Your privacy matters: This site uses cookies to analyze site usage and provide social media features. Learn More.

Comprehensive Spring Security

SPRG-142 (4 Days)
4.46 out of 5 (13 reviews)  

Request Pricing

Spring Security Training Overview

Accelebrate’s Comprehensive Spring Security course teaches attendees how to secure their Spring applications. This class is current to version 3.2, which uses Spring Security extensions to implement SAML SSO and OAuth.

Location and Pricing

Most Accelebrate courses are delivered as private, customized, on-site training at our clients' locations worldwide for groups of 3 or more attendees and are custom tailored to their specific needs. Please visit our client list to see organizations for whom we have delivered private in-house training. These courses can also be delivered as live, private online classes for groups that are geographically dispersed or wish to save on the instructor's or students' travel expenses. To receive a customized proposal and price quote for private training at your site or online, please contact us.

Spring Security Training Objectives

All students will:

  • Configure Spring Security for HTTP BASIC authentication.
  • Implement form-based authentication.
  • Configure other authentication features including remember-me, anonymous users, and logout.
  • Apply authorization constraints to URLs and URL patterns.
  • Bind authorization roles to user accounts in relational databases.
  • Plug application-specific user realms into Spring Security by implementing UserDetailsService.
  • Implement application-specific authorization constraints as AccessDecisionVoters.
  • Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.
  • Express user identity in terms of SAML <Subject>s.
  • Implement SAML SSO from the service-provider side.
  • Apply OAuth 2.0 authorization-server and resource-server roles.
  • Implement an OAuth 2.0 client.

Spring Security Training Outline

Expand All | Collapse All | Printer-Friendly

Introduction
Spring Security
Acquiring and Integrating Spring Security
Relationship to Spring
Relationship to Java EE Standards
Basic Configuration
How It Works
Integration: LDAP, CAS, X.509, OpenID, etc.
Integration: JAAS
Authentication
The <http> Configuration
The <intercept-url> Constraint
The <form-login> Configuration
Login Form Design
"Remember Me"
Anonymous "Authentication"
Logout
The JDBC Authentication Provider
The Authentication/Authorization Schema
Using Hashed Passwords
Why Hashing Isn't Enough
Using Salts
PasswordEncoder and SaltSource
Key Lengthening
Channel Security
Session Management
URL Authorization
URL Authorization
Programmatic Authorization: Servlets
Programmatic Authorization: Spring Security
Role-Based Presentation
The Spring Security Tag Library
Under the Hood: Authentication
The Spring Security API
The Filter Chain
Authentication Manager and Providers
The Security Context
Plug-In Points
Implementing UserDetailsService
Connecting User Details to the Domain Model
Under the Hood: Authorization
Authorization
FilterSecurityInterceptor and Friends
The AccessDecisionManager
Voting
Configuration Attributes
Access-Decision Strategies
Implementing AccessDecisionVoter
The Role Prefix
Method and Instance Authorization
Method Authorization
Using Spring AOP
XML vs. Annotations
@PreAuthorize and @PostAuthorize
Spring EL for Authorization
@PreFilter and @PostFilter
Domain-Object Authorization
The ACL Schema
Interface Model
ACL-Based Presentation
Introduction to SAML
History of SAML
Assertions
Protocol
Bindings
Profiles
Using OpenSAML
SAML Assertions and Protocol
"Vouching for" a User
Assertions and Subjects
NameID Types
Authentication Contexts
Requests, Queries, and Responses
Attribute Queries
SAML and XML Signature
SAML Bindings
Speaking "Through" the Browser
The SOAP Binding
SAML Over HTTP
The Redirect, POST, and Artifact Bindings
The PAOS Binding
The URI Binding
Federated Identity and SSO
SAML 2.0 Federations
Single Sign-On
Account Linking and Persistent Pseudonyms
Transient Pseudonyms
Name ID Mapping
Single Logout
Federation Termination
The Spring Security SAML Extension
The Spring Security SAML Extension
The SAML Entry Point
The SAML Filter Chain
The SSO Processing Filters
IdP Discovery
Login and Logout Handlers
Configuring OpenAM
Configuring an SP
Customization
Combining SSO and Other Authentication Styles
Authorization and Attributes
OAuth for Spring Security
Third-Party Authorization
OAuth
Roles and Initial Flow
Grant Types
Access Tokens
The Google OAuth API
OAuth for Spring Security
Client-Details Services
Token Services
The AuthorizationEndpoint
The TokenEndpoint
The UserApprovalHandler
The Resource-Server Filter
The ScopeVoter
The OAuth-Aware RestTemplate
AccessTokenProviders
The OAuth Redirecting Filter
Conclusion
Request Pricing

Lecture percentage

40%

Lecture/Demo

Lab percentage

60%

Lab

Course Number:

SPRG-142

Duration:

4 Days

Prerequisites:

All attendees must be experienced Java developers, have some experience with the Spring Framework, and have a basic knowledge of XML. Some servlets and/or JSP experience will be beneficial for purposes of understanding the impact of each security feature that we configure. There is no web application coding involved in the course.

Training Materials:

All attendees receive comprehensive courseware covering all topics in the course.

Software Requirements:

  • JDK 7 or later
  • Spring Tool Suite, Eclipse for Java EE Developers, or another IDE of your choice
  • Tomcat 7 or later (or another servlet container, upon request)
  • Other free software - please contact us if you have purchased this class.

Contact Us:

Accelebrate’s training classes are available for private groups of 3 or more people at your site or online anywhere worldwide.

Don't settle for a "one size fits all" public class! Have Accelebrate deliver exactly the training you want, privately at your site or online, for less than the cost of a public class.

For pricing and to learn more, please contact us.

Contact Us

Toll-free in US/Canada:
877 849 1850
International:
+1 678 648 3113

Toll-free in US/Canada:
866 566 1228
International:
+1 404 420 2491

925B Peachtree Street, NE
PMB 378
Atlanta, GA 30309-3918
USA

Subscribe to our Newsletter:

Never miss the latest news and information from Accelebrate:

Microsoft Partner

Please see our complete list of
Microsoft Official Courses

Recent Training Locations

Alabama

Huntsville

Montgomery

Birmingham

Alaska

Anchorage

Arizona

Phoenix

Tucson

Arkansas

Fayetteville

Little Rock

California

San Francisco

Oakland

San Jose

Orange County

Los Angeles

Sacramento

San Diego

Colorado

Denver

Boulder

Colorado Springs

Connecticut

Hartford

DC

Washington

Florida

Fort Lauderdale

Miami

Jacksonville

Orlando

Saint Petersburg

Tampa

Georgia

Atlanta

Augusta

Savannah

Idaho

Boise

Illinois

Chicago

Indiana

Indianapolis

Iowa

Ceder Rapids

Des Moines

Kansas

Wichita

Kentucky

Lexington

Louisville

Louisiana

Banton Rouge

New Orleans

Maine

Portland

Maryland

Annapolis

Baltimore

Hagerstown

Frederick

Massachusetts

Springfield

Boston

Cambridge

Michigan

Ann Arbor

Detroit

Grand Rapids

Minnesota

Saint Paul

Minneapolis

Mississippi

Jackson

Missouri

Kansas City

St. Louis

Nebraska

Lincoln

Omaha

Nevada

Reno

Las Vegas

New Jersey

Princeton

New Mexico

Albuquerque

New York

Buffalo

Albany

White Plains

New York City

North Carolina

Charlotte

Durham

Raleigh

Ohio

Canton

Akron

Cincinnati

Cleveland

Columbus

Dayton

Oklahoma

Tulsa

Oklahoma City

Oregon

Portland

Pennsylvania

Pittsburgh

Philadelphia

Rhode Island

Providence

South Carolina

Columbia

Charleston

Spartanburg

Greenville

Tennessee

Memphis

Nashville

Knoxville

Texas

Dallas

El Paso

Houston

San Antonio

Austin

Utah

Salt Lake City

Virginia

Richmond

Alexandria

Arlington

Washington

Tacoma

Seattle

West Virginia

Charleston

Wisconsin

Madison

Milwaukee

Alberta

Edmonton

Calgary

British Columbia

Vancouver

Nova Scotia

Halifax

Ontario

Ottawa

Toronto

Quebec

Montreal

Puerto Rico

San Juan

© 2013-2019 Accelebrate, Inc. All Rights Reserved. All trademarks are owned by their respective owners.