Spring® Security
Private Training Price : $4795 for up to 3 students*
*Additional students subject to a nominal fee
- Spring Security Training Class Summary
-
This fast-paced course introduces the Java web developer to the Spring Security framework. The first half of the course gives an overview and quickly moves into practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Students will then dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization. By the end of the course students will be able to use Spring security to implement authentication and role-based authorization policies for their own Java web applications (whether or not those applications use Spring themselves), and customize the behavior of Spring Security to their requirements.
Audience: Java programmers wishing to learn Spring Security.
Prerequisites: Java Programming, basic knowledge of XML, and experience with the Spring framework.
Class Length: 2 days
- Spring Security Training Class Objectives
-
- Configure Spring Security for HTTP BASIC authentication.
- Implement form-based authentication.
- Configure other authentication features including remember-me, anonymous users, and logout.
- Apply authorization constraints to URLs and URL patterns.
- Bind authorization roles to user accounts in relational databases.
- Plug application-specific user realms into Spring Security by implementing UserDetailsService.
- Implement application-specific authorization constraints as AccessDecisionVoters.
- Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.
- Spring Security Training Class Detailed Outline
-
- The Spring Framework (Optional)
- The Spring Security Project
- The Spring Security Distribution
- Required Libraries
- Relationship to the Spring Framework
- Relationship to Java EE Standards
- Basic Configurations
- The Spring Security Namespace
- Authentication and Authorization
- User Details
- XML Tools
- How It Works
- Integration: LDAP, CAS, X.509, OpenID, etc.
- Integration: JAAS
- Spring Security
- The Spring Security Project
- The Spring Security Distribution
- Required Libraries
- Relationship to the Spring Framework
- Relationship to Java EE Standards
- Basic Configurations
- The Spring Security Namespace
- Authentication and Authorization
- User Details
- XML Tools
- How It Works
- Integration: LDAP, CAS, X.509, OpenID, etc.
- Integration: JAAS
- Authentication
- The <http> Configuration
- The <intercept-url> Constraint
- The <form-login> Configuration
- Login Form Design
- "Remember Me"
- Anonymous "Authentication"
- Logout
- Database Realms
- The JDBC Authentication Provider
- The Authentication/Authorization Schema
- Using Hashed Passwords
- Channel Security
- Session Management
- URL Authorization
- URL Authorization
- The Healthcare Case Study
- Programmatic Authorization: Servlets
- Programmatic Authorization: Spring Security
- When to Use Programmatic Authorization
- Role-Based Presentation
- The Spring Security Tag Library
- Under the Hood: Authentication
- The Spring Security API
- The Filter Chain
- Authentication Manager and Provider(s)
- SecurityContext and SecurityContextHolder
- How AuthenticationProviders Work
- Plug-In Points
- Implementing UserDetailsService
- Connecting User Details to the Domain Model
- Under the Hood: Authorization
- Authorization
- FilterSecurityInterceptor and Friends
- URL Authorization
- The AccessDecisionManager
- Putting It to a Vote
- The AccessDecision Voter
- ConfigAttributes
- Access-Decision Strategies
- Putting It Together
- Implementing AccessDecision Voter
- Choosing an Approach
- The Role Prefix
- Method and Instance Authorization
- Method Authorization
- Configuring Method Authorization
- Using XML
- Using Annotations
- Domain-Object Authorization
- The ACL Schema
- Interface Model
- ACL-Base Presentation
- The Spring Framework (Optional)