title
Please take a moment to fill out this form. We will get back to you as soon as possible.
All fields marked with an asterisk (*) are mandatory.
Spring Security
Course Description
Overview
This Spring Security course is designed to provide students with an overview and practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization.We then explore two increasingly popular extensions to Spring Security. We consider the Security Assertions Markup Language, or SAML, and the wide range of identity and security features it offers -- but quickly focus on it's support for single sign-on (SSO), and learn how the Spring Security SAML Extension enables applications to interact with SAML identity providers to implement SSO and single logout. And we look at OAuth for Spring Security, which enables third-party authorization scenarios, and learn how to implement both the server and client sides of the OAuth 2.0 flow.
Objectives
- Configure Spring Security for HTTP BASIC authentication.
- Implement form-based authentication.
- Configure other authentication features including remember-me, anonymous users, and logout.
- Apply authorization constraints to URLs and URL patterns.
- Bind authorization roles to user accounts in relational databases.
- Plug application-specific user realms into Spring Security by implementing UserDetailsService.
- Implement application-specific authorization constraints as AccessDecisionVoters.
- Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.
- Express user identity in terms of SAML <Subject>s.
- Implement SAML SSO from the service-provider side.
- Implement OAuth 2.0 authorization-server and resource-server roles.
- Implement an OAuth 2.0 client.
Audience
- Java web developer
Prerequisites
- Java programming
- Experience with Spring framework
- Basic knowledge of XML
- Some servlet and/or JSP experience (recommended)
Topics
- Acquiring and Integrating Spring Security
- Relationship to Spring
- Relationship to Java EE Standards
- Basic Configuration
- How It Works
- Integration: LDAP, CAS, X.509, OpenID, etc.
- Integration: JAAS
- The <http> Configuration
- The <intercept-url> Constraint
- The <form-login> Configuration
- Login Form Design
- 'Remember Me'
- Anonymous 'Authentication'
- Logout
- The JDBC Authentication Provider
- The Authentication/Authorization Schema
- Using Hashed Passwords
- Why Hashing Isn't Enough
- Using Salts
- PasswordEncoder and SaltSource
- Key Lengthening
- Channel Security
- Session Management
- URL Authorization
- Programmatic Authorization: Servlets
- Programmatic Authorization: Spring Security
- Role-Based Presentation
- The Spring Security Tag Library
- The Spring Security API
- The Filter Chain
- Authentication Manager and Providers
- The Security Context
- Plug-In Points
- Implementing UserDetailsService
- Connecting User Details to the Domain Model
- Authorization
- FilterSecurityInterceptor and Friends
- The AccessDecisionManager
- Voting
- Configuration Attributes
- Access-Decision Strategies
- Implementing AccessDecisionVoter
- The Role Prefix
- Method Authorization
- Using Spring AOP
- XML vs. Annotations
- @PreAuthorize and @PostAuthorize
- Spring EL for Authorization
- @PreFilter and @PostFilter
- Domain-Object Authorization
- The ACL Schema
- Interface Model
- ACL-Based Presentation
- History of SAML
- Assertions
- Protocol
- Bindings
- Profiles
- Using OpenSAML
- 'Vouching for' a User
- Assertions and Subjects
- NameID Types
- Authentication Contexts
- Requests, Queries, and Responses
- Attribute Queries
- SAML and XML Signature
- Speaking 'Through' the Browser
- The SOAP Binding
- SAML Over HTTP
- The Redirect, POST, and Artifact Bindings
- The PAOS Binding
- The URI Binding
- SAML 2.0 Federations
- Single Sign-On
- Account Linking and Persistent Pseudonyms
- Transient Pseudonyms
- Name ID Mapping
- Single Logout
- Federation Termination
- The Spring Security SAML Extension
- The SAML Entry Point
- The SAML Filter Chain
- The SSO Processing Filters
- IdP Discovery
- Login and Logout Handlers
- Configuring OpenAM
- Configuring an SP
- Customization
- Combining SSO and Other Authentication Styles
- Authorization and Attributes
- Third-Party Authorization
- OAuth
- Roles and Initial Flow
- Grant Types
- Access Tokens
- The Google OAuth API
- OAuth for Spring Security
- Client-Details Services
- Token Services
- The AuthorizationEndpoint
- The TokenEndpoint
- The UserApprovalHandler
- The Resource-Server Filter
- The ScopeVoter
- The OAuth-Aware RestTemplate
- AccessTokenProviders
- The OAuth Redirecting Filter
Related Courses
-
Spring MVC Web Applications
EJJF-705- Duration: 5 Days
- Delivery Format: Classroom Training, Online Training
- Price: 2,925.00 USD
-
Mastering Microservices with Spring Boot and Spring Cloud
EJJF-730- Duration: 4 Days
- Delivery Format: Classroom Training
- Price: 2,340.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
Sorry, there are no classes that meet your criteria.
Please contact us to schedule a class.

STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration