[jboss-cvs] JBossAS SVN: r89520 - projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Fri May 29 02:15:21 EDT 2009
Author: xhuang at jboss.com
Date: 2009-05-29 02:15:21 -0400 (Fri, 29 May 2009)
New Revision: 89520
Modified:
projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
Log:
update
Modified: projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
===================================================================
--- projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po 2009-05-29 06:14:09 UTC (rev 89519)
+++ projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po 2009-05-29 06:15:21 UTC (rev 89520)
@@ -9,8 +9,8 @@
"Project-Id-Version: J2EE_Security_On_JBOSS\n"
"Report-Msgid-Bugs-To: http://bugs.kde.org\n"
"POT-Creation-Date: 2009-01-20 02:37+0000\n"
-"PO-Revision-Date: 2009-05-26 14:31+1000\n"
-"Last-Translator: Xi HUANG <xhuang at redhat.com>\n"
+"PO-Revision-Date: 2009-05-29 16:15+1000\n"
+"Last-Translator: Xi HUANG\n"
"Language-Team: <en at li.org>\n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
@@ -1091,6 +1091,8 @@
"security configuration are discussed in <xref linkend=\"Security_on_JBoss-"
"The_JBoss_Security_Model\"/>."
msgstr ""
+"我们已经介绍的 J2EE 安全元素只是从应用程序的角度来描述安全性要求。因为J2EE 安全元素声明了逻辑角色,应用程序部署者把这些角色从应用程序域映射到部署环境里。J2EE 规格忽视了这些应用程序专有的细节。在 JBoss 里,我们通过指定用 JBoss 服务器专有的部署描述符实现 J2EE 安全模型的安全性管理者来把应用程序角色映射到部署环境里。我们将在 <xref linkend=\"Security_on_JBoss-"
+"The_JBoss_Security_Model\"/> 里讨论安全性配置背后的细节。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:215
@@ -1107,13 +1109,13 @@
"implementation details of JBossSX. The following sections provide an "
"introduction to JAAS to prepare you for the JBossSX architecture discussion "
"later in this chapter."
-msgstr ""
+msgstr "JBossSX 框架是基于 JAAS API 的。理解 JAAS API 的基本元素对于理解 JBossSX 的实现细节是很重要的。下面的章节介绍了 JAAS,它为后面对 JBossSX 架构的讨论做好了准备。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:220
#, no-c-format
msgid "What is JAAS?"
-msgstr ""
+msgstr "JAAS 是什么?"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:221
@@ -1127,7 +1129,7 @@
"for JDK 1.3 and is bundled with JDK 1.4+. Because the JBossSX framework uses "
"only the authentication capabilities of JAAS to implement the declarative "
"role-based J2EE security model, this introduction focuses on only that topic."
-msgstr ""
+msgstr "JAAS 1.0 API 由一系列用于用户验证和授权的 Java 包组成。它实现标准可插拔验证模块(Pluggable Authentication Module,PAM)框架的 Java 版本,并扩展了 Java 2 平台的访问控制架构以支持基于用户的授权。JAAS 最先是作为 JDK 1.3 的扩展包发行的,现在它已捆绑在 JDK 1.4+ 里了。因为 JBossSX 框架只使用 JAAS 的验证功能来实现声明式的基于 J2EE 安全模型,这个介绍着重于这个方面的内容。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:224
@@ -1140,13 +1142,13 @@
"achieved without changing the JBossSX security manager implementation. All "
"that needs to change is the configuration of the authentication stack that "
"JAAS uses."
-msgstr ""
+msgstr "JAAS 验证以可插拔的方式运行。这允许 Java 程序独立于底层的验证技术并允许 JBossSX 安全性管理者工作于不同的安全基础结构里。和安全基础结构的集成可以不用修改 JBossSX 安全性管理者实现。所需修改的是 JAAS 使用的验证栈的配置而已。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:228
#, no-c-format
msgid "The JAAS Core Classes"
-msgstr ""
+msgstr "JAAS 的核心类"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:229
@@ -1156,19 +1158,19 @@
"authentication, and authorization. The following list presents only the "
"common and authentication classes because these are the specific classes "
"used to implement the functionality of JBossSX covered in this chapter."
-msgstr ""
+msgstr "JAAS 的核心类可分为三个类别:common、authentication 和 authorization。下面的列表只显示 common 和 authentication 类别,因为它们是实现本章所涵盖的 JBossSX 功能所专有的类。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:232
-#, fuzzy, no-c-format
+#, no-c-format
msgid "The are the common classes:"
-msgstr "代理层组件包括:"
+msgstr "common 类包括:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:237
#, no-c-format
msgid "<literal>Subject</literal> (<literal>javax.security.auth.Subject</literal>)"
-msgstr ""
+msgstr "<literal>Subject</literal> (<literal>javax.security.auth.Subject</literal>)"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:242
@@ -1180,7 +1182,7 @@
#: J2EE_Security_On_JBOSS.xml:247
#, no-c-format
msgid "These are the authentication classes:"
-msgstr ""
+msgstr "这些是 authentication 类:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:252
@@ -1219,6 +1221,8 @@
"<literal>LoginContext</literal> (<literal>javax.security.auth.login."
"LoginContext</literal>)"
msgstr ""
+"<literal>LoginContext</literal> (<literal>javax.security.auth.login."
+"LoginContext</literal>)"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:272
@@ -1227,12 +1231,14 @@
"<literal>LoginModule</literal> (<literal>javax.security.auth.spi."
"LoginModule</literal>)"
msgstr ""
+"<literal>LoginModule</literal> (<literal>javax.security.auth.spi."
+"LoginModule</literal>)"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:278
#, no-c-format
msgid "The Subject and Principal Classes"
-msgstr ""
+msgstr "Subject 和 Principal 类"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:279
@@ -1248,6 +1254,8 @@
"literal> interface to represent a principal, which is essentially just a "
"typed name."
msgstr ""
+"要给对资源的访问授权,应用程序首先需要验证请求的源头。JAAS 框架定义了术语 subject 来代表请求源。<literal>Subject</literal> 类是 JAAS 的核心类。<literal>Subject</literal> 代表单个实体的信息,如某个人或服务。它包括实体的 principal、public credential 以及 private credential。JAAS API 使用现有的 Java 2 <literal>java.security.Principal</"
+"literal> 接口来表示 principal。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:282
@@ -1259,7 +1267,7 @@
"principal (123-45-6789), and a username principal (johnd), all of which help "
"distinguish the subject from other subjects. To retrieve the principals "
"associated with a subject, two methods are available:"
-msgstr ""
+msgstr "在验证过程中,subject 用相关联的标识符或者 principal 进行填充。一个 subject 可以有多个 principal。例如,一个人可以有一个名字 principal(John Doe),一个社保号码 principal (123-45-6789),以及一个用户名 principal(johnd),所有这些都有助于和其他 subject 进行区分。要获取和 subject 相关联的 principal,可以使用两个方法:"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:285
@@ -1268,6 +1276,8 @@
"public Set getPrincipals() {...}\n"
"public Set getPrincipals(Class c) {...}"
msgstr ""
+"public Set getPrincipals() {...}\n"
+"public Set getPrincipals(Class c) {...}"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:286
@@ -1281,12 +1291,16 @@
"literal>, so an instance in the principals set may represent a logical "
"grouping of other principals or groups of principals."
msgstr ""
+"第一个方法返回该 subject 里包含的所有 principal。第二个方法返回类 <literal>c</"
+"literal> 或者是它的子类的实例。如果该 subject 不含有任何匹配的 principal,将返回一个空集。请注意,<literal>java.security.acl.Group</"
+"literal> 接口是 <literal>java.security.Principal</"
+"literal> 的子接口,所以 principal 集里的实例可以代表其他 principal 或 principal 组的一个逻辑组。"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:292
#, no-c-format
msgid "Authentication of a Subject"
-msgstr ""
+msgstr "Subject 的验证"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:293
@@ -1294,7 +1308,7 @@
msgid ""
"Authentication of a subject requires a JAAS login. The login procedure "
"consists of the following steps:"
-msgstr ""
+msgstr "subject 的验证要求 JAAS 登录。登录过程由下列步骤组成:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:298
@@ -1304,7 +1318,7 @@
"the name of the login configuration and a <literal>CallbackHandler</literal> "
"to populate the <literal>Callback</literal> objects, as required by the "
"configuration <literal>LoginModule</literal>s."
-msgstr ""
+msgstr "应用程序初始化一个 <literal>LoginContext</literal> 并传入登录配置的名称和一个 <literal>CallbackHandler</literal>,且按照配置 <literal>LoginModule</literal> 所要求的填充 <literal>Callback</literal> 对象。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:303
@@ -1315,12 +1329,14 @@
"named login configuration. If no such named configuration exists the "
"<literal>other</literal> configuration is used as a default."
msgstr ""
+"<literal>LoginContext</literal> 查询 <literal>Configuration</"
+"literal> 以载入命名登录配置里的 <literal>LoginModules</literal>。如果不存在该配置,<literal>other</literal> 将被缺省使用。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:308
#, no-c-format
msgid "The application invokes the <literal>LoginContext.login</literal> method."
-msgstr ""
+msgstr "应用程序调用 <literal>LoginContext.login</literal> 方法。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:313
@@ -1335,6 +1351,8 @@
"<literal>LoginModule</literal>s associate relevant principals and "
"credentials with the subject."
msgstr ""
+"login 方法调用所有已加载的 <literal>LoginModule</literal>。因为每个 <literal>LoginModule</literal> 都试图验证 subject,它调用相关联的 <literal>CallbackHandler</"
+"literal> 上的 handle 方法来获取验证过程所要求的信息。这些信息以 <literal>Callback</literal> 对象队列的形式被传递给 handle 方法。执行成功后,<literal>LoginModule</literal> 将相关的 principal 和 credential 和该 subject 进行关联。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:318
@@ -1344,7 +1362,7 @@
"application. Success is represented by a return from the login method. "
"Failure is represented through a LoginException being thrown by the login "
"method."
-msgstr ""
+msgstr "<literal>LoginContext</literal> 把验证的状态返回给应用程序。login 方法的返回代表成功。而 login 方法抛出 LoginException 异常则表示失败。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:323
@@ -1352,7 +1370,7 @@
msgid ""
"If authentication succeeds, the application retrieves the authenticated "
"subject using the <literal>LoginContext.getSubject</literal> method."
-msgstr ""
+msgstr "如果验证成功,应用程序用 <literal>LoginContext.getSubject</literal> 方法获取已验证的 subject。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:328
@@ -1361,7 +1379,7 @@
"After the scope of the subject authentication is complete, all principals "
"and related information associated with the subject by the login method can "
"be removed by invoking the <literal>LoginContext.logout</literal> method."
-msgstr ""
+msgstr "在 subject 验证完成后,所有的 principal 和相关信息都可调用 <literal>LoginContext.logout</literal> 方法进行删除。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:333
@@ -1376,7 +1394,7 @@
"authentication services. Therefore, you can plug different login modules "
"into an application without changing the application itself. The following "
"code shows the steps required by an application to authenticate a subject."
-msgstr ""
+msgstr "<literal>LoginContext</literal> 类提供验证 subject 的基本方法并为独立于底层验证技术的程序开发提供了一种途径。<literal>LoginContext</literal> 查询 <literal>Configuration</literal> 来决定为某个应用程序配置的验证服务。<literal>LoginModule</literal> 类代表了这些验证服务。因此,你可以在应用程序里插入不同的登录模块而不需改变应用程序本身。下面的代码显示应用程序验证 subject 所需的步骤。"
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:336
@@ -1484,7 +1502,7 @@
"authentication process. For example, one <literal>LoginModule</literal> may "
"perform username/password-based authentication, while another may interface "
"to hardware devices such as smart card readers or biometric authenticators."
-msgstr ""
+msgstr "开发人员通过创建 <literal>LoginModule</literal> 接口的实现来集成验证技术。这允许管理者在应用程序里插入不同的验证技术。你可以把多个 <literal>LoginModule</literal> 链接起来,使多种验证技术参与验证过程。例如,一个 <literal>LoginModule</literal> 可以执行基于用户名/密码的验证,而另外一个则可以对硬件设备如智能卡读写器进行验证。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:340
@@ -1494,7 +1512,7 @@
"<literal>LoginContext</literal> object against which the client creates and "
"issues the login method. The process consists of two phases. The steps of "
"the process are as follows:"
-msgstr ""
+msgstr "<literal>LoginModule</literal> 的生命周期由 <literal>LoginContext</literal> 对象根据哪个客户创建和执行 login 方法来决定。这个过程由两个阶段组成。它的步骤如下:"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:345
@@ -1502,7 +1520,7 @@
msgid ""
"The <literal>LoginContext</literal> creates each configured "
"<literal>LoginModule</literal> using its public no-arg constructor."
-msgstr ""
+msgstr "<literal>LoginContext</literal> 创建用 public 的无参构造器创建每个 <literal>LoginModule</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:350
@@ -1514,6 +1532,9 @@
"initialize(Subject subject, CallbackHandler callbackHandler, Map "
"sharedState, Map options)</literal>."
msgstr ""
+"每个 <literal>LoginModule</literal> 都通过其 initialize 方法进行初始化。<literal>Subject</literal> 参数必须是非空值。 initialize 方法的签名是 <literal>public void "
+"initialize(Subject subject, CallbackHandler callbackHandler, Map "
+"sharedState, Map options)</literal>。"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:355
@@ -2162,6 +2183,19 @@
" [java] Caused by: java.lang.SecurityException: No 4 letter words\n"
"..."
msgstr ""
+"[examples]$ ant -Dchap=security -Dex=1 run-example\n"
+"run-example1:\n"
+"...\n"
+" [echo] Waiting for 5 seconds for deploy...\n"
+" [java] [INFO,ExClient] Looking up EchoBean\n"
+" [java] [INFO,ExClient] Created Echo\n"
+" [java] [INFO,ExClient] Echo.echo('Hello') = Hello\n"
+" [java] Exception in thread \"main\" java.rmi.AccessException: "
+"SecurityException; nested exception is: \n"
+" [java] java.lang.SecurityException: No 4 letter words\n"
+"...\n"
+" [java] Caused by: java.lang.SecurityException: No 4 letter words\n"
+"..."
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:490
@@ -2728,6 +2762,14 @@
"public Set getUserRoles(String securityDomain, Principal principal, Object "
"credential);"
msgstr ""
+"public boolean isValid(String securityDomain, Principal principal, Object "
+"credential);\n"
+"public Principal getPrincipal(String securityDomain, Principal principal);\n"
+"public boolean doesUserHaveRole(String securityDomain, Principal "
+"principal, \n"
+" Object credential, Set roles);\n"
+"public Set getUserRoles(String securityDomain, Principal principal, Object "
+"credential);"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:677
@@ -2946,6 +2988,17 @@
" </authentication>\n"
"</application-policy>"
msgstr ""
+"<application-policy name=\"jmx-console\">\n"
+" <authentication>\n"
+" <login-module code=\"org.jboss.security.auth.spi."
+"UsersRolesLoginModule\" flag=\"required\">\n"
+" <module-option name=\"usersProperties\">props/jmx-console-"
+"users.properties</module-option>\n"
+" <module-option name=\"rolesProperties\">props/jmx-console-"
+"roles.properties</module-option>\n"
+" </login-module>\n"
+" </authentication>\n"
+"</application-policy>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:780
@@ -3035,6 +3088,20 @@
" </authentication>\n"
"</application-policy>"
msgstr ""
+"<application-policy name=\"todo\">\n"
+" <authentication>\n"
+" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule"
+"\" \n"
+" flag=\"sufficient\">\n"
+" <!-- LDAP configuration -->\n"
+" </login-module>\n"
+" <login-module code=\"org.jboss.security.auth.spi."
+"DatabaseServerLoginModule\" \n"
+" flag=\"sufficient\">\n"
+" <!-- database configuration -->\n"
+" </login-module>\n"
+" </authentication>\n"
+"</application-policy>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:812
@@ -3065,7 +3132,7 @@
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:820
-#, fuzzy, no-c-format
+#, no-c-format
msgid ""
"<mbean code=\"org.jboss.security.auth.login.XMLLoginConfig\"\n"
" name=\"jboss.security:service=XMLLoginConfig\">\n"
@@ -3073,11 +3140,9 @@
"attribute>\n"
"</mbean>"
msgstr ""
-"<mbean code=\"org.jboss.naming.NamingAlias\" \n"
-" name=\"jboss.mq:service=NamingAlias,fromName=QueueConnectionFactory"
-"\">\n"
-" <attribute name=\"ToName\">ConnectionFactory</attribute>\n"
-" <attribute name=\"FromName\">QueueConnectionFactory</"
+"<mbean code=\"org.jboss.security.auth.login.XMLLoginConfig\"\n"
+" name=\"jboss.security:service=XMLLoginConfig\">\n"
+" <attribute name=\"ConfigResource\">login-config.xml</"
"attribute>\n"
"</mbean>"
@@ -3346,6 +3411,27 @@
" </mbean>\n"
"</server>"
msgstr ""
+"<server>\n"
+" <mbean code=\"org.jboss.security.auth.login.DynamicLoginConfig\" name="
+"\"...\">\n"
+" <attribute name=\"AuthConfig\">login-config.xml</"
+"attribute>\n"
+"\n"
+" <!-- The service which supports dynamic processing of login-"
+"config.xml\n"
+" configurations.\n"
+" -->\n"
+" <depends optional-attribute-name=\"LoginConfigService\">\n"
+" jboss.security:service=XMLLoginConfig </depends>\n"
+"\n"
+" <!-- Optionally specify the security mgr service to use when\n"
+" this service is stopped to flush the auth caches of the domains\n"
+" registered by this service.\n"
+" -->\n"
+" <depends optional-attribute-name=\"SecurityManagerService\">\n"
+" jboss.security:service=JaasSecurityManager </depends>\n"
+" </mbean>\n"
+"</server>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:924
@@ -3433,7 +3519,7 @@
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:952
-#, fuzzy, no-c-format
+#, no-c-format
msgid ""
"<application-policy name=\"todo\">\n"
" <authentication>\n"
@@ -3454,28 +3540,21 @@
" </authentication>\n"
"</application-policy>"
msgstr ""
-"<application-policy name=\"digest\">\n"
+"<application-policy name=\"todo\">\n"
" <authentication>\n"
+" <login-module code=\"org.jboss.security.auth.spi.LdapLoginModule"
+"\" \n"
+" flag=\"required\">\n"
+" <!-- LDAP configuration -->\n"
+" <module-option name=\"password-stacking\">useFirstPass</"
+"module-option>\n"
+" </login-module>\n"
" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
+"DatabaseServerLoginModule\" \n"
" flag=\"required\">\n"
-" <module-option name=\"usersProperties\">digest-users."
-"properties</module-option>\n"
-" <module-option name=\"rolesProperties\">digest-roles."
-"properties</module-option>\n"
-" <module-option name=\"hashAlgorithm\">MD5</module-"
-"option>\n"
-" <module-option name=\"hashEncoding\">rfc2617</module-"
-"option>\n"
-" <module-option name=\"hashUserPassword\">false</module-"
-"option>\n"
-" <module-option name=\"hashStorePassword\">true</module-"
-"option>\n"
-" <module-option name=\"passwordIsA1Hash\">true</module-"
-"option>\n"
-" <module-option name=\"storeDigestCallback\">\n"
-" org.jboss.security.auth.spi.RFC2617Digest\n"
-" </module-option>\n"
+" <!-- database configuration --> \n"
+" <module-option name=\"password-stacking\">useFirstPass</"
+"module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
@@ -3590,6 +3669,20 @@
" </application-policy>\n"
"</policy>"
msgstr ""
+"<policy>\n"
+" <application-policy name=\"testUsersRoles\">\n"
+" <authentication>\n"
+" <login-module code=\"org.jboss.security.auth.spi."
+"UsersRolesLoginModule\"\n"
+" flag=\"required\">\n"
+" <module-option name=\"hashAlgorithm\">MD5</module-"
+"option>\n"
+" <module-option name=\"hashEncoding\">base64</module-"
+"option> \n"
+" </login-module>\n"
+" </authentication>\n"
+" </application-policy>\n"
+"</policy>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:994
@@ -3621,7 +3714,7 @@
#: J2EE_Security_On_JBOSS.xml:1001
#, no-c-format
msgid "echo -n password | openssl dgst -md5 -binary | openssl base64"
-msgstr ""
+msgstr "echo -n password | openssl dgst -md5 -binary | openssl base64"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1002
@@ -3716,6 +3809,9 @@
"username1.RoleGroup1=role3,role4,...\n"
"username2=role1,role3,..."
msgstr ""
+"username1=role1,role2,...\n"
+"username1.RoleGroup1=role3,role4,...\n"
+"username2=role1,role3,..."
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1034
@@ -4044,7 +4140,7 @@
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1175
-#, fuzzy, no-c-format
+#, no-c-format
msgid ""
"<application-policy name=\"testLDAP\">\n"
" <authentication>\n"
@@ -4083,31 +4179,42 @@
" </authentication>\n"
" </application-policy>"
msgstr ""
-"<application-policy name=\"digest\">\n"
-" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
-" flag=\"required\">\n"
-" <module-option name=\"usersProperties\">digest-users."
-"properties</module-option>\n"
-" <module-option name=\"rolesProperties\">digest-roles."
-"properties</module-option>\n"
-" <module-option name=\"hashAlgorithm\">MD5</module-"
+"<application-policy name=\"testLDAP\">\n"
+" <authentication>\n"
+" <login-module code=\"org.jboss.security.auth.spi."
+"LdapLoginModule\"\n"
+" flag=\"required\">\n"
+" <module-option name=\"java.naming.factory.initial\"> \n"
+" com.sun.jndi.ldap.LdapCtxFactory\n"
+" </module-option>\n"
+" <module-option name=\"java.naming.provider.url\">\n"
+" ldap://ldaphost.jboss.org:1389/\n"
+" </module-option>\n"
+" <module-option name=\"java.naming.security.authentication"
+"\">\n"
+" simple\n"
+" </module-option>\n"
+" <module-option name=\"principalDNPrefix\">uid=</"
+"module-option> \n"
+" <module-option name=\"principalDNSuffix\">\n"
+" ,ou=People,dc=jboss,dc=org\n"
+" </module-option>\n"
+"\n"
+" <module-option name=\"rolesCtxDN\">\n"
+" ou=Roles,dc=jboss,dc=org\n"
+" </module-option>\n"
+" <module-option name=\"uidAttributeID\">member</"
+"module-option>\n"
+" <module-option name=\"matchOnUserDN\">true</module-"
"option>\n"
-" <module-option name=\"hashEncoding\">rfc2617</module-"
+"\n"
+" <module-option name=\"roleAttributeID\">cn</module-"
"option>\n"
-" <module-option name=\"hashUserPassword\">false</module-"
-"option>\n"
-" <module-option name=\"hashStorePassword\">true</module-"
-"option>\n"
-" <module-option name=\"passwordIsA1Hash\">true</module-"
-"option>\n"
-" <module-option name=\"storeDigestCallback\">\n"
-" org.jboss.security.auth.spi.RFC2617Digest\n"
-" </module-option>\n"
-" </login-module>\n"
-" </authentication>\n"
-"</application-policy>"
+" <module-option name=\"roleAttributeIsDN\">false </"
+"module-option>\n"
+" </login-module>\n"
+" </authentication>\n"
+" </application-policy>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1176
@@ -4154,6 +4261,38 @@
"member: uid=jduke,ou=People,dc=jboss,dc=org\n"
"description: the JBossAdmin group"
msgstr ""
+"dn: dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: dcObject\n"
+"objectclass: organization\n"
+"dc: jboss\n"
+"o: JBoss\n"
+"\n"
+"dn: ou=People,dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: organizationalUnit\n"
+"ou: People\n"
+"\n"
+"dn: uid=jduke,ou=People,dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: uidObject\n"
+"objectclass: person\n"
+"uid: jduke\n"
+"cn: Java Duke\n"
+"sn: Duke\n"
+"userPassword: theduke\n"
+"\n"
+"dn: ou=Roles,dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: organizationalUnit\n"
+"ou: Roles\n"
+"\n"
+"dn: cn=JBossAdmin,ou=Roles,dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: groupOfNames\n"
+"cn: JBossAdmin\n"
+"member: uid=jduke,ou=People,dc=jboss,dc=org\n"
+"description: the JBossAdmin group"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1180
@@ -4372,7 +4511,7 @@
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1247
-#, fuzzy, no-c-format
+#, no-c-format
msgid ""
"<policy>\n"
" <application-policy name=\"testDB\">\n"
@@ -4393,31 +4532,24 @@
" </application-policy>\n"
"</policy>"
msgstr ""
-"<application-policy name=\"digest\">\n"
-" <authentication>\n"
-" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
-" flag=\"required\">\n"
-" <module-option name=\"usersProperties\">digest-users."
-"properties</module-option>\n"
-" <module-option name=\"rolesProperties\">digest-roles."
-"properties</module-option>\n"
-" <module-option name=\"hashAlgorithm\">MD5</module-"
-"option>\n"
-" <module-option name=\"hashEncoding\">rfc2617</module-"
-"option>\n"
-" <module-option name=\"hashUserPassword\">false</module-"
-"option>\n"
-" <module-option name=\"hashStorePassword\">true</module-"
-"option>\n"
-" <module-option name=\"passwordIsA1Hash\">true</module-"
-"option>\n"
-" <module-option name=\"storeDigestCallback\">\n"
-" org.jboss.security.auth.spi.RFC2617Digest\n"
-" </module-option>\n"
-" </login-module>\n"
-" </authentication>\n"
-"</application-policy>"
+"<policy>\n"
+" <application-policy name=\"testDB\">\n"
+" <authentication>\n"
+" <login-module code=\"org.jboss.security.auth.spi."
+"DatabaseServerLoginModule\"\n"
+" flag=\"required\">\n"
+" <module-option name=\"dsJndiName\">java:/"
+"MyDatabaseDS</module-option>\n"
+" <module-option name=\"principalsQuery\">\n"
+" select passwd from Users username where username=?</"
+"module-option>\n"
+" <module-option name=\"rolesQuery\">\n"
+" select userRoles, 'Roles' from UserRoles where "
+"username=?</module-option>\n"
+" </login-module>\n"
+" </authentication>\n"
+" </application-policy>\n"
+"</policy>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1248
@@ -4462,7 +4594,7 @@
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1261
-#, fuzzy, no-c-format
+#, no-c-format
msgid ""
"<mbean code=\"org.jboss.security.plugins.JaasSecurityDomain\"\n"
" name=\"jboss.ch8:service=SecurityDomain\">\n"
@@ -4475,12 +4607,15 @@
"attribute>\n"
"</mbean>"
msgstr ""
-"<mbean code=\"org.jboss.ha.jndi.HANamingService\" \n"
-" name=\"jboss:service=HAJNDI\"> \n"
-" <depends>jboss:service=MySpecialPartition</depends> \n"
-" <attribute name=\"PartitionName\">MySpecialPartition</"
-"attribute> \n"
-" <attribute name=\"Port\">56789</attribute> \n"
+"<mbean code=\"org.jboss.security.plugins.JaasSecurityDomain\"\n"
+" name=\"jboss.ch8:service=SecurityDomain\">\n"
+" <constructor>\n"
+" <arg type=\"java.lang.String\" value=\"jmx-console\"/>\n"
+" </constructor>\n"
+" <attribute name=\"KeyStoreURL\">resource:localhost.keystore</"
+"attribute>\n"
+" <attribute name=\"KeyStorePass\">unit-tests-server</"
+"attribute>\n"
"</mbean>"
#. Tag: para
@@ -4499,7 +4634,7 @@
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1265
-#, fuzzy, no-c-format
+#, no-c-format
msgid ""
"<?xml version=\"1.0\"?>\n"
"<!DOCTYPE web-app PUBLIC\n"
@@ -4534,23 +4669,15 @@
msgstr ""
"<?xml version=\"1.0\"?>\n"
"<!DOCTYPE web-app PUBLIC\n"
-" \"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN\"\n"
-" \"http://java.sun.com/dtd/web-app_2_3.dtd\">\n"
-"<web-app>\n"
-" <!-- ... -->\n"
-" \n"
-" <!-- A security constraint that restricts access to the HTML JMX "
-"console\n"
-" to users with the role JBossAdmin. Edit the roles to what you want "
-"and\n"
-" uncomment the WEB-INF/jboss-web.xml/security-domain element to "
-"enable\n"
-" secured access to the HTML JMX console.\n"
-" -->\n"
+" \"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+"\"\n"
+" \"http://java.sun.com/dtd/web-app_2_3.dtd\">\n"
+"<web-app> \n"
+" ... \n"
" <security-constraint>\n"
" <web-resource-collection>\n"
" <web-resource-name>HtmlAdaptor</web-resource-name>\n"
-" <description> An example security config that only allows "
+" <description>An example security config that only allows "
"users with\n"
" the role JBossAdmin to access the HTML JMX console web\n"
" application </description>\n"
@@ -4563,7 +4690,7 @@
" </auth-constraint>\n"
" </security-constraint>\n"
" <login-config>\n"
-" <auth-method>BASIC</auth-method>\n"
+" <auth-method>CLIENT-CERT</auth-method>\n"
" <realm-name>JBoss JMX Console</realm-name>\n"
" </login-config>\n"
" <security-role>\n"
@@ -4602,7 +4729,7 @@
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1273
-#, fuzzy, no-c-format
+#, no-c-format
msgid ""
"<application-policy name=\"jmx-console\">\n"
" <authentication>\n"
@@ -4627,28 +4754,25 @@
" </authentication>\n"
"</application-policy>"
msgstr ""
-"<application-policy name=\"digest\">\n"
+"<application-policy name=\"jmx-console\">\n"
" <authentication>\n"
" <login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
+"BaseCertLoginModule\" \n"
" flag=\"required\">\n"
-" <module-option name=\"usersProperties\">digest-users."
+" <module-option name=\"password-stacking\">useFirstPass</"
+"module-option>\n"
+" <module-option name=\"securityDomain\">java:/jaas/jmx-"
+"console</module-option>\n"
+" </login-module>\n"
+" <login-module code=\"org.jboss.security.auth.spi."
+"UsersRolesLoginModule\" \n"
+" flag=\"required\">\n"
+" <module-option name=\"password-stacking\">useFirstPass</"
+"module-option>\n"
+" <module-option name=\"usersProperties\">jmx-console-users."
"properties</module-option>\n"
-" <module-option name=\"rolesProperties\">digest-roles."
+" <module-option name=\"rolesProperties\">jmx-console-roles."
"properties</module-option>\n"
-" <module-option name=\"hashAlgorithm\">MD5</module-"
-"option>\n"
-" <module-option name=\"hashEncoding\">rfc2617</module-"
-"option>\n"
-" <module-option name=\"hashUserPassword\">false</module-"
-"option>\n"
-" <module-option name=\"hashStorePassword\">true</module-"
-"option>\n"
-" <module-option name=\"passwordIsA1Hash\">true</module-"
-"option>\n"
-" <module-option name=\"storeDigestCallback\">\n"
-" org.jboss.security.auth.spi.RFC2617Digest\n"
-" </module-option>\n"
" </login-module>\n"
" </authentication>\n"
"</application-policy>"
@@ -4685,6 +4809,19 @@
" MD5: 4A:9C:2B:CD:1B:50:AA:85:DD:89:F6:1D:F5:AF:9E:AB\n"
" SHA1: DE:DE:86:59:05:6C:00:E8:CC:C0:16:D3:C2:68:BF:95:B8:83:E9:58"
msgstr ""
+"[starksm at banshee9100 conf]$ keytool -printcert -file unit-tests-client."
+"export\n"
+"Owner: CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, "
+"C=US\n"
+"Issuer: CN=jboss.com, C=US, ST=Washington, L=Snoqualmie Pass, "
+"EMAILADDRESS=admin\n"
+"@jboss.com, OU=QA, O=JBoss Inc.\n"
+"Serial number: 100103\n"
+"Valid from: Wed May 26 07:34:34 PDT 2004 until: Thu May 26 07:34:34 PDT "
+"2005\n"
+"Certificate fingerprints:\n"
+" MD5: 4A:9C:2B:CD:1B:50:AA:85:DD:89:F6:1D:F5:AF:9E:AB\n"
+" SHA1: DE:DE:86:59:05:6C:00:E8:CC:C0:16:D3:C2:68:BF:95:B8:83:E9:58"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1278
@@ -4784,6 +4921,20 @@
" </application-policy>\n"
"</policy>"
msgstr ""
+"<policy>\n"
+" <application-policy name=\"testIdentity\">\n"
+" <authentication>\n"
+" <login-module code=\"org.jboss.security.auth.spi."
+"IdentityLoginModule\"\n"
+" flag=\"required\">\n"
+" <module-option name=\"principal\">jduke</module-"
+"option>\n"
+" <module-option name=\"roles\">TheDuke,"
+"AnimatedCharater</module-option>\n"
+" </login-module>\n"
+" </authentication>\n"
+" </application-policy>\n"
+"</policy>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1308
@@ -4931,6 +5082,14 @@
" // Put your login modules that need jBoss here\n"
"};"
msgstr ""
+"other {\n"
+" // Put your login modules that work without jBoss here\n"
+" \n"
+" // jBoss LoginModule\n"
+" org.jboss.security.ClientLoginModule required;\n"
+" \n"
+" // Put your login modules that need jBoss here\n"
+"};"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1367
@@ -4974,6 +5133,12 @@
"java.util.Set getPublicCredentials()\n"
"java.util.Set getPublicCredentials(java.lang.Class c)"
msgstr ""
+"java.util.Set getPrincipals()\n"
+"java.util.Set getPrincipals(java.lang.Class c)\n"
+"java.util.Set getPrivateCredentials()\n"
+"java.util.Set getPrivateCredentials(java.lang.Class c)\n"
+"java.util.Set getPublicCredentials()\n"
+"java.util.Set getPublicCredentials(java.lang.Class c)"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1375
@@ -5155,6 +5320,104 @@
" abstract protected Group[] getRoleSets() throws LoginException;\n"
"}"
msgstr ""
+"package org.jboss.security.auth.spi;\n"
+"/**\n"
+" * This class implements the common functionality required for a JAAS\n"
+" * server-side LoginModule and implements the JBossSX standard\n"
+" * Subject usage pattern of storing identities and roles. Subclass\n"
+" * this module to create your own custom LoginModule and override the\n"
+" * login(), getRoleSets(), and getIdentity() methods.\n"
+" */\n"
+"public abstract class AbstractServerLoginModule\n"
+" implements javax.security.auth.spi.LoginModule\n"
+"{\n"
+" protected Subject subject;\n"
+" protected CallbackHandler callbackHandler;\n"
+" protected Map sharedState;\n"
+" protected Map options;\n"
+" protected Logger log;\n"
+"\n"
+" /** Flag indicating if the shared credential should be used */\n"
+" protected boolean useFirstPass;\n"
+" /** \n"
+" * Flag indicating if the login phase succeeded. Subclasses that\n"
+" * override the login method must set this to true on successful\n"
+" * completion of login\n"
+" */\n"
+" protected boolean loginOk;\n"
+" \n"
+" // ...\n"
+" /**\n"
+" * Initialize the login module. This stores the subject,\n"
+" * callbackHandler and sharedState and options for the login\n"
+" * session. Subclasses should override if they need to process\n"
+" * their own options. A call to super.initialize(...) must be\n"
+" * made in the case of an override.\n"
+" *\n"
+" * <p>\n"
+" * The options are checked for the <em>password-stacking</"
+"em> parameter.\n"
+" * If this is set to \"useFirstPass\", the login identity will be taken "
+"from the\n"
+" * <code>javax.security.auth.login.name</code> value of the "
+"sharedState map,\n"
+" * and the proof of identity from the\n"
+" * <code>javax.security.auth.login.password</code> value of "
+"the sharedState map.\n"
+" *\n"
+" * @param subject the Subject to update after a successful login.\n"
+" * @param callbackHandler the CallbackHandler that will be used to "
+"obtain the\n"
+" * the user identity and credentials.\n"
+" * @param sharedState a Map shared between all configured login module "
+"instances\n"
+" * @param options the parameters passed to the login module.\n"
+" */\n"
+" public void initialize(Subject subject,\n"
+" CallbackHandler callbackHandler,\n"
+" Map sharedState,\n"
+" Map options)\n"
+" {\n"
+" // ...\n"
+" }\n"
+" \n"
+"\n"
+" /**\n"
+" * Looks for javax.security.auth.login.name and\n"
+" * javax.security.auth.login.password values in the sharedState\n"
+" * map if the useFirstPass option was true and returns true if\n"
+" * they exist. If they do not or are null this method returns\n"
+" * false. \n"
+" * Note that subclasses that override the login method\n"
+" * must set the loginOk var to true if the login succeeds in\n"
+" * order for the commit phase to populate the Subject. This\n"
+" * implementation sets loginOk to true if the login() method\n"
+" * returns true, otherwise, it sets loginOk to false.\n"
+" */\n"
+" public boolean login() \n"
+" throws LoginException\n"
+" {\n"
+" // ...\n"
+" }\n"
+" \n"
+" /**\n"
+" * Overridden by subclasses to return the Principal that\n"
+" * corresponds to the user primary identity.\n"
+" */\n"
+" abstract protected Principal getIdentity();\n"
+" \n"
+" /**\n"
+" * Overridden by subclasses to return the Groups that correspond\n"
+" * to the role sets assigned to the user. Subclasses should\n"
+" * create at least a Group named \"Roles\" that contains the roles\n"
+" * assigned to the user. A second common group is\n"
+" * \"CallerPrincipal,\" which provides the application identity of\n"
+" * the user rather than the security domain identity.\n"
+" * \n"
+" * @return Group[] containing the sets of roles\n"
+" */\n"
+" abstract protected Group[] getRoleSets() throws LoginException;\n"
+"}"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1396
@@ -5281,6 +5544,97 @@
" throws LoginException;\n"
"}"
msgstr ""
+"package org.jboss.security.auth.spi;\n"
+"\n"
+"/**\n"
+" * An abstract subclass of AbstractServerLoginModule that imposes a\n"
+" * an identity == String username, credentials == String password\n"
+" * view on the login process. Subclasses override the\n"
+" * getUsersPassword() and getUsersRoles() methods to return the\n"
+" * expected password and roles for the user.\n"
+" */\n"
+"public abstract class UsernamePasswordLoginModule\n"
+" extends AbstractServerLoginModule\n"
+"{\n"
+" /** The login identity */\n"
+" private Principal identity;\n"
+" /** The proof of login identity */\n"
+" private char[] credential;\n"
+" /** The principal to use when a null username and password are seen */\n"
+" private Principal unauthenticatedIdentity;\n"
+"\n"
+" /**\n"
+" * The message digest algorithm used to hash passwords. If null then\n"
+" * plain passwords will be used. */\n"
+" private String hashAlgorithm = null;\n"
+"\n"
+" /**\n"
+" * The name of the charset/encoding to use when converting the\n"
+" * password String to a byte array. Default is the platform's\n"
+" * default encoding.\n"
+" */\n"
+" private String hashCharset = null;\n"
+"\n"
+" /** The string encoding format to use. Defaults to base64. */\n"
+" private String hashEncoding = null;\n"
+" \n"
+" // ...\n"
+" \n"
+" /** \n"
+" * Override the superclass method to look for an\n"
+" * unauthenticatedIdentity property. This method first invokes\n"
+" * the super version.\n"
+" *\n"
+" * @param options,\n"
+" * @option unauthenticatedIdentity: the name of the principal to\n"
+" * assign and authenticate when a null username and password are\n"
+" * seen.\n"
+" */\n"
+" public void initialize(Subject subject,\n"
+" CallbackHandler callbackHandler,\n"
+" Map sharedState,\n"
+" Map options)\n"
+" {\n"
+" super.initialize(subject, callbackHandler, sharedState,\n"
+" options);\n"
+" // Check for unauthenticatedIdentity option.\n"
+" Object option = options.get(\"unauthenticatedIdentity\");\n"
+" String name = (String) option;\n"
+" if (name != null) {\n"
+" unauthenticatedIdentity = new SimplePrincipal(name);\n"
+" }\n"
+" }\n"
+" \n"
+" // ...\n"
+" \n"
+" /**\n"
+" * A hook that allows subclasses to change the validation of the\n"
+" * input password against the expected password. This version\n"
+" * checks that neither inputPassword or expectedPassword are null\n"
+" * and that inputPassword.equals(expectedPassword) is true;\n"
+" *\n"
+" * @return true if the inputPassword is valid, false otherwise.\n"
+" */\n"
+" protected boolean validatePassword(String inputPassword,\n"
+" String expectedPassword)\n"
+" {\n"
+" if (inputPassword == null || expectedPassword == null) {\n"
+" return false;\n"
+" }\n"
+" return inputPassword.equals(expectedPassword);\n"
+" }\n"
+" \n"
+" /**\n"
+" * Get the expected password for the current username available\n"
+" * via the getUsername() method. This is called from within the\n"
+" * login() method after the CallbackHandler has returned the\n"
+" * username and candidate password.\n"
+" *\n"
+" * @return the valid password String\n"
+" */\n"
+" abstract protected String getUsersPassword()\n"
+" throws LoginException;\n"
+"}"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1403
@@ -5513,6 +5867,98 @@
" } \n"
"}"
msgstr ""
+"package org.jboss.book.security.ex2;\n"
+" \n"
+"import java.security.acl.Group;\n"
+"import java.util.Map;\n"
+"import javax.naming.InitialContext;\n"
+"import javax.naming.NamingException;\n"
+"import javax.security.auth.Subject;\n"
+"import javax.security.auth.callback.CallbackHandler;\n"
+"import javax.security.auth.login.LoginException;\n"
+"\n"
+"import org.jboss.security.SimpleGroup;\n"
+"import org.jboss.security.SimplePrincipal;\n"
+"import org.jboss.security.auth.spi.UsernamePasswordLoginModule;\n"
+"\n"
+"/** \n"
+" * An example custom login module that obtains passwords and roles\n"
+" * for a user from a JNDI lookup.\n"
+" * \n"
+" * @author Scott.Stark at jboss.org\n"
+" * @version $Revision: 1.4 $\n"
+"*/\n"
+"public class JndiUserAndPass \n"
+" extends UsernamePasswordLoginModule\n"
+"{\n"
+" /** The JNDI name to the context that handles the password/username "
+"lookup */\n"
+" private String userPathPrefix;\n"
+" /** The JNDI name to the context that handles the roles/ username lookup "
+"*/\n"
+" private String rolesPathPrefix;\n"
+" \n"
+" /**\n"
+" * Override to obtain the userPathPrefix and rolesPathPrefix options.\n"
+" */\n"
+" public void initialize(Subject subject, CallbackHandler "
+"callbackHandler,\n"
+" Map sharedState, Map options)\n"
+" {\n"
+" super.initialize(subject, callbackHandler, sharedState, options);\n"
+" userPathPrefix = (String) options.get(\"userPathPrefix\");\n"
+" rolesPathPrefix = (String) options.get(\"rolesPathPrefix\");\n"
+" }\n"
+" \n"
+" /**\n"
+" * Get the roles the current user belongs to by querying the\n"
+" * rolesPathPrefix + '/' + super.getUsername() JNDI location.\n"
+" */\n"
+" protected Group[] getRoleSets() throws LoginException\n"
+" {\n"
+" try {\n"
+" InitialContext ctx = new InitialContext();\n"
+" String rolesPath = rolesPathPrefix + '/' + super."
+"getUsername();\n"
+"\n"
+" String[] roles = (String[]) ctx.lookup(rolesPath);\n"
+" Group[] groups = {new SimpleGroup(\"Roles\")};\n"
+" log.info(\"Getting roles for user=\"+super.getUsername());\n"
+" for(int r = 0; r < roles.length; r ++) {\n"
+" SimplePrincipal role = new SimplePrincipal(roles[r]);\n"
+" log.info(\"Found role=\"+roles[r]);\n"
+" groups[0].addMember(role);\n"
+" }\n"
+" return groups;\n"
+" } catch(NamingException e) {\n"
+" log.error(\"Failed to obtain groups for\n"
+" user=\"+super.getUsername(), e);\n"
+" throw new LoginException(e.toString(true));\n"
+" }\n"
+" }\n"
+" \n"
+" /** \n"
+" * Get the password of the current user by querying the\n"
+" * userPathPrefix + '/' + super.getUsername() JNDI location.\n"
+" */\n"
+" protected String getUsersPassword() \n"
+" throws LoginException\n"
+" {\n"
+" try {\n"
+" InitialContext ctx = new InitialContext();\n"
+" String userPath = userPathPrefix + '/' + super."
+"getUsername();\n"
+" log.info(\"Getting password for user=\"+super.getUsername());\n"
+" String passwd = (String) ctx.lookup(userPath);\n"
+" log.info(\"Found password=\"+passwd);\n"
+" return passwd;\n"
+" } catch(NamingException e) {\n"
+" log.error(\"Failed to obtain password for\n"
+" user=\"+super.getUsername(), e);\n"
+" throw new LoginException(e.toString(true));\n"
+" }\n"
+" } \n"
+"}"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1466
@@ -5554,6 +6000,14 @@
" [java] [INFO,ExClient] Created Echo\n"
" [java] [INFO,ExClient] Echo.echo('Hello') = Hello"
msgstr ""
+"[examples]$ ant -Dchap=security -Dex=2 run-example\n"
+"...\n"
+"run-example2:\n"
+" [echo] Waiting for 5 seconds for deploy...\n"
+" [java] [INFO,ExClient] Login with username=jduke, password=theduke\n"
+" [java] [INFO,ExClient] Looking up EchoBean2\n"
+" [java] [INFO,ExClient] Created Echo\n"
+" [java] [INFO,ExClient] Echo.echo('Hello') = Hello"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1473
@@ -5567,16 +6021,17 @@
#. Tag: programlisting
#: J2EE_Security_On_JBOSS.xml:1476
-#, fuzzy, no-c-format
+#, no-c-format
msgid ""
"<?xml version=\"1.0\"?>\n"
"<jboss>\n"
" <security-domain>java:/jaas/security-ex2</security-domain>\n"
"</jboss>"
msgstr ""
-"<jboss-web>\n"
-" <security-domain>java:/jaas/digest</security-domain>\n"
-"</jboss-web>"
+"<?xml version=\"1.0\"?>\n"
+"<jboss>\n"
+" <security-domain>java:/jaas/security-ex2</security-domain>\n"
+"</jboss>"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1477
@@ -5603,6 +6058,18 @@
" </authentication>\n"
"</application-policy>"
msgstr ""
+"<application-policy name = \"security-ex2\">\n"
+" <authentication>\n"
+" <login-module code=\"org.jboss.book.security.ex2.JndiUserAndPass"
+"\"\n"
+" flag=\"required\">\n"
+" <module-option name = \"userPathPrefix\">/security/store/"
+"password</module-option>\n"
+" <module-option name = \"rolesPathPrefix\">/security/store/"
+"roles</module-option>\n"
+" </login-module>\n"
+" </authentication>\n"
+"</application-policy>"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1488
@@ -6134,6 +6601,57 @@
" throws SecurityException;\n"
"}"
msgstr ""
+"package org.jboss.security.srp;\n"
+"\n"
+"import java.io.IOException;\n"
+"import java.io.Serializable;\n"
+"import java.security.KeyException;\n"
+"\n"
+"public interface SRPVerifierStore\n"
+"{\n"
+" public static class VerifierInfo implements Serializable\n"
+" {\n"
+" /**\n"
+" * The username the information applies to. Perhaps redundant\n"
+" * but it makes the object self contained.\n"
+" */\n"
+" public String username;\n"
+"\n"
+" /** The SRP password verifier hash */\n"
+" public byte[] verifier;\n"
+" /** The random password salt originally used to verify the password "
+"*/\n"
+" public byte[] salt;\n"
+" /** The SRP algorithm primitive generator */\n"
+" public byte[] g;\n"
+" /** The algorithm safe-prime modulus */\n"
+" public byte[] N;\n"
+" }\n"
+" \n"
+" /**\n"
+" * Get the indicated user's password verifier information.\n"
+" */\n"
+" public VerifierInfo getUserVerifier(String username)\n"
+" throws KeyException, IOException;\n"
+" /** \n"
+" * Set the indicated users' password verifier information. This\n"
+" * is equivalent to changing a user's password and should\n"
+" * generally invalidate any existing SRP sessions and caches.\n"
+" */\n"
+" public void setUserVerifier(String username, VerifierInfo info)\n"
+" throws IOException;\n"
+"\n"
+" /** \n"
+" * Verify an optional auxiliary challenge sent from the client to\n"
+" * the server. The auxChallenge object will have been decrypted\n"
+" * if it was sent encrypted from the client. An example of a\n"
+" * auxiliary challenge would be the validation of a hardware token\n"
+" * (SafeWord, SecureID, iButton) that the server validates to\n"
+" * further strengthen the SRP password exchange.\n"
+" */\n"
+" public void verifyUserChallenge(String username, Object auxChallenge)\n"
+" throws SecurityException;\n"
+"}"
#. Tag: para
#: J2EE_Security_On_JBOSS.xml:1671
@@ -6526,6 +7044,45 @@
" </mbean>\n"
"</server>"
msgstr ""
+"<server>\n"
+" <!-- The custom JAAS login configuration that installs\n"
+" a Configuration capable of dynamically updating the\n"
+" config settings -->\n"
+"\n"
+" <mbean code=\"org.jboss.book.security.service.SecurityConfig\" \n"
+" name=\"jboss.docs.security:service=LoginConfig-EX3\">\n"
+" <attribute name=\"AuthConfig\">META-INF/login-config.xml</"
+"attribute>\n"
+" <attribute name=\"SecurityConfigName\">jboss.security:"
+"name=SecurityConfig</attribute>\n"
+" </mbean>\n"
+"\n"
+" <!-- The SRP service that provides the SRP RMI server and server "
+"side\n"
+" authentication cache -->\n"
+" <mbean code=\"org.jboss.security.srp.SRPService\" \n"
+" name=\"jboss.docs.security:service=SRPService\">\n"
+" <attribute name=\"VerifierSourceJndiName\">srp-test/security-"
+"ex3</attribute>\n"
+" <attribute name=\"JndiName\">srp-test/SRPServerInterface</"
+"attribute>\n"
+" <attribute name=\"AuthenticationCacheJndiName\">srp-test/"
+"AuthenticationCache</attribute>\n"
+" <attribute name=\"ServerPort\">0</attribute>\n"
+" <depends>jboss.docs.security:"
+"service=PropertiesVerifierStore</depends>\n"
+" </mbean>\n"
+"\n"
+" <!-- The SRP store handler service that provides the user password "
+"verifier\n"
+" information -->\n"
+" <mbean code=\"org.jboss.security.ex3.service.PropertiesVerifierStore"
+"\"\n"
+" name=\"jboss.docs.security:service=PropertiesVerifierStore\">\n"
+" <attribute name=\"JndiName\">srp-test/security-ex3</"
+"attribute>\n"
+" </mbean>\n"
+"</server>"
#. Tag: title
#: J2EE_Security_On_JBOSS.xml:1792
More information about the jboss-cvs-commits
mailing list