Contact Us

« Important Announcement » Contact Us 877-206-0106 | USA Flag

Thank you for your interest in LearnQuest.

Your request is being processed and LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.


Thank you for your interest in Private Training.

We look forward to helping you develop the perfect training solution to help you meet your company's goals.

For immediate assistance, speak with one of our representatives using the chat module below. Otherwise, LearnQuest or a LearnQuest-Authorized Training Provider will be in touch with you shortly.


Thank you for your interest in LearnQuest!

Now, you will be able to stay up-to-date on our latest course offerings, promotions, and training discounts. Watch your inbox for upcoming special offers.


Date: xxx

Location: xxx

Time: xxx

Price: xxx

Please take a moment to fill out this form. We will get back to you as soon as possible.

All fields marked with an asterisk (*) are mandatory.

Spring Security

2,340 USD
4 Days
Classroom Training, Online Training

AWS Training Pass

Take advantage of flexible training options with the AWS Training Pass and get Authorized AWS Training for a full year.

Learn More

Prices reflect a 22.5% discount for IBM employees.
Prices reflect a 24% discount for Kyndryl employees.
Prices reflect the Accenture employee discount.
Prices shown are the special AWS Partner Prices.
Prices reflect the Capgemini employee discount.
Prices reflect the UPS employee discount.
Prices reflect the ??democompanyname?? employee discount.
GSA Private/Onsite Price: ??gsa-private-price??
For GSA pricing, please go to GSA Advantage.

Class Schedule

Delivery Formats

Sort results

Filter Classes

Guaranteed to Run





    Sorry, there are no public classes currently scheduled in your country.

    Please complete this form, and a Training Advisor will be in touch with you shortly to address your training needs.

View Global Schedule

Course Description


This Spring Security course is designed to provide students with an overview and practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization.

We then explore two increasingly popular extensions to Spring Security. We consider the Security Assertions Markup Language, or SAML, and the wide range of identity and security features it offers -- but quickly focus on it's support for single sign-on (SSO), and learn how the Spring Security SAML Extension enables applications to interact with SAML identity providers to implement SSO and single logout. And we look at OAuth for Spring Security, which enables third-party authorization scenarios, and learn how to implement both the server and client sides of the OAuth 2.0 flow.


Upon completion of the Spring Security course, students will be able to:
  • Configure Spring Security for HTTP BASIC authentication.
  • Implement form-based authentication.
  • Configure other authentication features including remember-me, anonymous users, and logout.
  • Apply authorization constraints to URLs and URL patterns.
  • Bind authorization roles to user accounts in relational databases.
  • Plug application-specific user realms into Spring Security by implementing UserDetailsService.
  • Implement application-specific authorization constraints as AccessDecisionVoters.
  • Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.
  • Express user identity in terms of SAML <Subject>s.
  • Implement SAML SSO from the service-provider side.
  • Implement OAuth 2.0 authorization-server and resource-server roles.
  • Implement an OAuth 2.0 client.


  • Java web developer


    • Java programming
    • Experience with Spring framework
    • Basic knowledge of XML
    • Some servlet and/or JSP experience (recommended)


  • Spring Security
    • Acquiring and Integrating Spring Security
    • Relationship to Spring
    • Relationship to Java EE Standards
    • Basic Configuration
    • How It Works
    • Integration: LDAP, CAS, X.509, OpenID, etc.
    • Integration: JAAS
  • Authentication
    • The <http> Configuration
    • The <intercept-url> Constraint
    • The <form-login> Configuration
    • Login Form Design
    • 'Remember Me'
    • Anonymous 'Authentication'
    • Logout
    • The JDBC Authentication Provider
    • The Authentication/Authorization Schema
    • Using Hashed Passwords
    • Why Hashing Isn't Enough
    • Using Salts
    • PasswordEncoder and SaltSource
    • Key Lengthening
    • Channel Security
    • Session Management
  • URL Authorization
    • URL Authorization
    • Programmatic Authorization: Servlets
    • Programmatic Authorization: Spring Security
    • Role-Based Presentation
    • The Spring Security Tag Library
  • Under the Hood: Authentication
    • The Spring Security API
    • The Filter Chain
    • Authentication Manager and Providers
    • The Security Context
    • Plug-In Points
    • Implementing UserDetailsService
    • Connecting User Details to the Domain Model
  • Under the Hood: Authorization
    • Authorization
    • FilterSecurityInterceptor and Friends
    • The AccessDecisionManager
    • Voting
    • Configuration Attributes
    • Access-Decision Strategies
    • Implementing AccessDecisionVoter
    • The Role Prefix
  • Method and Instance Authorization
    • Method Authorization
    • Using Spring AOP
    • XML vs. Annotations
    • @PreAuthorize and @PostAuthorize
    • Spring EL for Authorization
    • @PreFilter and @PostFilter
    • Domain-Object Authorization
    • The ACL Schema
    • Interface Model
    • ACL-Based Presentation
  • Introduction to SAML
    • History of SAML
    • Assertions
    • Protocol
    • Bindings
    • Profiles
    • Using OpenSAML
  • SAML Assertions and Protocol
    • 'Vouching for' a User
    • Assertions and Subjects
    • NameID Types
    • Authentication Contexts
    • Requests, Queries, and Responses
    • Attribute Queries
    • SAML and XML Signature
  • SAML Bindings
    • Speaking 'Through' the Browser
    • The SOAP Binding
    • SAML Over HTTP
    • The Redirect, POST, and Artifact Bindings
    • The PAOS Binding
    • The URI Binding
  • Federated Identify and SSO
    • SAML 2.0 Federations
    • Single Sign-On
    • Account Linking and Persistent Pseudonyms
    • Transient Pseudonyms
    • Name ID Mapping
    • Single Logout
    • Federation Termination
  • The Spring Security SAML Extension
    • The Spring Security SAML Extension
    • The SAML Entry Point
    • The SAML Filter Chain
    • The SSO Processing Filters
    • IdP Discovery
    • Login and Logout Handlers
    • Configuring OpenAM
    • Configuring an SP
    • Customization
    • Combining SSO and Other Authentication Styles
    • Authorization and Attributes
  • OAuth for Spring Security
    • Third-Party Authorization
    • OAuth
    • Roles and Initial Flow
    • Grant Types
    • Access Tokens
    • The Google OAuth API
    • OAuth for Spring Security
    • Client-Details Services
    • Token Services
    • The AuthorizationEndpoint
    • The TokenEndpoint
    • The UserApprovalHandler
    • The Resource-Server Filter
    • The ScopeVoter
    • The OAuth-Aware RestTemplate
    • AccessTokenProviders
    • The OAuth Redirecting Filter
  • 2021 Top 20 Training Industry Company - IT Training

    Need Help?

    Call us toll free at 877-206-0106 or e-mail us at

    Personalized Solutions

    Need a personalized solution for your Training? Contact us, and one of our training advisors will help you find the best solution.

    Contact Us

    Need Help?

    Do you have a question about the courses, instruction, or materials covered? Do you need help finding which course is best for you? We are here to help!

    Talk to us

    20% Off All Automation Training Courses

    Make Things Happen Easier, Faster, and Smarter while Saving


    20% Off All Automation Training Courses

    Self-Paced Training Info

    Learn at your own pace with anytime, anywhere training

    • Same in-demand topics as instructor-led public and private classes.
    • Standalone learning or supplemental reinforcement.
    • e-Learning content varies by course and technology.
    • View the Self-Paced version of this outline and what is included in the SPVC course.
    • Learn more about e-Learning

    Course Added To Shopping Cart







    Self-Paced Training Terms & Conditions


    Sorry, there are no classes that meet your criteria.

    Please contact us to schedule a class.

    STOP! Before You Leave

    Save 0% on this course!

    Take advantage of our online-only offer & save 0% on any course !

    Promo Code skip0 will be applied to your registration

    Nothing yet
    here's the message from the cart

    To view the cart, you can click "View Cart" on the right side of the heading on each page
    Add to cart clicker.

    Purchase Information

    ??elearning-coursenumber?? ??coursename??
    View Cart

    Need more Information?

    Speak with our training specialists to continue your learning journey.


    Delivery Formats


    By submitting this form, I agree to LearnQuest's Terms and Conditions

    heres the new schedule
    This website uses third-party profiling cookies to provide services in line with the preferences you reveal while browsing the Website. By continuing to browse this Website, you consent to the use of these cookies. If you wish to object such processing, please read the instructions described in our Privacy Policy.
    Your use of this LearnQuest site affirms your consent to our use of session and persistent cookies to track how you use our website.