breach 违反,破坏;打破 proactively 前摄地;主动地 consecutive 连贯的;连续不断的
If one of your user's email addresses is compromised in some site's public data breach, you want to be notified, and you want to notify the users and/or block them from logging in to your app until they reset their password.
You want to act proactively to block suspicious IP addresses if they make consecutive failed login attempts, in order to avoid DDoS attacks.
federate 结成同盟,结成联邦
You are part of a large organization that wants to federate their existing enterprise directory service to allow employees to log in to the various internal and third-party applications using their existing enterprise credentials 证书.
provision 规定;条款;准备
You don't want (or you don't know how) to implement your own user management solution. Password resets, creating, provisioning, blocking, and deleting users, and the UI to manage all these. You just want to focus on your app.
funnel /ˈfʌnl/ 漏斗;漏斗状物;烟囱 retention 保留;扣留,滞留;记忆力
You want to use analytics to track users on your site or application. You plan on using this data to create funnels, measure user retention, and improve your sign-up flow.
adoption 采用;收养;接受
This has been achieved through the widespread adoption of identity industry standards across the web.
You require an SLA guaranteeing higher uptimes
Identity Glossary /ˈɡlɑːsəri/ 术语(特殊用语)表;词汇表;专业词典
takeaway 外卖食品;外卖餐馆;要点
The story of how we got here is long, but the key takeaway is short and sweet: Spring would not be what it is without our amazing community.
inception 起初;获得学位 evolve 发展;进化;使逐步形成;推断出 nimble /ˈnɪmbl/ 敏捷的;聪明的;敏感的
Since the project’s inception, the OAuth world has evolved significantly. For that reason, we decided to build on our success as a community and rewrite Spring Security OAuth to better align Spring’s OAuth story, simplify the code base, and make Spring’s OAuth support more nimble.
By performing a rewrite, we were able to address the needs of the entire Spring portfolio组合 and provide a single cohesive凝聚的 OAuth library.
obsolete /ˈɒbsəliːt/ 废弃;淘汰
Second, when the OAuth project was originally written, it included support for both OAuth 1.0 and OAuth 2.0. Since then, OAuth 2.0 has officially made OAuth 1.0 obsolete.
Nimbus /ˈnɪmbəs/ 灵气;光轮 雨云;光辉灿烂的气氛
Third, the original project provided all of its own library support. Now, with many libraries to choose from, we were able to fold it into Spring Security proper by providing an abstraction around an existing library named Nimbus. By building on top of Nimbus, we were able to move more quickly and add more features, such as better support for JWT claims, OIDC, reactive programming, and so much more.
monumental 不朽的;纪念碑的;非常的
Obviously, rewriting Spring Security’s OAuth support is a monumental effort. To begin, the team decided to split up the work into the client, the resource server, and the authorization server. As we progressed with the client and the resource server, we became more and more convinced that we shouldn’t provide authorization server support.
Application security boils down 归结 to two more or less independent problems: authentication (who are you?) and authorization (what are you allowed to do?).
pre-empt 预先制止;抢在……之前行动;抢先得到
Spring Boot provides a default global AuthenticationManager (with just one user) unless you pre-empt it by providing your own bean of type AuthenticationManager. The default is secure enough on its own for you not to have to worry about it much, unless you actively need a custom global AuthenticationManager. If you do any configuration that builds an AuthenticationManager you can often do it locally to the resources that you are protecting and not worry about the global default.
Once authentication is successful, we can move on to authorization, and the core strategy here is AccessDecisionManager. There are three implementations provided by the framework and all three delegate to a chain of AccessDecisionVoter, a bit like the ProviderManager delegates to AuthenticationProviders.
affirmatively 肯定地
Most people just use the default AccessDecisionManager which is AffirmativeBased (if any voters return affirmatively then access is granted). Any customization tends to happen in the voters, either adding new ones, or modifying the way that the existing ones work.
veto /ˈviːtəʊ/ 否决 off-the-shelf 现成的;常备的;成品的
in fact a filter can veto the rest of the chain if it wants to handle the request itself.
Spring Boot manages it through 2 mechanisms: one is that @Beans of type Filter can have an @Order or implement Ordered, and the other is that they can be part of a FilterRegistrationBean that itself has an order as part of its API. Some off-the-shelf filters define their own constants to help signal what order they like to be in relative to each other
Spring Session has a DEFAULT_ORDER of Integer.MIN_VALUE + 50, which tells us it likes to be early in the chain, but it doesn’t rule out 排除 other filters coming before it).
vanilla /vəˈnɪlə/ 香子兰,香草 简朴 平常
A vanilla Spring Boot application with no custom security configuration has a several (call it n) filter chains, where usually n=6.
plumbing 管道系统 infrastructure 基础设施;公共建设
This web application is 100% pure Java and you did not have to deal with configuring any plumbing or infrastructure.
This means that all sortable option are valid sortable props with the notable exception of all the method starting by "on" as draggable component expose the same API via events.
It is designed to be very easy to use, and to stay out of your way 别挡你的路
Pyro4 is the predecessor that only gets important bugfixes and security fixes, but is otherwise no longer being improved. New code should use Pyro5 if at all possible.
designed to be very easy to use and get out of your way as much as possible, but still provide a lot of flexibility when you do need it.
remote iterator on-demand item streaming avoids having to create large collections upfront 预付的;在前面的 and transfer them as a whole.
Essentially 本质上
Essentially, Pyro can be used to distribute and integrate various kinds of resources or responsibilities: computational (hardware) resources (cpu, storage, printers), informational resources (data, privileged information) and business logic (departments, domains).
closet 壁橱;议事室,密室;小房间 秘密的,私下的;空谈的
For instance, you could write a simple remote controller for your media server that is running on a machine somewhere in a closet.
heterogeneous /ˌhetərəˈdʒiːniəs/ 由很多种类组成的,混杂的;各种各样的;(化学)不均一的,多相的;(数学)不纯一的,参差的
Finally, Pyro can be a communication glue library to easily integrate various pars of a heterogeneous system, consisting of many different parts and pieces.
obscure 昏暗的,朦胧的;晦涩的,不清楚的
removed some other obscure config items
no support for unsafe serializers AT ALL (pickle, dill, cloudpickle) - only safe serializers (serpent, marshal, json, msgpack)
scattered 分散的;散乱的
values from constants module scattered to various other more relevant modules
This example will show you in a nutshell what it’s like to use Pyro in your programs.
In the source archive there is a directory examples that contains a truckload 大量 of example programs that show the various features of Pyro. If you’re interested in them (it is highly recommended to be so!) you will have to download the Pyro distribution archive.
If you decide to download the distribution (.tar.gz) you have a bunch of extras over simply installing the Pyro library directly
But it is fine for the tutorial, so we leave it as it is 让它顺其自然吧.
amongst 在……当中(等于 among)
There’s another command line tool that let you interact with the name server: “nsc” (name server control tool). You can use it, amongst other things, to see what all known registered objects in the naming server are.
This is mainly for completeness sake 目的
the code is capable of dynamically discovering everything at runtime
follow along with the pyro5 example code to spot the few differences 发现细微的差别
keystrokes 用键盘输入
This way you can get a simple Pyro server plus name server up with just a few keystrokes.
You cannot share Proxy objects among threads. One single thread ‘owns’ a proxy. It is possible to explicitly transfer ownership to another thread.
Consider cleaning up a proxy object explicitly if you know you won’t be using it again in a while. That will free up resources and socket connections. You can do this in two ways:
calling _pyroRelease() on the proxy.
using the proxy as a context manager in a with statement. This is the preffered way of creating and using Pyro proxies. This ensures that when you’re done with it, or an error occurs (inside the with-block), the connection is released:
with Pyro5.api.Proxy(".....") as obj:
obj.method()
Doing many small remote method calls in sequence has a fair amount of latency and overhead支出. Pyro provides a means 手段;方法; to gather all these small calls and submit it as a single ‘batched call’.
The implementation of the things method can return a normal list but can also return an iterator or even be a generator function itself. This has the usual benefits of “lazy” generators: no need to create the full collection upfront which can take a lot of memory, possibility of infinite sequences, and spreading computation load more evenly 均匀地;平衡地.
Miscellaneous 混杂的,各种各样的; features
Pyro provides a few miscellaneous features when dealing with remote method calls. They are described in this section.
hiccup /ˈhɪkʌp/ 打嗝
One possible problems is some sort of network hiccup that makes your call unresponsive because the data never arrived at the server or the response never arrived back to the caller.
Configuring Pyro for several config items that you can use to tweak various server side aspects.
In the spirit of being secure by default本着默认安全的精神, Pyro doesn’t allow remote access to anything of your class unless explicitly told to do so.
dunder -- double underscores
It will never allow remote access to ‘private’ methods and attributes (where ‘private’ means that their name starts with a single or double underscore). There’s a special exception for the regular ‘dunder’ names with double underscores such as len though.
taint 污染;污点
In the case where you cannot or don’t want to change existing source code, it’s not possible to use the @expose decorator to tell Pyro what methods should be exposed. This can happen if you’re dealing with third-party library classes or perhaps a generic module that you don’t want to ‘taint’ with a Pyro dependency because it’s used elsewhere too.
This way you have full control over what exactly is exposed, and what parameter and return value types travel over the wire.
caveat /ˈkæviæt/ 警告
There are a few caveats when using this
cherrypick 择优挑选 cherry 樱桃
You can only expose the class and all its methods as a whole, you can’t cherrypick methods that should be exposed
Very basic method to fire up a daemon that hosts a bunch of objects.
If you need to further tweak the behavior of the daemon, you have to create one yourself first, with the desired configuration.
Intermission 幕间休息;暂停;中断
Intermission: Example 1: server and client not using name server
topology 拓扑学
Avoid circular communication topologies.