[jboss-cvs] JBossAS SVN: r93056 - projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Mon Aug 31 23:30:24 EDT 2009


Author: xhuang at jboss.com
Date: 2009-08-31 23:30:23 -0400 (Mon, 31 Aug 2009)
New Revision: 93056

Modified:
   projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
Log:
update

Modified: projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
===================================================================
--- projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po	2009-09-01 03:06:51 UTC (rev 93055)
+++ projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po	2009-09-01 03:30:23 UTC (rev 93056)
@@ -9,7 +9,7 @@
 "Project-Id-Version: J2EE_Security_On_JBOSS\n"
 "Report-Msgid-Bugs-To: http://bugs.kde.org\n"
 "POT-Creation-Date: 2009-01-20 02:37+0000\n"
-"PO-Revision-Date: 2009-08-31 11:58+1000\n"
+"PO-Revision-Date: 2009-09-01 13:29+1000\n"
 "Last-Translator: Xi HUANG <xhuang at redhat.com>\n"
 "Language-Team:  <en at li.org>\n"
 "MIME-Version: 1.0\n"
@@ -2189,7 +2189,7 @@
 #: J2EE_Security_On_JBOSS.xml:885
 #, no-c-format
 msgid "In addition to allowing for a custom JAAS login configuration implementation, this service allows configurations to be chained together in a stack at runtime. This allows one to push a login configuration onto the stack and latter pop it. This is a feature used by the security unit tests to install custom login configurations into a default JBoss installation. Pushing a new configuration is done using:"
-msgstr ""
+msgstr "除了允许自定义的 JAAS 登录配置实现,这个服务还允许在运行时把配置链接在栈里。这可以让你登录配置放入栈里,之后再把它提取出来。这是一个安全单元测试用来安装自定义登录配置的功能。放入新的配置中可以这样完成:"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:888
@@ -2223,7 +2223,7 @@
 #: J2EE_Security_On_JBOSS.xml:897
 #, no-c-format
 msgid "Security domains defined in the <literal>login-config.xml</literal> file are essentially static. They are read when JBoss starts up, but there is no easy way to add a new security domain or change the definition for an existing one. The <literal>DynamicLoginConfig</literal> service allows you to dynamically deploy security domains. This allows you to specify JAAS login configuration as part of a deployment (or just as a standalone service) rather than having to edit the static <literal>login-config.xml</literal> file."
-msgstr ""
+msgstr "<literal>login-config.xml</literal> 文件里定义的安全域基本上是静态的。当 JBoss 启动时它们被读取,但添加新的安全域或修改现有安全域的定义并不容易。<literal>DynamicLoginConfig</literal> 服务则可以让你动态地部署安全域。它让你把 JAAS 登录配置指定为部署的一部分(或者是独立的服务)而不需要编辑静态的 <literal>login-config.xml</literal> 文件。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:900
@@ -2247,7 +2247,7 @@
 #: J2EE_Security_On_JBOSS.xml:915
 #, no-c-format
 msgid "<emphasis role=\"bold\">SecurityManagerService</emphasis>: The <literal>SecurityManagerService</literal> name used to flush the registered security domains. This service must support a <literal>flushAuthenticationCache(String)</literal> operation to flush the case for the argument security domain. Setting this triggers the flush of the authentication caches when the service is stopped."
-msgstr ""
+msgstr "<emphasis role=\"bold\">SecurityManagerService</emphasis>:用来冲刷已注册的安全域的 <literal>SecurityManagerService</literal> 名称。这个服务必须支持 <literal>flushAuthenticationCache(String)</literal> 操作来冲刷安全域参数。设置它会触发在服务停止时验证缓存(authentication cache)的冲刷。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:920
@@ -2301,7 +2301,7 @@
 #: J2EE_Security_On_JBOSS.xml:924
 #, no-c-format
 msgid "This will load the specified <literal>AuthConfig</literal> resource using the specified <literal>LoginConfigService</literal> MBean by invoking <literal>loadConfig</literal> with the appropriate resource URL. When the service is stopped the configurations are removed. The resource specified may be either an XML file, or a Sun JAAS login configuration."
-msgstr ""
+msgstr "这将通过调用 <literal>loadConfig</literal> 以及合适的资源 URL 用指定的 <literal>LoginConfigService</literal> MBean 加载指定 <literal>AuthConfig</literal> 资源。当这个服务停止时,其配置将被删除。指定的资源可以是 XML 文件或者 Sun JAAS 登录配置。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:930
@@ -2529,7 +2529,7 @@
 #: J2EE_Security_On_JBOSS.xml:1023
 #, no-c-format
 msgid "The <literal>UsersRolesLoginModule</literal> is a simple login module that supports multiple users and user roles loaded from Java properties files. The username-to-password mapping file is called <literal>users.properties</literal> and the username-to-roles mapping file is called <literal>roles.properties</literal>. The properties files are loaded during initialization using the initialize method thread context class loader. This means that these files can be placed into the J2EE deployment JAR, the JBoss configuration directory, or any directory on the JBoss server or system classpath. The primary purpose of this login module is to easily test the security settings of multiple users and roles using properties files deployed with the application."
-msgstr ""
+msgstr "<literal>UsersRolesLoginModule</literal> 是一个简单的登录模块,它支持 Java 属性文件里加载的多个用户和角色。用户名到密码的映射文件被称为 <literal>users.properties</literal>,而用户名到角色的映射文件被称为 <literal>roles.properties</literal>。属性文件在初始化时用 initialize 方法线程上下文类加载器进行加载。这意味着这些文件可以放入 J2EE 部署 JAR 文件里、JBoss 配置目录里或者任何 JBoss 服务器的目录里或者系统的 classpath 里。这个登录模块的主要目的是用属性文件测试多个用户和角色的安全性设置。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1026
@@ -2571,7 +2571,7 @@
 #: J2EE_Security_On_JBOSS.xml:1034
 #, no-c-format
 msgid "The <literal>username.XXX</literal> form of property name is used to assign the username roles to a particular named group of roles where the <literal>XXX</literal> portion of the property name is the group name. The <literal>username=...</literal> form is an abbreviation for <literal>username.Roles=...</literal>, where the <literal>Roles</literal> group name is the standard name the <literal>JaasSecurityManager</literal> expects to contain the roles which define the users permissions."
-msgstr ""
+msgstr "属性名的 <literal>username.XXX</literal> 形式用于把用户角色分配给特定的角色组,这里的 <literal>XXX</literal> 是组名。<literal>username=...</literal> 格式是 <literal>username.Roles=...</literal> 的缩写,这里的 <literal>Roles</literal> 组名是 <literal>JaasSecurityManager</literal> 的标准名称,它应该包含定义用户权限的角色。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1037
@@ -2632,7 +2632,7 @@
 #: J2EE_Security_On_JBOSS.xml:1066
 #, no-c-format
 msgid "The LDAP connectivity information is provided as configuration options that are passed through to the environment object used to create JNDI initial context. The standard LDAP JNDI properties used include the following:"
-msgstr ""
+msgstr "LDAP 连接性信息作为配置选项传递给环境对象以用于创建 JNDI 初始上下文。标准的 LDAP JNDI 属性包括:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1071
@@ -2680,13 +2680,13 @@
 #: J2EE_Security_On_JBOSS.xml:1111
 #, no-c-format
 msgid "<emphasis role=\"bold\">principalDNSuffix</emphasis>: A suffix to add to the username when forming the user distinguished name. This is useful if you prompt a user for a username and you don&#39;t want the user to have to enter the fully distinguished name. Using this property and <literal>principalDNSuffix</literal> the <literal>userDN</literal> will be formed as <literal>principalDNPrefix + username + principalDNSuffix</literal>"
-msgstr ""
+msgstr "<emphasis role=\"bold\">principalDNSuffix</emphasis>:为用户名添加的后缀以组成可区分的用户名。如果你提示用户输入用户名而你不希望用户输入完整的可区分名称时,这很有用。使用这个属性和 <literal>principalDNSuffix</literal>,<literal>userDN</literal> 将组成 <literal>principalDNPrefix + username + principalDNSuffix</literal>。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1116
 #, no-c-format
 msgid "<emphasis role=\"bold\">useObjectCredential</emphasis>: A true/false value that indicates that the credential should be obtained as an opaque <literal>Object</literal> using the <literal>org.jboss.security.auth.callback.ObjectCallback</literal> type of <literal>Callback</literal> rather than as a <literal>char[]</literal> password using a JAAS <literal>PasswordCallback</literal>. This allows for passing non-<literal>char[]</literal> credential information to the LDAP server."
-msgstr ""
+msgstr "<emphasis role=\"bold\">useObjectCredential</emphasis>:表示 credential 是否应该作为使用 <literal>Callback</literal> 的 <literal>org.jboss.security.auth.callback.ObjectCallback</literal> 类型的不透明 <literal>Object</literal> 而不是使用 JAAS <literal>PasswordCallback</literal> 的 <literal>char[]</literal> 密码的 true/false 值。它允许把非 <literal>char[]</literal> 的 credential 信息传递给 LDAP 服务器。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1121
@@ -2698,7 +2698,7 @@
 #: J2EE_Security_On_JBOSS.xml:1126
 #, no-c-format
 msgid "<emphasis role=\"bold\">userRolesCtxDNAttributeName</emphasis>: The name of an attribute in the user object that contains the distinguished name to the context to search for user roles. This differs from <literal>rolesCtxDN</literal> in that the context to search for a user&#39;s roles can be unique for each user."
-msgstr ""
+msgstr "<emphasis role=\"bold\">userRolesCtxDNAttributeName</emphasis>:用户对象里的属性的名称包含用于搜索用户角色的可区分名称。这和 <literal>rolesCtxDN</literal> 不同,因为它可以所搜索的上下文对于每个用户是唯一的。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1131
@@ -2710,13 +2710,13 @@
 #: J2EE_Security_On_JBOSS.xml:1136
 #, no-c-format
 msgid "<emphasis role=\"bold\">roleAttributeIsDN</emphasis>: A flag indicating whether the <literal>roleAttributeID</literal> contains the fully distinguished name of a role object, or the role name. If false, the role name is taken from the value of <literal>roleAttributeID</literal>. If true, the role attribute represents the distinguished name of a role object. The role name is taken from the value of the <literal>roleNameAttributeId</literal> attribute of the context name by the distinguished name. In certain directory schemas (e.g., MS ActiveDirectory), role attributes in the user object are stored as DNs to role objects instead of as simple names, in which case, this property should be set to true. The default is false."
-msgstr ""
+msgstr "<emphasis role=\"bold\">roleAttributeIsDN</emphasis>:表示 <literal>roleAttributeID</literal> 是否包含角色对象或角色名称的完整可区分名。如果为 false,角色名从 <literal>roleAttributeID</literal> 值里获取。如果为 true,角色属性代表角色对象的可区分名。角色名根据可区分名从上下文名里的 <literal>roleNameAttributeId</literal> 属性值里获得。在某些目录模式(如 MS ActiveDirectory)里,用户对象里的角色属性被存储为指向角色对象的 DN 而不是简单的名称,此时,这个属性应该设置为 true。它的缺省值为 false。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1141
 #, no-c-format
 msgid "<emphasis role=\"bold\">roleNameAttributeID</emphasis>: The name of the attribute of the context pointed to by the <literal>roleCtxDN</literal> distinguished name value which contains the role name. If the <literal>roleAttributeIsDN</literal> property is set to true, this property is used to find the role object&#39;s name attribute. The default is <literal>group</literal>."
-msgstr ""
+msgstr "<emphasis role=\"bold\">roleNameAttributeID</emphasis>:包含角色名的 <literal>roleCtxDN</literal> 可区分名指向的上下文的属性的名称。如果 <literal>roleAttributeIsDN</literal> 为 true,这个属性被用来寻找角色对象的 name 属性。它的缺省值是 <literal>group</literal>。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1146
@@ -2728,31 +2728,31 @@
 #: J2EE_Security_On_JBOSS.xml:1151
 #, no-c-format
 msgid "<emphasis role=\"bold\">matchOnUserDN</emphasis>: A true/false flag indicating if the search for user roles should match on the user&#39;s fully distinguished name. If false, just the username is used as the match value against the <literal>uidAttributeName</literal> attribute. If true, the full <literal>userDN</literal> is used as the match value."
-msgstr ""
+msgstr "<emphasis role=\"bold\">matchOnUserDN</emphasis>:表示用户角色的搜索是否应该匹配用户的全可区分名称。如果为 false,用户作为 <literal>uidAttributeName</literal> 属性对应的值。如果为 true,对应值使用完整的 <literal>userDN</literal>。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1156
 #, no-c-format
 msgid "<emphasis role=\"bold\">unauthenticatedIdentity</emphasis>: The principal name that should be assigned to requests that contain no authentication information. This behavior is inherited from the <literal>UsernamePasswordLoginModule</literal> superclass."
-msgstr ""
+msgstr "<emphasis role=\"bold\">unauthenticatedIdentity</emphasis>:应该分配给不包含验证信息的请求的 principal 名称。这种行为是从 <literal>UsernamePasswordLoginModule</literal> 超类继承的。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1161
 #, no-c-format
 msgid "<emphasis role=\"bold\">allowEmptyPasswords</emphasis>: A flag indicating if empty (length 0) passwords should be passed to the LDAP server. An empty password is treated as an anonymous login by some LDAP servers and this may not be a desirable feature. Set this to false to reject empty passwords or true to have the LDAP server validate the empty password. The default is true."
-msgstr ""
+msgstr "<emphasis role=\"bold\">allowEmptyPasswords</emphasis>:表示空密码(长度为 0)是否应该传递给 LDAP 服务器。因为有些 LDAP 服务器把空密码作为匿名登录对待,这可能并非所需的功能。把它设置为 false 可拒绝空密码,true 则让 LDAP 服务器检验空密码。它的缺省值为 true。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1166
 #, no-c-format
 msgid "The authentication of a user is performed by connecting to the LDAP server based on the login module configuration options. Connecting to the LDAP server is done by creating an <literal>InitialLdapContext</literal> with an environment composed of the LDAP JNDI properties described previously in this section. The <literal>Context.SECURITY_PRINCIPAL</literal> is set to the distinguished name of the user as obtained by the callback handler in combination with the <literal>principalDNPrefix</literal> and <literal>principalDNSuffix</literal> option values, and the <literal>Context.SECURITY_CREDENTIALS</literal> property is either set to the <literal>String</literal> password or the <literal>Object</literal> credential depending on the <literal>useObjectCredential</literal> option."
-msgstr ""
+msgstr "用户的验证是通过连接到基于登录模块配置选项的 LDAP 服务器来执行的。创建 <literal>InitialLdapContext</literal> 以及由 LDAP JNDI 属性组成的环境可以完成到 LDAP 服务器的连接。<literal>Context.SECURITY_PRINCIPAL</literal> 被设置为用户的可区分名称,这是通过回调处理程序联合 <literal>principalDNPrefix</literal> 和 <literal>principalDNSuffix</literal> 可选值获得的。根据 <literal>useObjectCredential</literal> 选项,<literal>Context.SECURITY_CREDENTIALS</literal> 属性被设置为 <literal>String</literal> 密码或 <literal>Object</literal> credential。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1169
 #, no-c-format
 msgid "Once authentication has succeeded by virtue of being able to create an <literal>InitialLdapContext</literal> instance, the user&#39;s roles are queried by performing a search on the <literal>rolesCtxDN</literal> location with search attributes set to the <literal>roleAttributeName</literal> and <literal>uidAttributeName</literal> option values. The roles names are obtaining by invoking the <literal>toString</literal> method on the role attributes in the search result set."
-msgstr ""
+msgstr "一旦验证成功,<literal>InitialLdapContext</literal> 实例将被创建,用户的角色可通过搜索 <literal>rolesCtxDN</literal> 来查询,搜索属性应该设置为 <literal>roleAttributeName</literal> 和 <literal>uidAttributeName</literal> 的可选值。角色名称通过调用搜索结果集里的 role 属性的 <literal>toString</literal> 方法来获取。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1172
@@ -2828,7 +2828,7 @@
 #: J2EE_Security_On_JBOSS.xml:1176
 #, no-c-format
 msgid "An LDIF file representing the structure of the directory this data operates against is shown below."
-msgstr ""
+msgstr "下面是一个代表这个数据所操作的目录结构的 LDIF 文件。"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1179
@@ -2904,19 +2904,19 @@
 #: J2EE_Security_On_JBOSS.xml:1180
 #, no-c-format
 msgid "Looking back at the <literal>testLDAP</literal> login module configuration, the <literal>java.naming.factory.initial</literal>, <literal>java.naming.factory.url</literal> and <literal>java.naming.security</literal> options indicate the Sun LDAP JNDI provider implementation will be used, the LDAP server is located on host <literal>ldaphost.jboss.org</literal> on port 1389, and that the LDAP simple authentication method will be use to connect to the LDAP server."
-msgstr ""
+msgstr "回头看 <literal>testLDAP</literal> 登录模块配置,<literal>java.naming.factory.initial</literal>、<literal>java.naming.factory.url</literal> 和 <literal>java.naming.security</literal> 选项表示 Sun LDAP JNDI 提供者实现将被使用,LDAP 服务器位于主机 <literal>ldaphost.jboss.org</literal> 的端口 1389,LDAP 简单验证方法将用来连接 LDAP 服务器。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1183
 #, no-c-format
 msgid "The login module attempts to connect to the LDAP server using a DN representing the user it is trying to authenticate. This DN is constructed from the <literal>principalDNPrefix</literal>, passed in, the username of the user and the <literal>principalDNSuffix</literal> as described above. In this example, the username <literal>jduke</literal> would map to <literal>uid=jduke,ou=People,dc=jboss,dc=org</literal>. We&#39;ve assumed the LDAP server authenticates users using the <literal>userPassword</literal> attribute of the user&#39;s entry (<literal>theduke</literal> in this example). This is the way most LDAP servers work, however, if your LDAP server handles authentication differently you will need to set the authentication credentials in a way that makes sense for your server."
-msgstr ""
+msgstr "登录模块试图用代表将验证的用户的 DN 连接 LDAP 服务器。这个 DN 由 <literal>principalDNPrefix</literal>、用户名和 <literal>principalDNSuffix</literal> 构成。在这个例子里,用户名 <literal>jduke</literal> 将对应 <literal>uid=jduke,ou=People,dc=jboss,dc=org</literal>。我们假设 LDAP 服务器使用用户条目(这个例子里是 <literal>theduke</literal>)的 <literal>userPassword</literal> 属性验证用户。这是多数 LDAP 服务器的运行方式,然而,如果你的 LDAP 服务器处理验证的方式不同,你就需要对 credential 进行相应的设置。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1186
 #, no-c-format
 msgid "Once authentication succeeds, the roles on which authorization will be based are retrieved by performing a subtree search of the <literal>rolesCtxDN</literal> for entries whose <literal>uidAttributeID</literal> match the user. If <literal>matchOnUserDN</literal> is true the search will be based on the full DN of the user. Otherwise the search will be based on the actual user name entered. In this example, the search is under <literal>ou=Roles,dc=jboss,dc=org</literal> for any entries that have a <literal>member</literal> attribute equal to <literal>uid=jduke,ou=People,dc=jboss,dc=org</literal>. The search would locate <literal>cn=JBossAdmin</literal> under the roles entry."
-msgstr ""
+msgstr "一旦验证成功了,授权所基于的角色将通过执行用户对应的 <literal>uidAttributeID</literal> 的子树查询 <literal>rolesCtxDN</literal> 来获取。如果 <literal>matchOnUserDN</literal> 为 true,这个搜索将给予用户的完整 DN。否则将基于实际的用户名。在这个例子里,搜索基于 <literal>ou=Roles,dc=jboss,dc=org</literal> 下任何具有和 <literal>uid=jduke,ou=People,dc=jboss,dc=org</literal> 相等的 <literal>member</literal> 属性的条目。搜索将定位 roles 条目下的 <literal>cn=JBossAdmin</literal>。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1189




More information about the jboss-cvs-commits mailing list