[jboss-cvs] JBossAS SVN: r89520 - projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Fri May 29 02:15:21 EDT 2009


Author: xhuang at jboss.com
Date: 2009-05-29 02:15:21 -0400 (Fri, 29 May 2009)
New Revision: 89520

Modified:
   projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
Log:
update

Modified: projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po
===================================================================
--- projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po	2009-05-29 06:14:09 UTC (rev 89519)
+++ projects/docs/enterprise/4.3.3/Server_Configuration_Guide/zh-CN/J2EE_Security_On_JBOSS.po	2009-05-29 06:15:21 UTC (rev 89520)
@@ -9,8 +9,8 @@
 "Project-Id-Version: J2EE_Security_On_JBOSS\n"
 "Report-Msgid-Bugs-To: http://bugs.kde.org\n"
 "POT-Creation-Date: 2009-01-20 02:37+0000\n"
-"PO-Revision-Date: 2009-05-26 14:31+1000\n"
-"Last-Translator: Xi HUANG <xhuang at redhat.com>\n"
+"PO-Revision-Date: 2009-05-29 16:15+1000\n"
+"Last-Translator: Xi HUANG\n"
 "Language-Team:  <en at li.org>\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=UTF-8\n"
@@ -1091,6 +1091,8 @@
 "security configuration are discussed in <xref linkend=\"Security_on_JBoss-"
 "The_JBoss_Security_Model\"/>."
 msgstr ""
+"我们已经介绍的 J2EE 安全元素只是从应用程序的角度来描述安全性要求。因为J2EE 安全元素声明了逻辑角色,应用程序部署者把这些角色从应用程序域映射到部署环境里。J2EE 规格忽视了这些应用程序专有的细节。在 JBoss 里,我们通过指定用 JBoss 服务器专有的部署描述符实现 J2EE 安全模型的安全性管理者来把应用程序角色映射到部署环境里。我们将在 <xref linkend=\"Security_on_JBoss-"
+"The_JBoss_Security_Model\"/> 里讨论安全性配置背后的细节。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:215
@@ -1107,13 +1109,13 @@
 "implementation details of JBossSX. The following sections provide an "
 "introduction to JAAS to prepare you for the JBossSX architecture discussion "
 "later in this chapter."
-msgstr ""
+msgstr "JBossSX 框架是基于 JAAS API 的。理解 JAAS API 的基本元素对于理解 JBossSX 的实现细节是很重要的。下面的章节介绍了 JAAS,它为后面对 JBossSX 架构的讨论做好了准备。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:220
 #, no-c-format
 msgid "What is JAAS?"
-msgstr ""
+msgstr "JAAS 是什么?"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:221
@@ -1127,7 +1129,7 @@
 "for JDK 1.3 and is bundled with JDK 1.4+. Because the JBossSX framework uses "
 "only the authentication capabilities of JAAS to implement the declarative "
 "role-based J2EE security model, this introduction focuses on only that topic."
-msgstr ""
+msgstr "JAAS 1.0 API 由一系列用于用户验证和授权的 Java 包组成。它实现标准可插拔验证模块(Pluggable Authentication Module,PAM)框架的 Java 版本,并扩展了 Java 2 平台的访问控制架构以支持基于用户的授权。JAAS 最先是作为 JDK 1.3 的扩展包发行的,现在它已捆绑在 JDK 1.4+ 里了。因为 JBossSX 框架只使用 JAAS 的验证功能来实现声明式的基于 J2EE 安全模型,这个介绍着重于这个方面的内容。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:224
@@ -1140,13 +1142,13 @@
 "achieved without changing the JBossSX security manager implementation. All "
 "that needs to change is the configuration of the authentication stack that "
 "JAAS uses."
-msgstr ""
+msgstr "JAAS 验证以可插拔的方式运行。这允许 Java 程序独立于底层的验证技术并允许 JBossSX 安全性管理者工作于不同的安全基础结构里。和安全基础结构的集成可以不用修改 JBossSX 安全性管理者实现。所需修改的是 JAAS 使用的验证栈的配置而已。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:228
 #, no-c-format
 msgid "The JAAS Core Classes"
-msgstr ""
+msgstr "JAAS 的核心类"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:229
@@ -1156,19 +1158,19 @@
 "authentication, and authorization. The following list presents only the "
 "common and authentication classes because these are the specific classes "
 "used to implement the functionality of JBossSX covered in this chapter."
-msgstr ""
+msgstr "JAAS 的核心类可分为三个类别:common、authentication 和 authorization。下面的列表只显示 common 和 authentication 类别,因为它们是实现本章所涵盖的 JBossSX 功能所专有的类。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:232
-#, fuzzy, no-c-format
+#, no-c-format
 msgid "The are the common classes:"
-msgstr "代理层组件包括:"
+msgstr "common 类包括:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:237
 #, no-c-format
 msgid "<literal>Subject</literal> (<literal>javax.security.auth.Subject</literal>)"
-msgstr ""
+msgstr "<literal>Subject</literal> (<literal>javax.security.auth.Subject</literal>)"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:242
@@ -1180,7 +1182,7 @@
 #: J2EE_Security_On_JBOSS.xml:247
 #, no-c-format
 msgid "These are the authentication classes:"
-msgstr ""
+msgstr "这些是 authentication 类:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:252
@@ -1219,6 +1221,8 @@
 "<literal>LoginContext</literal> (<literal>javax.security.auth.login."
 "LoginContext</literal>)"
 msgstr ""
+"<literal>LoginContext</literal> (<literal>javax.security.auth.login."
+"LoginContext</literal>)"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:272
@@ -1227,12 +1231,14 @@
 "<literal>LoginModule</literal> (<literal>javax.security.auth.spi."
 "LoginModule</literal>)"
 msgstr ""
+"<literal>LoginModule</literal> (<literal>javax.security.auth.spi."
+"LoginModule</literal>)"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:278
 #, no-c-format
 msgid "The Subject and Principal Classes"
-msgstr ""
+msgstr "Subject 和 Principal 类"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:279
@@ -1248,6 +1254,8 @@
 "literal> interface to represent a principal, which is essentially just a "
 "typed name."
 msgstr ""
+"要给对资源的访问授权,应用程序首先需要验证请求的源头。JAAS 框架定义了术语 subject 来代表请求源。<literal>Subject</literal> 类是 JAAS 的核心类。<literal>Subject</literal> 代表单个实体的信息,如某个人或服务。它包括实体的 principal、public credential 以及 private credential。JAAS API 使用现有的 Java 2 <literal>java.security.Principal</"
+"literal> 接口来表示 principal。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:282
@@ -1259,7 +1267,7 @@
 "principal (123-45-6789), and a username principal (johnd), all of which help "
 "distinguish the subject from other subjects. To retrieve the principals "
 "associated with a subject, two methods are available:"
-msgstr ""
+msgstr "在验证过程中,subject 用相关联的标识符或者 principal 进行填充。一个 subject 可以有多个 principal。例如,一个人可以有一个名字 principal(John Doe),一个社保号码 principal (123-45-6789),以及一个用户名 principal(johnd),所有这些都有助于和其他 subject 进行区分。要获取和 subject 相关联的 principal,可以使用两个方法:"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:285
@@ -1268,6 +1276,8 @@
 "public Set getPrincipals() {...}\n"
 "public Set getPrincipals(Class c) {...}"
 msgstr ""
+"public Set getPrincipals() {...}\n"
+"public Set getPrincipals(Class c) {...}"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:286
@@ -1281,12 +1291,16 @@
 "literal>, so an instance in the principals set may represent a logical "
 "grouping of other principals or groups of principals."
 msgstr ""
+"第一个方法返回该 subject 里包含的所有 principal。第二个方法返回类 <literal>c</"
+"literal> 或者是它的子类的实例。如果该 subject 不含有任何匹配的 principal,将返回一个空集。请注意,<literal>java.security.acl.Group</"
+"literal> 接口是 <literal>java.security.Principal</"
+"literal> 的子接口,所以 principal 集里的实例可以代表其他 principal 或 principal 组的一个逻辑组。"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:292
 #, no-c-format
 msgid "Authentication of a Subject"
-msgstr ""
+msgstr "Subject 的验证"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:293
@@ -1294,7 +1308,7 @@
 msgid ""
 "Authentication of a subject requires a JAAS login. The login procedure "
 "consists of the following steps:"
-msgstr ""
+msgstr "subject 的验证要求 JAAS 登录。登录过程由下列步骤组成:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:298
@@ -1304,7 +1318,7 @@
 "the name of the login configuration and a <literal>CallbackHandler</literal> "
 "to populate the <literal>Callback</literal> objects, as required by the "
 "configuration <literal>LoginModule</literal>s."
-msgstr ""
+msgstr "应用程序初始化一个 <literal>LoginContext</literal> 并传入登录配置的名称和一个 <literal>CallbackHandler</literal>,且按照配置 <literal>LoginModule</literal> 所要求的填充 <literal>Callback</literal> 对象。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:303
@@ -1315,12 +1329,14 @@
 "named login configuration. If no such named configuration exists the "
 "<literal>other</literal> configuration is used as a default."
 msgstr ""
+"<literal>LoginContext</literal> 查询 <literal>Configuration</"
+"literal> 以载入命名登录配置里的 <literal>LoginModules</literal>。如果不存在该配置,<literal>other</literal> 将被缺省使用。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:308
 #, no-c-format
 msgid "The application invokes the <literal>LoginContext.login</literal> method."
-msgstr ""
+msgstr "应用程序调用 <literal>LoginContext.login</literal> 方法。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:313
@@ -1335,6 +1351,8 @@
 "<literal>LoginModule</literal>s associate relevant principals and "
 "credentials with the subject."
 msgstr ""
+"login 方法调用所有已加载的 <literal>LoginModule</literal>。因为每个 <literal>LoginModule</literal> 都试图验证 subject,它调用相关联的 <literal>CallbackHandler</"
+"literal> 上的 handle 方法来获取验证过程所要求的信息。这些信息以 <literal>Callback</literal> 对象队列的形式被传递给 handle 方法。执行成功后,<literal>LoginModule</literal> 将相关的 principal 和 credential 和该 subject 进行关联。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:318
@@ -1344,7 +1362,7 @@
 "application. Success is represented by a return from the login method. "
 "Failure is represented through a LoginException being thrown by the login "
 "method."
-msgstr ""
+msgstr "<literal>LoginContext</literal> 把验证的状态返回给应用程序。login 方法的返回代表成功。而 login 方法抛出 LoginException 异常则表示失败。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:323
@@ -1352,7 +1370,7 @@
 msgid ""
 "If authentication succeeds, the application retrieves the authenticated "
 "subject using the <literal>LoginContext.getSubject</literal> method."
-msgstr ""
+msgstr "如果验证成功,应用程序用 <literal>LoginContext.getSubject</literal> 方法获取已验证的 subject。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:328
@@ -1361,7 +1379,7 @@
 "After the scope of the subject authentication is complete, all principals "
 "and related information associated with the subject by the login method can "
 "be removed by invoking the <literal>LoginContext.logout</literal> method."
-msgstr ""
+msgstr "在 subject 验证完成后,所有的 principal 和相关信息都可调用 <literal>LoginContext.logout</literal> 方法进行删除。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:333
@@ -1376,7 +1394,7 @@
 "authentication services. Therefore, you can plug different login modules "
 "into an application without changing the application itself. The following "
 "code shows the steps required by an application to authenticate a subject."
-msgstr ""
+msgstr "<literal>LoginContext</literal> 类提供验证 subject 的基本方法并为独立于底层验证技术的程序开发提供了一种途径。<literal>LoginContext</literal> 查询 <literal>Configuration</literal> 来决定为某个应用程序配置的验证服务。<literal>LoginModule</literal> 类代表了这些验证服务。因此,你可以在应用程序里插入不同的登录模块而不需改变应用程序本身。下面的代码显示应用程序验证 subject 所需的步骤。"
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:336
@@ -1484,7 +1502,7 @@
 "authentication process. For example, one <literal>LoginModule</literal> may "
 "perform username/password-based authentication, while another may interface "
 "to hardware devices such as smart card readers or biometric authenticators."
-msgstr ""
+msgstr "开发人员通过创建 <literal>LoginModule</literal> 接口的实现来集成验证技术。这允许管理者在应用程序里插入不同的验证技术。你可以把多个 <literal>LoginModule</literal> 链接起来,使多种验证技术参与验证过程。例如,一个 <literal>LoginModule</literal> 可以执行基于用户名/密码的验证,而另外一个则可以对硬件设备如智能卡读写器进行验证。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:340
@@ -1494,7 +1512,7 @@
 "<literal>LoginContext</literal> object against which the client creates and "
 "issues the login method. The process consists of two phases. The steps of "
 "the process are as follows:"
-msgstr ""
+msgstr "<literal>LoginModule</literal> 的生命周期由 <literal>LoginContext</literal> 对象根据哪个客户创建和执行 login 方法来决定。这个过程由两个阶段组成。它的步骤如下:"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:345
@@ -1502,7 +1520,7 @@
 msgid ""
 "The <literal>LoginContext</literal> creates each configured "
 "<literal>LoginModule</literal> using its public no-arg constructor."
-msgstr ""
+msgstr "<literal>LoginContext</literal> 创建用 public 的无参构造器创建每个 <literal>LoginModule</literal>。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:350
@@ -1514,6 +1532,9 @@
 "initialize(Subject subject, CallbackHandler callbackHandler, Map "
 "sharedState, Map options)</literal>."
 msgstr ""
+"每个 <literal>LoginModule</literal> 都通过其 initialize 方法进行初始化。<literal>Subject</literal> 参数必须是非空值。 initialize 方法的签名是 <literal>public void "
+"initialize(Subject subject, CallbackHandler callbackHandler, Map "
+"sharedState, Map options)</literal>。"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:355
@@ -2162,6 +2183,19 @@
 "     [java] Caused by: java.lang.SecurityException: No 4 letter words\n"
 "..."
 msgstr ""
+"[examples]$ ant -Dchap=security -Dex=1 run-example\n"
+"run-example1:\n"
+"...\n"
+"     [echo] Waiting for 5 seconds for deploy...\n"
+"     [java] [INFO,ExClient] Looking up EchoBean\n"
+"     [java] [INFO,ExClient] Created Echo\n"
+"     [java] [INFO,ExClient] Echo.echo(&#39;Hello&#39;) = Hello\n"
+"     [java] Exception in thread \"main\" java.rmi.AccessException: "
+"SecurityException; nested exception is: \n"
+"     [java]     java.lang.SecurityException: No 4 letter words\n"
+"...\n"
+"     [java] Caused by: java.lang.SecurityException: No 4 letter words\n"
+"..."
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:490
@@ -2728,6 +2762,14 @@
 "public Set getUserRoles(String securityDomain, Principal principal, Object "
 "credential);"
 msgstr ""
+"public boolean isValid(String securityDomain, Principal principal, Object "
+"credential);\n"
+"public Principal getPrincipal(String securityDomain, Principal principal);\n"
+"public boolean doesUserHaveRole(String securityDomain, Principal "
+"principal, \n"
+"                                Object credential, Set roles);\n"
+"public Set getUserRoles(String securityDomain, Principal principal, Object "
+"credential);"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:677
@@ -2946,6 +2988,17 @@
 "    &lt;/authentication&gt;\n"
 "&lt;/application-policy&gt;"
 msgstr ""
+"&lt;application-policy name=\"jmx-console\"&gt;\n"
+"    &lt;authentication&gt;\n"
+"        &lt;login-module code=\"org.jboss.security.auth.spi."
+"UsersRolesLoginModule\" flag=\"required\"&gt;\n"
+"            &lt;module-option name=\"usersProperties\"&gt;props/jmx-console-"
+"users.properties&lt;/module-option&gt;\n"
+"            &lt;module-option name=\"rolesProperties\"&gt;props/jmx-console-"
+"roles.properties&lt;/module-option&gt;\n"
+"        &lt;/login-module&gt;\n"
+"    &lt;/authentication&gt;\n"
+"&lt;/application-policy&gt;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:780
@@ -3035,6 +3088,20 @@
 "    &lt;/authentication&gt;\n"
 "&lt;/application-policy&gt;"
 msgstr ""
+"&lt;application-policy name=\"todo\"&gt;\n"
+"    &lt;authentication&gt;\n"
+"        &lt;login-module code=\"org.jboss.security.auth.spi.LdapLoginModule"
+"\" \n"
+"                      flag=\"sufficient\"&gt;\n"
+"            &lt;!-- LDAP configuration --&gt;\n"
+"        &lt;/login-module&gt;\n"
+"        &lt;login-module code=\"org.jboss.security.auth.spi."
+"DatabaseServerLoginModule\" \n"
+"                      flag=\"sufficient\"&gt;\n"
+"            &lt;!-- database configuration --&gt;\n"
+"        &lt;/login-module&gt;\n"
+"    &lt;/authentication&gt;\n"
+"&lt;/application-policy&gt;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:812
@@ -3065,7 +3132,7 @@
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:820
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "&lt;mbean code=\"org.jboss.security.auth.login.XMLLoginConfig\"\n"
 "       name=\"jboss.security:service=XMLLoginConfig\"&gt;\n"
@@ -3073,11 +3140,9 @@
 "attribute&gt;\n"
 "&lt;/mbean&gt;"
 msgstr ""
-"&lt;mbean code=\"org.jboss.naming.NamingAlias\" \n"
-"       name=\"jboss.mq:service=NamingAlias,fromName=QueueConnectionFactory"
-"\"&gt;\n"
-"    &lt;attribute name=\"ToName\"&gt;ConnectionFactory&lt;/attribute&gt;\n"
-"    &lt;attribute name=\"FromName\"&gt;QueueConnectionFactory&lt;/"
+"&lt;mbean code=\"org.jboss.security.auth.login.XMLLoginConfig\"\n"
+"       name=\"jboss.security:service=XMLLoginConfig\"&gt;\n"
+"    &lt;attribute name=\"ConfigResource\"&gt;login-config.xml&lt;/"
 "attribute&gt;\n"
 "&lt;/mbean&gt;"
 
@@ -3346,6 +3411,27 @@
 "    &lt;/mbean&gt;\n"
 "&lt;/server&gt;"
 msgstr ""
+"&lt;server&gt;\n"
+"    &lt;mbean code=\"org.jboss.security.auth.login.DynamicLoginConfig\" name="
+"\"...\"&gt;\n"
+"        &lt;attribute name=\"AuthConfig\"&gt;login-config.xml&lt;/"
+"attribute&gt;\n"
+"\n"
+"        &lt;!-- The service which supports dynamic processing of login-"
+"config.xml\n"
+"         configurations.\n"
+"        --&gt;\n"
+"        &lt;depends optional-attribute-name=\"LoginConfigService\"&gt;\n"
+"            jboss.security:service=XMLLoginConfig &lt;/depends&gt;\n"
+"\n"
+"        &lt;!-- Optionally specify the security mgr service to use when\n"
+"         this service is stopped to flush the auth caches of the domains\n"
+"         registered by this service.\n"
+"        --&gt;\n"
+"        &lt;depends optional-attribute-name=\"SecurityManagerService\"&gt;\n"
+"            jboss.security:service=JaasSecurityManager &lt;/depends&gt;\n"
+"    &lt;/mbean&gt;\n"
+"&lt;/server&gt;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:924
@@ -3433,7 +3519,7 @@
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:952
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "&lt;application-policy name=\"todo\"&gt;\n"
 "    &lt;authentication&gt;\n"
@@ -3454,28 +3540,21 @@
 "    &lt;/authentication&gt;\n"
 "&lt;/application-policy&gt;"
 msgstr ""
-"&lt;application-policy name=\"digest\"&gt;\n"
+"&lt;application-policy name=\"todo\"&gt;\n"
 "    &lt;authentication&gt;\n"
+"        &lt;login-module code=\"org.jboss.security.auth.spi.LdapLoginModule"
+"\" \n"
+"                      flag=\"required\"&gt;\n"
+"            &lt;!-- LDAP configuration --&gt;\n"
+"            &lt;module-option name=\"password-stacking\"&gt;useFirstPass&lt;/"
+"module-option&gt;\n"
+"        &lt;/login-module&gt;\n"
 "        &lt;login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
+"DatabaseServerLoginModule\" \n"
 "                      flag=\"required\"&gt;\n"
-"            &lt;module-option name=\"usersProperties\"&gt;digest-users."
-"properties&lt;/module-option&gt;\n"
-"            &lt;module-option name=\"rolesProperties\"&gt;digest-roles."
-"properties&lt;/module-option&gt;\n"
-"            &lt;module-option name=\"hashAlgorithm\"&gt;MD5&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashEncoding\"&gt;rfc2617&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashUserPassword\"&gt;false&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashStorePassword\"&gt;true&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"passwordIsA1Hash\"&gt;true&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"storeDigestCallback\"&gt;\n"
-"                org.jboss.security.auth.spi.RFC2617Digest\n"
-"            &lt;/module-option&gt;\n"
+"            &lt;!-- database configuration --&gt;                \n"
+"            &lt;module-option name=\"password-stacking\"&gt;useFirstPass&lt;/"
+"module-option&gt;\n"
 "        &lt;/login-module&gt;\n"
 "    &lt;/authentication&gt;\n"
 "&lt;/application-policy&gt;"
@@ -3590,6 +3669,20 @@
 "    &lt;/application-policy&gt;\n"
 "&lt;/policy&gt;"
 msgstr ""
+"&lt;policy&gt;\n"
+"    &lt;application-policy name=\"testUsersRoles\"&gt;\n"
+"        &lt;authentication&gt;\n"
+"            &lt;login-module code=\"org.jboss.security.auth.spi."
+"UsersRolesLoginModule\"\n"
+"                          flag=\"required\"&gt;\n"
+"                &lt;module-option name=\"hashAlgorithm\"&gt;MD5&lt;/module-"
+"option&gt;\n"
+"                &lt;module-option name=\"hashEncoding\"&gt;base64&lt;/module-"
+"option&gt;          \n"
+"            &lt;/login-module&gt;\n"
+"        &lt;/authentication&gt;\n"
+"    &lt;/application-policy&gt;\n"
+"&lt;/policy&gt;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:994
@@ -3621,7 +3714,7 @@
 #: J2EE_Security_On_JBOSS.xml:1001
 #, no-c-format
 msgid "echo -n password | openssl dgst -md5 -binary | openssl base64"
-msgstr ""
+msgstr "echo -n password | openssl dgst -md5 -binary | openssl base64"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1002
@@ -3716,6 +3809,9 @@
 "username1.RoleGroup1=role3,role4,...\n"
 "username2=role1,role3,..."
 msgstr ""
+"username1=role1,role2,...\n"
+"username1.RoleGroup1=role3,role4,...\n"
+"username2=role1,role3,..."
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1034
@@ -4044,7 +4140,7 @@
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1175
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "&lt;application-policy name=\"testLDAP\"&gt;\n"
 "        &lt;authentication&gt;\n"
@@ -4083,31 +4179,42 @@
 "        &lt;/authentication&gt;\n"
 "    &lt;/application-policy&gt;"
 msgstr ""
-"&lt;application-policy name=\"digest\"&gt;\n"
-"    &lt;authentication&gt;\n"
-"        &lt;login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
-"                      flag=\"required\"&gt;\n"
-"            &lt;module-option name=\"usersProperties\"&gt;digest-users."
-"properties&lt;/module-option&gt;\n"
-"            &lt;module-option name=\"rolesProperties\"&gt;digest-roles."
-"properties&lt;/module-option&gt;\n"
-"            &lt;module-option name=\"hashAlgorithm\"&gt;MD5&lt;/module-"
+"&lt;application-policy name=\"testLDAP\"&gt;\n"
+"        &lt;authentication&gt;\n"
+"            &lt;login-module code=\"org.jboss.security.auth.spi."
+"LdapLoginModule\"\n"
+"                          flag=\"required\"&gt;\n"
+"                &lt;module-option name=\"java.naming.factory.initial\"&gt; \n"
+"                    com.sun.jndi.ldap.LdapCtxFactory\n"
+"                    &lt;/module-option&gt;\n"
+"                &lt;module-option name=\"java.naming.provider.url\"&gt;\n"
+"                    ldap://ldaphost.jboss.org:1389/\n"
+"                &lt;/module-option&gt;\n"
+"                &lt;module-option name=\"java.naming.security.authentication"
+"\"&gt;\n"
+"                    simple\n"
+"                &lt;/module-option&gt;\n"
+"                &lt;module-option name=\"principalDNPrefix\"&gt;uid=&lt;/"
+"module-option&gt;                    \n"
+"                &lt;module-option name=\"principalDNSuffix\"&gt;\n"
+"                    ,ou=People,dc=jboss,dc=org\n"
+"                &lt;/module-option&gt;\n"
+"\n"
+"                &lt;module-option name=\"rolesCtxDN\"&gt;\n"
+"                    ou=Roles,dc=jboss,dc=org\n"
+"                &lt;/module-option&gt;\n"
+"                &lt;module-option name=\"uidAttributeID\"&gt;member&lt;/"
+"module-option&gt;\n"
+"                &lt;module-option name=\"matchOnUserDN\"&gt;true&lt;/module-"
 "option&gt;\n"
-"            &lt;module-option name=\"hashEncoding\"&gt;rfc2617&lt;/module-"
+"\n"
+"                &lt;module-option name=\"roleAttributeID\"&gt;cn&lt;/module-"
 "option&gt;\n"
-"            &lt;module-option name=\"hashUserPassword\"&gt;false&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashStorePassword\"&gt;true&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"passwordIsA1Hash\"&gt;true&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"storeDigestCallback\"&gt;\n"
-"                org.jboss.security.auth.spi.RFC2617Digest\n"
-"            &lt;/module-option&gt;\n"
-"        &lt;/login-module&gt;\n"
-"    &lt;/authentication&gt;\n"
-"&lt;/application-policy&gt;"
+"                &lt;module-option name=\"roleAttributeIsDN\"&gt;false &lt;/"
+"module-option&gt;\n"
+"            &lt;/login-module&gt;\n"
+"        &lt;/authentication&gt;\n"
+"    &lt;/application-policy&gt;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1176
@@ -4154,6 +4261,38 @@
 "member: uid=jduke,ou=People,dc=jboss,dc=org\n"
 "description: the JBossAdmin group"
 msgstr ""
+"dn: dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: dcObject\n"
+"objectclass: organization\n"
+"dc: jboss\n"
+"o: JBoss\n"
+"\n"
+"dn: ou=People,dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: organizationalUnit\n"
+"ou: People\n"
+"\n"
+"dn: uid=jduke,ou=People,dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: uidObject\n"
+"objectclass: person\n"
+"uid: jduke\n"
+"cn: Java Duke\n"
+"sn: Duke\n"
+"userPassword: theduke\n"
+"\n"
+"dn: ou=Roles,dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: organizationalUnit\n"
+"ou: Roles\n"
+"\n"
+"dn: cn=JBossAdmin,ou=Roles,dc=jboss,dc=org\n"
+"objectclass: top\n"
+"objectclass: groupOfNames\n"
+"cn: JBossAdmin\n"
+"member: uid=jduke,ou=People,dc=jboss,dc=org\n"
+"description: the JBossAdmin group"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1180
@@ -4372,7 +4511,7 @@
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1247
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "&lt;policy&gt;\n"
 "    &lt;application-policy name=\"testDB\"&gt;\n"
@@ -4393,31 +4532,24 @@
 "    &lt;/application-policy&gt;\n"
 "&lt;/policy&gt;"
 msgstr ""
-"&lt;application-policy name=\"digest\"&gt;\n"
-"    &lt;authentication&gt;\n"
-"        &lt;login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
-"                      flag=\"required\"&gt;\n"
-"            &lt;module-option name=\"usersProperties\"&gt;digest-users."
-"properties&lt;/module-option&gt;\n"
-"            &lt;module-option name=\"rolesProperties\"&gt;digest-roles."
-"properties&lt;/module-option&gt;\n"
-"            &lt;module-option name=\"hashAlgorithm\"&gt;MD5&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashEncoding\"&gt;rfc2617&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashUserPassword\"&gt;false&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashStorePassword\"&gt;true&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"passwordIsA1Hash\"&gt;true&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"storeDigestCallback\"&gt;\n"
-"                org.jboss.security.auth.spi.RFC2617Digest\n"
-"            &lt;/module-option&gt;\n"
-"        &lt;/login-module&gt;\n"
-"    &lt;/authentication&gt;\n"
-"&lt;/application-policy&gt;"
+"&lt;policy&gt;\n"
+"    &lt;application-policy name=\"testDB\"&gt;\n"
+"        &lt;authentication&gt;\n"
+"            &lt;login-module code=\"org.jboss.security.auth.spi."
+"DatabaseServerLoginModule\"\n"
+"                             flag=\"required\"&gt;\n"
+"                &lt;module-option name=\"dsJndiName\"&gt;java:/"
+"MyDatabaseDS&lt;/module-option&gt;\n"
+"                &lt;module-option name=\"principalsQuery\"&gt;\n"
+"                    select passwd from Users username where username=?&lt;/"
+"module-option&gt;\n"
+"                &lt;module-option name=\"rolesQuery\"&gt;\n"
+"                    select userRoles, &#39;Roles&#39; from UserRoles where "
+"username=?&lt;/module-option&gt;\n"
+"            &lt;/login-module&gt;\n"
+"        &lt;/authentication&gt;\n"
+"    &lt;/application-policy&gt;\n"
+"&lt;/policy&gt;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1248
@@ -4462,7 +4594,7 @@
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1261
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "&lt;mbean code=\"org.jboss.security.plugins.JaasSecurityDomain\"\n"
 "       name=\"jboss.ch8:service=SecurityDomain\"&gt;\n"
@@ -4475,12 +4607,15 @@
 "attribute&gt;\n"
 "&lt;/mbean&gt;"
 msgstr ""
-"&lt;mbean code=\"org.jboss.ha.jndi.HANamingService\"    \n"
-"       name=\"jboss:service=HAJNDI\"&gt;    \n"
-"    &lt;depends&gt;jboss:service=MySpecialPartition&lt;/depends&gt;    \n"
-"    &lt;attribute name=\"PartitionName\"&gt;MySpecialPartition&lt;/"
-"attribute&gt;    \n"
-"    &lt;attribute name=\"Port\"&gt;56789&lt;/attribute&gt;  \n"
+"&lt;mbean code=\"org.jboss.security.plugins.JaasSecurityDomain\"\n"
+"       name=\"jboss.ch8:service=SecurityDomain\"&gt;\n"
+"    &lt;constructor&gt;\n"
+"        &lt;arg type=\"java.lang.String\" value=\"jmx-console\"/&gt;\n"
+"    &lt;/constructor&gt;\n"
+"    &lt;attribute name=\"KeyStoreURL\"&gt;resource:localhost.keystore&lt;/"
+"attribute&gt;\n"
+"    &lt;attribute name=\"KeyStorePass\"&gt;unit-tests-server&lt;/"
+"attribute&gt;\n"
 "&lt;/mbean&gt;"
 
 #. Tag: para
@@ -4499,7 +4634,7 @@
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1265
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "&lt;?xml version=\"1.0\"?&gt;\n"
 "&lt;!DOCTYPE web-app PUBLIC\n"
@@ -4534,23 +4669,15 @@
 msgstr ""
 "&lt;?xml version=\"1.0\"?&gt;\n"
 "&lt;!DOCTYPE web-app PUBLIC\n"
-"          \"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN\"\n"
-"          \"http://java.sun.com/dtd/web-app_2_3.dtd\"&gt;\n"
-"&lt;web-app&gt;\n"
-"    &lt;!-- ... --&gt;\n"
-"    \n"
-"    &lt;!-- A security constraint that restricts access to the HTML JMX "
-"console\n"
-"         to users with the role JBossAdmin. Edit the roles to what you want "
-"and\n"
-"         uncomment the WEB-INF/jboss-web.xml/security-domain element to "
-"enable\n"
-"         secured access to the HTML JMX console.\n"
-"    --&gt;\n"
+"                  \"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
+"\"\n"
+"                  \"http://java.sun.com/dtd/web-app_2_3.dtd\"&gt;\n"
+"&lt;web-app&gt; \n"
+"    ... \n"
 "    &lt;security-constraint&gt;\n"
 "        &lt;web-resource-collection&gt;\n"
 "            &lt;web-resource-name&gt;HtmlAdaptor&lt;/web-resource-name&gt;\n"
-"            &lt;description&gt; An example security config that only allows "
+"            &lt;description&gt;An example security config that only allows "
 "users with\n"
 "                the role JBossAdmin to access the HTML JMX console web\n"
 "                application &lt;/description&gt;\n"
@@ -4563,7 +4690,7 @@
 "        &lt;/auth-constraint&gt;\n"
 "    &lt;/security-constraint&gt;\n"
 "    &lt;login-config&gt;\n"
-"        &lt;auth-method&gt;BASIC&lt;/auth-method&gt;\n"
+"        &lt;auth-method&gt;CLIENT-CERT&lt;/auth-method&gt;\n"
 "        &lt;realm-name&gt;JBoss JMX Console&lt;/realm-name&gt;\n"
 "    &lt;/login-config&gt;\n"
 "    &lt;security-role&gt;\n"
@@ -4602,7 +4729,7 @@
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1273
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "&lt;application-policy name=\"jmx-console\"&gt;\n"
 "    &lt;authentication&gt;\n"
@@ -4627,28 +4754,25 @@
 "    &lt;/authentication&gt;\n"
 "&lt;/application-policy&gt;"
 msgstr ""
-"&lt;application-policy name=\"digest\"&gt;\n"
+"&lt;application-policy name=\"jmx-console\"&gt;\n"
 "    &lt;authentication&gt;\n"
 "        &lt;login-module code=\"org.jboss.security.auth.spi."
-"UsersRolesLoginModule\"\n"
+"BaseCertLoginModule\" \n"
 "                      flag=\"required\"&gt;\n"
-"            &lt;module-option name=\"usersProperties\"&gt;digest-users."
+"            &lt;module-option name=\"password-stacking\"&gt;useFirstPass&lt;/"
+"module-option&gt;\n"
+"            &lt;module-option name=\"securityDomain\"&gt;java:/jaas/jmx-"
+"console&lt;/module-option&gt;\n"
+"        &lt;/login-module&gt;\n"
+"        &lt;login-module code=\"org.jboss.security.auth.spi."
+"UsersRolesLoginModule\" \n"
+"                      flag=\"required\"&gt;\n"
+"            &lt;module-option name=\"password-stacking\"&gt;useFirstPass&lt;/"
+"module-option&gt;\n"
+"            &lt;module-option name=\"usersProperties\"&gt;jmx-console-users."
 "properties&lt;/module-option&gt;\n"
-"            &lt;module-option name=\"rolesProperties\"&gt;digest-roles."
+"            &lt;module-option name=\"rolesProperties\"&gt;jmx-console-roles."
 "properties&lt;/module-option&gt;\n"
-"            &lt;module-option name=\"hashAlgorithm\"&gt;MD5&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashEncoding\"&gt;rfc2617&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashUserPassword\"&gt;false&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"hashStorePassword\"&gt;true&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"passwordIsA1Hash\"&gt;true&lt;/module-"
-"option&gt;\n"
-"            &lt;module-option name=\"storeDigestCallback\"&gt;\n"
-"                org.jboss.security.auth.spi.RFC2617Digest\n"
-"            &lt;/module-option&gt;\n"
 "        &lt;/login-module&gt;\n"
 "    &lt;/authentication&gt;\n"
 "&lt;/application-policy&gt;"
@@ -4685,6 +4809,19 @@
 "         MD5:  4A:9C:2B:CD:1B:50:AA:85:DD:89:F6:1D:F5:AF:9E:AB\n"
 "         SHA1: DE:DE:86:59:05:6C:00:E8:CC:C0:16:D3:C2:68:BF:95:B8:83:E9:58"
 msgstr ""
+"[starksm at banshee9100 conf]$ keytool -printcert -file unit-tests-client."
+"export\n"
+"Owner: CN=unit-tests-client, OU=JBoss Inc., O=JBoss Inc., ST=Washington, "
+"C=US\n"
+"Issuer: CN=jboss.com, C=US, ST=Washington, L=Snoqualmie Pass, "
+"EMAILADDRESS=admin\n"
+"@jboss.com, OU=QA, O=JBoss Inc.\n"
+"Serial number: 100103\n"
+"Valid from: Wed May 26 07:34:34 PDT 2004 until: Thu May 26 07:34:34 PDT "
+"2005\n"
+"Certificate fingerprints:\n"
+"         MD5:  4A:9C:2B:CD:1B:50:AA:85:DD:89:F6:1D:F5:AF:9E:AB\n"
+"         SHA1: DE:DE:86:59:05:6C:00:E8:CC:C0:16:D3:C2:68:BF:95:B8:83:E9:58"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1278
@@ -4784,6 +4921,20 @@
 "    &lt;/application-policy&gt;\n"
 "&lt;/policy&gt;"
 msgstr ""
+"&lt;policy&gt;\n"
+"    &lt;application-policy name=\"testIdentity\"&gt;\n"
+"        &lt;authentication&gt;\n"
+"            &lt;login-module code=\"org.jboss.security.auth.spi."
+"IdentityLoginModule\"\n"
+"                         flag=\"required\"&gt;\n"
+"                &lt;module-option name=\"principal\"&gt;jduke&lt;/module-"
+"option&gt;\n"
+"                &lt;module-option name=\"roles\"&gt;TheDuke,"
+"AnimatedCharater&lt;/module-option&gt;\n"
+"            &lt;/login-module&gt;\n"
+"        &lt;/authentication&gt;\n"
+"    &lt;/application-policy&gt;\n"
+"&lt;/policy&gt;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1308
@@ -4931,6 +5082,14 @@
 "    // Put your login modules that need jBoss here\n"
 "};"
 msgstr ""
+"other {\n"
+"    // Put your login modules that work without jBoss here\n"
+"                \n"
+"    // jBoss LoginModule\n"
+"    org.jboss.security.ClientLoginModule required;\n"
+"               \n"
+"    // Put your login modules that need jBoss here\n"
+"};"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1367
@@ -4974,6 +5133,12 @@
 "java.util.Set getPublicCredentials()\n"
 "java.util.Set getPublicCredentials(java.lang.Class c)"
 msgstr ""
+"java.util.Set getPrincipals()\n"
+"java.util.Set getPrincipals(java.lang.Class c)\n"
+"java.util.Set getPrivateCredentials()\n"
+"java.util.Set getPrivateCredentials(java.lang.Class c)\n"
+"java.util.Set getPublicCredentials()\n"
+"java.util.Set getPublicCredentials(java.lang.Class c)"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1375
@@ -5155,6 +5320,104 @@
 "    abstract protected Group[] getRoleSets() throws LoginException;\n"
 "}"
 msgstr ""
+"package org.jboss.security.auth.spi;\n"
+"/**\n"
+" *  This class implements the common functionality required for a JAAS\n"
+" *  server-side LoginModule and implements the JBossSX standard\n"
+" *  Subject usage pattern of storing identities and roles. Subclass\n"
+" *  this module to create your own custom LoginModule and override the\n"
+" *  login(), getRoleSets(), and getIdentity() methods.\n"
+" */\n"
+"public abstract class AbstractServerLoginModule\n"
+"    implements javax.security.auth.spi.LoginModule\n"
+"{\n"
+"    protected Subject subject;\n"
+"    protected CallbackHandler callbackHandler;\n"
+"    protected Map sharedState;\n"
+"    protected Map options;\n"
+"    protected Logger log;\n"
+"\n"
+"    /** Flag indicating if the shared credential should be used */\n"
+"    protected boolean useFirstPass;\n"
+"    /** \n"
+"     * Flag indicating if the login phase succeeded. Subclasses that\n"
+"     * override the login method must set this to true on successful\n"
+"     * completion of login\n"
+"     */\n"
+"    protected boolean loginOk;\n"
+"                \n"
+"    // ...\n"
+"    /**\n"
+"     * Initialize the login module. This stores the subject,\n"
+"     * callbackHandler and sharedState and options for the login\n"
+"     * session. Subclasses should override if they need to process\n"
+"     * their own options. A call to super.initialize(...)  must be\n"
+"     * made in the case of an override.\n"
+"     *\n"
+"     * &lt;p&gt;\n"
+"     * The options are checked for the  &lt;em&gt;password-stacking&lt;/"
+"em&gt; parameter.\n"
+"     * If this is set to \"useFirstPass\", the login identity will be taken "
+"from the\n"
+"     * &lt;code&gt;javax.security.auth.login.name&lt;/code&gt; value of the "
+"sharedState map,\n"
+"     * and the proof of identity from the\n"
+"     * &lt;code&gt;javax.security.auth.login.password&lt;/code&gt; value of "
+"the sharedState map.\n"
+"     *\n"
+"     * @param subject the Subject to update after a successful login.\n"
+"     * @param callbackHandler the CallbackHandler that will be used to "
+"obtain the\n"
+"     * the user identity and credentials.\n"
+"     * @param sharedState a Map shared between all configured login module "
+"instances\n"
+"     * @param options the parameters passed to the login module.\n"
+"     */\n"
+"    public void initialize(Subject subject,\n"
+"                           CallbackHandler callbackHandler,\n"
+"                           Map sharedState,\n"
+"                           Map options)\n"
+"    {\n"
+"        // ...\n"
+"    }\n"
+"    \n"
+"\n"
+"    /**\n"
+"     *  Looks for javax.security.auth.login.name and\n"
+"     *  javax.security.auth.login.password values in the sharedState\n"
+"     *  map if the useFirstPass option was true and returns true if\n"
+"     *  they exist. If they do not or are null this method returns\n"
+"     *  false.  \n"
+"     *  Note that subclasses that override the login method\n"
+"     *  must set the loginOk var to true if the login succeeds in\n"
+"     *  order for the commit phase to populate the Subject. This\n"
+"     *  implementation sets loginOk to true if the login() method\n"
+"     *  returns true, otherwise, it sets loginOk to false.\n"
+"     */\n"
+"    public boolean login() \n"
+"        throws LoginException\n"
+"    {\n"
+"        // ...\n"
+"    }\n"
+"    \n"
+"    /**\n"
+"     *  Overridden by subclasses to return the Principal that\n"
+"     *  corresponds to the user primary identity.\n"
+"     */\n"
+"    abstract protected Principal getIdentity();\n"
+"                \n"
+"    /**\n"
+"     *  Overridden by subclasses to return the Groups that correspond\n"
+"     *  to the role sets assigned to the user. Subclasses should\n"
+"     *  create at least a Group named \"Roles\" that contains the roles\n"
+"     *  assigned to the user.  A second common group is\n"
+"     *  \"CallerPrincipal,\" which provides the application identity of\n"
+"     *  the user rather than the security domain identity.\n"
+"     * \n"
+"     *  @return Group[] containing the sets of roles\n"
+"     */\n"
+"    abstract protected Group[] getRoleSets() throws LoginException;\n"
+"}"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1396
@@ -5281,6 +5544,97 @@
 "        throws LoginException;\n"
 "}"
 msgstr ""
+"package org.jboss.security.auth.spi;\n"
+"\n"
+"/**\n"
+" *  An abstract subclass of AbstractServerLoginModule that imposes a\n"
+" *  an identity == String username, credentials == String password\n"
+" *  view on the login process. Subclasses override the\n"
+" *  getUsersPassword() and getUsersRoles() methods to return the\n"
+" *  expected password and roles for the user.\n"
+" */\n"
+"public abstract class UsernamePasswordLoginModule\n"
+"    extends AbstractServerLoginModule\n"
+"{\n"
+"    /** The login identity */\n"
+"    private Principal identity;\n"
+"    /** The proof of login identity */\n"
+"    private char[] credential;\n"
+"    /** The principal to use when a null username and password are seen */\n"
+"    private Principal unauthenticatedIdentity;\n"
+"\n"
+"    /**\n"
+"     * The message digest algorithm used to hash passwords. If null then\n"
+"     * plain passwords will be used. */\n"
+"    private String hashAlgorithm = null;\n"
+"\n"
+"    /**\n"
+"     *  The name of the charset/encoding to use when converting the\n"
+"     * password String to a byte array. Default is the platform&#39;s\n"
+"     * default encoding.\n"
+"     */\n"
+"     private String hashCharset = null;\n"
+"\n"
+"    /** The string encoding format to use. Defaults to base64. */\n"
+"    private String hashEncoding = null;\n"
+"                \n"
+"    // ...\n"
+"                \n"
+"    /** \n"
+"     *  Override the superclass method to look for an\n"
+"     *  unauthenticatedIdentity property. This method first invokes\n"
+"     *  the super version.\n"
+"     *\n"
+"     *  @param options,\n"
+"     *  @option unauthenticatedIdentity: the name of the principal to\n"
+"     *  assign and authenticate when a null username and password are\n"
+"     *  seen.\n"
+"     */\n"
+"    public void initialize(Subject subject,\n"
+"                           CallbackHandler callbackHandler,\n"
+"                           Map sharedState,\n"
+"                           Map options)\n"
+"    {\n"
+"        super.initialize(subject, callbackHandler, sharedState,\n"
+"                         options);\n"
+"        // Check for unauthenticatedIdentity option.\n"
+"        Object option = options.get(\"unauthenticatedIdentity\");\n"
+"        String name = (String) option;\n"
+"        if (name != null) {\n"
+"            unauthenticatedIdentity = new SimplePrincipal(name);\n"
+"        }\n"
+"    }\n"
+"                \n"
+"    // ...\n"
+"                \n"
+"    /**\n"
+"     *  A hook that allows subclasses to change the validation of the\n"
+"     *  input password against the expected password. This version\n"
+"     *  checks that neither inputPassword or expectedPassword are null\n"
+"     *  and that inputPassword.equals(expectedPassword) is true;\n"
+"     *\n"
+"     *  @return true if the inputPassword is valid, false otherwise.\n"
+"     */\n"
+"    protected boolean validatePassword(String inputPassword,\n"
+"                                       String expectedPassword)\n"
+"    {\n"
+"        if (inputPassword == null || expectedPassword == null) {\n"
+"            return false;\n"
+"        }\n"
+"        return inputPassword.equals(expectedPassword);\n"
+"    }\n"
+"    \n"
+"    /**\n"
+"     *  Get the expected password for the current username available\n"
+"     * via the getUsername() method. This is called from within the\n"
+"     * login() method after the CallbackHandler has returned the\n"
+"     * username and candidate password.\n"
+"     *\n"
+"     * @return the valid password String\n"
+"     */\n"
+"    abstract protected String getUsersPassword()\n"
+"        throws LoginException;\n"
+"}"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1403
@@ -5513,6 +5867,98 @@
 "    }   \n"
 "}"
 msgstr ""
+"package org.jboss.book.security.ex2;\n"
+"                    \n"
+"import java.security.acl.Group;\n"
+"import java.util.Map;\n"
+"import javax.naming.InitialContext;\n"
+"import javax.naming.NamingException;\n"
+"import javax.security.auth.Subject;\n"
+"import javax.security.auth.callback.CallbackHandler;\n"
+"import javax.security.auth.login.LoginException;\n"
+"\n"
+"import org.jboss.security.SimpleGroup;\n"
+"import org.jboss.security.SimplePrincipal;\n"
+"import org.jboss.security.auth.spi.UsernamePasswordLoginModule;\n"
+"\n"
+"/** \n"
+" *  An example custom login module that obtains passwords and roles\n"
+" *  for a user from a JNDI lookup.\n"
+" *     \n"
+" *  @author Scott.Stark at jboss.org\n"
+" *  @version $Revision: 1.4 $\n"
+"*/\n"
+"public class JndiUserAndPass \n"
+"    extends UsernamePasswordLoginModule\n"
+"{\n"
+"    /** The JNDI name to the context that handles the password/username "
+"lookup */\n"
+"    private String userPathPrefix;\n"
+"    /** The JNDI name to the context that handles the roles/ username lookup "
+"*/\n"
+"    private String rolesPathPrefix;\n"
+"    \n"
+"    /**\n"
+"     * Override to obtain the userPathPrefix and rolesPathPrefix options.\n"
+"     */\n"
+"    public void initialize(Subject subject, CallbackHandler "
+"callbackHandler,\n"
+"                           Map sharedState, Map options)\n"
+"    {\n"
+"        super.initialize(subject, callbackHandler, sharedState, options);\n"
+"        userPathPrefix = (String) options.get(\"userPathPrefix\");\n"
+"        rolesPathPrefix = (String) options.get(\"rolesPathPrefix\");\n"
+"    }\n"
+"    \n"
+"    /**\n"
+"     *  Get the roles the current user belongs to by querying the\n"
+"     * rolesPathPrefix + &#39;/&#39; + super.getUsername() JNDI location.\n"
+"     */\n"
+"    protected Group[] getRoleSets() throws LoginException\n"
+"    {\n"
+"        try {\n"
+"            InitialContext ctx = new InitialContext();\n"
+"            String rolesPath = rolesPathPrefix + &#39;/&#39; + super."
+"getUsername();\n"
+"\n"
+"            String[] roles = (String[]) ctx.lookup(rolesPath);\n"
+"            Group[] groups = {new SimpleGroup(\"Roles\")};\n"
+"            log.info(\"Getting roles for user=\"+super.getUsername());\n"
+"            for(int r = 0; r &lt; roles.length; r ++) {\n"
+"                SimplePrincipal role = new SimplePrincipal(roles[r]);\n"
+"                log.info(\"Found role=\"+roles[r]);\n"
+"                groups[0].addMember(role);\n"
+"            }\n"
+"            return groups;\n"
+"        } catch(NamingException e) {\n"
+"            log.error(\"Failed to obtain groups for\n"
+"                        user=\"+super.getUsername(), e);\n"
+"            throw new LoginException(e.toString(true));\n"
+"        }\n"
+"    }\n"
+"                    \n"
+"    /** \n"
+"     * Get the password of the current user by querying the\n"
+"     * userPathPrefix + &#39;/&#39; + super.getUsername() JNDI location.\n"
+"     */\n"
+"    protected String getUsersPassword() \n"
+"        throws LoginException\n"
+"    {\n"
+"        try {\n"
+"            InitialContext ctx = new InitialContext();\n"
+"            String userPath = userPathPrefix + &#39;/&#39; + super."
+"getUsername();\n"
+"            log.info(\"Getting password for user=\"+super.getUsername());\n"
+"            String passwd = (String) ctx.lookup(userPath);\n"
+"            log.info(\"Found password=\"+passwd);\n"
+"            return passwd;\n"
+"        } catch(NamingException e) {\n"
+"            log.error(\"Failed to obtain password for\n"
+"                        user=\"+super.getUsername(), e);\n"
+"            throw new LoginException(e.toString(true));\n"
+"        }\n"
+"    }   \n"
+"}"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1466
@@ -5554,6 +6000,14 @@
 "     [java] [INFO,ExClient] Created Echo\n"
 "     [java] [INFO,ExClient] Echo.echo(&#39;Hello&#39;) = Hello"
 msgstr ""
+"[examples]$ ant -Dchap=security -Dex=2 run-example\n"
+"...\n"
+"run-example2:\n"
+"     [echo] Waiting for 5 seconds for deploy...\n"
+"     [java] [INFO,ExClient] Login with username=jduke, password=theduke\n"
+"     [java] [INFO,ExClient] Looking up EchoBean2\n"
+"     [java] [INFO,ExClient] Created Echo\n"
+"     [java] [INFO,ExClient] Echo.echo(&#39;Hello&#39;) = Hello"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1473
@@ -5567,16 +6021,17 @@
 
 #. Tag: programlisting
 #: J2EE_Security_On_JBOSS.xml:1476
-#, fuzzy, no-c-format
+#, no-c-format
 msgid ""
 "&lt;?xml version=\"1.0\"?&gt;\n"
 "&lt;jboss&gt;\n"
 "    &lt;security-domain&gt;java:/jaas/security-ex2&lt;/security-domain&gt;\n"
 "&lt;/jboss&gt;"
 msgstr ""
-"&lt;jboss-web&gt;\n"
-"    &lt;security-domain&gt;java:/jaas/digest&lt;/security-domain&gt;\n"
-"&lt;/jboss-web&gt;"
+"&lt;?xml version=\"1.0\"?&gt;\n"
+"&lt;jboss&gt;\n"
+"    &lt;security-domain&gt;java:/jaas/security-ex2&lt;/security-domain&gt;\n"
+"&lt;/jboss&gt;"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1477
@@ -5603,6 +6058,18 @@
 "    &lt;/authentication&gt;\n"
 "&lt;/application-policy&gt;"
 msgstr ""
+"&lt;application-policy name = \"security-ex2\"&gt;\n"
+"    &lt;authentication&gt;\n"
+"        &lt;login-module code=\"org.jboss.book.security.ex2.JndiUserAndPass"
+"\"\n"
+"                      flag=\"required\"&gt;\n"
+"            &lt;module-option name = \"userPathPrefix\"&gt;/security/store/"
+"password&lt;/module-option&gt;\n"
+"            &lt;module-option name = \"rolesPathPrefix\"&gt;/security/store/"
+"roles&lt;/module-option&gt;\n"
+"        &lt;/login-module&gt;\n"
+"    &lt;/authentication&gt;\n"
+"&lt;/application-policy&gt;"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1488
@@ -6134,6 +6601,57 @@
 "         throws SecurityException;\n"
 "}"
 msgstr ""
+"package org.jboss.security.srp;\n"
+"\n"
+"import java.io.IOException;\n"
+"import java.io.Serializable;\n"
+"import java.security.KeyException;\n"
+"\n"
+"public interface SRPVerifierStore\n"
+"{\n"
+"    public static class VerifierInfo implements Serializable\n"
+"    {\n"
+"        /**\n"
+"         * The username the information applies to. Perhaps redundant\n"
+"         * but it makes the object self contained.\n"
+"         */\n"
+"        public String username;\n"
+"\n"
+"        /** The SRP password verifier hash */\n"
+"        public byte[] verifier;\n"
+"        /** The random password salt originally used to verify the password "
+"*/\n"
+"        public byte[] salt;\n"
+"        /** The SRP algorithm primitive generator */\n"
+"        public byte[] g;\n"
+"        /** The algorithm safe-prime modulus */\n"
+"        public byte[] N;\n"
+"    }\n"
+"    \n"
+"    /**\n"
+"     *  Get the indicated user&#39;s password verifier information.\n"
+"     */\n"
+"    public VerifierInfo getUserVerifier(String username)\n"
+"        throws KeyException, IOException;\n"
+"    /** \n"
+"     *  Set the indicated users&#39; password verifier information. This\n"
+"     *  is equivalent to changing a user&#39;s password and should\n"
+"     *  generally invalidate any existing SRP sessions and caches.\n"
+"     */\n"
+"    public void setUserVerifier(String username, VerifierInfo info)\n"
+"        throws IOException;\n"
+"\n"
+"    /** \n"
+"     * Verify an optional auxiliary challenge sent from the client to\n"
+"     * the server.  The auxChallenge object will have been decrypted\n"
+"     * if it was sent encrypted from the client. An example of a\n"
+"     * auxiliary challenge would be the validation of a hardware token\n"
+"     * (SafeWord, SecureID, iButton) that the server validates to\n"
+"     * further strengthen the SRP password exchange.\n"
+"     */\n"
+"     public void verifyUserChallenge(String username, Object auxChallenge)\n"
+"         throws SecurityException;\n"
+"}"
 
 #. Tag: para
 #: J2EE_Security_On_JBOSS.xml:1671
@@ -6526,6 +7044,45 @@
 "    &lt;/mbean&gt;\n"
 "&lt;/server&gt;"
 msgstr ""
+"&lt;server&gt;\n"
+"    &lt;!-- The custom JAAS login configuration that installs\n"
+"         a Configuration capable of dynamically updating the\n"
+"         config settings --&gt;\n"
+"\n"
+"    &lt;mbean code=\"org.jboss.book.security.service.SecurityConfig\" \n"
+"           name=\"jboss.docs.security:service=LoginConfig-EX3\"&gt;\n"
+"        &lt;attribute name=\"AuthConfig\"&gt;META-INF/login-config.xml&lt;/"
+"attribute&gt;\n"
+"        &lt;attribute name=\"SecurityConfigName\"&gt;jboss.security:"
+"name=SecurityConfig&lt;/attribute&gt;\n"
+"    &lt;/mbean&gt;\n"
+"\n"
+"    &lt;!-- The SRP service that provides the SRP RMI server and server "
+"side\n"
+"         authentication cache --&gt;\n"
+"    &lt;mbean code=\"org.jboss.security.srp.SRPService\" \n"
+"           name=\"jboss.docs.security:service=SRPService\"&gt;\n"
+"        &lt;attribute name=\"VerifierSourceJndiName\"&gt;srp-test/security-"
+"ex3&lt;/attribute&gt;\n"
+"        &lt;attribute name=\"JndiName\"&gt;srp-test/SRPServerInterface&lt;/"
+"attribute&gt;\n"
+"        &lt;attribute name=\"AuthenticationCacheJndiName\"&gt;srp-test/"
+"AuthenticationCache&lt;/attribute&gt;\n"
+"        &lt;attribute name=\"ServerPort\"&gt;0&lt;/attribute&gt;\n"
+"        &lt;depends&gt;jboss.docs.security:"
+"service=PropertiesVerifierStore&lt;/depends&gt;\n"
+"    &lt;/mbean&gt;\n"
+"\n"
+"    &lt;!-- The SRP store handler service that provides the user password "
+"verifier\n"
+"         information --&gt;\n"
+"    &lt;mbean code=\"org.jboss.security.ex3.service.PropertiesVerifierStore"
+"\"\n"
+"           name=\"jboss.docs.security:service=PropertiesVerifierStore\"&gt;\n"
+"        &lt;attribute name=\"JndiName\"&gt;srp-test/security-ex3&lt;/"
+"attribute&gt;\n"
+"    &lt;/mbean&gt;\n"
+"&lt;/server&gt;"
 
 #. Tag: title
 #: J2EE_Security_On_JBOSS.xml:1792




More information about the jboss-cvs-commits mailing list