Spring 3 Security

Course: SPRSEC

Duration: 3 Days

Level: II

Course Summary

This course introduces the Java web developer to the Spring Security framework. It includes AOP, transaction processing plus security usage: XML configuration for authentication and URL-based authorization. Advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization are included. Students will learn to use Spring security to implement authentication and role-based authorization policies for their Java web applications (whether or not those applications use Spring themselves), and how to customize the behavior of Spring Security to their requirements. The course will give some background on general web-application security -- for example, pros and cons of HTTP BASIC, DIGEST, and form-based authentication strategies, or what a session-fixation attack actually is.

« Hide The Details

Topics Covered In This Course

The Spring Framework

Overview of Spring
The Core Module
Inversion of Control
XML and Java Views of the Container
Configuring JavaBeans
Dependency Injection
Web Application Contexts
Aspect-Oriented Programming (AOP)
Spring Transactions

Spring Security

Typical security used on the web
Acquiring and Integrating Spring Security
Relationship to Spring
Relationship to Java EE Standards
Basic Configuration
Integration: LDAP, CAS, X.509
Integration: JAAS

Authentication

The Configuration
The Constraint
The Configuration
Login Form Design
Anonymous "Authentication"
Logout
The JDBC Authentication Provider
The Authentication/Authorization Schema
Using Hashed Passwords
Channel Security
Session Management

URL Authorization

URL Authorization
Programmatic Authorization: Servlets
Programmatic Authorization: Spring Security
Role-Based Presentation
The Spring Security Tag Library

Authentication Internals

The Spring Security API
The Filter Chain
Authentication Manager and Providers
The Security Context
Plug-In Points
Implementing UserDetailsService
Connecting User Details to the Domain Model

Authorization Internals

Authorization
FilterSecurityInterceptor
The AccessDecisionManager
Voting
Configuration Attributes
Access-Decision Strategies
Implementing AccessDecisionVoter
The Role Prefix

URL Authorization

Method Authorization
Using Spring AOP
XML vs. Annotations
Domain-Object Authorization
The ACL Schema
Interface Model
ACL-Based Presentation

What You Can Expect

At the end of this course, students will be able to:

Apply Spring Security
Use Aspect Oriented Programming
Understand Web and Spring Security options
Describe Authentication
Use Spring Authorization in Servlets
Work with URL Authorization
Use XML and Annotations configuration

Recommended Prerequisites

Java Programming Experience is essential.

Training Style

Instructor led with 50% lecture and 50% lab.

« Hide The Details

Related Courses

Code	Course Title	Duration	Level
SPRING1	Spring Framework Part 1 - Fundamentals, Injection, AOP, Beginning MVC	5 Days	I	Details
SPRHIBD	Spring and Hibernate Development	5 Days	II	Details
SPRING2	Spring Framework Part 2 - More MVC, Webflow, Web Services, Security, ROO	5 Days	II	Details
SPRING4	Spring Framework Part 4 - Spring Data with JPA, Hadoop, MongoDB, and More	5 Days	III	Details

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.

Notify me the next time this course is confirmed!

Can't find the course you want?
Call us at 800.533.3893, or
email us at [email protected]