Comprehensive Spring Security

13 Ratings

Course Number: SPRG-142

Duration: 4 days (26 hours)

Format: Live, hands-on

Spring Security Training Overview

Accelebrate’s Comprehensive Spring Security course teaches attendees how to secure their Spring applications. This class is current to version 3.2, which uses Spring Security extensions to implement SAML SSO and OAuth.

Location and Pricing

Accelebrate offers instructor-led enterprise training for groups of 3 or more online or at your site. Most Accelebrate classes can be flexibly scheduled for your group, including delivery in half-day segments across a week or set of weeks. To receive a customized proposal and price quote for private corporate training on-site or online, please contact us.

In addition, some courses are available as live, online classes for individuals. See a schedule of online courses.

Objectives

  • Configure Spring Security for HTTP BASIC authentication.
  • Implement form-based authentication.
  • Configure other authentication features including remember-me, anonymous users, and logout.
  • Apply authorization constraints to URLs and URL patterns.
  • Bind authorization roles to user accounts in relational databases.
  • Plug application-specific user realms into Spring Security by implementing UserDetailsService.
  • Implement application-specific authorization constraints as AccessDecisionVoters.
  • Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.
  • Express user identity in terms of SAML <Subject>s.
  • Implement SAML SSO from the service-provider side.
  • Apply OAuth 2.0 authorization-server and resource-server roles.
  • Implement an OAuth 2.0 client.

Prerequisites

All attendees must be experienced Java developers, have some experience with the Spring Framework, and have a basic knowledge of XML. Some servlets and/or JSP experience will be beneficial for purposes of understanding the impact of each security feature that we configure. There is no web application coding involved in the course.

Outline

Expand All | Collapse All

Introduction
Spring Security
  • Acquiring and Integrating Spring Security
  • Relationship to Spring
  • Relationship to Java EE Standards
  • Basic Configuration
  • How It Works
  • Integration: LDAP, CAS, X.509, OpenID, etc.
  • Integration: JAAS
Authentication
  • The <http> Configuration
  • The <intercept-url> Constraint
  • The <form-login> Configuration
  • Login Form Design
  • "Remember Me"
  • Anonymous "Authentication"
  • Logout
  • The JDBC Authentication Provider
  • The Authentication/Authorization Schema
  • Using Hashed Passwords
  • Why Hashing Isn't Enough
  • Using Salts
  • PasswordEncoder and SaltSource
  • Key Lengthening
  • Channel Security
  • Session Management
URL Authorization
  • URL Authorization
  • Programmatic Authorization: Servlets
  • Programmatic Authorization: Spring Security
  • Role-Based Presentation
  • The Spring Security Tag Library
Under the Hood: Authentication
  • The Spring Security API
  • The Filter Chain
  • Authentication Manager and Providers
  • The Security Context
  • Plug-In Points
  • Implementing UserDetailsService
  • Connecting User Details to the Domain Model
Under the Hood: Authorization
  • Authorization
  • FilterSecurityInterceptor and Friends
  • The AccessDecisionManager
  • Voting
  • Configuration Attributes
  • Access-Decision Strategies
  • Implementing AccessDecisionVoter
  • The Role Prefix
Method and Instance Authorization
  • Method Authorization
  • Using Spring AOP
  • XML vs. Annotations
  • @PreAuthorize and @PostAuthorize
  • Spring EL for Authorization
  • @PreFilter and @PostFilter
  • Domain-Object Authorization
  • The ACL Schema
  • Interface Model
  • ACL-Based Presentation
Introduction to SAML
  • History of SAML
  • Assertions
  • Protocol
  • Bindings
  • Profiles
  • Using OpenSAML
SAML Assertions and Protocol
  • "Vouching for" a User
  • Assertions and Subjects
  • NameID Types
  • Authentication Contexts
  • Requests, Queries, and Responses
  • Attribute Queries
  • SAML and XML Signature
SAML Bindings
  • Speaking "Through" the Browser
  • The SOAP Binding
  • SAML Over HTTP
  • The Redirect, POST, and Artifact Bindings
  • The PAOS Binding
  • The URI Binding
Federated Identity and SSO
  • SAML 2.0 Federations
  • Single Sign-On
  • Account Linking and Persistent Pseudonyms
  • Transient Pseudonyms
  • Name ID Mapping
  • Single Logout
  • Federation Termination
The Spring Security SAML Extension
  • The Spring Security SAML Extension
  • The SAML Entry Point
  • The SAML Filter Chain
  • The SSO Processing Filters
  • IdP Discovery
  • Login and Logout Handlers
  • Configuring OpenAM
  • Configuring an SP
  • Customization
  • Combining SSO and Other Authentication Styles
  • Authorization and Attributes
OAuth for Spring Security
  • Third-Party Authorization
  • OAuth
  • Roles and Initial Flow
  • Grant Types
  • Access Tokens
  • The Google OAuth API
  • OAuth for Spring Security
  • Client-Details Services
  • Token Services
  • The AuthorizationEndpoint
  • The TokenEndpoint
  • The UserApprovalHandler
  • The Resource-Server Filter
  • The ScopeVoter
  • The OAuth-Aware RestTemplate
  • AccessTokenProviders
  • The OAuth Redirecting Filter
Conclusion

Training Materials:

All attendees receive comprehensive courseware covering all topics in the course.

Software Requirements:

  • JDK 8 or later
  • Spring Tool Suite, Eclipse for Java EE Developers, or another IDE of your choice
  • Tomcat 7 or later (or another servlet container, upon request)
  • Other free software - please contact us if you have purchased this class.


Learn faster

Our live, instructor-led lectures are far more effective than pre-recorded classes

Satisfaction guarantee

If your team is not 100% satisfied with your training, we do what's necessary to make it right

Learn online from anywhere

Whether you are at home or in the office, we make learning interactive and engaging

Multiple Payment Options

We accept check, ACH/EFT, major credit cards, and most purchase orders



Recent Training Locations

Alabama

Birmingham

Huntsville

Montgomery

Alaska

Anchorage

Arizona

Phoenix

Tucson

Arkansas

Fayetteville

Little Rock

California

Los Angeles

Oakland

Orange County

Sacramento

San Diego

San Francisco

San Jose

Colorado

Boulder

Colorado Springs

Denver

Connecticut

Hartford

DC

Washington

Florida

Fort Lauderdale

Jacksonville

Miami

Orlando

Tampa

Georgia

Atlanta

Augusta

Savannah

Hawaii

Honolulu

Idaho

Boise

Illinois

Chicago

Indiana

Indianapolis

Iowa

Cedar Rapids

Des Moines

Kansas

Wichita

Kentucky

Lexington

Louisville

Louisiana

New Orleans

Maine

Portland

Maryland

Annapolis

Baltimore

Frederick

Hagerstown

Massachusetts

Boston

Cambridge

Springfield

Michigan

Ann Arbor

Detroit

Grand Rapids

Minnesota

Minneapolis

Saint Paul

Mississippi

Jackson

Missouri

Kansas City

St. Louis

Nebraska

Lincoln

Omaha

Nevada

Las Vegas

Reno

New Jersey

Princeton

New Mexico

Albuquerque

New York

Albany

Buffalo

New York City

White Plains

North Carolina

Charlotte

Durham

Raleigh

Ohio

Akron

Canton

Cincinnati

Cleveland

Columbus

Dayton

Oklahoma

Oklahoma City

Tulsa

Oregon

Portland

Pennsylvania

Philadelphia

Pittsburgh

Rhode Island

Providence

South Carolina

Charleston

Columbia

Greenville

Tennessee

Knoxville

Memphis

Nashville

Texas

Austin

Dallas

El Paso

Houston

San Antonio

Utah

Salt Lake City

Virginia

Alexandria

Arlington

Norfolk

Richmond

Washington

Seattle

Tacoma

West Virginia

Charleston

Wisconsin

Madison

Milwaukee

Alberta

Calgary

Edmonton

British Columbia

Vancouver

Manitoba

Winnipeg

Nova Scotia

Halifax

Ontario

Ottawa

Toronto

Quebec

Montreal

Puerto Rico

San Juan


© 2013-2021 Accelebrate, Inc. All rights reserved. All trademarks are owned by their respective owners.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.