翻译原文 没改格式2

外文文献阅读与翻译

外文原文

This and subsequent chapters discuss how to address security requirements in Java EE, web,

and web services applications. Every enterprise that has sensitive resources that can be accessed

by many users, or resources that traverse unprotected, open, networks, such as the Internet,

needs to be protected.

This chapter introduces basic security concepts and security implementation mechanisms.

More information on these concepts and mechanisms can be found in the Security chapter of

the Java EE 5 specification .Thi sdocumen ti savailabl efo rdownloa donlin eat https://www.wendangku.net/doc/222338719.html,/en/jsr/detail?id=244.

Other chapters in this tutorial that address security requirements include the following:

Chapter 29, “Securing Java EE Applications” discus ses adding security to Java EE

components such as enterprise beans and application clients.

Chapter 30, “Securing Web Applications” discusses and provides examples for adding

security to web components such as servlets and JSP pages.

Some of the material in this chapter assumes that you understand basic security concepts. To

learn more about these concepts, you should explore the Java SE security web site before you

begin this chapter. The URL for this site is

https://www.wendangku.net/doc/222338719.html,/javase/6/docs/technotes/guides/security/.

This tutorial assumes deployment onto the Application Server and provides some information

regarding conFig.uratio no fth eApplicatio nServer .Th ebes tsourc efo rinformatio nregarding

conFig.uratio no fth eApplicatio nServer ,however ,i stheSun Java System Application Server 9.1

Administration Guide. The best source for development tips specifi ct oth eApplicatio nServe ris

the Sun Java System Application Server 9.1 Developer’s Guide. The best source for tips on

deploying applications to the Application Server is the Sun Java System Application Server 9.1

Application Deployment Guide.

Overview of Java EE Security

Java EE, web, and web services applications are made up of components that can be deployed

into differen tcontainers .Thes ecomponent sar euse dt obuil d amultitie renterpris eapplication.

Security for components is provided by their containers. A container provides two kinds of

security: declarative and programmatic security.

Declarative security expresses an application component’s security requirements

using

deployment descriptors. Deployment descriptors are external to an application, and include

information that specifie sho wsecurit yrole san dacces srequirement sar emappe dinto

environment-specifi csecurit yroles ,users ,an dpolicies .Fo rmor einformatio nabout

deployment descriptors, read “Using Deployment Descriptors for Declarative Security” on

page 774.

Programmatic security is embedded in an application and is used to make security decisions.

Programmatic security is useful when declarative security alone is not sufficie nt toexpress

the security model of an application. For more information about programmatic security,

read “Using Programmatic Security” on page 776.

Annotations (also called metadata) are used to specify information about security within a

class file .Whe nth eapplicatio ni sdeployed ,thi sinformatio nca neithe rb euse db yor

overridden by the application deployment descriptor. For more information about annotations, read “Using Annotations” on page 775.

A Simple Security Example

The security behavior of a Java EE environment may be better understood by examining what

happens in a simple application with a web client, a JSP user interface, and enterprise bean

business logic.

In the following example, which is taken from JSR-244, the Java EE 5 Specification

(https://www.wendangku.net/doc/222338719.html,/en/jsr/detail?id=244), the web client relies on the web server to act

as its authentication proxy by collecting user authentication data from the client and using it to

establish an authenticated session.

Step 1: Initial Request

In the firs tste po fthi sexample ,th ewe bclien trequest sth emai napplicatio nURL .Thi sactio nis

shown in Fig.ure 28–1.

Since the client has not yet authenticated itself to the application environment, the server

responsible for delivering the web portion of the application (hereafter referred to as web server)

detects this and invokes the appropriate authentication mechanism for this resource. For more

information on these mechanisms, read “Security Implementation Mechanisms” on page 771.

Step 2: Initial Authentication

The web server returns a form that the web client uses to collect authentication data (for

example, user name and password) from the user. The web client forwards the

authentication

data to the web server, where it is validated by the web server, as shown in Fig.ure 28–2.

The validation mechanism may be local to a server, or it may leverage the underlying security

services. On the basis of the validation, the web server sets a credential for the user.

Step 3: URL Authorization

The credential is used for future determinations of whether the user is authorized to access

restricted resources it may request. The web server consults the security policy (derived from

the deployment descriptor) associated with the web resource to determine the security roles

that are permitted access to the resource. The web container then tests the user’s credential

against each role to determine if it can map the user to the role. Fig.ure 28–3 shows this process.

The web server’s evaluation stops with an “is authorized” outcome when the web server is able

to map the user to a role. A “not authorized” outcome is reached if the web server is unable to

map the user to any of the permitted roles.

Step 4: Fulfillin gth eOrigina lRequest

If the user is authorized, the web server returns the result of the original URL request, as shown

in Fig.ure 28–4.

In our example, the response URL of a JSP page is returned, enabling the user to post form data

that needs to be handled by the business logic component of the application. Read Chapter 30,

“Securing Web Applications” for more information on protecting web applications.

Step 5: Invoking Enterprise Bean Business Methods

The JSP page performs the remote method call to the enterprise bean, using the user’s credential

to establish a secure association between the JSP page and the enterprise bean (as shown in

Fig.ure 28–5). The association is implemented as two related security contexts, one in the web

server and one in the EJB container.

The EJB container is responsible for enforcing access control on the enterprise bean method. It

consults the security policy (derived from the deployment descriptor) associated with the

enterprise bean to determine the security roles that are permitted access to the method. For

each role, the EJB container uses the security context associated with the call to determine if it

can map the caller to the role.

The container’s evaluation stops with an “is authorized” outcome when the container is able to

m ap the caller’s credential to a role. A “not authorized” outcome is reached if the container is

unable to map the caller to any of the permitted roles. A “not authorized” result causes an

exception to be thrown by the container, and propagated back to the calling JSP page.

If the call is authorized, the container dispatches control to the enterprise bean method. The

result of the bean’s execution of the call is returned to the JSP, and ultimately to the user by the

web server and the web client.

Read Chapte r 29, “Securing Java EE Applications” for more information on protecting web

applications.

Security Functions

A properly implemented security mechanism will provide the following functionality:

Prevent unauthorized access to application functions and business or personal data Hold system users accountable for operations they perform (non-repudiation)

Protect a system from service interruptions and other breaches that affec tqualit yo fservice

Ideally, properly implemented security mechanisms will also provide the following

functionality:

Easy to administer

Transparent to system users

Interoperable across application and enterprise boundaries

Characteristics of Application Security

Java EE applications consist of components that can contain both protected and unprotected

resources. Often, you need to protect resources to ensure that only authorized users have access.

Authorization provides controlled access to protected resources. Authorization is based on

identificatio nan dauthentication.Identificationis a process that enables recognition of an entity

by a system, and authentication is a process that verifie sth eidentit yo f

auser ,device ,o rother

entity in a computer system, usually as a prerequisite to allowing access to resources in a system.

Authorization and authentication are not required for an entity to access unprotected

resources. Accessing a resource without authentication is referred to as unauthenticated or

anonymous access.

These and several other well-define dcharacteristic so fapplicatio nsecurit

ythat ,whe nproperly

addressed, help to minimize the security threats faced by an enterprise, include the following:

Authentication: The means by which communicating entities (for example, client and

server) prove to one another that they are acting on behalf of specifi cidentitie stha

tare

authorized for access. This ensures that users are who they say they are.

Authorization, or Access Control: The means by which interactions with resources are

limited to collections of users or programs for the purpose of enforcing integrity, confidentiality ,o ravailabilit yconstraints .Thi sensure stha tuser shav epermissio nto

perform operations or access data.

Data integrity: The means used to prove that information has not been modifie db y athird

party (some entity other than the source of the information). For example, a recipient of

data sent over an open network must be able to detect and discard messages that were

modifie dafte rthe ywer esent .Thi sensure stha tonl yauthorize duser sca nmodif ydata.

Confidentialityor Data Privacy: The means used to ensure that information is made

available only to users who are authorized to access it. This ensures that only authorized

users can view sensitive data.

Non-repudiation: The means used to prove that a user performed some action such that the

user cannot reasonably deny having done so. This ensures that transactions can be proven to

have happened.

Quality of Service (QoS): The means used to provide better service to selected network

traff icov ervario ustechnologies. Auditing: The means used to capture a

tamper-resistant record of securityrelated events for

the purpose of being able to evaluate the effectivenes so fsecurit ypolicie san dmechanisms.

To enable this, the system maintains a record of transactions and security information.

Security Implementation Mechanisms

The characteristics of an application should be considered when deciding the layer and type of

security to be provided for applications. The following sections discuss the characteristics of the

common mechanisms that can be used to secure Java EE applications. Each of these

mechanisms can be used individually or with others to provide protection layers based on the

specifi cneed so fyou rimplementation.

Java SE Security Implementation Mechanisms

Java SE provides support for a variety of security features and mechanisms, including:

Java Authentication and Authorization Service (JAAS): JAAS is a set of APIs that enable

services to authenticate and enforce access controls upon users. JAAS provides a pluggable

and extensible framework for programmatic user authentication and authorization.

JAAS is

a core Java SE API and is an underlying technology for Java EE security mechanisms.

Java Generic Security Services (Java GSS-API): Java GSS-API is a token-based API used to

securely exchange messages between communicating applications. The GSS-API offers

application programmers uniform access to security services atop a variety of underlying

security mechanisms, including Kerberos.

Java Cryptography Extension (JCE): JCE provides a framework and implementations for

encryption, key generation and key agreement, and Message Authentication Code (MAC)

algorithms. Support for encryption includes symmetric, asymmetric, block, and stream

ciphers. Block ciphers operate on groups of bytes while stream ciphers operate on one byte

at a time. The software also supports secure streams and sealed objects.

Java Secure Sockets Extension (JSSE): JSSE provides a framework and an implementation

for a Java version of the SSL and TLS protocols and includes functionality for data

encryption, server authentication, message integrity, and optional client authentication to

enable secure Internet communications.

Simple Authentication and Security Layer (SASL): SASL is an Internet standard (RFC

2222) that specifie s aprotoco lfo rauthenticatio nan doptiona lestablishmen to f asecurity

layer between client and server applications. SASL define sho wauthenticatio ndat ai st obe

exchanged but does not itself specify the contents of that data. It is a framework into which

specifi cauthenticatio nmechanism stha tspecif yth econtent san dsemantic so fthe authentication data can fit.

Java SE also provides a set of tools for managing keystores, certificates ,an dpolic yfiles;

generating and verifying JAR signatures; and obtaining, listing, and managing Kerberos tickets. For more information on Java SE security, visit its web page at https://www.wendangku.net/doc/222338719.html,/javase/6/docs/technotes/guides/security/.

Java EE Security Implementation Mechanisms

Java EE security services are provided by the component container and can be implemented

using declarative or programmatic techniques (container security is discussed more in

“Securing Containers” on page 774). Java EE security services provide a robust and easily

conFig.ure dsecurit ymechanis mfo rauthenticatin guser san dauthorizin gacces st oapplication

functions and associated data at many differen tlayers .Jav aE Esecurit yservice sar eseparate

from the security mechanisms of the operating system.

Application-Layer Security

In Java EE, component containers are responsible for providing application-layer security.

Application-layer security provides security services for a specifi capplicatio ntyp etailore dto

the needs of the application. At the application layer, application firewall sca nb eemploye dto

enhance application protection by protecting the communication stream and all associated

application resources from attacks.

Java EE security is easy to implement and conFig.ure ,an dca noff erfine-grai nedacc esscont rolto

application functions and data. However, as is inherent to security applied at the application

layer, security properties are not transferable to applications running in other environments

and only protect data while it is residing in the application environment. In the context of a

traditional application, this is not necessarily a problem, but when applied to a web services

application, where data often travels across several intermediaries, you would need to use the

Java EE security mechanisms along with transport-layer security and

message-layer security for

a complete security solution.

The advantages of using application-layer security include the following: Security is uniquely suited to the needs of the application.

Security is fine-grained ,wit happlication-specif icsettings.

The disadvantages of using application-layer security include the following: The application is dependent on security attributes that are not transferable between

application types.

Support for multiple protocols makes this type of security vulnerable.

Data is close to or contained within the point of vulnerability.

For more information on providing security at the application layer, read “Securing

Containers” on page 774.

外文翻译

安全介绍在Java EE平台

随后章节谈论如何针对在Java EE，网络服务应用的安全要求。有敏感资源可以由许多用户访问的无保护，开放，网络，例如互联网，需要被保护的企业或者资源。

这个章节介绍基本安全概念和安全实施机制。关于这些概念和机制的更多信息可以在Java EE 5规格的安全章节找到。本文在网上可以下载在。

针对安全要求在本指南的其他章节包括以下：

第29部分，获取Java EE应用谈论增加安全到Java EE例如企业应用程序客户端。

第30部分，获取Web应用程序为增加安全谈论并且提供例子到网组分例如JSP页。

材料的一些信息在本章的假设，您了解基本安全概念。在您开始本章之前，要学会更多关于这些概念，您应该探索Java SE安全网站。这个站点的URL是https://www.wendangku.net/doc/222338719.html,/javase/6/docs/technotes/guides/security/。

这里讲解假设在应用服务器上的部署并且提供关于应用服务器的配置的一些信息。关于应用服务器的配置的信息最佳的来源，然而，是Java系统应用服务器9.1管理指南。发展技巧的最佳的来源具体对应用服务器是Java系统应用服务器9.1 Developer指南。技巧的最佳的来源在应用服务器的部署的应用是Java

系统应用服务器9.1应用程序配置指南。

Java EE安全概要

Java EE，网和网服务应用可以部署入不同的容器的由组分做成。这些组分被用于建立一种多层企业应用。他们的容器提供组分的安全。容器提供二安全：宣示和纲领性安全。

使用部署描述符，Declarative安全表达应用component安全要求。部署描述符是外在的对应用，并且包括指定的信息安全角色和通入要求怎么被映射入环

境具体安全角色、用户和政策。关于部署描述符的更多信息，读使用部署描述符为宣示安全。

Programmatic安全在应用被埋置和被用于做出安全决定。当单独宣示安全不是充足表达应用的安全模型时，纲领性安全是有用的。使用纲领性安全，关于纲领性安全的更多信息，读。

Annotations (也称变数据)被用于指定关于安全的信息在类文件之内。当应用部署时，这信息可能使用由或由应用程序配置描述符忽略。关于注释的更多信息，读使用注释。

简单的安全例子

Java EE环境的安全行为也许通过审查什么更好了解在与网络客户端、JSP 用户界面和企业逻辑的一种简单的应用发生。

I在以下例子，从JSR-244被采取，Java EE 5规格，网络客户端依靠网络服务器作为它的认证代理人通过收集用户认证数据从客户和使用它建立一个被证实的会话。

Step 1：最初的请求

第一步这个例子，网络客户端请求主要应用URL。这次行动在表28-1显示。

Fig.ure 28-1最初的请求

因为客户未证实自己对应用程序环境，服务器负责对提供应用的网部分(此后指网络服务器)查出此并且祈求这种资源的适当的认证机构。关于这些机制的更多信息，读安全实施机制。

Step 2 ：最初的认证

网络服务器退回网络客户端使用从用户收集认证数据的形式(例如，用户名和密码)。网络客户端寄认证数据给网络服务器，如图28-2所显示，它由网络服务

器确认。

Fig.ure 28-2最初的认证

检验机制也许是地方的对服务器，或者它也许支持部下的安全部门。根据检验，网络服务器设置用户的一个证件。

Step 3：URL授权它也许请求的证件为未来决心使用用户是否被批准访问有限的资源。网络服务器咨询安全策略(获得从部署描述符)与网资源相关确定是对资源的被允许的通入的安全角色。网容器然后测试user证件反对每个角色确定它是否可能映射用户到角色。图28-3显示这个过程。

Fig.ure 28-3 URL授权

当网络服务器能映射用户到角色时，网络服务器评估停止与“is authorized”结果。如果网络服务器无法映射用户到任何被允许的角色，“not authorized”结果被到达。

Step 4 ：履行原始请求用户被批准的If，网络服务器如图28-4所显示，退回原始的URL请求的结果。

Fig.ure履行原始请求的28-4

在我们的例子中，JSP页的反应URL返回，使用户张贴需要由应用的企业逻辑组分处理的形式数据。读第30章，获取Web应用程序关于保护的Web应用程序的更多信息。

Step 5：企业营业方法

The JSP页执行遥远的方法电话对企业，使用user证件建立在JSP页和企业之间的一个安全协会如图28-5所显示，协会被实施作为二相关的安全上下文，一在网络服务器和一在EJB容器。

Fig.ure 28-5企业营业方法

EJB容器对强制执行在企业的存取控制负责。它咨询安全策略(获得从部署描述符)与企业相关确定是对方法的被允许的通入的安全角色。为每个角色，EJB容器使用安全上下文与电话相关确定它是否可能映射访问者到角色。

当容器能映射caller证件到角色时，The container评估停止与“is authorized”结果。如果容器无法映射访问者到任何被允许的角色，“not authorized”结果被到达。“not authorized”结果造成一个例外由容器投掷和被繁殖回到JSP页。

如果电话被批准，容器派遣控制对企业方法。电话的施行的结果返回到JSP 和终于到用户由网络服务器和网络客户端。

Read第29章，获取Java EE应用关于保护的Web应用程序的更多信息。

Security作用

适当地被实施的安全机制将提供以下功能：

系统用户对他们进行的操作负有责任(non-repudiation)

影响服务质量的Protect从服务中断的一个系统和其他突破口

适当地被实施的安全机制也将提供以下功能：

执行简单

对系统用户的Transparent

横跨应用和企业界限的Interoperable

应用程序安全Characteristics

Java EE应用包括可能包含被保护的和无保护的资源。通常，您需要保护资源保证只有授权用户得以进入。授权提供对被保护的资源的控制进入。授权根据证明和认证。证明是由系统使能个体公认的过程，并且认证通常是核实一名用户、设备，或者在计算机系统的其他个体的身份的过程，作为对允许进入系统的一个前提。

认证没有对于个体是必需的访问无保护的资源。访问资源，不用认证指未经鉴定或匿名通入。

这些方法帮助使企业面对的安全威胁减到最小，包括以下应用程序安全的几个其他明确定义的特征：

Authentication：沟通的个体的手段(例如，客户端和服务器证明代表为通入被批准的具体身分行动。这保证用户是谁他们说他们是。

Authorization或者存取控制：与资源的互作用被限制到用户的汇集或节目为强制执行正直、机密或者可及性限制的目的手段。这保证用户有允许执行操作或通入数据。

数据库：被用于证明的手段，第三方未修改信息(除信息之外的来源的某一个体)。例如，数据的接收者被送在一个开型网络一定能查出和放弃修改的消息，在送了之后他们。这保证只有授权用户能修改数据。

数据保密性：被用于的手段保证信息安排仅可用被批准访问它的用户。这保

证只有授权用户能观看敏感数据。

Non-repudiation ：被用于的手段证明，用户进行了一些行动这样用户不可能合理地否认如此做。这保证交易可以证实发生了。

服务质量：被用于的手段为在各种各样的技术的选择的网络信息流通量提供更好的服务。

Auditing：被用于的手段为的目的夺取与安全相关的事件一个窜改抗性纪录能评估安全策略和机制的有效率。要使能此，系统维护交易和担保信息纪录。

安全实施机制应用的The特征，当决定为应用时，将提供的安全的层数和类型应该考虑。以下部分谈论可以被用于获取Java EE应用共同的机制的特征。这些机制中的每一个可以用于单独地或与其他提供根据您的实施的具体需要的保护层数。

Java SE安全实施机制

Java SE为各种各样的安全特点和机制提供支持，包括：

Java认证和授权服务(JAAS)：JAAS是使服务证实和强制执行存取控制在用户的一套APIs。 JAAS为纲领性用户认证和授权提供一个可插入和延伸性框架。JAAS是核心Java SE API并且是Java EE安全机制的部下的技术。

Java普通安全部门(Java GSS-API)：Java GSS-API是基于象征的API安全地用于在沟通的应用之间的交换消息。 GSS-API提供应用程序员对安全部门的一致的通入在各种各样部下的安全机制上面，包括Kerberos。

Java密码学引伸(JCE)：JCE为加密提供一个框架和实施、关键字生成和关键协议和信息验证代码(MAC)算法。支持加密包括相称，不对称，块和流密码。当流密码每次时，起作用一个字节分组密码起作用小组字节。软件也支持安全小河和被密封的对象。

Java获取插口引伸(JSSE)：SSE为SSL和TLS协议的Java版本提供一个框架和实施并且包括资料加密、服务器认证、消息完整性和任意客户端认证的功能能使能安全互联网通信。

2.英文翻译格式和要求

英文 小四号字，单倍行距，首行缩进2个字符，不能定义文档网格。约3千英文单词。 MCU Description SCM is also known as micro-controller (Microcontroller Unit), commonly used letters of the acronym MCU MCU that it was first used in industrial control. Only a single chip by the CPU chip developed from a dedicated processor. The first design is by a large number of peripherals and CPU on a chip in the computer system, smaller, more easily integrated into a complex and demanding on the volume control device which. INTEL's Z80 is the first designed in accordance with this idea processor, then on the development of microcontroller and dedicated processors have parted ways. 一、SCM history SCM was born in the late 20th century, 70, experienced SCM, MCU, SoC three stages. SCM the single chip microcomputer (Single Chip Microcomputer) stage, mainly seeking the best of the best single form of embedded systems architecture. "Innovation model" success, laying the SCM and general computer completely different path of development. In the open road of independent development of embedded systems, Intel Corporation contributed. MCU the micro-controller (Micro Controller Unit) stage, the main direction of technology development: expanding to meet the embedded applications, the target system requirements for the various peripheral circuits and interface circuits, highlight the object of intelligent control.It involves the areas associated with the object system, therefore,the development of MCU's responsibility inevitably falls on electrical, electronics manufacturers. From this point of view, Intel faded MCU development has its objective factors. In the development of MCU, the most famous manufacturers as the number of Philips Corporation. Philips company in embedded applications, its great advantage, the MCS-51 single-chip micro-computer from the rapid development of the micro-controller. Therefore, when we look back at the path of development of embedded systems, do not forget Intel and Philips in History. 二、Embedded Systems Embedded system microcontroller is an independent development path, the MCU important factor in the development stage, is seeking applications to maximize the solution on the chip; Therefore, the development of dedicated single chip SoC trend of the natural form. As the microelectronics, IC design, EDA tools development, application system based on MCU SoC design have greater development. Therefore, the understanding of the microcontroller chip microcomputer can be, extended to the single-chip micro-controller applications. 三、MCU applications SCM now permeate all areas of our lives, which is almost difficult to find traces of the field without SCM. Missile navigation equipment, aircraft, all types of instrument control, computer network communications and data transmission, industrial automation, real-time process control and data processing, extensive use of various smart IC card, civilian luxury car security system, video recorder, camera, fully automatic washing machine control, and program-controlled toys, electronic pet, etc., which are inseparable from the microcontroller. Not to mention the area of robot control, intelligent instruments, medical equipment was. Therefore, the MCU learning, development and application of the large number of computer applications and

ASP外文翻译原文

https://www.wendangku.net/doc/222338719.html, https://www.wendangku.net/doc/222338719.html, 是一个统一的 Web 开发模型，它包括您使用尽可能少的代码生成企业级 Web 应用程序所必需的各种服务。https://www.wendangku.net/doc/222338719.html, 作为 .NET Framework 的一部分提供。当您编写 https://www.wendangku.net/doc/222338719.html, 应用程序的代码时，可以访问 .NET Framework 中的类。您可以使用与公共语言运行库 (CLR) 兼容的任何语言来编写应用程序的代码，这些语言包括 Microsoft Visual Basic、C#、JScript .NET 和 J#。使用这些语言，可以开发利用公共语言运行库、类型安全、继承等方面的优点的https://www.wendangku.net/doc/222338719.html, 应用程序。 https://www.wendangku.net/doc/222338719.html, 包括： ?页和控件框架 ?https://www.wendangku.net/doc/222338719.html, 编译器 ?安全基础结构 ?状态管理功能 ?应用程序配置 ?运行状况监视和性能功能 ?调试支持 ?XML Web services 框架 ?可扩展的宿主环境和应用程序生命周期管理 ?可扩展的设计器环境 https://www.wendangku.net/doc/222338719.html, 页和控件框架是一种编程框架，它在 Web 服务器上运行，可以动态地生成和呈现 https://www.wendangku.net/doc/222338719.html, 网页。可以从任何浏览器或客户端设备请求 https://www.wendangku.net/doc/222338719.html, 网页，https://www.wendangku.net/doc/222338719.html, 会向请求浏览器呈现标记（例如 HTML）。通常，您可以对多个浏览器使用相同的页，因为 https://www.wendangku.net/doc/222338719.html, 会为发出请求的浏览器呈现适当的标记。但是，您可以针对诸如 Microsoft Internet Explorer 6 的特定浏览器设计https://www.wendangku.net/doc/222338719.html, 网页，并利用该浏览器的功能。https://www.wendangku.net/doc/222338719.html, 支持基于 Web 的设备（如移动电话、手持型计算机和个人数字助理 (PDA)）的移动控件。

外文翻译 (2)

外文翻译： 会计081班顾洁芳0804002244 Stock:Expected and unexpected return To begin, for concreteness, we consider the return on the stock of a company called Flyers. What will determine this stock’s return in, say, the coming year? The return on any stock traded in a financial market is composed of two parts. First, the normal, or expected, return from the stock is the part of the return that shareholders in the market predict or expect. This return depends on the information shareholders have that bears on the stock, and it is based on the market’s understanding today of the important factors that will influence the stock in the coming year. The second part of the return on the stock is the uncertain, or risky, part. This is the portion that comes from unexpected information revealed within the year. A list of all possible sources of such information would be endless, bet here are a few examples: News about Flyers research Government figures released on gross domestic product (GDP) The results from the latest arms control talks The news that Flyers’s sales figures are higher tan expected A sudden, unexpected drop in interest rates Based on this discussion, one way to express the return on Flyers stock in the coming year would be: Total return = expected return + unexpected return R = E (R) + U Where R stands for the actual total return in the year, E(R) stands for the expected part of the return, and U stands for the unexpected part of the return. What this says is that the actual return, R, differs from the expected return, E(R), because of surprises that occur during the year. In any given year, the unexpected return will be positive or negative, but, through time, the average value of U will be zero. This simply means that on average, the actual return equals the expected return. Risk: systematic and unsystematic The unanticipated part of the return, that portion resulting from surprises, is the true risk of any investment. After all, if we always receive exactly what we expect, then the investment is perfectly predictable and by definition, risk-free. In other words, the risk of owning an asset comes from surprises-unanticipated events. There are important differences, though, among various sources of risk. Look back at our previous list of news stories. Some of these stories are directed specifically at Flyers, and some are more general. Which of the news items are of specific importance to Flyers? Announcements about interest rates or GDP are clearly important for nearly all companies, whereas the news about Flyers’s president, its research, or its sales is of specific interest to Flyers. We will distinguish between these

毕业设计外文翻译原文.

Optimum blank design of an automobile sub-frame Jong-Yop Kim a ,Naksoo Kim a,*,Man-Sung Huh b a Department of Mechanical Engineering,Sogang University,Shinsu-dong 1,Mapo-ku,Seoul 121-742,South Korea b Hwa-shin Corporation,Young-chun,Kyung-buk,770-140,South Korea Received 17July 1998 Abstract A roll-back method is proposed to predict the optimum initial blank shape in the sheet metal forming process.The method takes the difference between the ?nal deformed shape and the target contour shape into account.Based on the method,a computer program composed of a blank design module,an FE-analysis program and a mesh generation module is developed.The roll-back method is applied to the drawing of a square cup with the ˉange of uniform size around its periphery,to con?rm its validity.Good agreement is recognized between the numerical results and the published results for initial blank shape and thickness strain distribution.The optimum blank shapes for two parts of an automobile sub-frame are designed.Both the thickness distribution and the level of punch load are improved with the designed blank.Also,the method is applied to design the weld line in a tailor-welded blank.It is concluded that the roll-back method is an effective and convenient method for an optimum blank shape design.#2000Elsevier Science S.A.All rights reserved. Keywords:Blank design;Sheet metal forming;Finite element method;Roll-back method

图像处理外文翻译 (2)

附录一英文原文 Illustrator software and Photoshop software difference Photoshop and Illustrator is by Adobe product of our company, but as everyone more familiar Photoshop software, set scanning images, editing modification, image production, advertising creative, image input and output in one of the image processing software, favored by the vast number of graphic design personnel and computer art lovers alike. Photoshop expertise in image processing, and not graphics creation. Its application field, also very extensive, images, graphics, text, video, publishing various aspects have involved. Look from the function, Photoshop can be divided into image editing, image synthesis, school tonal color and special effects production parts. Image editing is image processing based on the image, can do all kinds of transform such as amplifier, reducing, rotation, lean, mirror, clairvoyant, etc. Also can copy, remove stain, repair damaged image, to modify etc. This in wedding photography, portrait processing production is very useful, and remove the part of the portrait, not satisfied with beautification processing, get let a person very satisfactory results. Image synthesis is will a few image through layer operation, tools application of intact, transmit definite synthesis of meaning images, which is a sure way of fine arts design. Photoshop provide drawing tools let foreign image and creative good fusion, the synthesis of possible make the image is perfect. School colour in photoshop with power is one of the functions of deep, the image can be quickly on the color rendition, color slants adjustment and correction, also can be in different colors to switch to meet in different areas such as web image design, printing and multimedia application. Special effects production in photoshop mainly by filter, passage of comprehensive application tools and finish. Including image effects of creative and special effects words such as paintings, making relief, gypsum paintings, drawings, etc commonly used traditional arts skills can be completed by photoshop effects. And all sorts of effects of production are

英文翻译格式要求

河北建筑工程学院 毕业设计（论文）外文资料翻译 系别：机械工程系 专业：机械电子工程 班级：机电（本）091 姓名：张少强 学号： 2009322110 外文出处：English in Mechanical and Electrical Engineering 附件：1、外文原文；2、外文资料翻译译文。 指导教师评语： 签字： 年月日 金属热处理 普遍接受的金属和金属合金的热处理定义是“在某种程度上加热和冷却金属或金属合金，以获得特定的条件和属性。”加热的唯一目的是进行热加工，锻造操作是被排除在这个定义之外的。热处理有时候也用产品表示，同样玻璃和塑料也被排除在这个定义之外。 变换曲线 热处理的基础是在一个单一的图表上绘制的包含三个所有的等温转变曲线或TTT曲线。因为曲线的形状，他们有时候也称为c曲线或s曲线。 TTT曲线绘制，特定的钢在给定的条件下和预定的时间间隔内记录以检查的组织结构转换的

数量。众所周知共析钢（T80）在超过723℃形成的是奥氏体，在此温度下形成的是珠光体。为了形成珠光体碳原子应该分散形成渗碳体。扩散是一个过程需要足够的时间来完成奥氏体向珠光体的转变。我们可以注意到在不同的样本内在任何的温度下数量都在发生变化。这些点被绘制在以时间和温度为轴的坐标内。通过这些点共析钢的变换曲线如图1所示。曲线的左极端代表在任何给定的温度下奥氏体向珠光体的转变。同样的右极端代表完成所需要的时间。这两个曲线之间转换的点代表部分转换。水平线条s M和f M发代表开始和完成的马氏体转变。 热处理工艺的分类 在某些情况下，热处理在技术和使用程序上是分开的。而在其他情况下，,描述或简单的解释是不够的，因为相同的技术常常可以获得不同的目标。例如，应力消除和回火需要相同的设备和利用相同时间和温度循环。然而这是两个不同的过程。 图8.1 T80钢在等温间隔下的热处理图 以下对热处理的描述主要是根据他们之间的关系来安排的。正火指加热铁合金到高于它转变温度上的一个合适温度(通常是50°F到100°F或28℃到56℃)。接下来是在精致空气至少是在低于其转变温度范围下冷却。由此产生的结构和性能和通过完全退火是一样的。对大多数铁合金来说正火和退火是不一样的。 正火通常被用作调节处理，尤其是没有经过高温锻造或其他热加工的精炼粒钢。正火的成功通常由另一个热处理来完成如奥氏体化的淬火、退火或回火。 退火是一个通用术语，它表示一个热处理，包括加热和保持在一个合适的温度后以一个合适的冷却速度冷却。它主要用来软化金属材料，但它同时也会产生其他属性或期望的微观结构。

英文翻译与英文原文.陈--

翻译文献：INVESTIGATION ON DYNAMIC PERFORMANCE OF SLIDE UNIT IN MODULAR MACHINE TOOL （对组合机床滑台动态性能的调查报告） 文献作者：Peter Dransfield, 出处：Peter Dransfield, Hydraulic Control System-Design and Analysis of TheirDynamics, Springer-Verlag, 1981 翻译页数：p139—144 英文译文： 对组合机床滑台动态性能的调查报告 【摘要】这一张纸处理调查利用有束缚力的曲线图和状态空间分析法对组合机床滑台的滑动影响和运动平稳性问题进行分析与研究，从而建立了滑台的液压驱动系统一自调背压调速系统的动态数学模型。通过计算机数字仿真系统，分析了滑台产生滑动影响和运动不平稳的原因及主要影响因素。从那些中可以得出那样的结论，如果能合理地设计液压缸和自调背压调压阀的结构尺寸. 本文中所使用的符号如下： s1-流源，即调速阀出口流量； S el—滑台滑动摩擦力 R一滑台等效粘性摩擦系数： I1—滑台与油缸的质量 12—自调背压阀阀心质量 C1、c2—油缸无杆腔及有杆腔的液容； C2—自调背压阀弹簧柔度； R1, R2自调背压阀阻尼孔液阻， R9—自调背压阀阀口液阻 S e2—自调背压阀弹簧的初始预紧力； I4, I5—管路的等效液感 C5、C6—管路的等效液容： R5, R7-管路的等效液阻； V3, V4—油缸无杆腔及有杆腔内容积； P3, P4—油缸无杆腔及有杆腔的压力 F—滑台承受负载， V—滑台运动速度。本文采用功率键合图和状态空间分折法建立系统的运动数学模型，滑台的动态特性可以能得到显著改善。

外文翻译

Journal of Industrial Textiles https://www.wendangku.net/doc/222338719.html,/ Optimization of Parameters for the Production of Needlepunched Nonwoven Geotextiles Amit Rawal, Subhash Anand and Tahir Shah 2008 37: 341Journal of Industrial Textiles DOI: 10.1177/1528083707081594 The online version of this article can be found at: https://www.wendangku.net/doc/222338719.html,/content/37/4/341 Published by: https://www.wendangku.net/doc/222338719.html, can be found at:Journal of Industrial TextilesAdditional services and information for https://www.wendangku.net/doc/222338719.html,/cgi/alertsEmail Alerts: https://www.wendangku.net/doc/222338719.html,/subscriptionsSubscriptions: https://www.wendangku.net/doc/222338719.html,/journalsReprints.navReprints: https://www.wendangku.net/doc/222338719.html,/journalsPermissions.navPermissions: https://www.wendangku.net/doc/222338719.html,/content/37/4/341.refs.htmlCitations: - Mar 28, 2008Version of Record >>

汉译英格式规范

汉译英翻译格式规范 I 格式规范 1. 正文标题、机构名称、图表格名称和表头中所有单词（除虚词外）的首字母均大 写；但标题为句子的情况除外； 2. 译文中出现的标准、规范名称，单独出现时每个单词首字母均应大写并斜体，不 加引号；在表格中出现时不用斜体； 3. 摄氏度符号统一从“符号”“Times new roman”中找到“°”（位于最右一列）插 入，然后在后面加上大写“C”，即“°C”； 4. 排比和并列的内容，标点应统一。一般做法是中间采用“;”，最后一个采用“.”， 最后一个与倒数第二个之间用“; and”； 5. 数值范围的表示形式应是：110-220 kV，而不是110 kV～220 kV；注意：数字和 连字符之间没有空格，数字和单位之间有空格数字与单位之间要加一个空格，但“°C”、“°F”和“%”除外； 6. 在英文中，百分号应采用英文半角“%”，而不可采用中文全角“%”； 7. 公式中的符号从“插入公式”中选择； 8. 文本框中第一个单词首字母大写； 9. 1号机组和2号机组、一期和二期的表示方法：Unit 1 & 2；Phase I & II； 10. 第x条（款、项）和第y条（款、项）的表示方法：Article x and Article y，即表 示条（款、项）的词不能省略； 11. 文件中出现公式时，公式后说明性文字的“其中”、“式中”统一译为“Where:”， 注意其后加冒号；对公式中的字母和符号进行解释时，采用“-”，其前后均不空格，“-”后的首字母为小写；公式后的说明要用分号，最后采用句号。例如： Where: F sc-short circuit current force (lb/ft); V-velocity; P-gas density. 12. 冒号后首字母小写； 13. 大于号、小于号、等号两边均有空格； 14. 表格的标题和标题栏字体加粗； 15. 注意上下标与原文一致； 16. 直径符号φ的输入方法：插入，符号，字体选择Symbol，然后选择输入φ，并采用 斜体；

外文翻译原文

204/JOURNAL OF BRIDGE ENGINEERING/AUGUST1999

JOURNAL OF BRIDGE ENGINEERING /AUGUST 1999/205 ends.The stress state in each cylindrical strip was determined from the total potential energy of a nonlinear arch model using the Rayleigh-Ritz method. It was emphasized that the membrane stresses in the com-pression region of the curved models were less than those predicted by linear theory and that there was an accompanying increase in ?ange resultant force.The maximum web bending stress was shown to occur at 0.20h from the compression ?ange for the simple support stiffness condition and 0.24h for the ?xed condition,where h is the height of the analytical panel.It was noted that 0.20h would be the optimum position for longitudinal stiffeners in curved girders,which is the same as for straight girders based on stability requirements.From the ?xed condition cases it was determined that there was no signi?cant change in the membrane stresses (from free to ?xed)but that there was a signi?cant effect on the web bend-ing stresses.Numerical results were generated for the reduc-tion in effective moment required to produce initial yield in the ?anges based on curvature and web slenderness for a panel aspect ratio of 1.0and a web-to-?ange area ratio of 2.0.From the results,a maximum reduction of about 13%was noted for a /R =0.167and about 8%for a /R =0.10(h /t w =150),both of which would correspond to extreme curvature,where a is the length of the analytical panel (modeling the distance be-tween transverse stiffeners)and R is the radius of curvature.To apply the parametric results to developing design criteria for practical curved girders,the de?ections and web bending stresses that would occur for girders with a curvature corre-sponding to the initial imperfection out-of-?atness limit of D /120was used.It was noted that,for a panel with an aspect ratio of 1.0,this would correspond to a curvature of a /R =0.067.The values of moment reduction using this approach were compared with those presented by Basler (Basler and Thurlimann 1961;Vincent 1969).Numerical results based on this limit were generated,and the following web-slenderness requirement was derived: 2 D 36,500a a =1?8.6?34 (1) ? ??? t R R F w ?y where D =unsupported distance between ?anges;and F y =yield stress in psi. An extension of this work was published a year later,when Culver et al.(1973)checked the accuracy of the isolated elas-tically supported cylindrical strips by treating the panel as a unit two-way shell rather than as individual strips.The ?ange/web boundaries were modeled as ?xed,and the boundaries at the transverse stiffeners were modeled as ?xed and simple.Longitudinal stiffeners were modeled with moments of inertias as multiples of the AASHO (Standard 1969)values for straight https://www.wendangku.net/doc/222338719.html,ing analytical results obtained for the slenderness required to limit the plate bending stresses in the curved panel to those of a ?at panel with the maximum allowed out-of-?atness (a /R =0.067)and with D /t w =330,the following equa-tion was developed for curved plate girder web slenderness with one longitudinal stiffener: D 46,000a a =1?2.9 ?2.2 (2) ? ? ? t R f R w ?b where the calculated bending stress,f b ,is in psi.It was further concluded that if longitudinal stiffeners are located in both the tension and compression regions,the reduction in D /t w will not be required.For the case of two stiffeners,web bending in both regions is reduced and the web slenderness could be de-signed as a straight girder panel.Eq.(1)is currently used in the ‘‘Load Factor Design’’portion of the Guide Speci?cations ,and (2)is used in the ‘‘Allowable Stress Design’’portion for girders stiffened with one longitudinal stiffener.This work was continued by Mariani et al.(1973),where the optimum trans-verse stiffener rigidity was determined analytically. During almost the same time,Abdel-Sayed (1973)studied the prebuckling and elastic buckling behavior of curved web panels and proposed approximate conservative equations for estimating the critical load under pure normal loading (stress),pure shear,and combined normal and shear loading.The linear theory of shells was used.The panel was simply supported along all four edges with no torsional rigidity of the ?anges provided.The transverse stiffeners were therefore assumed to be rigid in their directions (no strains could be developed along the edges of the panels).The Galerkin method was used to solve the governing differential equations,and minimum eigenvalues of the critical load were calculated and presented for a wide range of loading conditions (bedding,shear,and combined),aspect ratios,and curvatures.For all cases,it was demonstrated that the critical load is higher for curved panels over the comparable ?at panel and increases with an increase in curvature. In 1980,Daniels et al.summarized the Lehigh University ?ve-year experimental research program on the fatigue behav-ior of horizontally curved bridges and concluded that the slen-derness limits suggested by Culver were too severe.Equations for ‘‘Load Factor Design’’and for ‘‘Allowable Stress Design’’were developed (respectively)as D 36,500a =1?4?192(3)? ?t R F w ?y D 23,000a =1?4 ?170 (4) ? ? t R f w ?b The latter equation is currently used in the ‘‘Allowable Stress Design’’portion of the Guide Speci?cations for girders not stiffened longitudinally. Numerous analytical and experimental works on the subject have also been published by Japanese researchers since the end of the CURT project.Mikami and colleagues presented work in Japanese journals (Mikami et al.1980;Mikami and Furunishi 1981)and later in the ASCE Journal of Engineering Mechanics (Mikami and Furunishi 1984)on the nonlinear be-havior of cylindrical web panels under bending and combined bending and shear.They analyzed the cylindrical panels based on Washizu’s (1975)nonlinear theory of shells.The governing nonlinear differential equations were solved numerically by the ?nite-difference method.Simple support boundary condi-tions were assumed along the curved boundaries (top and bot-tom at the ?ange locations)and both simple and ?xed support conditions were used at the straight (vertical)boundaries.The large displacement behavior was demonstrated by Mi-kami and Furunishi for a range of geometric properties.Nu-merical values of the load,de?ection,membrane stress,bend-ing stress,and torsional stress were obtained,but no equations for design use were presented.Signi?cant conclusions include that:(1)the compressive membrane stress in the circumfer-ential direction decreases with an increase in curvature;(2)the panel under combined bending and shear exhibits a lower level of the circumferential membrane stress as compared with the panel under pure bending,and as a result,the bending moment carried by the web panel is reduced;and (3)the plate bending stress under combined bending and shear is larger than that under pure bending.No formulations or recommendations for direct design use were made. Kuranishi and Hiwatashi (1981,1983)used the ?nite-ele-ment method to demonstrate the elastic ?nite displacement be-havior of curved I-girder webs under bending using models with and without ?ange rigidities.Rotation was not allowed (?xed condition)about the vertical axis at the ends of the panel (transverse stiffener locations).Again,the nonlinear distribu-