[jboss-cvs] JBossAS SVN: r90372 - projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Thu Jun 18 02:09:55 EDT 2009 

Author: xhuang at jboss.com
Date: 2009-06-18 02:09:55 -0400 (Thu, 18 Jun 2009)
New Revision: 90372

Modified:
   projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
Log:
update

Modified: projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
===================================================================
--- projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po	2009-06-18 05:21:55 UTC (rev 90371)
+++ projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po	2009-06-18 06:09:55 UTC (rev 90372)
@@ -9,13 +9,13 @@
 "Project-Id-Version: J2EE_Security_On_JBOSS\n"
 "Report-Msgid-Bugs-To: http://bugs.kde.org\n"
 "POT-Creation-Date: 2009-01-20 02:37+0000\n"
-"PO-Revision-Date: 2009-06-15 12:09+1000\n"
-"Last-Translator: \n"
-"Language-Team: en_US <kde-i18n-doc at kde.org>\n"
+"PO-Revision-Date: 2009-06-18 16:09+1000\n"
+"Last-Translator: Xi HUANG <xhuang at redhat.com>\n"
+"Language-Team:  <en at li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
-"X-Generator: Lokalize 0.3\n"
+"X-Generator: KBabel 1.11.4\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 
 #. Tag: title
@@ -5224,7 +5224,7 @@
 #: J2EE_Security_On_JBOSS.xml:1367
 #, no-c-format
 msgid "Writing Custom Login Modules"
-msgstr ""
+msgstr "编写自定义的登录模块"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1368
@@ -5241,7 +5241,7 @@
 "<literal>JaasSecurityManager</literal>. This section examines this "
 "requirement and introduces two abstract base <literal>LoginModule</literal> "
 "implementations that can help you implement your own custom login modules."
-msgstr ""
+msgstr "如果 JBossSX 框架捆绑的登录模块不适合你的安全环境,你可以编写自定义的登录模块实现。在 <literal>JaasSecurityManager</literal> 架构章节里,<literal>JaasSecurityManager</literal> 需要一个特定的 <literal>Subject</literal> principal 集合的使用模式。你需要理解 JAAS Subject 类的信息存储功能并使用这些功能来编写可和 <literal>JaasSecurityManager</literal> 一起工作的登录模块。本节讨论相关的要求并介绍两个抽象的 <literal>LoginModule</literal> 实现以帮助你实现自己的登录模块。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1371
@@ -5250,6 +5250,8 @@
 "You can obtain security information associated with a <literal>Subject</"
 "literal> in six ways in JBoss using the following methods:"
 msgstr ""
+"你可以用下面的方法以 6 种方式获取和 <literal>Subject</"
+"literal> 相关联的安全信息:"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1374
@@ -5278,6 +5280,8 @@
 "<literal>getPrincipals()</literal> and <literal>getPrincipals(java.lang."
 "Class)</literal>. The usage pattern is as follows:"
 msgstr ""
+"对于 <literal>Subject</literal> 的标识符和角色,JBossSX 已经选择了最自然的选项:通过 <literal>getPrincipals()</literal> 和 <literal>getPrincipals(java.lang."
+"Class)</literal> 获得的 Principal 集。其用法如下:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1380
@@ -5293,10 +5297,14 @@
 "instances may be added to the <literal>Subject</literal><literal>Principals</"
 "literal> set as needed."
 msgstr ""
+"用户标识符(用户名、社会保险号、雇员号等)存储为 <literal>Subject</literal><literal>Principals</literal> 集里的 <literal>java.security.Principal</literal> 对象。代表用户标识的 <literal>Principal</literal> 实现必须和 principal 相等。<literal>org.jboss.security."
+"SimplePrincipal</literal> 作为一个合适的实现。其他 <literal>Principal</literal> 实例可以根据需要添加到 <literal>Subject</literal><literal>Principals</"
+"literal> 集里。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1385
 #, no-c-format
+#, fuzzy
 msgid ""
 "The assigned user roles are also stored in the <literal>Principals</literal> "
 "set, but they are grouped in named role sets using <literal>java.security."
@@ -5322,12 +5330,20 @@
 "not have a <literal>CallerPrincipal</literal><literal>Group</literal>, the "
 "application identity is the same as operational environment identity."
 msgstr ""
+"分配的用户角色也存储在 <literal>Principals</literal> 集里,但它们以使用 <literal>java.security."
+"acl.Group</literal> 实例的角色集进行分组。<literal>Group</literal> 接口定义了一个 <literal>Principal</literal> 和/或 <literal>Group</"
+"literal> 的集合,它是 <literal>java.security.Principal</"
+"literal> 的子接口。目前,JBossSX 框架使用两个角色集:<literal>Roles</literal> 和 <literal>CallerPrincipal</"
+"literal>。 "
+"<literal>Roles</literal> 组是用于角色 <literal>Principal</literal> "
+"这个角色集被 <literal>EJBContext."
+"isCallerInRole(String)</literal> 等方法使用,EJB 可以用来查看当前的调用者是否属于应用程序域的角色。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1391
 #, no-c-format
 msgid "Support for the Subject Usage Pattern"
-msgstr ""
+msgstr "对 Subject 用法模式的支持"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1392
@@ -5345,6 +5361,8 @@
 "key details of the class are highlighted in the following class fragment. "
 "The JavaDoc comments detail the responsibilities of subclasses."
 msgstr ""
+"为了简化前面章节描述的 <literal>Subject</literal> 用法模式的正确实现,JBossSX 包括了两个抽象登录模块,它们可以处理已验证的带有强制正确使用 <literal>Subject</literal> 的模板模式的 <literal>Subject</literal>。其中最常用的是 <literal>org.jboss.security.auth.spi.AbstractServerLoginModule</literal> 类。它提供对 <literal>javax.security."
+"auth.spi.LoginModule</literal> 接口的实现,并为操作环境安全基础结果所专有的关键任务提供抽象方法。这个类的关键细节在下面的代码里被高亮显示。JavaDoc 注释详述了其子类的职责。"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1395
@@ -5560,7 +5578,7 @@
 "outcome of the login phase was added to allow login modules to be chained "
 "together with control flags that do not require that the login module "
 "succeed in order for the overall login to succeed."
-msgstr ""
+msgstr "你需要注意 <literal>loginOk</literal> 实例变量。如果登录成功,它必须设置为 true,否则为 false。没有正确设置这个变量将导致提交方法在需要时未更新 Subject,或是在不应该时却更新了 Subject。添加对登录阶段结果的跟踪使得登录模块可以用控制标记链接在一起,从而使得总体登录的成功并不要求每个登录模块都登录成功。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1399
@@ -5576,6 +5594,8 @@
 "highlighted in the following class fragment. The JavaDoc comments detail the "
 "responsibilities of subclasses."
 msgstr ""
+"第二个登录模块的抽象基类是 <literal>org.jboss.security.auth.spi.UsernamePasswordLoginModule</"
+"literal>。这个登录模块通过强制基于字符串的用户名为用户标识符以及强制 <literal>char[]</literal> 密码为验证 credential 而进一步简化了自定义登录模块的实现。它也支持匿名用户(由空的用户名和密码表示)到不具有角色的 Principal 的映射。下面的代码高亮显示了这个类的关键细节。JavaDoc 注释详述了其子类的职责。"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1402
@@ -5777,6 +5797,8 @@
 "<literal>UsernamePasswordLoginModule</literal>, otherwise subclass "
 "<literal>AbstractServerLoginModule</literal>."
 msgstr ""
+"创建 <literal>AbstractServerLoginModule</literal> "
+"还是 <literal>UsernamePasswordLoginModule</literal> 的子类取决于使用基于字符串的密码和 credential 是否可用于你编写登录模块所使用的验证技术。如果基于字符串的模式是有效的,那就创建 <literal>UsernamePasswordLoginModule</literal> 的子类,否则就创建 <literal>AbstractServerLoginModule</literal> 的子类。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1406
@@ -5790,15 +5812,15 @@
 "<literal>UsernamePasswordLoginModule</literal> to ensure that your login "
 "module provides the authenticated <literal>Principal</literal> information "
 "in the form expected by the JBossSX security manager."
-msgstr ""
+msgstr "下面总结了编写自定义登录模块所需的执行步骤,这取决于你选择的登录模块的基类。当编写和你的安全基础结构集成的自定义登录模块时,你应该从创建 <literal>AbstractServerLoginModule</literal> 或 <literal>UsernamePasswordLoginModule</literal> 的子类开始以确保你的登录模块提供 符合 JBossSX 安全管理者所期望的格式的已验证的 <literal>Principal</literal> 信息。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1409
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "When subclassing the <literal>AbstractServerLoginModule</literal>, you need "
 "to override the following:"
-msgstr "用<literal>RMIAdaptor</literal>来测试客户段访问,运行下面的:"
+msgstr "当创建 <literal>AbstractServerLoginModule</literal> 的子类时,你需要覆盖下面的方法:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1414 J2EE_Security_On_JBOSS.xml:1439
@@ -5806,7 +5828,7 @@
 msgid ""
 "<literal>void initialize(Subject, CallbackHandler, Map, Map)</literal>: if "
 "you have custom options to parse."
-msgstr ""
+msgstr "<literal>void initialize(Subject, CallbackHandler, Map, Map)</literal>:如果要解析自定义的选项。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1419
@@ -5815,7 +5837,7 @@
 "<literal>boolean login()</literal>: to perform the authentication activity. "
 "Be sure to set the <literal>loginOk</literal> instance variable to true if "
 "login succeeds, false if it fails."
-msgstr ""
+msgstr "<literal>boolean login()</literal>:执行验证。如果登录成功,请确保设置 <literal>loginOk</literal> 实例变量为 true,或在失败时设置为 false。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1424
@@ -5824,7 +5846,7 @@
 "<literal>Principal getIdentity()</literal>: to return the "
 "<literal>Principal</literal> object for the user authenticated by the "
 "<literal>log()</literal> step."
-msgstr ""
+msgstr "<literal>Principal getIdentity()</literal>:为 <literal>login()</literal> 步骤验证的用户返回 <literal>Principal</literal> 对象。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1429 J2EE_Security_On_JBOSS.xml:1444
@@ -5836,15 +5858,15 @@
 "<literal>login()</literal>. A second common <literal>Group</literal> is "
 "named <literal>CallerPrincipal</literal> and provides the user&#39;s "
 "application identity rather than the security domain identity."
-msgstr ""
+msgstr "<literal>Group[] getRoleSets()</literal>:返回至少一个名为 <literal>Roles</literal> 的 <literal>Group</literal>,它包含分配给 <literal>login()</literal> 期间验证的 <literal>Principal</literal> 的角色。第二个公用的 <literal>Group</literal> 的名称是 <literal>CallerPrincipal</literal>,它提供用户的应用程序标识而不是安全域标识。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1434
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "When subclassing the <literal>UsernamePasswordLoginModule</literal>, you "
 "need to override the following:"
-msgstr "用<literal>RMIAdaptor</literal>来测试客户段访问,运行下面的:"
+msgstr "当创建 <literal>UsernamePasswordLoginModule</literal> 的子类时,你需要覆盖:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1449
@@ -5856,12 +5878,15 @@
 "from within <literal>login()</literal> after the <literal>callbackhandler</"
 "literal> returns the username and candidate password."
 msgstr ""
+"<literal>String getUsersPassword()</literal>:返回通过 <literal>getUsername()</"
+"literal> 获得的当前用户的密码。<literal>getUsersPassword()</literal> 方法是在 <literal>login()</literal> 里并在 <literal>callbackhandler</"
+"literal> 返回用户名和候选密码后被调用的。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1457
 #, no-c-format
 msgid "A Custom LoginModule Example"
-msgstr ""
+msgstr "自定义的登录模块示例"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1458
@@ -5877,6 +5902,8 @@
 "<literal>roles/&lt;username&gt;</literal> returns the requested user&#39;s "
 "roles."
 msgstr ""
+"在本节,我们将开发一个自定义的登录模块例子。它将继承 <literal>UsernamePasswordLoginModule</literal> 并通过 JNDI 查找获取用户的密码和角色名。如果你用 <literal>password/"
+"&lt;username&gt;</literal> 的形式执行一个查找,其中的 <literal>&lt;username&gt;</literal> 是已经验证的当前用户,JNDI 上下文将返回用户的密码。类似地,<literal>roles/&lt;username&gt;</literal> 形式的查找将返回用户的角色。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1461
@@ -5892,12 +5919,16 @@
 "and roles from the JNDI store. The <literal>JndiUserAndPass</literal> does "
 "not concern itself with the JAAS <literal>LoginModule</literal> operations."
 msgstr ""
+"这个例子的源码位于 book 例程的 <literal>src/main/org/"
+"jboss/book/security/ex2</literal> 目录下。<xref "
+"linkend=\"A_Custom_LoginModule_Example-_A_JndiUserAndPass_custom_login_module"
+"\"/> 展示了 <literal>JndiUserAndPass</literal> 自定义登录模块的源代码。请注意,因为这继承了 JBoss 的 <literal>UsernamePasswordLoginModule</literal>,<literal>JndiUserAndPass</literal> 所做的只是从 JNDI 库里获取用户的密码和角色。<literal>JndiUserAndPass</literal> 不涉及 JAAS <literal>LoginModule</literal> 操作。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1464
 #, no-c-format
 msgid "A JndiUserAndPass custom login module"
-msgstr ""
+msgstr "自定义的 JndiUserAndPass 登录模块"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1465
@@ -6106,6 +6137,9 @@
 "<literal>{\"TheDuke\", \"Echo\"}</literal> regardless of what the username "
 "is. You can experiment with other implementations as you wish."
 msgstr ""
+"JNDI 库的细节可以在 <literal>org.jboss.book."
+"security.ex2.service.JndiStore</literal> MBean 里找到。这个服务绑定了<literal>ObjectFactory</literal>,它往 JNDI 返回  <literal>javax.naming."
+"Context</literal> 代理。这个代理通过检查查找名的前缀里的 <literal>password</literal> 和 <literal>roles</literal> 来处理查找操作。当名称以 <literal>password</literal> 开始时,用户的密码将被请求。当名称以 <literal>roles</literal> 开始时,用户的角色将别请求。示例实现总是返回 <literal>theduke</literal> 的密码和角色名称的队列 <literal>{\"TheDuke\", \"Echo\"}</literal> 而不管用户名是什么。你也可以使用其他实现。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1469
@@ -6114,7 +6148,7 @@
 "The example code includes a simple session bean for testing the custom login "
 "module. To build, deploy and run the example, execute the following command "
 "in the examples directory."
-msgstr ""
+msgstr "示例代码包括了一个用于测试自定义登录模块的简单的 session bean。要构建、部署和运行这个例子,你可以在 examples 目录里执行下列命令。"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1472
@@ -6146,7 +6180,7 @@
 "module for the server side authentication of the user is determined by the "
 "login configuration for the example security domain. The EJB JAR "
 "<literal>META-INF/jboss.xml</literal> descriptor sets the security domain"
-msgstr ""
+msgstr "为服务器端用户的验证选择 <literal>JndiUserAndPass</literal> 自定义登录模块是由示例安全域的登录配置决定的。EJB JAR 的 <literal>META-INF/jboss.xml</literal> 描述符设置了安全域。"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1476
@@ -6168,7 +6202,7 @@
 msgid ""
 "The SAR <literal>META-INF/login-config.xml</literal> descriptor defines the "
 "login module configuration."
-msgstr ""
+msgstr "SAR <literal>META-INF/login-config.xml</literal> 描述符定义了登录模块配置。"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1480
@@ -6588,7 +6622,7 @@
 "control over whether the <literal>SRPLoginModule</literal> configuration "
 "used by the client must have the <literal>useAuxChallenge</literal> option "
 "enabled."
-msgstr ""
+msgstr "<emphasis role=\"bold\">RequireAuxChallenge</emphasis>:如果客户端必须提供一个辅助 challenge 来作为验证阶段的一部分,就可以设置这个选项。它控制客户端使用的 <literal>SRPLoginModule</literal> 配置是否必须启用 <literal>useAuxChallenge</literal> 选项。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1637
@@ -6601,7 +6635,7 @@
 "false meaning that the second attempt by a user to authentication will "
 "succeed, but the resulting SRP session will not overwrite the previous SRP "
 "session state."
-msgstr ""
+msgstr "<emphasis role=\"bold\">OverwriteSessions</emphasis>:指出现有会话的成功的用户授权是否应该覆盖当前会话。当客户还没有启用每个用户使用多个会话的模式时,这控制了服务器 SRP 会话缓存的行为。缺省值是 false,表示用户第二次验证尝试将会成功,但结果 SRP 会话将不会覆盖前面的 SRP 会话状态。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1642
@@ -6618,31 +6652,26 @@
 "example of the requirements for an <literal>SRPVerifierStore</literal> "
 "service. The configurable <literal>SRPVerifierStoreService</literal> MBean "
 "attributes include the following:"
-msgstr ""
+msgstr "输入设置是 <literal>VerifierSourceJndiName</literal> 属性。这是 SRP 密码信息库实现的位置,它必须被提供且可通过 JNDI 使用。<literal>org.jboss.security.srp SRPVerifierStoreService</literal> 是一个示例 MBean 服务,它捆绑了把序列化对象作为持久性存储的 <literal>SRPVerifierStore</literal> 接口的实现。对于产品环境里说,这虽然不现实,但它允许对 SRP 协议进行测试并提供了关于 <literal>SRPVerifierStore</literal> 服务的要求的例子。<literal>SRPVerifierStoreService</literal> MBean 的可配置选项包括:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1647
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "<emphasis role=\"bold\">JndiName</emphasis>: The JNDI name from which the "
 "<literal>SRPVerifierStore</literal> implementation should be available. If "
 "not specified it defaults to <literal>srp/DefaultVerifierSource</literal>."
-msgstr ""
-"<emphasis role=\"bold\">className</emphasis>:这是 <literal>org.apache."
-"catalina.Host</literal> 接口实现的类的全名。它的缺省值是 <literal>org.apache."
-"catalina.core.StandardHost</literal>。"
+msgstr "<emphasis role=\"bold\">JndiName</emphasis>:<literal>SRPVerifierStore</literal> 实现的 JNDI 名。如果没有指定,缺省值为 <literal>srp/DefaultVerifierSource</literal>。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1652
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "<emphasis role=\"bold\">StoreFile</emphasis>: The location of the user "
 "password verifier serialized object store file. This can be either a URL or "
 "a resource name to be found in the classpath. If not specified it defaults "
 "to <literal>SRPVerifierStore.ser</literal>."
-msgstr ""
-"<emphasis role=\"bold\">keystoreType</emphasis>:用于服务器证书的 keystore 文"
-"件的类型。如果没有指定的话,它的缺省值是 <literal>JKS</literal>。"
+msgstr "<emphasis role=\"bold\">StoreFile</emphasis>:用户密码 Verifier 序列化的对象库文件的位置。这可以是一个 URL 或者 classpath 里找到的资源名。如果没有指定的话,它的缺省值是 <literal>SRPVerifierStore.ser</literal>。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1657
@@ -6651,7 +6680,7 @@
 "The <literal>SRPVerifierStoreService</literal> MBean also supports "
 "<literal>addUser</literal> and <literal>delUser</literal> operations for "
 "addition and deletion of users. The signatures are:"
-msgstr ""
+msgstr "<literal>SRPVerifierStoreService</literal> MBean 也支持用于添加和删除用户的 <literal>addUser</literal> 和 <literal>delUser</literal> 操作。其签名是:"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1660
@@ -6660,6 +6689,8 @@
 "public void addUser(String username, String password) throws IOException;\n"
 "public void delUser(String username) throws IOException;"
 msgstr ""
+"public void addUser(String username, String password) throws IOException;\n"
+"public void delUser(String username) throws IOException;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1661
@@ -6668,12 +6699,14 @@
 "An example configuration of these services is presented in <xref linkend="
 "\"Providing_Password_Information_for_SRP-The_SRPVerifierStore_interface\"/>."
 msgstr ""
+"<xref linkend="
+"\"Providing_Password_Information_for_SRP-The_SRPVerifierStore_interface\"/> 里给出了这些服务的配置示例。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1665
 #, no-c-format
 msgid "Providing Password Information for SRP"
-msgstr ""
+msgstr "为 SRP 提供密码信息"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1666
@@ -6686,12 +6719,12 @@
 "provides an implementation of the <literal>SRPVerifierStore</literal> "
 "interface that integrates with your existing security information stores. "
 "The <literal>SRPVerifierStore</literal> interface is shown in."
-msgstr ""
+msgstr "<literal>SRPVerifierStore</literal> 接口的缺省实现不可能适合于你自己的产品环境,因为它要求密码的 hash 信息以序列化对象文件的形式出现。你需要提供一个 MBean 服务,它具有 <literal>SRPVerifierStore</literal> 接口的实现以集成现有的安全信息库。下面是 <literal>SRPVerifierStore</literal> 接口的定义。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1669, no-c-format
 msgid "The SRPVerifierStore interface"
-msgstr ""
+msgstr "SRPVerifierStore 接口"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1670
@@ -6943,7 +6976,7 @@
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1725
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "The client side <literal>SRPLoginModule</literal> next requests the SRP "
 "parameters associated with the username attempting the login. There are a "
@@ -6954,9 +6987,7 @@
 "retrieve this information as part of the exchange protocol. The "
 "<literal>getSRPParameters(username)</literal> call retrieves the SRP "
 "parameters for the given username."
-msgstr ""
-"然后,客户端的 <literal>SRPLoginModule</literal> 请求和尝试登录的用户相关联的 SRP 参数。SRP 算法涉及大量在用户密码第一次转换为 verifier 形式时必需选择参的数, 。"
-"JBossSX 实现允许用户把这些信息作为交换协议的一部分获取而不是将参数硬编码(这样的安全风险最小)。<literal>getSRPParameters(username)</literal> 调用获取给定用户名的 SRP 参数。"
+msgstr "然后,客户端的 <literal>SRPLoginModule</literal> 请求和尝试登录的用户相关联的 SRP 参数。SRP 算法涉及大量在用户密码第一次转换为 verifier 形式时必需选择参数。JBossSX 实现允许用户把这些信息作为交换协议的一部分获取而不是将参数硬编码(这样的安全风险最小)。<literal>getSRPParameters(username)</literal> 调用获取给定用户名的 SRP 参数。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1730
@@ -7035,7 +7066,7 @@
 "Although SRP has many interesting properties, it is still an evolving "
 "component in the JBossSX framework and has some limitations of which you "
 "should be aware. Issues of note include the following:"
-msgstr ""
+msgstr "虽然 SRP 具有许多令人感兴趣的属性,它仍然是 JBossSX 框架里一个正在改进的组件,你应该意识到它的一些局限性,其中包括:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1755
@@ -7047,7 +7078,7 @@
 "challenge to make requests as the associated username. Custom interceptors "
 "that encrypt the challenge using the SRP session key can be used to prevent "
 "this issue."
-msgstr ""
+msgstr "由于 JBoss 把方法传输协议从执行验证所在组件容器中分离出来,未授权的用户可以调查 SRP <literal>M1</literal> challenge 并有效地使用它来把请求作为相关用户名。自定义的使用 SRP 会话密钥加密 challenge 的拦截器可以用于防止这样的问题。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1760
@@ -7059,7 +7090,7 @@
 "renegotiating the SRP authentication credentials. You must either set the "
 "authentication cache timeout very long (up to 2,147,483,647 seconds, or "
 "approximately 68 years), or handle re-authentication in your code on failure."
-msgstr ""
+msgstr "SRPService 维护了一个 SRP 会话的缓存,它有指定的过期时间。一旦超时,任何随后的 J2EE 组件访问都会失败,因为目前没有机制可以透明地重新协商 SRP 验证的 credential。你必须把验证缓存过期时间设置得很长(最长为 2,147,483,647 秒,也就是约 68 年),或者用自己的代码处理重验证。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1765
@@ -7071,7 +7102,7 @@
 "effectively a stateful one. JBoss supports for multiple SRP sessions per "
 "user, but you cannot encrypt data with one session key and then decrypt it "
 "with another."
-msgstr ""
+msgstr "在缺省情况下,每个用户名只对应一个 SRP 会话。因为 SRP 会话产生一个可用于在客户和服务器间加密/解密的私有会话密钥,这个会话实质上是一个有状态的会话。JBoss 支持一个用户对应多个 SRP 会话,但你不能用一个会话密钥加密数据而用另外一个进行解密。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1770
@@ -7093,6 +7124,9 @@
 "\"/> illustrates the operation of the SRPCacheLoginModule.login method "
 "implementation."
 msgstr ""
+"为了使用 J2EE 组件调用的 end-to-end SRP 验证,你需要配置设置组件安全性以使用 <literal>org.jboss.security.srp.jaas.SRPCacheLoginModule</literal> 所基于的安全域。<literal>SRPCacheLoginModule</literal> 有一个配置选项 <literal>cacheJndiName</literal>,它设置 SRP 验证的 <literal>CachePolicy</literal> 实例的 JNDI 位置。这必须对应 <literal>SRPService</literal> MBean 的 <literal>AuthenticationCacheJndiName</literal> 属性。<literal>SRPCacheLoginModule</literal> 通过获取验证缓存里的 <literal>SRPServerSession</literal> 对象的客户端 challenge 并和作为用户 credential 传入的 challenge 进行比较以验证用户 credential。<xref linkend=\"Inside_of_the_SRP_algorithm-"
+"A_sequence_diagram_illustrating_the_interaction_of_the_SRPCacheLoginModule_with_the_SRP_session_cache."
+"\"/> 解释了 SRPCacheLoginModule.login 方法实现的操作。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1774
@@ -7100,13 +7134,13 @@
 msgid ""
 "A sequence diagram illustrating the interaction of the SRPCacheLoginModule "
 "with the SRP session cache."
-msgstr ""
+msgstr "解释 SRPCacheLoginModule 和 SRP 会话缓存间的交互的序列图。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1782
 #, no-c-format
 msgid "An SRP example"
-msgstr ""
+msgstr "SRP 示例"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1783
@@ -7128,6 +7162,8 @@
 "PropertiesVerifierStore</literal>. The following shows the contents of the "
 "JAR that contains the example EJB and SRP services."
 msgstr ""
+"我们已经介绍了 SRP 的一些相关内容,现在我们通过一个例子来演示 SRP 的应用。这个例子演示了客户端通过 SRP 验证用户以及把 SRP channenge 作为用户的 credential 来访问一个简单的 EJB。测试代码部署在一个 EJB JAR 文件里,它包括配置服务器端登录模块和 SRP 服务的 SAR 文件。和前面的例子一样,我们将用 <literal>SecurityConfig</literal> MBean 动态地安装服务器端的登录模块配置。在这个例子里,我们也使用一个自定义的 <literal>SRPVerifierStore</literal> 接口实现,它使用源自 Java 属性文件的 In-memory 的存储而不是 <literal>SRPVerifierStoreService</literal> 所使用的序列化的对象库。这个自定义服务是 <literal>org.jboss.book.security.ex3.service."
+"PropertiesVerifierStore</literal>。下面是包含示例 EJB 和 SRP 服务的 JAR 的内容。"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1786
@@ -7144,6 +7180,16 @@
 "users.properties\n"
 "security-ex3.sar"
 msgstr ""
+"[examples]$ jar tf output/security/security-ex3.jar \n"
+"META-INF/MANIFEST.MF\n"
+"META-INF/ejb-jar.xml\n"
+"META-INF/jboss.xml\n"
+"org/jboss/book/security/ex3/Echo.class\n"
+"org/jboss/book/security/ex3/EchoBean.class\n"
+"org/jboss/book/security/ex3/EchoHome.class\n"
+"roles.properties\n"
+"users.properties\n"
+"security-ex3.sar"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1787
@@ -7159,6 +7205,11 @@
 "\"/> give the example client side and server side login module "
 "configurations."
 msgstr ""
+"这个例子里和 SRP 相关的关键部分是 SRP MBean 服务配置,以及 SRP 登录模块配置。<xref linkend=\"An_SRP_example-The_security_ex3."
+"sar_jboss_service.xml_descriptor_for_the_SRP_services\"/> 里给出了 <literal>security-ex3.sar</literal> 的 <literal>jboss-"
+"service.xml</literal> 描述符,而 <xref "
+"linkend=\"An_SRP_example-The_client_side_standard_JAAS_configuration\"/> 和 <xref linkend=\"An_SRP_example-The_server_side_XMLLoginConfig_configuration"
+"\"/> 给出了一个客户端和服务器端登录模块配置的例子。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1790, no-c-format
@@ -9033,4 +9084,3 @@
 "interceptor that supports role based access checks."
 msgstr "<literal>jmx-invoker-adaptor-server.sar</literal> 是一个开放 JMX MBeanServer 接口的服务,它通过使用 RMI/JRMP 脱管调用者服务的 RMI 兼容接口来实现。设置这个服务的安全性的唯一办法是切换到 RMI/HTTP 协议并象前面所述地设置 <literal>http-invoker.sar</literal> 的安全性。这个服务将来会被部署为带有支持基于角色访问检查的安全拦截器的 XMBean。"
 
-

More information about the jboss-cvs-commits mailing list