THE HARTMANN SOFTWARE GROUP - SECURING JAVA WEB SERVICES TRAINING

Toll Free: 800-735-7418
Local: 303-377-9333
info@hartmannsoftware.com

SECURING JAVA WEB SERVICES

Course Description

This advanced course introduces Java developers to key technology for developing secure Web services. Specifically, we focus on XML signature and encryption standards, the WS-Security specification and token profiles, and the Security Assertions Markup Language (SAML). Students practice signing and encrypting XML message content, and configuring J2EE tools to support signature and encryption of SOAP messages under the Java API for XML-Based RPC (JAX-RPC).

The course emphasizes hands-on exercise, and students will spend roughly half of their classroom time solving specific security problems. Some early labs on XML signature and encryption work to local files; but the bulk of the work is with running JAX-RPC web services: adding WS-Security headers, signing and encrypting message content, and passing SAML assertions among various parties to a messaging scenario.

Although for practical purposes this course relies on a specific platform — Java and J2EE — much of the course content teaches interoperable specifications and would be equally useful to developers working on other Web-service-capable platforms such as .NET.

Course Length: 4 Days
Course Tuition: $1390 (US)

Prerequisites
A Solid Java programming experience is essential. Experience developing Java Web services is assumed - either via SAAJ or JAX-RPC. Students are expected to be able to read and write XML fluently, and have some familiarity with XML Schema.

Course Outline

• Web-Service Security
Security for Web Services
Threats
Technology and Techniques
Solution Levels

• HTTP Solutions
The World-Wide Web Consortium
XML Solutions
Encryption
Hashing
Signature
OASIS
Web-Services Solutions
Technology Stacks: WS-Federation and Liberty Alliance
WS-Security
SAML

• HTTP Security
HTTP Authentication Schemes
HTTP BASIC
HTTP DIGEST
Securing Web-Service URLs
HTTPS
JAX-RPC Support
Axis Support

• XML Signature
XML Digital Signature
Canonical XML
Enveloped, Enveloping, and Detached Signatures
SignedInfo and References
The Java Cryptography Architecture
Keystores
keytool
X.509 Certificates
The KeyStore API
Java XML Digital Signature API
Steps to Sign and Verify XML Content
JAX-RPC Message Handlers
Foiling the Man in the Middle

• XML Encryption
XML Encryption
EncryptedData
Element vs. Content Encryption
Encrypted Keys
The Java Cryptography Extensions
Apache XML Security
Steps to Encrypt and Decrypt XML Content

• WS-Security
The WS-Security Specifications
Relationship to W3C Specifications
Security Tokens
Timestamps
Tools for WS-Security
Integrating into JAX-RPC Services and Clients

• Securing Web Services
Practical Use of WS-Security
Foiling Replay Attacks
Dynamic Security Policies

• The Security Assertions Markup Language
History of SAML
Goals and Non-Goals
Authorities
Assertions
Protocol

• SAML Assertions
The Assertions Schema
Extensibility
Assertions and Subjects
NameIdentifiers and SubjectConfirmations
AuthenticationStatements
AttributeStatements
AuthorizationDecisionStatements
Actions and Evidence
SAML Tokens
OpenSAML
Signing SAML Assertions
SAML Protocol
SAML Messaging
The SAML Protocol Schema
Request Types
Response Types
Status and StatusCode
AuthenticationQuery
AttributeQuery
AuthorizationDecisionQuery
SAML as the Substance
Appendix A. Learning Resources
Appendix B. XML Namespaces for Security Standards

Contact us for course schedules or more information.

Registration and Pricing

The Virtual Classroom

Mentoring Services

Fresh Off The Press MySQL Admin/Dev
Sharepoint for Developers
Advanced XML
Securing Java Web Services
Exploring Design Patterns
Fast Track to Java EE
Ajax using C# (VS 2008) Oracle 11G New Features Complete LINQ