My trainer was extremely knowledgeable and professional. She was very courteous and encouraged learning. She was... More Testimonials »
Home > Java > Spring > Spring Security Training

Spring Security Training

Delivery Options

Upcoming Live eLearning Classes

There are currently no upcoming Live eLearning classes. Please contact us if you would like us to schedule a class.

Class Description

Class Overview

This fast-paced course introduces the Java web developer to the Spring Security framework. The first half of the course gives an overview and quickly moves into practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization.

By the end of the course students will be able to use Spring security to implement authentication and role-based authorization policies for their own Java web applications (whether or not those applications use Spring themselves), and customize the behavior of Spring Security to their requirements.

Class Goals

  • Configure Spring Security for HTTP BASIC authentication.
  • Implement form-based authentication.
  • Configure other authentication features including remember-me, anonymous users, and logout.
  • Apply authorization constraints to URLs and URL patterns.
  • Bind authorization roles to user accounts in relational databases.
  • Plug application-specific user realms into Spring Security by implementing UserDetailsService.
  • Implement application-specific authorization constraints as AccessDecisionVoters.
  • Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.

Class Outline

  1. The Spring Framework
    1. Overview of Spring
    2. The Core Module
    3. Inversion of Control
    4. XML and Java Views of the Container
    5. Configuring JavaBeans
    6. Dependency Injection
    7. Web Application Contexts
  2. Spring Security
    1. Acquiring and Integrating Spring Security
    2. Relationship to Spring
    3. Relationship to Java EE Standards
    4. Basic Configuration
    5. How It Works
    6. Integration: LDAP, CAS, X.509, OpeID, etc.
    7. Integration: JAAS
  3. Authentication
    1. The <http> Configuration
    2. The <intercept-url> Constraint
    3. The <form-login> Configuration
    4. Login Form Design
    5. "Remember Me"
    6. Anonymous "Authentication"
    7. Logout
    8. The JDBC Authentication Provider
    9. The Authentication/Authorization Schema
    10. Using Hashed Passwords
    11. Channel Security
    12. Session Management
  4. URL Authorization
    1. URL Authorization
    2. Programmatic Authorization: Servlets
    3. Programmatic Authorization: Spring Security
    4. Role-Based Presentation
    5. The Spring Security Tag Library
  5. Under the Hood: Authentication
    1. The Spring Security API
    2. The Filter Chain
    3. Authentication Manager and Providers
    4. The Security Context
    5. Plug-In Points
    6. Implementing UserDetailsService
    7. Connecting User Details to the Domain Model
  6. Under the Hood: Authorization
    1. Authorization
    2. FilterSecurityInterceptor and Friends
    3. The AccessDecisionManager
    4. Voting
    5. Configuration Attributes
    6. Access-Decision Strategies
    7. Implementing AccessDecisionVoter
    8. The Role Prefix
  7. URL Authorization
    1. Method Authorization
    2. Using Spring AOP
    3. XML vs. Annotations
    4. Domain-Object Authorization
    5. The ACL Schema
    6. Interface Model
    7. ACL-Based Presentation

Class Materials

Each student in our Live Online and our Onsite classes receives a comprehensive set of materials, including course notes and all the class examples.

Class Prerequisites

Experience in the following areas is required:

  • Java programming:
  • Basic knowledge of XML:
  • Some servlets and/or JSP experience will be beneficial for purposes of understanding the impact of each security feature that we configure. There is no web-application coding involved in the course.
  • Experience with the Spring framework is strongly recommended

Technical Requirements

Our computer technical requirements and setup process is easy, with support just a click away.

  • Java ®, all Java-based marks, Hibernate ®, and all Hibernate-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S. and other countries.
Quick Links
  1. Watch Presentation
  2. Free Demo
  3. Purchase Vouchers
  4. Partners
  5. Remote Courses
  6. Make Payment
  7. Contact Us
  8. Sitemap
  9. Privacy Policy
Courseware
  1. Purchase Courseware
Client Success
  1. Independent Survey
  2. Client List
  3. Testimonials
Join The Team
  1. Learn how you can become a Webucator Trainer
  2. Career Opportunities
Locations
  1. Where We've Trained
  2. We have trainers all over North America.
Compare Us
Compare Webucator to leading Competitors
Training Options
  1. Live eLearning Public Classes
  2. Private Training
  3. Self-Paced eLearning
Microsoft Partner
  1. Microsoft Certifications
  2. Certified Microsoft Courses
  3. Software Assurance Training Vouchers
Watch 3-minute Demo Video
of Live Online Training: Learn the benefits of online training with Webucator
Webucator is a Registered Education Provider (R.E.P.) approved by PMI to issue professional development units (PDUs) for our training courses.

Recent Blog Articles

Java Frameworks: Why You Should Care

Posted on May 14, 2010 by rsakowski

In previous articles, I talked a lot about the Model/View/Controller design pattern. Using it is recommended for all programming ...

© Webucator, Inc. All rights reserved. | Toll Free: 1-877-932-8228 | From outside the USA: 315-849-2724| Fax: 315-849-2723