Home    |    Instructor-led Training    |    Self-Paced Learning    |    Online Training          Email Us   Phone :
Contact Us   -   About Us   -   Clients    
Loading
Courses
A+
ADA
Adobe
AJAX
Android
Apache
AutoCAD
Business Analysis
Business Objects
Business Skills and Technology
C++ programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CORBA
Corel
Crystal Reports
Datawarehousing
DB2
Desktop Application Software
DNS
Embedded Systems
Enterprise Architecture
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Legato
Lotus
Macintosh
Mainframe programming
Microsoft technologies
MS Access
MultiMedia and design
.NET
Network+
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Perl
PHP
PowerBuilder
Professional Development
Professional Soft Skills Workshops
Project Management
Quality Center/Quick Test
Rational
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software Engineering
Software quality and testing
SQL Server
Sybase
Telecommunications
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Visual Basic
Visual Foxpro
VMware
Web 2.0
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Spring Security
Version 2.0
Java Training Overview

This fast-paced course introduces the Java web developer to the Spring Security framework. The first half of the course gives an overview and quickly moves into practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization.

By the end of the course students will be able to use Spring security to implement authentication and role-based authorization policies for their own Java web applications (whether or not those applications use Spring themselves), and customize the behavior of Spring Security to their requirements.

Note that, in this short time frame, the course does not give much background on general web-application security -- for example, pros and cons of HTTP BASIC, DIGEST, and form-based authentication strategies, or what a session-fixation attack actually is. Rather, it is focused on the Spring Security library and what we can do with it. For a complete treatment of web security, consider pairing this course with Course "Securing Java Web Applications."

Java Training Prerequisites

  • Java programming course is excellent preparation.
  • Basic knowledge of XML.
  • Some servlets and/or JSP experience will be beneficial for purposes of understanding the impact of each security feature that we configure. There is no web-application coding involved in the course.
  • Experience with the Spring framework is strongly recommended. This course offers an optional "Chapter 0" briefing on features of Spring that are essential to Spring Security; but full coverage of this chapter will come at the expense of some of the later material in the course.
Java Training Learning Objectives

After completing this course, the student should be able to:

  • Configure Spring Security for HTTP BASIC authentication.
  • Implement form-based authentication.
  • Configure other authentication features including remember-me, anonymous users, and logout.
  • Apply authorization constraints to URLs and URL patterns.
  • Bind authorization roles to user accounts in relational databases.
  • Plug application-specific user realms into Spring Security by implementing UserDetailsService.
  • Implement application-specific authorization constraints as AccessDecisionVoters.
  • Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.
Java Training Course duration

2 Days

Java Training Course outline

Chapter 0. The Spring Framework
  • Overview of Spring
  • The Core Module
  • Inversion of Control
  • XML and Java Views of the Container
  • Configuring JavaBeans
  • Dependency Injection
  • Web Application Contexts
Chapter 1. Spring Security
  • Acquiring and Integrating Spring Security
  • Relationship to Spring
  • Relationship to Java EE Standards
  • Basic Configuration
  • How It Works
  • Integration: LDAP, CAS, X.509, OpeID, etc.
  • Integration: JAAS
Chapter 2. Authentication
  • The <http> Configuration
  • The <intercept-url> Constraint
  • The <form-login> Configuration
  • Login Form Design
  • "Remember Me"
  • Anonymous "Authentication"
  • Logout
  • The JDBC Authentication Provider
  • The Authentication/Authorization Schema
  • Using Hashed Passwords
  • Channel Security
  • Session Management
Chapter 3. URL Authorization
  • URL Authorization
  • Programmatic Authorization: Servlets
  • Programmatic Authorization: Spring Security
  • Role-Based Presentation
  • The Spring Security Tag Library
Chapter 4. Under the Hood: Authentication
  • The Spring Security API
  • The Filter Chain
  • Authentication Manager and Providers
  • The Security Context
  • Plug-In Points
  • Implementing UserDetailsService
  • Connecting User Details to the Domain Model
Chapter 5. Under the Hood: Authorization
  • Authorization
  • FilterSecurityInterceptor and Friends
  • The AccessDecisionManager
  • Voting
  • Configuration Attributes
  • Access-Decision Strategies
  • Implementing AccessDecisionVoter
  • The Role Prefix
Chapter 6. URL Authorization
  • Method Authorization
  • Using Spring AOP
  • XML vs. Annotations
  • Domain-Object Authorization
  • The ACL Schema
  • Interface Model
  • ACL-Based Presentation
System Requirements

Minimum Hardware Requirements

  • Core 2 Duo 1.5 GHz or equivalent, 1 gig RAM, 2 gig disk space
Minimum Software Requirements

  • All free downloadable tools.
Hardware – recommended

  • Core 2 Duo 2.5 GHz or equivalent, 4 gig RAM, 2 gig disk space.
Network and Security

  • Limited privileges required
Operating system

  • Tested on Windows XP Professional. Course software should be viable on all systems which support a Java 6 Developer's Kit.

Contact Information
WINTRAC INC. - the one stop shopping center for IT training.
16523 S.W. McGwire Ct. Beaverton OR -97007
Phone: (503) 259-0312
Fax: 707-598-2268
Email: sales@wintrac.com

Send mail to webmaster@wintrac.com with questions or comments about this web site.
Copyright © 2011 Wintrac Inc.