更新针对 Spring Security 的 Servlet 的安全保护

servlet/getting-started.md

@@ -33,32 +33,32 @@ Using generated security password: 8e557245-73e2-4286-969a-ff57fe326336
 // FIXME: Link to Spring Boot's Security Auto configuration classes
 // FIXME: Add a links for what user's should do next
 
-Spring Boot automatically:
+Spring Boot 自动配置：
 
-* Enables Spring Security's default configuration, which creates a servlet `Filter` as a bean named `springSecurityFilterChain`.
+* 在 Spring Boot 中启用 Spring Security 的默认配置。这个配置将会创建一个 servlet `Filter`（过滤器），这个 Bean 被命名为 `springSecurityFilterChain`。
-  This bean is responsible for all the security (protecting the application URLs, validating submitted username and passwords, redirecting to the log in form, and so on) within your application.
+  这个 Bean 将会在你的应用中负责所有的安全策略，包括但不限于，保护应用 URLs，对提交的用户名和密码进行校验，重定向登录表单等）。
-* Creates a `UserDetailsService` bean with a username of `user` and a randomly generated password that is logged to the console.
+* 创建一个名为 `UserDetailsService` 的 bean，使用的用户名为  `user`，同时对这个用户生成一个随机的密码，并将这个密码输出到控制台中。
-* Registers the `Filter` with a bean named `springSecurityFilterChain` with the Servlet container for every request.
+* 针对每个请求都会调用的一个被命名为 `springSecurityFilterChain` 的 Bean 到 Servlet 容器的 `Filter`中。
 
-Spring Boot is not configuring much, but it does a lot.
+Spring Boot 并没有配置很多，但是却做了很多。 
-A summary of the features follows:
+主要的一些特性如下：
 
-* Require an authenticated user for any interaction with the application
+* 对所有需要使用的系统用户先进行授权
-* Generate a default login form for you
+* 为你创建一个默认的登录表单
-* Let the user with a username of `user` and a password that is logged to the console to authenticate with form-based authentication (in the preceding example, the password is `8e557245-73e2-4286-969a-ff57fe326336`)
+* 让用户可以使用 `user` 用户名和在控制台中打印的密码进行登录（在这个示例中，密码为 `8e557245-73e2-4286-969a-ff57fe326336`）
-* Protects the password storage with BCrypt
+* 使用 BCrypt 算法对存储的密码进行保护
-* Lets the user log out
+* 让用户可以注销登录
-* https://en.wikipedia.org/wiki/Cross-site_request_forgery[CSRF attack] prevention
+* 阻止 [CSRF 攻击](https://en.wikipedia.org/wiki/Cross-site_request_forgery)
-* https://en.wikipedia.org/wiki/Session_fixation[Session Fixation] protection
+* [固定会话（Session Fixation）](https://en.wikipedia.org/wiki/Session_fixation) 保护
-* Security Header integration
+* Header 的安全整合 
-  ** https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security[HTTP Strict Transport Security] for secure requests
+  * 针对安全请求，使用[HTTP Strict Transport Security](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)
-  ** https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx[X-Content-Type-Options] integration
+  * 集成[X-Content-Type-Options](https://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx)
-  ** Cache Control (can be overridden later by your application to allow caching of your static resources)
+  * 缓存控制（可以在你的应用程序中对这个进行重写，以允许缓存你的静态资源） 
-  ** https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx[X-XSS-Protection] integration
+  * 集成[X-XSS-Protection](https://msdn.microsoft.com/en-us/library/dd565647(v=vs.85).aspx)
-  ** X-Frame-Options integration to help prevent https://en.wikipedia.org/wiki/Clickjacking[Clickjacking]
+  * 集成 X-Frame-Options 来防止点击劫持 [Clickjacking](help prevent https://en.wikipedia.org/wiki/Clickjacking)
-* Integrate with the following Servlet API methods:
+* 集成以下的 Servlet API 方法
-  ** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser()[`HttpServletRequest#getRemoteUser()`]
+  * [`HttpServletRequest#getRemoteUser()`](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getRemoteUser())
-** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal()[`HttpServletRequest.html#getUserPrincipal()`]
+  * [`HttpServletRequest.html#getUserPrincipal()`](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#getUserPrincipal())
-** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String)[`HttpServletRequest.html#isUserInRole(java.lang.String)`]
+  * [`HttpServletRequest.html#isUserInRole(java.lang.String)`](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#isUserInRole(java.lang.String))
-** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String)[`HttpServletRequest.html#login(java.lang.String, java.lang.String)`]
+  * [`HttpServletRequest.html#login(java.lang.String, java.lang.String)`](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#login(java.lang.String,%20java.lang.String))
-  ** https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout()[`HttpServletRequest.html#logout()`]
+  * [`HttpServletRequest.html#logout()`](https://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpServletRequest.html#logout())