhost.truststore\n"
" Enter keystore password: opensource\n"
-" Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, "
-"C=Unknown\n"
-" Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, "
-"C=Unknown\n"
+" Owner: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown\n"
+" Issuer: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown\n"
" Serial number: 43bff927\n"
-" Valid from: Sat Jan 07 18:23:51 CET 2006 until: Fri Apr 07 19:23:51 CEST "
-"2006\n"
+" Valid from: Sat Jan 07 18:23:51 CET 2006 until: Fri Apr 07 19:23:51 CEST 2006\n"
" Certificate fingerprints:\n"
" MD5: CF:DC:71:A8:F4:EA:8F:5A:E9:94:E3:E6:5B:A9:C8:F3\n"
-" SHA1: 0E:AD:F3:D6:41:5E:F6:84:9A:D1:54:3D:DE:A9:B2:01:28:"
-"F6:7C:26\n"
+" SHA1: 0E:AD:F3:D6:41:5E:F6:84:9A:D1:54:3D:DE:A9:B2:01:28:F6:7C:26\n"
" Trust this certificate? [no]: yes\n"
" Certificate was added to keystore"
#. Tag: title
-#: J2EE_Security_On_JBOSS.xml:1945 J2EE_Security_On_JBOSS.xml:1989
+#: J2EE_Security_On_JBOSS.xml:1945
+#: J2EE_Security_On_JBOSS.xml:1989
#, no-c-format
msgid "Setting up the SSL transport"
msgstr "设立 SSL 传输"
@@ -7986,10 +5349,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1946
#, no-c-format
-msgid ""
-"The simplest way to define an SSL transport is to define a new Remoting "
-"connector using the <literal>sslsocket</literal> protocol as follows. This "
-"transport will listen on port 3843:"
+msgid "The simplest way to define an SSL transport is to define a new Remoting connector using the <literal>sslsocket</literal> protocol as follows. This transport will listen on port 3843:"
msgstr "定义 SSL 传输的最简单的方法是使用 <literal>sslsocket</literal> 协议定义一个新的远程连接器。这个传输协议将侦听端口 3843:"
#. Tag: programlisting
@@ -7998,11 +5358,9 @@
msgid ""
"<mbean code=\"org.jboss.remoting.transport.Connector\"\n"
" xmbean-dd=\"org/jboss/remoting/transport/Connector.xml\"\n"
-" name=\"jboss.remoting:type=Connector,transport=socket3843,handler=ejb3"
-"\">\n"
+" name=\"jboss.remoting:type=Connector,transport=socket3843,handler=ejb3\">\n"
" <depends>jboss.aop:service=AspectDeployer</depends>\n"
-" <attribute name=\"InvokerLocator\">sslsocket://0.0.0.0:3843</"
-"attribute>\n"
+" <attribute name=\"InvokerLocator\">sslsocket://0.0.0.0:3843</attribute>\n"
" <attribute name=\"Configuration\">\n"
" <handlers>\n"
" <handler subsystem=\"AOP\">\n"
@@ -8014,11 +5372,9 @@
msgstr ""
"<mbean code=\"org.jboss.remoting.transport.Connector\"\n"
" xmbean-dd=\"org/jboss/remoting/transport/Connector.xml\"\n"
-" name=\"jboss.remoting:type=Connector,transport=socket3843,handler=ejb3"
-"\">\n"
+" name=\"jboss.remoting:type=Connector,transport=socket3843,handler=ejb3\">\n"
" <depends>jboss.aop:service=AspectDeployer</depends>\n"
-" <attribute name=\"InvokerLocator\">sslsocket://0.0.0.0:3843</"
-"attribute>\n"
+" <attribute name=\"InvokerLocator\">sslsocket://0.0.0.0:3843</attribute>\n"
" <attribute name=\"Configuration\">\n"
" <handlers>\n"
" <handler subsystem=\"AOP\">\n"
@@ -8029,35 +5385,28 @@
" </mbean>"
#. Tag: para
-#: J2EE_Security_On_JBOSS.xml:1950 J2EE_Security_On_JBOSS.xml:1990
+#: J2EE_Security_On_JBOSS.xml:1950
+#: J2EE_Security_On_JBOSS.xml:1990
#, no-c-format
-msgid ""
-"Now you need to tell JBoss Remoting where to find the keystore to be used "
-"for SSl and its password. This is done using <literal>javax.net.ssl."
-"keyStore</literal> and <literal>javax.net.ssl.keyStorePassword=opensource</"
-"literal> system properties when starting JBoss, as the following example "
-"shows:"
-msgstr ""
-"现在你需要告诉 JBoss Remoting 去哪找到用于 SSL 及其密码的密钥库。这是在启动 JBoss 时通过 <literal>javax.net.ssl."
-"keyStore</literal> 和 <literal>javax.net.ssl.keyStorePassword=opensource</"
-"literal> 系统属性完成的,如下面的例子所示:"
+msgid "Now you need to tell JBoss Remoting where to find the keystore to be used for SSl and its password. This is done using <literal>javax.net.ssl.keyStore</literal> and <literal>javax.net.ssl.keyStorePassword=opensource</literal> system properties when starting JBoss, as the following example shows:"
+msgstr "现在你需要告诉 JBoss Remoting 去哪找到用于 SSL 及其密码的密钥库。这是在启动 JBoss 时通过 <literal>javax.net.ssl.keyStore</literal> 和 <literal>javax.net.ssl.keyStorePassword=opensource</literal> 系统属性完成的,如下面的例子所示:"
#. Tag: programlisting
-#: J2EE_Security_On_JBOSS.xml:1952 J2EE_Security_On_JBOSS.xml:1992
+#: J2EE_Security_On_JBOSS.xml:1952
+#: J2EE_Security_On_JBOSS.xml:1992
#, no-c-format
msgid ""
"$cd $JBOSS_HOME/bin\n"
-" $ run -Djavax.net.ssl.keyStore=../server/production/conf/localhost."
-"keystore \n"
+" $ run -Djavax.net.ssl.keyStore=../server/production/conf/localhost.keystore \n"
" -Djavax.net.ssl.keyStorePassword=opensource"
msgstr ""
"$cd $JBOSS_HOME/bin\n"
-" $ run -Djavax.net.ssl.keyStore=../server/production/conf/localhost."
-"keystore \n"
+" $ run -Djavax.net.ssl.keyStore=../server/production/conf/localhost.keystore \n"
" -Djavax.net.ssl.keyStorePassword=opensource"
#. Tag: title
-#: J2EE_Security_On_JBOSS.xml:1956 J2EE_Security_On_JBOSS.xml:2001
+#: J2EE_Security_On_JBOSS.xml:1956
+#: J2EE_Security_On_JBOSS.xml:2001
#, no-c-format
msgid "Configuring your beans to use the SSL transport"
msgstr "配置 bean 来使用 SSL 传输"
@@ -8065,29 +5414,21 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1957
#, no-c-format
-msgid ""
-"By default all the beans will use the default connector on "
-"<literal>socket://0.0.0.0:3873</literal>. By using the <literal>@org.jboss."
-"annotation.ejb.RemoteBinding</literal> annotation you can have the bean "
-"invokable via SSL."
-msgstr ""
-"在缺省情况下,所有的 bean 都在 <literal>socket://0.0.0.0:3873</literal> 上使用缺省的连接器。通过使用 <literal>@org.jboss."
-"annotation.ejb.RemoteBinding</literal> 注解,你可以使得 bean 可以通过 SSL 调用。"
+msgid "By default all the beans will use the default connector on <literal>socket://0.0.0.0:3873</literal>. By using the <literal>@org.jboss.annotation.ejb.RemoteBinding</literal> annotation you can have the bean invokable via SSL."
+msgstr "在缺省情况下,所有的 bean 都在 <literal>socket://0.0.0.0:3873</literal> 上使用缺省的连接器。通过使用 <literal>@org.jboss.annotation.ejb.RemoteBinding</literal> 注解,你可以使得 bean 可以通过 SSL 调用。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1959
#, no-c-format
msgid ""
-"@RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding="
-"\"StatefulSSL\"),\n"
+"@RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding=\"StatefulSSL\"),\n"
" @Remote(BusinessInterface.class)\n"
" public class StatefulBean implements BusinessInterface\n"
" {\n"
" ...\n"
" }"
msgstr ""
-"@RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding="
-"\"StatefulSSL\"),\n"
+"@RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding=\"StatefulSSL\"),\n"
" @Remote(BusinessInterface.class)\n"
" public class StatefulBean implements BusinessInterface\n"
" {\n"
@@ -8097,10 +5438,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1961
#, no-c-format
-msgid ""
-"This bean will be bound under the JNDI name <literal>StatefulSSL</literal> "
-"and the proxy implementing the remote interface returned to the client will "
-"communicate with the server via SSL."
+msgid "This bean will be bound under the JNDI name <literal>StatefulSSL</literal> and the proxy implementing the remote interface returned to the client will communicate with the server via SSL."
msgstr "这个 bean 将绑定在 JNDI 名称 <literal>StatefulSSL</literal> 下,实现返回给客户的远程接口的代理将通过 SSL 和服务器通信。"
#. Tag: para
@@ -8114,8 +5452,7 @@
#, no-c-format
msgid ""
"@RemoteBindings({\n"
-" @RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding="
-"\"StatefulSSL\"),\n"
+" @RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding=\"StatefulSSL\"),\n"
" @RemoteBinding(jndiBinding=\"StatefulNormal\")\n"
" })\n"
" @Remote(BusinessInterface.class)\n"
@@ -8125,8 +5462,7 @@
" }"
msgstr ""
"@RemoteBindings({\n"
-" @RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding="
-"\"StatefulSSL\"),\n"
+" @RemoteBinding(clientBindUrl=\"sslsocket://0.0.0.0:3843\", jndiBinding=\"StatefulSSL\"),\n"
" @RemoteBinding(jndiBinding=\"StatefulNormal\")\n"
" })\n"
" @Remote(BusinessInterface.class)\n"
@@ -8138,18 +5474,12 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1968
#, no-c-format
-msgid ""
-"Now if you look up <literal>StatefulNormal</literal> the returned proxy "
-"implementing the remote interface will communicate with the server via the "
-"normal unencrypted socket protocol, and if you look up <literal>StatefulSSL</"
-"literal> the returned proxy implementing the remote interface will "
-"communicate with the server via SSL."
-msgstr ""
-"现在,如果你查找 <literal>StatefulNormal</literal>,返回的实现远程接口的代理将通过普通的未加密的套接字协议和服务器通信,如果查找 <literal>StatefulSSL</"
-"literal>,返回的实现远程接口的代理将通过 SSL 协议和服务器通信。"
+msgid "Now if you look up <literal>StatefulNormal</literal> the returned proxy implementing the remote interface will communicate with the server via the normal unencrypted socket protocol, and if you look up <literal>StatefulSSL</literal> the returned proxy implementing the remote interface will communicate with the server via SSL."
+msgstr "现在,如果你查找 <literal>StatefulNormal</literal>,返回的实现远程接口的代理将通过普通的未加密的套接字协议和服务器通信,如果查找 <literal>StatefulSSL</literal>,返回的实现远程接口的代理将通过 SSL 协议和服务器通信。"
#. Tag: title
-#: J2EE_Security_On_JBOSS.xml:1973 J2EE_Security_On_JBOSS.xml:2010
+#: J2EE_Security_On_JBOSS.xml:1973
+#: J2EE_Security_On_JBOSS.xml:2010
#, no-c-format
msgid "Setting up the client to use the truststore"
msgstr "设置客户端使用信任库"
@@ -8157,14 +5487,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1974
#, no-c-format
-msgid ""
-"If not using a certificate signed by a certificate authorization authority, "
-"you need to point the client to the truststore using the <literal>javax.net."
-"ssl.trustStore</literal> system property and specify the password using the "
-"<literal>javax.net.ssl.trustStorePassword</literal> system property:"
-msgstr ""
-"如果没有使用证书授权机构签署的证书,你需要用系统属性 <literal>javax.net."
-"ssl.trustStore</literal> 把客户指向信任库并用 <literal>javax.net.ssl.trustStorePassword</literal> 指定密码:"
+msgid "If not using a certificate signed by a certificate authorization authority, you need to point the client to the truststore using the <literal>javax.net.ssl.trustStore</literal> system property and specify the password using the <literal>javax.net.ssl.trustStorePassword</literal> system property:"
+msgstr "如果没有使用证书授权机构签署的证书,你需要用系统属性 <literal>javax.net.ssl.trustStore</literal> 把客户指向信任库并用 <literal>javax.net.ssl.trustStorePassword</literal> 指定密码:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1976
@@ -8191,13 +5515,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1994
#, no-c-format
-msgid ""
-"If you wish to customize the SSLSocketBuilder you need to add the following "
-"to your <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</"
-"literal> file."
-msgstr ""
-"如果你想定制 SSLSocketBuilder,你需要在 <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</"
-"literal> 里添加如下内容。"
+msgid "If you wish to customize the SSLSocketBuilder you need to add the following to your <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</literal> file."
+msgstr "如果你想定制 SSLSocketBuilder,你需要在 <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</literal> 里添加如下内容。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1996
@@ -8207,35 +5526,24 @@
" <mbean code=\"org.jboss.remoting.security.SSLSocketBuilder\"\n"
" name=\"jboss.remoting:service=SocketBuilder,type=SSL\"\n"
" display-name=\"SSL Server Socket Factory Builder\">\n"
-" <!-- IMPORTANT - If making ANY customizations, this MUST be set to "
-"false. -->\n"
-" <!-- Otherwise, will used default settings and the following "
-"attributes will be ignored. -->\n"
-" <attribute name=\"UseSSLServerSocketFactory\">false</"
-"attribute>\n"
+" <!-- IMPORTANT - If making ANY customizations, this MUST be set to false. -->\n"
+" <!-- Otherwise, will used default settings and the following attributes will be ignored. -->\n"
+" <attribute name=\"UseSSLServerSocketFactory\">false</attribute>\n"
" <!-- This is the url string to the key store to use -->\n"
-" <attribute name=\"KeyStoreURL\">localhost.keystore</"
-"attribute>\n"
+" <attribute name=\"KeyStoreURL\">localhost.keystore</attribute>\n"
" <!-- The password for the key store -->\n"
-" <attribute name=\"KeyStorePassword\">sslsocket</"
-"attribute>\n"
-" <!-- The password for the keys (will use KeystorePassword if this "
-"is not set explicitly. -->\n"
+" <attribute name=\"KeyStorePassword\">sslsocket</attribute>\n"
+" <!-- The password for the keys (will use KeystorePassword if this is not set explicitly. -->\n"
" <attribute name=\"KeyPassword\">sslsocket</attribute>\n"
" <!-- The protocol for the SSLContext. Default is TLS. -->\n"
" <attribute name=\"SecureSocketProtocol\">TLS</attribute>\n"
-" <!-- The algorithm for the key manager factory. Default is "
-"SunX509. -->\n"
-" <attribute name=\"KeyManagementAlgorithm\">SunX509</"
-"attribute>\n"
+" <!-- The algorithm for the key manager factory. Default is SunX509. -->\n"
+" <attribute name=\"KeyManagementAlgorithm\">SunX509</attribute>\n"
" <!-- The type to be used for the key store. -->\n"
-" <!-- Defaults to JKS. Some acceptable values are JKS (Java "
-"Keystore - Sun's keystore format), -->\n"
-" <!-- JCEKS (Java Cryptography Extension keystore - More secure "
-"version of JKS), and -->\n"
+" <!-- Defaults to JKS. Some acceptable values are JKS (Java Keystore - Sun's keystore format), -->\n"
+" <!-- JCEKS (Java Cryptography Extension keystore - More secure version of JKS), and -->\n"
" <!-- PKCS12 (Public-Key Cryptography Standards #12 \n"
-" keystore - RSA's Personal Information Exchange Syntax "
-"Standard). -->\n"
+" keystore - RSA's Personal Information Exchange Syntax Standard). -->\n"
" <!-- These are not case sensitive. -->\n"
" <attribute name=\"KeyStoreType\">JKS</attribute>\n"
" </mbean>"
@@ -8244,35 +5552,24 @@
" <mbean code=\"org.jboss.remoting.security.SSLSocketBuilder\"\n"
" name=\"jboss.remoting:service=SocketBuilder,type=SSL\"\n"
" display-name=\"SSL Server Socket Factory Builder\">\n"
-" <!-- IMPORTANT - If making ANY customizations, this MUST be set to "
-"false. -->\n"
-" <!-- Otherwise, will used default settings and the following "
-"attributes will be ignored. -->\n"
-" <attribute name=\"UseSSLServerSocketFactory\">false</"
-"attribute>\n"
+" <!-- IMPORTANT - If making ANY customizations, this MUST be set to false. -->\n"
+" <!-- Otherwise, will used default settings and the following attributes will be ignored. -->\n"
+" <attribute name=\"UseSSLServerSocketFactory\">false</attribute>\n"
" <!-- This is the url string to the key store to use -->\n"
-" <attribute name=\"KeyStoreURL\">localhost.keystore</"
-"attribute>\n"
+" <attribute name=\"KeyStoreURL\">localhost.keystore</attribute>\n"
" <!-- The password for the key store -->\n"
-" <attribute name=\"KeyStorePassword\">sslsocket</"
-"attribute>\n"
-" <!-- The password for the keys (will use KeystorePassword if this "
-"is not set explicitly. -->\n"
+" <attribute name=\"KeyStorePassword\">sslsocket</attribute>\n"
+" <!-- The password for the keys (will use KeystorePassword if this is not set explicitly. -->\n"
" <attribute name=\"KeyPassword\">sslsocket</attribute>\n"
" <!-- The protocol for the SSLContext. Default is TLS. -->\n"
" <attribute name=\"SecureSocketProtocol\">TLS</attribute>\n"
-" <!-- The algorithm for the key manager factory. Default is "
-"SunX509. -->\n"
-" <attribute name=\"KeyManagementAlgorithm\">SunX509</"
-"attribute>\n"
+" <!-- The algorithm for the key manager factory. Default is SunX509. -->\n"
+" <attribute name=\"KeyManagementAlgorithm\">SunX509</attribute>\n"
" <!-- The type to be used for the key store. -->\n"
-" <!-- Defaults to JKS. Some acceptable values are JKS (Java "
-"Keystore - Sun's keystore format), -->\n"
-" <!-- JCEKS (Java Cryptography Extension keystore - More secure "
-"version of JKS), and -->\n"
+" <!-- Defaults to JKS. Some acceptable values are JKS (Java Keystore - Sun's keystore format), -->\n"
+" <!-- JCEKS (Java Cryptography Extension keystore - More secure version of JKS), and -->\n"
" <!-- PKCS12 (Public-Key Cryptography Standards #12 \n"
-" keystore - RSA's Personal Information Exchange Syntax "
-"Standard). -->\n"
+" keystore - RSA's Personal Information Exchange Syntax Standard). -->\n"
" <!-- These are not case sensitive. -->\n"
" <attribute name=\"KeyStoreType\">JKS</attribute>\n"
" </mbean>"
@@ -8281,143 +5578,101 @@
#: J2EE_Security_On_JBOSS.xml:1997
#, no-c-format
msgid ""
-"<mbean code=\"org.jboss.remoting.security.SSLServerSocketFactoryService"
-"\"\n"
+"<mbean code=\"org.jboss.remoting.security.SSLServerSocketFactoryService\"\n"
" name=\"jboss.remoting:service=ServerSocketFactory,type=SSL\"\n"
" display-name=\"SSL Server Socket Factory\">\n"
" <depends optional-attribute-name=\"SSLSocketBuilder\"\n"
-" proxy-type=\"attribute\">jboss.remoting:service=SocketBuilder,"
-"type=SSL</depends>\n"
+" proxy-type=\"attribute\">jboss.remoting:service=SocketBuilder,type=SSL</depends>\n"
" </mbean>"
msgstr ""
-"<mbean code=\"org.jboss.remoting.security.SSLServerSocketFactoryService"
-"\"\n"
+"<mbean code=\"org.jboss.remoting.security.SSLServerSocketFactoryService\"\n"
" name=\"jboss.remoting:service=ServerSocketFactory,type=SSL\"\n"
" display-name=\"SSL Server Socket Factory\">\n"
" <depends optional-attribute-name=\"SSLSocketBuilder\"\n"
-" proxy-type=\"attribute\">jboss.remoting:service=SocketBuilder,"
-"type=SSL</depends>\n"
+" proxy-type=\"attribute\">jboss.remoting:service=SocketBuilder,type=SSL</depends>\n"
" </mbean>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2002
#, no-c-format
msgid ""
-"In your <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</"
-"literal> file, comment out the following lines: <programlisting>\n"
+"In your <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</literal> file, comment out the following lines: <programlisting>\n"
"<mbean code=\"org.jboss.remoting.transport.Connector\"\n"
" name=\"jboss.remoting:service=Connector,transport=socket\"\n"
" display-name=\"Socket transport Connector\">\n"
"\n"
-" <!-- Can either just specify the InvokerLocator attribute and not "
-"the invoker element in the -->\n"
-" <!-- Configuration attribute, or do the full invoker configuration "
-"in the in invoker element -->\n"
+" <!-- Can either just specify the InvokerLocator attribute and not the invoker element in the -->\n"
+" <!-- Configuration attribute, or do the full invoker configuration in the in invoker element -->\n"
" <!-- of the Configuration attribute. -->\n"
"\n"
-" <!-- Remember that if you do use more than one param on the uri, "
-"will have to include as a CDATA, -->\n"
+" <!-- Remember that if you do use more than one param on the uri, will have to include as a CDATA, -->\n"
" <!-- otherwise, parser will complain. -->\n"
" <!-- \n"
" <attribute name=\"InvokerLocator\">\n"
-" <![CDATA[socket://${jboss.bind.address}:4446/?"
-"datatype=invocation]]>\n"
+" <![CDATA[socket://${jboss.bind.address}:4446/?datatype=invocation]]>\n"
" </attribute> \n"
" -->\n"
"\n"
" <attribute name=\"Configuration\">\n"
" <!-- Using the following \n"
" <invoker> \n"
-" element instead of the InvokerLocator above because specific "
-"attributes needed. \n"
+" element instead of the InvokerLocator above because specific attributes needed. \n"
" -->\n"
" <!-- If wanted to use any of the parameters below, can \n"
" just add them as parameters to the url above if wanted use \n"
" the InvokerLocator attribute. -->\n"
" <config>\n"
-" <!-- Other than transport type and handler, none of these "
-"configurations are required \n"
+" <!-- Other than transport type and handler, none of these configurations are required \n"
" (will just use defaults). -->\n"
" <invoker transport=\"socket\">\n"
-" <attribute name=\"dataType\" isParam=\"true\">"
-"invocation</attribute>\n"
+" <attribute name=\"dataType\" isParam=\"true\">invocation</attribute>\n"
" <attribute name=\"marshaller\"\n"
-" isParam=\"true\">org.jboss.invocation.unified.marshall."
-"InvocationMarshaller</attribute>\n"
+" isParam=\"true\">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>\n"
" <attribute name=\"unmarshaller\"\n"
-" isParam=\"true\">org.jboss.invocation.unified.marshall."
-"InvocationUnMarshaller</attribute>\n"
-" <!-- This will be port on which the marshall loader port "
-"runs on. -->\n"
-" <!-- <attribute name=\"loaderport\" isParam=\"true"
-"\">4447</attribute> -->\n"
+" isParam=\"true\">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>\n"
+" <!-- This will be port on which the marshall loader port runs on. -->\n"
+" <!-- <attribute name=\"loaderport\" isParam=\"true\">4447</attribute> -->\n"
" <!-- The following are specific to socket invoker -->\n"
-" <!-- <attribute name=\"numAcceptThreads\">1</"
-"attribute>-->\n"
-" <!-- <attribute name=\"maxPoolSize\">303</"
-"attribute>-->\n"
-" <!-- <attribute name=\"clientMaxPoolSize\" isParam="
-"\"true\">304</attribute>-->\n"
-" <attribute name=\"socketTimeout\" isParam=\"true"
-"\">600000</attribute>\n"
-" <attribute name=\"serverBindAddress\">${jboss.bind."
-"address}</attribute>\n"
-" <attribute name=\"serverBindPort\">4446</"
-"attribute>\n"
-" <!-- <attribute name=\"clientConnectAddress"
-"\">216.23.33.2</attribute> -->\n"
-" <!-- <attribute name=\"clientConnectPort\">7777</"
-"attribute> -->\n"
-" <attribute name=\"enableTcpNoDelay\" isParam=\"true\">"
-"true</attribute>\n"
-" <!-- <attribute name=\"backlog\">200</"
-"attribute>-->\n"
-" <!-- The following is for callback configuration and is "
-"independant of invoker type -->\n"
-" <!-- <attribute name=\"callbackMemCeiling\">30</"
-"attribute>-->\n"
-" <!-- indicates callback store by fully qualified class "
-"name -->\n"
-" <!-- <attribute name=\"callbackStore\">org.jboss."
-"remoting.CallbackStore</attribute>-->\n"
+" <!-- <attribute name=\"numAcceptThreads\">1</attribute>-->\n"
+" <!-- <attribute name=\"maxPoolSize\">303</attribute>-->\n"
+" <!-- <attribute name=\"clientMaxPoolSize\" isParam=\"true\">304</attribute>-->\n"
+" <attribute name=\"socketTimeout\" isParam=\"true\">600000</attribute>\n"
+" <attribute name=\"serverBindAddress\">${jboss.bind.address}</attribute>\n"
+" <attribute name=\"serverBindPort\">4446</attribute>\n"
+" <!-- <attribute name=\"clientConnectAddress\">216.23.33.2</attribute> -->\n"
+" <!-- <attribute name=\"clientConnectPort\">7777</attribute> -->\n"
+" <attribute name=\"enableTcpNoDelay\" isParam=\"true\">true</attribute>\n"
+" <!-- <attribute name=\"backlog\">200</attribute>-->\n"
+" <!-- The following is for callback configuration and is independant of invoker type -->\n"
+" <!-- <attribute name=\"callbackMemCeiling\">30</attribute>-->\n"
+" <!-- indicates callback store by fully qualified class name -->\n"
+" <!-- <attribute name=\"callbackStore\">org.jboss.remoting.CallbackStore</attribute>-->\n"
" <!-- indicates callback store by object name -->\n"
" <!-- \n"
" <attribute name=\"callbackStore\">\n"
" jboss.remoting:service=CallbackStore,type=Serializable\n"
" </attribute> \n"
" -->\n"
-" <!-- config params for callback store. if were declaring "
-"callback store via object name, -->\n"
-" <!-- could have specified these config params there. --"
-">\n"
-" <!-- StoreFilePath indicates to which directory to write "
-"the callback objects. -->\n"
-" <!-- The default value is the property value of 'jboss."
-"server.data.dir' and \n"
+" <!-- config params for callback store. if were declaring callback store via object name, -->\n"
+" <!-- could have specified these config params there. -->\n"
+" <!-- StoreFilePath indicates to which directory to write the callback objects. -->\n"
+" <!-- The default value is the property value of 'jboss.server.data.dir' and \n"
" if this is not set, -->\n"
-" <!-- then will be 'data'. Will then append 'remoting' and "
-"the callback client's session id. -->\n"
-" <!-- An example would be 'data\\remoting\\5c4o05l-9jijyx-"
-"e5b6xyph-1-e5b6xyph-2'. -->\n"
-" <!-- <attribute name=\"StoreFilePath\">callback</"
-"attribute>-->\n"
+" <!-- then will be 'data'. Will then append 'remoting' and the callback client's session id. -->\n"
+" <!-- An example would be 'data\\remoting\\5c4o05l-9jijyx-e5b6xyph-1-e5b6xyph-2'. -->\n"
+" <!-- <attribute name=\"StoreFilePath\">callback</attribute>-->\n"
" <!-- StoreFileSuffix indicates the file suffix to use \n"
" for the callback objects written to disk. -->\n"
" <!-- The default value for file suffix is 'ser'. -->\n"
-" <!-- <attribute name=\"StoreFileSuffix\">cst</"
-"attribute>-->\n"
+" <!-- <attribute name=\"StoreFileSuffix\">cst</attribute>-->\n"
" </invoker>\n"
"\n"
-" <!-- At least one handler is required by the connector. If "
-"have more than one, must decalre -->\n"
-" <!-- different subsystem values. Otherwise, all invocations "
-"will be routed to the only one -->\n"
+" <!-- At least one handler is required by the connector. If have more than one, must decalre -->\n"
+" <!-- different subsystem values. Otherwise, all invocations will be routed to the only one -->\n"
" <!-- that is declared. -->\n"
" <handlers>\n"
-" <!-- can also specify handler by fully qualified classname "
-"-->\n"
-" <handler subsystem=\"invoker\">jboss:service=invoker,"
-"type=unified</handler>\n"
+" <!-- can also specify handler by fully qualified classname -->\n"
+" <handler subsystem=\"invoker\">jboss:service=invoker,type=unified</handler>\n"
" </handlers>\n"
" </config>\n"
" </attribute>\n"
@@ -8425,121 +5680,83 @@
" </mbean>\n"
"</programlisting> and add the following in it's place:"
msgstr ""
-"In your <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</"
-"literal> file, comment out the following lines: <programlisting>\n"
+"In your <literal>$JBOSS_HOME/server/${serverConf}/conf/jboss-service.xml</literal> file, comment out the following lines: <programlisting>\n"
"<mbean code=\"org.jboss.remoting.transport.Connector\"\n"
" name=\"jboss.remoting:service=Connector,transport=socket\"\n"
" display-name=\"Socket transport Connector\">\n"
"\n"
-" <!-- Can either just specify the InvokerLocator attribute and not "
-"the invoker element in the -->\n"
-" <!-- Configuration attribute, or do the full invoker configuration "
-"in the in invoker element -->\n"
+" <!-- Can either just specify the InvokerLocator attribute and not the invoker element in the -->\n"
+" <!-- Configuration attribute, or do the full invoker configuration in the in invoker element -->\n"
" <!-- of the Configuration attribute. -->\n"
"\n"
-" <!-- Remember that if you do use more than one param on the uri, "
-"will have to include as a CDATA, -->\n"
+" <!-- Remember that if you do use more than one param on the uri, will have to include as a CDATA, -->\n"
" <!-- otherwise, parser will complain. -->\n"
" <!-- \n"
" <attribute name=\"InvokerLocator\">\n"
-" <![CDATA[socket://${jboss.bind.address}:4446/?"
-"datatype=invocation]]>\n"
+" <![CDATA[socket://${jboss.bind.address}:4446/?datatype=invocation]]>\n"
" </attribute> \n"
" -->\n"
"\n"
" <attribute name=\"Configuration\">\n"
" <!-- Using the following \n"
" <invoker> \n"
-" element instead of the InvokerLocator above because specific "
-"attributes needed. \n"
+" element instead of the InvokerLocator above because specific attributes needed. \n"
" -->\n"
" <!-- If wanted to use any of the parameters below, can \n"
" just add them as parameters to the url above if wanted use \n"
" the InvokerLocator attribute. -->\n"
" <config>\n"
-" <!-- Other than transport type and handler, none of these "
-"configurations are required \n"
+" <!-- Other than transport type and handler, none of these configurations are required \n"
" (will just use defaults). -->\n"
" <invoker transport=\"socket\">\n"
-" <attribute name=\"dataType\" isParam=\"true\">"
-"invocation</attribute>\n"
+" <attribute name=\"dataType\" isParam=\"true\">invocation</attribute>\n"
" <attribute name=\"marshaller\"\n"
-" isParam=\"true\">org.jboss.invocation.unified.marshall."
-"InvocationMarshaller</attribute>\n"
+" isParam=\"true\">org.jboss.invocation.unified.marshall.InvocationMarshaller</attribute>\n"
" <attribute name=\"unmarshaller\"\n"
-" isParam=\"true\">org.jboss.invocation.unified.marshall."
-"InvocationUnMarshaller</attribute>\n"
-" <!-- This will be port on which the marshall loader port "
-"runs on. -->\n"
-" <!-- <attribute name=\"loaderport\" isParam=\"true"
-"\">4447</attribute> -->\n"
+" isParam=\"true\">org.jboss.invocation.unified.marshall.InvocationUnMarshaller</attribute>\n"
+" <!-- This will be port on which the marshall loader port runs on. -->\n"
+" <!-- <attribute name=\"loaderport\" isParam=\"true\">4447</attribute> -->\n"
" <!-- The following are specific to socket invoker -->\n"
-" <!-- <attribute name=\"numAcceptThreads\">1</"
-"attribute>-->\n"
-" <!-- <attribute name=\"maxPoolSize\">303</"
-"attribute>-->\n"
-" <!-- <attribute name=\"clientMaxPoolSize\" isParam="
-"\"true\">304</attribute>-->\n"
-" <attribute name=\"socketTimeout\" isParam=\"true"
-"\">600000</attribute>\n"
-" <attribute name=\"serverBindAddress\">${jboss.bind."
-"address}</attribute>\n"
-" <attribute name=\"serverBindPort\">4446</"
-"attribute>\n"
-" <!-- <attribute name=\"clientConnectAddress"
-"\">216.23.33.2</attribute> -->\n"
-" <!-- <attribute name=\"clientConnectPort\">7777</"
-"attribute> -->\n"
-" <attribute name=\"enableTcpNoDelay\" isParam=\"true\">"
-"true</attribute>\n"
-" <!-- <attribute name=\"backlog\">200</"
-"attribute>-->\n"
-" <!-- The following is for callback configuration and is "
-"independant of invoker type -->\n"
-" <!-- <attribute name=\"callbackMemCeiling\">30</"
-"attribute>-->\n"
-" <!-- indicates callback store by fully qualified class "
-"name -->\n"
-" <!-- <attribute name=\"callbackStore\">org.jboss."
-"remoting.CallbackStore</attribute>-->\n"
+" <!-- <attribute name=\"numAcceptThreads\">1</attribute>-->\n"
+" <!-- <attribute name=\"maxPoolSize\">303</attribute>-->\n"
+" <!-- <attribute name=\"clientMaxPoolSize\" isParam=\"true\">304</attribute>-->\n"
+" <attribute name=\"socketTimeout\" isParam=\"true\">600000</attribute>\n"
+" <attribute name=\"serverBindAddress\">${jboss.bind.address}</attribute>\n"
+" <attribute name=\"serverBindPort\">4446</attribute>\n"
+" <!-- <attribute name=\"clientConnectAddress\">216.23.33.2</attribute> -->\n"
+" <!-- <attribute name=\"clientConnectPort\">7777</attribute> -->\n"
+" <attribute name=\"enableTcpNoDelay\" isParam=\"true\">true</attribute>\n"
+" <!-- <attribute name=\"backlog\">200</attribute>-->\n"
+" <!-- The following is for callback configuration and is independant of invoker type -->\n"
+" <!-- <attribute name=\"callbackMemCeiling\">30</attribute>-->\n"
+" <!-- indicates callback store by fully qualified class name -->\n"
+" <!-- <attribute name=\"callbackStore\">org.jboss.remoting.CallbackStore</attribute>-->\n"
" <!-- indicates callback store by object name -->\n"
" <!-- \n"
" <attribute name=\"callbackStore\">\n"
" jboss.remoting:service=CallbackStore,type=Serializable\n"
" </attribute> \n"
" -->\n"
-" <!-- config params for callback store. if were declaring "
-"callback store via object name, -->\n"
-" <!-- could have specified these config params there. --"
-">\n"
-" <!-- StoreFilePath indicates to which directory to write "
-"the callback objects. -->\n"
-" <!-- The default value is the property value of 'jboss."
-"server.data.dir' and \n"
+" <!-- config params for callback store. if were declaring callback store via object name, -->\n"
+" <!-- could have specified these config params there. -->\n"
+" <!-- StoreFilePath indicates to which directory to write the callback objects. -->\n"
+" <!-- The default value is the property value of 'jboss.server.data.dir' and \n"
" if this is not set, -->\n"
-" <!-- then will be 'data'. Will then append 'remoting' and "
-"the callback client's session id. -->\n"
-" <!-- An example would be 'data\\remoting\\5c4o05l-9jijyx-"
-"e5b6xyph-1-e5b6xyph-2'. -->\n"
-" <!-- <attribute name=\"StoreFilePath\">callback</"
-"attribute>-->\n"
+" <!-- then will be 'data'. Will then append 'remoting' and the callback client's session id. -->\n"
+" <!-- An example would be 'data\\remoting\\5c4o05l-9jijyx-e5b6xyph-1-e5b6xyph-2'. -->\n"
+" <!-- <attribute name=\"StoreFilePath\">callback</attribute>-->\n"
" <!-- StoreFileSuffix indicates the file suffix to use \n"
" for the callback objects written to disk. -->\n"
" <!-- The default value for file suffix is 'ser'. -->\n"
-" <!-- <attribute name=\"StoreFileSuffix\">cst</"
-"attribute>-->\n"
+" <!-- <attribute name=\"StoreFileSuffix\">cst</attribute>-->\n"
" </invoker>\n"
"\n"
-" <!-- At least one handler is required by the connector. If "
-"have more than one, must decalre -->\n"
-" <!-- different subsystem values. Otherwise, all invocations "
-"will be routed to the only one -->\n"
+" <!-- At least one handler is required by the connector. If have more than one, must decalre -->\n"
+" <!-- different subsystem values. Otherwise, all invocations will be routed to the only one -->\n"
" <!-- that is declared. -->\n"
" <handlers>\n"
-" <!-- can also specify handler by fully qualified classname "
-"-->\n"
-" <handler subsystem=\"invoker\">jboss:service=invoker,"
-"type=unified</handler>\n"
+" <!-- can also specify handler by fully qualified classname -->\n"
+" <handler subsystem=\"invoker\">jboss:service=invoker,type=unified</handler>\n"
" </handlers>\n"
" </config>\n"
" </attribute>\n"
@@ -8562,23 +5779,17 @@
" <attribute name=\"serverSocketFactory\">\n"
" jboss.remoting:service=ServerSocketFactory,type=SSL\n"
" </attribute>\n"
-" <attribute name=\"serverBindAddress\">${jboss.bind."
-"address}</attribute>\n"
-" <attribute name=\"serverBindPort\">3843</"
-"attribute>\n"
+" <attribute name=\"serverBindAddress\">${jboss.bind.address}</attribute>\n"
+" <attribute name=\"serverBindPort\">3843</attribute>\n"
" </invoker>\n"
" <handlers>\n"
-" <handler subsystem=\"invoker\">jboss:service=invoker,"
-"type=unified</handler> \n"
+" <handler subsystem=\"invoker\">jboss:service=invoker,type=unified</handler> \n"
" </handlers>\n"
" </config>\n"
" </attribute>\n"
-" <!--If you specify the keystore and password in the command line and "
-"you're \n"
-" not using the custom ServerSocketFactory, you should take out the "
-"following line-->\n"
-" <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</"
-"depends>\n"
+" <!--If you specify the keystore and password in the command line and you're \n"
+" not using the custom ServerSocketFactory, you should take out the following line-->\n"
+" <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</depends>\n"
" <depends>jboss.remoting:service=NetworkRegistry</depends>\n"
" </mbean>"
msgstr ""
@@ -8593,23 +5804,17 @@
" <attribute name=\"serverSocketFactory\">\n"
" jboss.remoting:service=ServerSocketFactory,type=SSL\n"
" </attribute>\n"
-" <attribute name=\"serverBindAddress\">${jboss.bind."
-"address}</attribute>\n"
-" <attribute name=\"serverBindPort\">3843</"
-"attribute>\n"
+" <attribute name=\"serverBindAddress\">${jboss.bind.address}</attribute>\n"
+" <attribute name=\"serverBindPort\">3843</attribute>\n"
" </invoker>\n"
" <handlers>\n"
-" <handler subsystem=\"invoker\">jboss:service=invoker,"
-"type=unified</handler> \n"
+" <handler subsystem=\"invoker\">jboss:service=invoker,type=unified</handler> \n"
" </handlers>\n"
" </config>\n"
" </attribute>\n"
-" <!--If you specify the keystore and password in the command line and "
-"you're \n"
-" not using the custom ServerSocketFactory, you should take out the "
-"following line-->\n"
-" <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</"
-"depends>\n"
+" <!--If you specify the keystore and password in the command line and you're \n"
+" not using the custom ServerSocketFactory, you should take out the following line-->\n"
+" <depends>jboss.remoting:service=ServerSocketFactory,type=SSL</depends>\n"
" <depends>jboss.remoting:service=NetworkRegistry</depends>\n"
" </mbean>"
@@ -8628,19 +5833,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2020
#, no-c-format
-msgid ""
-"JBoss comes with many socket based services that open listening ports. In "
-"this section we list the services that open ports that might need to be "
-"configured to work when accessing JBoss behind a firewall. The following "
-"table shows the ports, socket type, associated service for the services in "
-"the default configuration file set. <xref linkend="
-"\"Configuring_JBoss_for_use_Behind_a_Firewall-"
-"Additional_ports_in_the_all_configuration\"/> shows the same information for "
-"the additional ports that exist in the all configuration file set."
-msgstr ""
-"JBoss 带有许多基于套接字的服务,它们都会打开侦听端口。本节我们将讨论在防火墙后使用这些服务所要进行的配置。下表显示了端口、套接字类型、default 配置文件集里的关联服务。<xref linkend="
-"\"Configuring_JBoss_for_use_Behind_a_Firewall-"
-"Additional_ports_in_the_all_configuration\"/> 显示了 all 配置文件集里相同的信息。"
+msgid "JBoss comes with many socket based services that open listening ports. In this section we list the services that open ports that might need to be configured to work when accessing JBoss behind a firewall. The following table shows the ports, socket type, associated service for the services in the default configuration file set. <xref linkend=\"Configuring_JBoss_for_use_Behind_a_Firewall-Additional_ports_in_the_all_configuration\"/> shows the same information for the additional ports that exist in the all configuration file set."
+msgstr "JBoss 带有许多基于套接字的服务,它们都会打开侦听端口。本节我们将讨论在防火墙后使用这些服务所要进行的配置。下表显示了端口、套接字类型、default 配置文件集里的关联服务。<xref linkend=\"Configuring_JBoss_for_use_Behind_a_Firewall-Additional_ports_in_the_all_configuration\"/> 显示了 all 配置文件集里相同的信息。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:2024
@@ -8649,25 +5843,29 @@
msgstr "default 配置里找到的端口"
#. Tag: entry
-#: J2EE_Security_On_JBOSS.xml:2031 J2EE_Security_On_JBOSS.xml:2170
+#: J2EE_Security_On_JBOSS.xml:2031
+#: J2EE_Security_On_JBOSS.xml:2170
#, no-c-format
msgid "Port"
msgstr "端口"
#. Tag: entry
-#: J2EE_Security_On_JBOSS.xml:2034 J2EE_Security_On_JBOSS.xml:2173
+#: J2EE_Security_On_JBOSS.xml:2034
+#: J2EE_Security_On_JBOSS.xml:2173
#, no-c-format
msgid "Type"
msgstr "Type"
#. Tag: entry
-#: J2EE_Security_On_JBOSS.xml:2037 J2EE_Security_On_JBOSS.xml:2176
+#: J2EE_Security_On_JBOSS.xml:2037
+#: J2EE_Security_On_JBOSS.xml:2176
#, no-c-format
msgid "Service"
msgstr "服务"
#. Tag: entry
-#: J2EE_Security_On_JBOSS.xml:2040 J2EE_Security_On_JBOSS.xml:2179
+#: J2EE_Security_On_JBOSS.xml:2040
+#: J2EE_Security_On_JBOSS.xml:2179
#, no-c-format
msgid "Notes"
msgstr "备注"
@@ -8679,20 +5877,28 @@
msgstr "1098"
#. Tag: entry
-#: J2EE_Security_On_JBOSS.xml:2050 J2EE_Security_On_JBOSS.xml:2061
-#: J2EE_Security_On_JBOSS.xml:2072 J2EE_Security_On_JBOSS.xml:2083
-#: J2EE_Security_On_JBOSS.xml:2094 J2EE_Security_On_JBOSS.xml:2105
-#: J2EE_Security_On_JBOSS.xml:2116 J2EE_Security_On_JBOSS.xml:2130
-#: J2EE_Security_On_JBOSS.xml:2141 J2EE_Security_On_JBOSS.xml:2152
-#: J2EE_Security_On_JBOSS.xml:2189 J2EE_Security_On_JBOSS.xml:2200
-#: J2EE_Security_On_JBOSS.xml:2247 J2EE_Security_On_JBOSS.xml:2258
+#: J2EE_Security_On_JBOSS.xml:2050
+#: J2EE_Security_On_JBOSS.xml:2061
+#: J2EE_Security_On_JBOSS.xml:2072
+#: J2EE_Security_On_JBOSS.xml:2083
+#: J2EE_Security_On_JBOSS.xml:2094
+#: J2EE_Security_On_JBOSS.xml:2105
+#: J2EE_Security_On_JBOSS.xml:2116
+#: J2EE_Security_On_JBOSS.xml:2130
+#: J2EE_Security_On_JBOSS.xml:2141
+#: J2EE_Security_On_JBOSS.xml:2152
+#: J2EE_Security_On_JBOSS.xml:2189
+#: J2EE_Security_On_JBOSS.xml:2200
+#: J2EE_Security_On_JBOSS.xml:2247
+#: J2EE_Security_On_JBOSS.xml:2258
#: J2EE_Security_On_JBOSS.xml:2269
#, no-c-format
msgid "<entry>TCP</entry>"
msgstr "<entry>TCP</entry>"
#. Tag: literal
-#: J2EE_Security_On_JBOSS.xml:2054 J2EE_Security_On_JBOSS.xml:2065
+#: J2EE_Security_On_JBOSS.xml:2054
+#: J2EE_Security_On_JBOSS.xml:2065
#, no-c-format
msgid "org.jboss.naming.NamingService"
msgstr "org.jboss.naming.NamingService"
@@ -8766,13 +5972,8 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2122
#, no-c-format
-msgid ""
-"Plus one additional anonymous TCP port. You can specify fixed port number "
-"via the secondaryBindPort parameter in the <filename>deploy/jboss-messaging."
-"sar/remoting-bisocket-service.xml</filename> file."
-msgstr ""
-"加上一个额外的匿名 TCP 端口。你可以通过 <filename>deploy/jboss-messaging."
-"sar/remoting-bisocket-service.xml</filename> 文件里的 secondaryBindPort 参数指定固定端口。"
+msgid "Plus one additional anonymous TCP port. You can specify fixed port number via the secondaryBindPort parameter in the <filename>deploy/jboss-messaging.sar/remoting-bisocket-service.xml</filename> file."
+msgstr "加上一个额外的匿名 TCP 端口。你可以通过 <filename>deploy/jboss-messaging.sar/remoting-bisocket-service.xml</filename> 文件里的 secondaryBindPort 参数指定固定端口。"
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2127
@@ -8781,7 +5982,8 @@
msgstr "8009"
#. Tag: literal
-#: J2EE_Security_On_JBOSS.xml:2134 J2EE_Security_On_JBOSS.xml:2145
+#: J2EE_Security_On_JBOSS.xml:2134
+#: J2EE_Security_On_JBOSS.xml:2145
#, no-c-format
msgid "org.jboss.web.tomcat.service.JBossWeb"
msgstr "org.jboss.web.tomcat.service.JBossWeb"
@@ -8817,7 +6019,8 @@
msgstr "1100"
#. Tag: literal
-#: J2EE_Security_On_JBOSS.xml:2193 J2EE_Security_On_JBOSS.xml:2204
+#: J2EE_Security_On_JBOSS.xml:2193
+#: J2EE_Security_On_JBOSS.xml:2204
#: J2EE_Security_On_JBOSS.xml:2215
#, no-c-format
msgid "org.jboss.ha.jndi.HANamingService"
@@ -8836,10 +6039,14 @@
msgstr "1102"
#. Tag: entry
-#: J2EE_Security_On_JBOSS.xml:2211 J2EE_Security_On_JBOSS.xml:2222
-#: J2EE_Security_On_JBOSS.xml:2236 J2EE_Security_On_JBOSS.xml:2283
-#: J2EE_Security_On_JBOSS.xml:2297 J2EE_Security_On_JBOSS.xml:2311
-#: J2EE_Security_On_JBOSS.xml:2325 J2EE_Security_On_JBOSS.xml:2336
+#: J2EE_Security_On_JBOSS.xml:2211
+#: J2EE_Security_On_JBOSS.xml:2222
+#: J2EE_Security_On_JBOSS.xml:2236
+#: J2EE_Security_On_JBOSS.xml:2283
+#: J2EE_Security_On_JBOSS.xml:2297
+#: J2EE_Security_On_JBOSS.xml:2311
+#: J2EE_Security_On_JBOSS.xml:2325
+#: J2EE_Security_On_JBOSS.xml:2336
#: J2EE_Security_On_JBOSS.xml:2350
#, no-c-format
msgid "<entry>UDP</entry>"
@@ -8860,9 +6067,7 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2228
#, no-c-format
-msgid ""
-"Plus one additional anonymous UDP port which does not support configuration "
-"the port."
+msgid "Plus one additional anonymous UDP port which does not support configuration the port."
msgstr "加上一个额外的匿名 UDP 端口。"
#. Tag: entry
@@ -8910,22 +6115,14 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2272
#, no-c-format
-msgid ""
-"<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> "
-"(Messaging, DataChannel)"
-msgstr ""
-"<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> "
-"(Messaging, DataChannel)"
+msgid "<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> (Messaging, DataChannel)"
+msgstr "<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> (Messaging, DataChannel)"
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2275
#, no-c-format
-msgid ""
-"Plus one additional anonymous TCP port. It can be set using the FD_SOCK."
-"start_port parameter."
-msgstr ""
-"加上一个额外的匿名 TCP 端口。它可以用 FD_SOCK."
-"start_port 参数进行设置。"
+msgid "Plus one additional anonymous TCP port. It can be set using the FD_SOCK.start_port parameter."
+msgstr "加上一个额外的匿名 TCP 端口。它可以用 FD_SOCK.start_port 参数进行设置。"
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2280
@@ -8940,14 +6137,13 @@
msgstr "<literal>org.jboss.cache.TreeCache</literal> (EJB3Entity)"
#. Tag: entry
-#: J2EE_Security_On_JBOSS.xml:2289 J2EE_Security_On_JBOSS.xml:2303
-#: J2EE_Security_On_JBOSS.xml:2317 J2EE_Security_On_JBOSS.xml:2342
+#: J2EE_Security_On_JBOSS.xml:2289
+#: J2EE_Security_On_JBOSS.xml:2303
+#: J2EE_Security_On_JBOSS.xml:2317
+#: J2EE_Security_On_JBOSS.xml:2342
#: J2EE_Security_On_JBOSS.xml:2356
#, no-c-format
-msgid ""
-"Plus one additional anonymous UDP port for unicast and one additional "
-"anonymous TCP port. The UDP port can be set using the rcv_port parameter and "
-"the TCP port can be set using the FD_SOCK.start_port parameter."
+msgid "Plus one additional anonymous UDP port for unicast and one additional anonymous TCP port. The UDP port can be set using the rcv_port parameter and the TCP port can be set using the FD_SOCK.start_port parameter."
msgstr "加上一个用于多播的匿名 UDP 端口以及一个匿名的 TCP 端口。UDP 端口可以用 rcv_port 参数设置,而 TCP 端口可以用 FD_SOCK.start_port 参数进行设置。"
#. Tag: entry
@@ -8983,12 +6179,8 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2328
#, no-c-format
-msgid ""
-"<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> "
-"(Messaging, DataChannel MPING)"
-msgstr ""
-"<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> "
-"(Messaging, DataChannel MPING)"
+msgid "<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> (Messaging, DataChannel MPING)"
+msgstr "<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> (Messaging, DataChannel MPING)"
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2333
@@ -8999,12 +6191,8 @@
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2339
#, no-c-format
-msgid ""
-"<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> "
-"(Messaging, ControlChannel)"
-msgstr ""
-"<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> "
-"(Messaging, ControlChannel)"
+msgid "<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> (Messaging, ControlChannel)"
+msgstr "<literal>org.jboss.messaging.core.jmx.MessagingPostOfficeService</literal> (Messaging, ControlChannel)"
#. Tag: entry
#: J2EE_Security_On_JBOSS.xml:2347
@@ -9027,11 +6215,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2367
#, no-c-format
-msgid ""
-"JBoss comes with several admin access points that need to be secured or "
-"removed to prevent unauthorized access to administrative functions in a "
-"deployment. This section describes the various admin services and how to "
-"secure them."
+msgid "JBoss comes with several admin access points that need to be secured or removed to prevent unauthorized access to administrative functions in a deployment. This section describes the various admin services and how to secure them."
msgstr "JBoss 带有几个管理性访问的接口,它们都需要设置安全性或者删除以阻止对管理性功能的未授权使用。本节将描述这些服务以及如何设置其安全性。"
#. Tag: title
@@ -9043,12 +6227,7 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2372
#, no-c-format
-msgid ""
-"The <literal>jmx-console.war</literal> found in the deploy directory "
-"provides an html view into the JMX microkernel. As such, it provides access "
-"to arbitrary admin type access like shutting down the server, stopping "
-"services, deploying new services, etc. It should either be secured like any "
-"other web application, or removed."
+msgid "The <literal>jmx-console.war</literal> found in the deploy directory provides an html view into the JMX microkernel. As such, it provides access to arbitrary admin type access like shutting down the server, stopping services, deploying new services, etc. It should either be secured like any other web application, or removed."
msgstr "deploy 目录里提供的 <literal>jmx-console.war</literal> 提供了 JMX 微内核的 HTML 视图。因此,它提供对任何管理型功能的访问,如关闭服务器、停止服务、部署新服务等。它应该象其他 web 应用程序一样设置安全性,或者进行删除。"
#. Tag: title
@@ -9060,21 +6239,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2379
#, no-c-format
-msgid ""
-"The <literal>web-console.war</literal> found in the <literal>deploy/"
-"management</literal> directory is another web application view into the JMX "
-"microkernel. This uses a combination of an applet and a HTML view and "
-"provides the same level of access to admin functionality as the <literal>jmx-"
-"console.war</literal>. As such, it should either be secured or removed. The "
-"<literal>web-console.war</literal> contains commented out templates for "
-"basic security in its <literal>WEB-INF/web.xml</literal> as well as "
-"commented out setup for a security domain in <literal>WEB-INF/jboss-web.xml</"
-"literal>."
-msgstr ""
-"<literal>deploy/"
-"management</literal> 目录下的 <literal>web-console.war</literal> 是 JMX 微内核的另外一个 web 应用程序视图。它使用了 applet 和 HTML 视图的组合并提供和 <literal>jmx-"
-"console.war</literal> 级别相同的对管理性功能的访问。因此,应该对它设置安全性或者进行删除。<literal>web-console.war</literal> 在其 <literal>WEB-INF/web.xml</literal> 里包含注释掉的用于基本安全性的模板,在其 <literal>WEB-INF/jboss-web.xml</"
-"literal> 里还包括已注释的用于安全域的设置。"
+msgid "The <literal>web-console.war</literal> found in the <literal>deploy/management</literal> directory is another web application view into the JMX microkernel. This uses a combination of an applet and a HTML view and provides the same level of access to admin functionality as the <literal>jmx-console.war</literal>. As such, it should either be secured or removed. The <literal>web-console.war</literal> contains commented out templates for basic security in its <literal>WEB-INF/web.xml</literal> as well as commented out setup for a security domain in <literal>WEB-INF/jboss-web.xml</literal>."
+msgstr "<literal>deploy/management</literal> 目录下的 <literal>web-console.war</literal> 是 JMX 微内核的另外一个 web 应用程序视图。它使用了 applet 和 HTML 视图的组合并提供和 <literal>jmx-console.war</literal> 级别相同的对管理性功能的访问。因此,应该对它设置安全性或者进行删除。<literal>web-console.war</literal> 在其 <literal>WEB-INF/web.xml</literal> 里包含注释掉的用于基本安全性的模板,在其 <literal>WEB-INF/jboss-web.xml</literal> 里还包括已注释的用于安全域的设置。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:2385
@@ -9085,28 +6251,8 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2386
#, no-c-format
-msgid ""
-"The <literal>http-invoker.sar</literal> found in the deploy directory is a "
-"service that provides RMI/HTTP access for EJBs and the JNDI <literal>Naming</"
-"literal> service. This includes a servlet that processes posts of marshalled "
-"<literal>org.jboss.invocation.Invocation</literal> objects that represent "
-"invocations that should be dispatched onto the <literal>MBeanServer</"
-"literal>. Effectively this allows access to MBeans that support the detached "
-"invoker operation via HTTP since one could figure out how to format an "
-"appropriate HTTP post. To security this access point you would need to "
-"secure the <literal>JMXInvokerServlet</literal> servlet found in the "
-"<literal>http-invoker.sar/invoker.war/WEB-INF/web.xml</literal> descriptor. "
-"There is a secure mapping defined for the <literal>/restricted/"
-"JMXInvokerServlet</literal> path by default, one would simply have to remove "
-"the other paths and configure the <literal>http-invoker</literal> security "
-"domain setup in the <literal>http-invoker.sar/invoker.war/WEB-INF/jboss-web."
-"xml</literal> descriptor."
-msgstr ""
-"deploy 目录里的 <literal>http-invoker.sar</literal> 是一个提供对 EJB 的 RMI/HTTP 访问以及 JNDI <literal>Naming</"
-"literal> 的服务。它包括了一个处理代表应该分发给 <literal>MBeanServer</"
-"literal> 的调用的 <literal>org.jboss.invocation.Invocation</literal> 对象的 servlet。既然能够知道如何格式化合适的 HTTP post,这就有效地允许了对支持脱管调用者操作的 MBean 的访问。为了设置接入点(Access Point)的安全性,你需要设置 <literal>http-invoker.sar/invoker.war/WEB-INF/web.xml</literal> 描述符里提及的 <literal>JMXInvokerServlet</literal> servlet。这里缺省定义了 <literal>/restricted/"
-"JMXInvokerServlet</literal> 路径的安全性映射,你只要简单地删除其他路径并配置 <literal>http-invoker.sar/invoker.war/WEB-INF/jboss-web."
-"xml</literal> 描述符里定义的 <literal>http-invoker</literal> 安全域就可以了。"
+msgid "The <literal>http-invoker.sar</literal> found in the deploy directory is a service that provides RMI/HTTP access for EJBs and the JNDI <literal>Naming</literal> service. This includes a servlet that processes posts of marshalled <literal>org.jboss.invocation.Invocation</literal> objects that represent invocations that should be dispatched onto the <literal>MBeanServer</literal>. Effectively this allows access to MBeans that support the detached invoker operation via HTTP since one could figure out how to format an appropriate HTTP post. To security this access point you would need to secure the <literal>JMXInvokerServlet</literal> servlet found in the <literal>http-invoker.sar/invoker.war/WEB-INF/web.xml</literal> descriptor. There is a secure mapping defined for the <literal>/restricted/JMXInvokerServlet</literal> path by default, one would simply have to remove the other paths and configure the <literal>http-invoker</literal> security domain setup in the <literal>h!
ttp-invoker.sar/invoker.war/WEB-INF/jboss-web.xml</literal> descriptor."
+msgstr "deploy 目录里的 <literal>http-invoker.sar</literal> 是一个提供对 EJB 的 RMI/HTTP 访问以及 JNDI <literal>Naming</literal> 的服务。它包括了一个处理代表应该分发给 <literal>MBeanServer</literal> 的调用的 <literal>org.jboss.invocation.Invocation</literal> 对象的 servlet。既然能够知道如何格式化合适的 HTTP post,这就有效地允许了对支持脱管调用者操作的 MBean 的访问。为了设置接入点(Access Point)的安全性,你需要设置 <literal>http-invoker.sar/invoker.war/WEB-INF/web.xml</literal> 描述符里提及的 <literal>JMXInvokerServlet</literal> servlet。这里缺省定义了 <literal>/restricted/JMXInvokerServlet</literal> 路径的安全性映射,你只要简单地删除其他路径并配置 <literal>http-invoker.sar/invoker.war/WEB-INF/jboss-web.xml</literal> 描述符里定义的 <literal>http-invoker</literal> 安全域就可以了。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:2392
@@ -9117,13 +6263,6 @@
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:2393
#, no-c-format
-msgid ""
-"The <literal>jmx-invoker-adaptor-server.sar</literal> is a service that "
-"exposes the JMX MBeanServer interface via an RMI compatible interface using "
-"the RMI/JRMP detached invoker service. The only way for this service to be "
-"secured currently would be to switch the protocol to RMI/HTTP and secure the "
-"<literal>http-invoker.sar</literal> as described in the previous section. In "
-"the future this service will be deployed as an XMBean with a security "
-"interceptor that supports role based access checks."
+msgid "The <literal>jmx-invoker-adaptor-server.sar</literal> is a service that exposes the JMX MBeanServer interface via an RMI compatible interface using the RMI/JRMP detached invoker service. The only way for this service to be secured currently would be to switch the protocol to RMI/HTTP and secure the <literal>http-invoker.sar</literal> as described in the previous section. In the future this service will be deployed as an XMBean with a security interceptor that supports role based access checks."
msgstr "<literal>jmx-invoker-adaptor-server.sar</literal> 是一个开放 JMX MBeanServer 接口的服务,它通过使用 RMI/JRMP 脱管调用者服务的 RMI 兼容接口来实现。设置这个服务的安全性的唯一办法是切换到 RMI/HTTP 协议并象前面所述地设置 <literal>http-invoker.sar</literal> 的安全性。这个服务将来会被部署为带有支持基于角色访问检查的安全拦截器的 XMBean。 "
Modified: projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/Web_Services.po
===================================================================
--- projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/Web_Services.po 2009-08-28 05:59:30 UTC (rev 92903)
+++ projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/Web_Services.po 2009-08-28 06:00:30 UTC (rev 92904)
@@ -9,7 +9,7 @@
"Project-Id-Version: Web_Services\n"
"Report-Msgid-Bugs-To: http://bugs.kde.org\n"
"POT-Creation-Date: 2009-01-20 02:37+0000\n"
-"PO-Revision-Date: 2009-08-24 10:35+1000\n"
+"PO-Revision-Date: 2009-08-28 15:58+1000\n"
"Last-Translator: Xi HUANG <xhuang at redhat.com>\n"
"Language-Team: <en at li.org>\n"
"MIME-Version: 1.0\n"
@@ -371,7 +371,7 @@
#: Web_Services.xml:98
#, no-c-format
msgid "Let's take a look at simple POJO endpoint implementation. All endpoint associated metadata is provided via JSR-181 annotations"
-msgstr ""
+msgstr "让我们看一个简单的 POJO 终端实现。所有和终端相关的元数据由 JSR-181 注解来提供。"
#. Tag: programlisting
#: Web_Services.xml:100
@@ -441,7 +441,7 @@
#: Web_Services.xml:113
#, no-c-format
msgid "<title>Packaging the endpoint</title>"
-msgstr ""
+msgstr "<title>将终端打包</title>"
#. Tag: para
#: Web_Services.xml:114
@@ -638,9 +638,9 @@
#. Tag: title
#: Web_Services.xml:178
-#, fuzzy, no-c-format
+#, no-c-format
msgid "WebServiceContext"
-msgstr "WebServiceContext"
+msgstr "WebServiceContext "
#. Tag: para
#: Web_Services.xml:179
@@ -861,7 +861,7 @@
#: Web_Services.xml:239
#, no-c-format
msgid "Executor"
-msgstr ""
+msgstr "Executor"
#. Tag: para
#: Web_Services.xml:240
@@ -873,7 +873,7 @@
#: Web_Services.xml:248
#, no-c-format
msgid "Dynamic Proxy"
-msgstr ""
+msgstr "动态代理"
#. Tag: para
#: Web_Services.xml:249
@@ -1464,7 +1464,7 @@
#: Web_Services.xml:422
#, no-c-format
msgid "Logical Message Context"
-msgstr ""
+msgstr "Logical Message Context"
#. Tag: para
#: Web_Services.xml:423
@@ -1476,7 +1476,7 @@
#: Web_Services.xml:429
#, no-c-format
msgid "SOAP Message Context"
-msgstr ""
+msgstr "SOAP Message Context"
#. Tag: para
#: Web_Services.xml:430
@@ -1494,7 +1494,7 @@
#: Web_Services.xml:439
#, no-c-format
msgid "An implementation may thow a SOAPFaultException"
-msgstr ""
+msgstr "可能抛出 SOAPFaultException 的实现"
#. Tag: programlisting
#: Web_Services.xml:442
@@ -1559,7 +1559,7 @@
#: Web_Services.xml:460
#, no-c-format
msgid "DataBinding"
-msgstr ""
+msgstr "DataBinding"
#. Tag: title
#: Web_Services.xml:462
@@ -1601,7 +1601,7 @@
#: Web_Services.xml:482
#, no-c-format
msgid "Complete documentation can be found here:"
-msgstr ""
+msgstr "完整的文档可以在这里找到:"
#. Tag: ulink
#: Web_Services.xml:488
@@ -1704,7 +1704,7 @@
#: Web_Services.xml:585
#, no-c-format
msgid "Enabling MTOM per endpoint"
-msgstr ""
+msgstr "对于每个终端启用 MTOM"
#. Tag: para
#: Web_Services.xml:586
@@ -1716,7 +1716,7 @@
#: Web_Services.xml:590
#, no-c-format
msgid "MTOM enabled service implementations"
-msgstr ""
+msgstr "启用了 MTOM 的服务实现"
#. Tag: programlisting
#: Web_Services.xml:592
@@ -1758,13 +1758,13 @@
#: Web_Services.xml:595
#, no-c-format
msgid "The MTOM enabled SOAP 1.1 binding ID"
-msgstr ""
+msgstr "启用 MTOM 的 SOAP 1.1 binding ID"
#. Tag: emphasis
#: Web_Services.xml:601
#, no-c-format
msgid "MTOM enabled clients"
-msgstr ""
+msgstr "启用 MTOM 的客户"
#. Tag: para
#: Web_Services.xml:603
@@ -2305,13 +2305,13 @@
#: Web_Services.xml:808
#, no-c-format
msgid "Top-Down (Using wsconsume)"
-msgstr ""
+msgstr "Top-Down(使用 wsconsume)"
#. Tag: para
#: Web_Services.xml:809
#, no-c-format
msgid "The top-down development strategy begins with the abstract contract for the service, which includes the WSDL file and zero or more schema files. The <ulink url=\"http://jbws.dyndns.org/mediawiki/index.php?title=Wsconsume\">wsconsume</ulink> tool is then used to consume this contract, and produce annotated Java classes (and optionally sources) that define it."
-msgstr ""
+msgstr " top-down 开发策略从服务的抽象合约(abstract contract)开始,包括 WSDL 文件和零到多个模式文件(Schema)。<ulink url=\"http://jbws.dyndns.org/mediawiki/index.php?title=Wsconsume\">wsconsume</ulink> 工具用于消费这个合约,并产生定义它的 Java 类注解。"
#. Tag: para
#: Web_Services.xml:815
@@ -2707,7 +2707,7 @@
#: Web_Services.xml:970
#, no-c-format
msgid "It is easy to change the endpoint address of your operation at runtime, setting the ENDPOINT_ADDRESS_PROPERTY as shown below:"
-msgstr ""
+msgstr "在运行时修改操作的终端地址很简单,只要设置 ENDPOINT_ADDRESS_PROPERTY:"
#. Tag: programlisting
#: Web_Services.xml:973
@@ -2741,13 +2741,13 @@
#: Web_Services.xml:977
#, no-c-format
msgid "Command-line & Ant Task Reference"
-msgstr ""
+msgstr "命令行和 Ant 任务的引用"
#. Tag: ulink
#: Web_Services.xml:981
#, no-c-format
msgid "wsconsume reference page"
-msgstr ""
+msgstr "wsconsume 引用页"
#. Tag: ulink
#: Web_Services.xml:986
@@ -2759,19 +2759,19 @@
#: Web_Services.xml:991
#, no-c-format
msgid "wsrunclient reference page"
-msgstr ""
+msgstr "wsrunclient 引用页"
#. Tag: title
#: Web_Services.xml:998
#, no-c-format
msgid "JAX-WS binding customization"
-msgstr ""
+msgstr "JAX-WS 绑定的自定义"
#. Tag: para
#: Web_Services.xml:999
#, no-c-format
msgid "An introduction to binding customizations:"
-msgstr ""
+msgstr "对绑定自定义的介绍"
#. Tag: ulink
#: Web_Services.xml:1005
@@ -2783,13 +2783,13 @@
#: Web_Services.xml:1009
#, no-c-format
msgid "The schema for the binding customization files can be found here:"
-msgstr ""
+msgstr "用于绑定自定义文件的模式可以在这里找到:"
#. Tag: ulink
#: Web_Services.xml:1015
#, no-c-format
msgid "binding customization"
-msgstr ""
+msgstr "自定义绑定"
#. Tag: title
#: Web_Services.xml:1024
@@ -2820,7 +2820,7 @@
#: Web_Services.xml:1032
#, no-c-format
msgid "WS-Addressing is defined by a combination of the following specifications from the W3C Candidate Recommendation 17 August 2005. The WS-Addressing API is standardized by <ulink url=\"http://www.jcp.org/en/jsr/detail?id=261\">JSR-261 - Java API for XML Web Services Addressing</ulink>"
-msgstr ""
+msgstr "WS-Addressing 由 W3C Candidate Recommendation 17 August 2005 里的下列规格组合进行定义。WS-Addressing API 由 <ulink url=\"http://www.jcp.org/en/jsr/detail?id=261\">JSR-261 - Java API for XML Web Services Addressing</ulink> 进行标准化。"
#. Tag: ulink
#: Web_Services.xml:1038
@@ -2838,7 +2838,7 @@
#: Web_Services.xml:1050
#, no-c-format
msgid "Addressing Endpoint"
-msgstr ""
+msgstr "终端寻址"
#. Tag: para
#: Web_Services.xml:1051
@@ -2944,7 +2944,7 @@
#: Web_Services.xml:1068
#, no-c-format
msgid "Addressing Client"
-msgstr ""
+msgstr "客户端寻址"
#. Tag: para
#: Web_Services.xml:1069
@@ -3037,7 +3037,7 @@
#: Web_Services.xml:1459
#, no-c-format
msgid "SOAP message exchange"
-msgstr ""
+msgstr "SOAP 消息交换"
#. Tag: para
#: Web_Services.xml:1086
More information about the jboss-cvs-commits
mailing list