Spring Security Training

Print

Request an offer for classroom delivery of this course

Register for a Live Web Conference Course

Course duration

Course Outline

This fast-paced course introduces the Java web developer to the Spring Security framework. The first half of the course gives an overview and quickly moves into practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization.

By the end of the course students will be able to use Spring security to implement authentication and role-based authorization policies for their own Java web applications (whether or not those applications use Spring themselves), and customize the behavior of Spring Security to their requirements.

  1. The Spring Framework
    1. Overview of Spring
    2. The Core Module
    3. Inversion of Control
    4. XML and Java Views of the Container
    5. Configuring JavaBeans
    6. Dependency Injection
    7. Web Application Contexts
  2. Spring Security
    1. Acquiring and Integrating Spring Security
    2. Relationship to Spring
    3. Relationship to Java EE Standards
    4. Basic Configuration
    5. How It Works
    6. Integration: LDAP, CAS, X.509, OpeID, etc.
    7. Integration: JAAS
  3. Authentication
    1. The <http> Configuration
    2. The <intercept-url> Constraint
    3. The <form-login> Configuration
    4. Login Form Design
    5. "Remember Me"
    6. Anonymous "Authentication"
    7. Logout
    8. The JDBC Authentication Provider
    9. The Authentication/Authorization Schema
    10. Using Hashed Passwords
    11. Channel Security
    12. Session Management
  4. URL Authorization
    1. URL Authorization
    2. Programmatic Authorization: Servlets
    3. Programmatic Authorization: Spring Security
    4. Role-Based Presentation
    5. The Spring Security Tag Library
  5. Under the Hood: Authentication
    1. The Spring Security API
    2. The Filter Chain
    3. Authentication Manager and Providers
    4. The Security Context
    5. Plug-In Points
    6. Implementing UserDetailsService
    7. Connecting User Details to the Domain Model
  6. Under the Hood: Authorization
    1. Authorization
    2. FilterSecurityInterceptor and Friends
    3. The AccessDecisionManager
    4. Voting
    5. Configuration Attributes
    6. Access-Decision Strategies
    7. Implementing AccessDecisionVoter
    8. The Role Prefix
  7. Method and Instance Authorization
    1. Method Authorization
    2. Using Spring AOP
    3. XML vs. Annotations
    4. Domain-Object Authorization
    5. The ACL Schema
    6. Interface Model
    7. ACL-Based Presentation

InterSource Geneva, a premier Information Technology training firm, offers over 400 different courses on server, database and programming technologies, as well as end-user classes for the most popular office, graphics and design applications. We serve clients in Switzerland (Geneva, Lausanne, Bern, Basel, Zurich) and throughout Europe (France, Germany, Austria, Finland, Sweden, England, Netherlands, Spain, etc.).


InterSource offers custom, private courses at client sites, standard public courses in our Geneva classroom, and online training via live Web conference. Training is offered in English and many other languages (Francais, Deutsch, Espanol, Italiano.)


For an overall view of our offerings, please visit us at www.intersource.ch.