Duration: 2 days
This in-depth course introduces the Java web developer to the Spring Security framework. We start with an overview and practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization.
We then explore two increasingly popular extensions to Spring Security. We consider the Security Assertions Markup Language, or SAML, and the wide range of identity and security features it offers -- but quickly focus on it's support for single sign-on (SSO), and learn how the Spring Security SAML Extension enables applications to interact with SAML identity providers to implement SSO and single logout. And we look at OAuth for Spring Security, which enables third-party authorization scenarios, and learn how to implement both the server and client sides of the OAuth 2.0 flow.
• Configure Spring Security for HTTP BASIC authentication.
• Implement form-based authentication.
• Configure other authentication features including remember-me, anonymous users, and logout.
• Apply authorization constraints to URLs and URL patterns.
• Bind authorization roles to user accounts in relational databases.
• Plug application-specific user realms into Spring Security by implementing UserDetailsService.
• Implement application-specific authorization constraints as AccessDecisionVoters.
• Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.
• Express user identity in terms of SAML <Subject>s.
• Implement SAML SSO from the service-provider side.
• Implement OAuth 2.0 authorization-server and resource-server roles.
• Implement an OAuth 2.0 client.
Method of Delivery
• Onsite/Live class instructions or Online web conference
• Open discussion
• Case studies