Home    |    Instructor-led Training    |    Self-Paced Learning    |    Online Training          Email Us   Phone :
Contact Us   -   About Us   -   Clients    
Loading
Courses
A+
ADA
Adobe
AJAX
Android
Apache
AutoCAD
Business Analysis
Business Objects
Business Skills and Technology
C++ programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CORBA
Corel
Crystal Reports
Datawarehousing
DB2
Desktop Application Software
DNS
Embedded Systems
Enterprise Architecture
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Legato
Lotus
Macintosh
Mainframe programming
Microsoft technologies
MS Access
MultiMedia and design
.NET
Network+
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Perl
PHP
PowerBuilder
Professional Development
Professional Soft Skills Workshops
Project Management
Quality Center/Quick Test
Rational
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software Engineering
Software quality and testing
SQL Server
Sybase
Telecommunications
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Visual Basic
Visual Foxpro
VMware
Web 2.0
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Securing Web Services with Java EE 5
Overview

This advanced seminar will introduce Java developers to key technology for developing and deploying secure Web services. This course uses interactive discussions and hands-on exercise to illustrate XML signature and encryption standards, the WS-Security specification and token profiles, and the Security Assertions Markup Language (SAML). Using various case studies, each student will practice signing and encrypting XML message content, and configuring J2EE tools to support signature and encryption of SOAP messages under the Java API for XML-Based RPC (JAX-RPC).

The course emphasizes practical hands-on exercise, and approximately 50% of their classroom time solving specific security problems. The initial exercise will focus on XML signature and encryption work using local files, However, the bulk of the work is with running JAX-RPC web services: adding WS-Security headers, signing and encrypting message content, and passing SAML assertions among various parties to a messaging scenario.

Prerequisites

You should be familiar with the basics of the Java language and experience in developing Java Web services is assumed via either JAX-RPC or SAAJ. Additionally, experience with XML is encouraged

Class Format

Lecture and Lab

Audience

This course is designed for Java programmers who need to build secure applications. It has also proved helpful for system administrators and security officers who need a clear understanding of how security works within Java.

Learning Objectives

After completing this course, the student should be able to:

  • Learn the role of security with Web services
  • Illustrate HTTP protocols
  • Demonstrate basic HTTP security concepts and authentication schemes
  • Understand JAX-RPC support with HTTP security
  • Comparison of HTTP and HTTPS
  • Depict the role of encryption and hashing
  • Define the usage of XML signatures
  • Illustrate the JCA architecture
  • Demonstrate the architecture of X.509 Certificates
  • Depict the usage of Keystores and the KeyStore API
  • Understand basics of XML encryption
  • Define WS-Security specification and integration into JAX-RPC services
  • Demonstrate ability to prevent hacker attacks
  • Illustrate the role of SAML
  • Depict the SAML assertion schema and use of SAML tokens
Course Duration

4 Days

Course outline

Web Services Security
  • Overview
  • Threats and Attacks
  • Solution levels
  • Basic Security Patterns
HTTP Solutions
  • XML solutions
  • Basic encryption
  • Hashing concepts
  • Use of signatures
  • WS-Security
  • Role of SAML
Use of HTTPS
  • Authentication Schemes
    • Basic
    • Digest
    • Form
    • Certificate
  • Role of HTTPS
  • JAX-RPC Support
  • URL security
Using XML Signatures
  • Defining XML digital signatures
  • Java Cryptography Architecture
  • Use of Keystores
  • Using keytool
  • X.509 Certificates
    • Architecture
    • Types
    • Retrieval
    • Distribution
  • X.509 Certificate format
  • Revocation Lists
  • XML Digital Signature API

XML Encryption
  • Basics
  • Using encrypted keys
  • Using JCA Extensions
  • Encrypting and Decrypting XML
WS-Security
  • WS-Security specification
  • W3C relationship
  • Use of Security tokens
  • Role of Timestamps
  • WS-Security tools
  • JAX-RPC integration
Securing Web Services
  • Practical usages
  • Foiling attacks
  • Using Security policies

Security Assertion Markup Language (SAML)
  • Assertion schema
  • Use of Extensibility
  • Assertions and Subjects
  • Components
    • AuthenticationStatement
    • AttributeStatements
    • AuthorizationDecisionStatements
  • Actions
  • SAML Tokens
  • SAML Protocol
    • Request Types
    • Response Types
  • SAML Messaging
  • Standards

Java Authentication and Authorization services
  • Authentication and Authorization
  • JAAS Overview
  • LoginContext
  • Subjects, Principals, and PrivilegedActions
  • Authentication with the NTLoginModule
  • Defining Permissions in Policy Files
  • KeyStoreLoginModule
  • Callbacks
  • NameCallback and PasswordCallback
  • The Policy Class
Using Java EE Security
  • Authentication
  • Authorization
  • Security Layers
    • Features
    • Topology
    • Protocols
    • SSL
  • Application Server Management
  • LTPA
  • SSO
  • Identity Assertion
  • Declarative Security
    • Security Roles
    • Run-As Delegation
    • Securing resources
    • Creating Constraints
  • Authentication types
    • Form
    • Digital
    • Basic
    • Certificate
  • Trust Association
  • Custom Trust Assocation Interceptors
Contact Information
WINTRAC INC. - the one stop shopping center for IT training.
16523 S.W. McGwire Ct. Beaverton OR -97007
Phone: (503) 259-0312
Fax: 707-598-2268
Email: sales@wintrac.com

Send mail to webmaster@wintrac.com with questions or comments about this web site.
Copyright © 2011 Wintrac Inc.