This fast-paced course introduces the Java web developer to the Spring Security framework. The first half of the course gives an overview and quickly moves into practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization.

By the end of the course students will be able to use Spring security to implement authentication and role-based authorization policies for their own Java web applications (whether or not those applications use Spring themselves), and customize the behavior of Spring Security to their requirements.

Class Goals

Configure Spring Security for HTTP BASIC authentication.
Implement form-based authentication.
Configure other authentication features including remember-me, anonymous users, and logout.
Apply authorization constraints to URLs and URL patterns.
Bind authorization roles to user accounts in relational databases.
Plug application-specific user realms into Spring Security by implementing UserDetailsService.
Implement application-specific authorization constraints as AccessDecisionVoters.
Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.

Class Outline

The Spring Framework
1. Overview of Spring
2. The Core Module
3. Inversion of Control
4. XML and Java Views of the Container
5. Configuring JavaBeans
6. Dependency Injection
7. Web Application Contexts
Spring Security
1. Acquiring and Integrating Spring Security
2. Relationship to Spring
3. Relationship to Java EE Standards
4. Basic Configuration
5. How It Works
6. Integration: LDAP, CAS, X.509, OpeID, etc.
7. Integration: JAAS
Authentication
1. The <http> Configuration
2. The <intercept-url> Constraint
3. The <form-login> Configuration
4. Login Form Design
5. "Remember Me"
6. Anonymous "Authentication"
7. Logout
8. The JDBC Authentication Provider
9. The Authentication/Authorization Schema
10. Using Hashed Passwords
11. Channel Security
12. Session Management
URL Authorization
1. URL Authorization
2. Programmatic Authorization: Servlets
3. Programmatic Authorization: Spring Security
4. Role-Based Presentation
5. The Spring Security Tag Library
Under the Hood: Authentication
1. The Spring Security API
2. The Filter Chain
3. Authentication Manager and Providers
4. The Security Context
5. Plug-In Points
6. Implementing UserDetailsService
7. Connecting User Details to the Domain Model
Under the Hood: Authorization
1. Authorization
2. FilterSecurityInterceptor and Friends
3. The AccessDecisionManager
4. Voting
5. Configuration Attributes
6. Access-Decision Strategies
7. Implementing AccessDecisionVoter
8. The Role Prefix
URL Authorization
1. Method Authorization
2. Using Spring AOP
3. XML vs. Annotations
4. Domain-Object Authorization
5. The ACL Schema
6. Interface Model
7. ACL-Based Presentation

Class Materials

Each student in our Live Online and our Onsite classes receives a comprehensive set of materials, including course notes and all the class examples.

Class Prerequisites

Experience in the following areas is required:

Java programming:
Basic knowledge of XML:
Some servlets and/or JSP experience will be beneficial for purposes of understanding the impact of each security feature that we configure. There is no web-application coding involved in the course.
Experience with the Spring framework is strongly recommended

Technical Requirements

Our computer technical requirements and setup process is easy, with support just a click away.

Onsite and Instructor-led Online course technical requirements and setup instructions.
WebEx system requirements for Instructor-led Online delivery option.

Java ^®, all Java-based marks, Hibernate ^®, and all Hibernate-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. or its subsidiaries in the U.S. and other countries.

Quick Links

Courseware

Purchase Courseware

Client Success

Join The Team

Learn how you can become a Webucator Trainer
Career Opportunities

Locations

Where We've Trained
Some of the Cities in which Webucator has Trained:
1. Phoenix, AZ
2. Pittsburgh, PA
3. Portland, OR
4. Providence, RI
5. Raleigh, NC
6. Sacramento, CA
7. St. Louis, MO
8. San Diego, CA
9. San Francisco, CA
10. San Jose, CA
11. Santa Clara, CA
12. Seattle, WA
13. Sunnyvale, CA
14. Tallahassee, FL
15. Tempe, AZ
16. Toronto, ON
17. Tucson, AZ
18. Tulsa, OK
19. Virginia Beach, VA
20. Washington, DC
1. Fort Worth, TX
2. Hampton, VA
3. Hollywood, FL
4. Houston, TX
5. Huntsville, AL
6. Indianapolis, IN
7. Jacksonville, FL
8. Las Vegas, NV
9. Lexington, KY
10. Los Angeles, CA
11. Louisville, KY
12. Madison, WI
13. Memphis, TN
14. Milwaukee, WI
15. Nashville, TN
16. New York, NY
17. Oklahoma City, OK
18. Omaha, NE
19. Ottawa, ON
20. Philadelphia, PA
1. Amarillo, TX
2. Atlanta, GA
3. Aurora, IL
4. Austin, TX
5. Baltimore, MD
6. Beaumont, TX
7. Boston, MA
8. Buffalo, NY
9. Calgary, AB
10. Cary, NC
11. Chandler, AZ
12. Chicago, IL
13. Cincinnati, OH
14. Cleveland, OH
15. Colorado Springs, CO
16. Columbus, OH
17. Dallas, TX
18. Dayton, OH
19. Denver, CO
20. Detroit, MI
We have trainers all over North America.
1. Indianapolis, IN
2. Boston, MA
3. Silver Spring, MD
4. Portland, ME
5. Detroit, MI
6. Minneapolis, MN
7. Kansas City, MO
8. St. Louis, MO
9. Jackson, MS
10. Charlotte, NC
11. Nashua, NH
12. Atlantic City, NJ
13. Newark, NJ
14. Jersey City, NJ,
15. Reno, NV
16. Philadelphia, PA
17. Calgary, Canada
18. Toronto, Canada
1. Phoenix, AZ
2. Los Angeles, CA
3. Oakland, CA
4. San Diego, CA
5. San Francisco, CA
6. San Jose, CA
7. Santa Clara, CA
8. Sacramento, CA
9. Boulder, CO
10. Denver, CO
11. Hartford, CT
12. Fort Lauderdale, FL
13. Fort Myers, FL
14. Orlando, FL
15. Tallahassee, FL
16. Atlanta, GA
17. Boise, ID
18. Chicago, IL

Training Options

Microsoft Partner

Watch 3-minute Demo Video
of Live Online Training:

Learn the benefits of online training with Webucator

Free Webinars

A Crash Course in CSS

Wed, 3/21 1:00 PM EST

Recent Blog Articles

Java Frameworks: Why You Should Care

Posted on May 14, 2010 by rsakowski

In previous articles, I talked a lot about the Model/View/Controller design pattern. Using it is recommended for all programming ...

Compare Webucator to leading Competitors

» Microsoft Certifications

» Certified Microsoft Courses

» Software Assurance Training Vouchers

Webucator is a Registered Education Provider (R.E.P.) approved by PMI to issue professional development units (PDUs) for our training courses.