United States flagCanada flag1 877 849 1850 International flag +1 678 648 3113
Please contact us
for GSA pricing.
Contract #

Spring Security Training: Introduction to Spring Security

Course Number: SPRG-140
Duration: 2 days
view course outline

Spring Security Training Overview

Accelebrate’s Introduction to Spring Security course teaches attendees how to secure their Spring applications.

Location and Pricing

Most Accelebrate courses are delivered as private, customized, on-site training at our clients' locations worldwide for groups of 3 or more attendees and are custom tailored to their specific needs. Please visit our client list to see organizations for whom we have delivered private in-house training. These courses can also be delivered as live, private online classes for groups that are geographically dispersed or wish to save on the instructor's or students' travel expenses. To receive a customized proposal and price quote for private training at your site or online, please contact us.

In addition, some courses are available as live, online classes for individuals. See a schedule of online courses.

Spring Security Training Prerequisites

All attendees must be experienced Java developers and have some experience with the Spring Framework.

Hands-on/Lecture Ratio

This Spring Security training class is 70% hands-on, 30% lecture, with the longest lecture segments lasting for 20 minutes.

Spring Security Training Materials

All attendees receive comprehensive courseware covering all topics in the course.

Software Needed on Each Student PC

  • Java SE SDK (JDK) version 6
  • Eclipse for Java EE Developers
  • Related lab files that Accelebrate provides

Spring Security Training Objectives

  • Configure Spring Security for HTTP BASIC authentication
  • Implement form-based authentication
  • Configure other authentication features including remember-me, anonymous users, and logout
  • Apply authorization constraints to URLs and URL patterns
  • Bind authorization roles to user accounts in relational databases
  • Plug application-specific user realms into Spring Security by implementing UserDetailsService
  • Implement application-specific authorization constraints as AccessDecisionVoters
  • Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it

Spring Security Training Outline

  • The Spring Framework
    • Overview of Spring
    • The Core Module
    • Inversion of Control
    • XML and Java Views of the Container
    • Configuring JavaBeans
    • Dependency Injection
    • Web Application Contexts
  • Spring Security
    • Acquiring and Integrating Spring Security
    • Relationship to Spring
    • Relationship to Java EE Standards
    • Basic Configuration
    • How It Works
    • Integration: LDAP, CAS, X.509, OpeID, etc.
    • Integration: JAAS
  • Authentication
    • The <http> Configuration
    • The <intercept-url> Constraint
    • The <form-login> Configuration
    • Login Form Design
    • "Remember Me"
    • Anonymous "Authentication"
    • Logout
    • The JDBC Authentication Provider
    • The Authentication/Authorization Schema
    • Using Hashed Passwords
    • Channel Security
    • Session Management
  • URL Authorization
    • URL Authorization Overview
    • Programmatic Authorization: Servlets
    • Programmatic Authorization: Spring Security
    • Role-Based Presentation
    • The Spring Security Tag Library
  • Under the Hood: Authentication
    • The Spring Security API
    • The Filter Chain
    • Authentication Manager and Providers
    • The Security Context
    • Plug-In Points
    • Implementing UserDetailsService
    • Connecting User Details to the Domain Model
  • Under the Hood: Authorization
    • Authorization Overview
    • FilterSecurityInterceptor and Friends
    • The AccessDecisionManager
    • Voting
    • Configuration Attributes
    • Access-Decision Strategies
    • Implementing AccessDecisionVoter
    • The Role Prefix
  • URL Authorization
    • Method Authorization
    • Using Spring AOP
    • XML vs. Annotations
    • Domain-Object Authorization
    • The ACL Schema
    • Interface Model
    • ACL-Based Presentation
  • Conclusion