Training
Catalog
Products
Contact Us
We teach what we know ... Software!
303.377.6176
Spring 3 Security Training

Course Description  
This fast-paced course introduces the Java web developer to the Spring Security framework. The first half of the course gives an overview and quickly moves into practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization. By the end of the course students will be able to use Spring security to implement authentication and role-based authorization policies for their own Java web applications (whether or not those applications use Spring themselves), and customize the behavior of Spring Security to their requirements. Note that, in this short time frame, the course does not give much background on general web-application security -- for example, pros and cons of HTTP BASIC, DIGEST, and form-based authentication strategies, or what a session-fixation attack actually is. Rather, it is focused on the Spring Security library and what we can do with it.

Course Length: 2 Days
Course Tuition: $690 (US)
Prerequisites
Java Programming Experience is essential.
Course Outline  

Chapter 0. The Spring Framework
Overview of Spring
The Core Module
Inversion of Control
XML and Java Views of the Container
Configuring JavaBeans
Dependency Injection
Web Application Contexts

Chapter 1. Spring Security
Acquiring and Integrating Spring Security
Relationship to Spring
Relationship to Java EE Standards
Basic Configuration
How It Works
Integration: LDAP, CAS, X.509, OpeID, etc.
Integration: JAAS

Chapter 2. Authentication
The Configuration
The Constraint
The Configuration
Login Form Design
"Remember Me"
Anonymous "Authentication"
Logout
The JDBC Authentication Provider
The Authentication/Authorization Schema
Using Hashed Passwords
Channel Security
Session Management
Chapter 3. URL Authorization
URL Authorization
Programmatic Authorization: Servlets
Programmatic Authorization: Spring Security
Role-Based Presentation
The Spring Security Tag Library

Chapter 4. Under the Hood: Authentication
The Spring Security API
The Filter Chain
Authentication Manager and Providers
The Security Context
Plug-In Points
Implementing UserDetailsService
Connecting User Details to the Domain Model

Chapter 5. Under the Hood: Authorization
Authorization
FilterSecurityInterceptor and Friends
The AccessDecisionManager
Voting
Configuration Attributes
Access-Decision Strategies
Implementing AccessDecisionVoter
The Role Prefix

Chapter 6. URL Authorization
Method Authorization
Using Spring AOP
XML vs. Annotations
Domain-Object Authorization
The ACL Schema
Interface Model
ACL-Based Presentation

Contact us for course schedules or more information.


Let's Have Fun

Training can be conducted in a number of different ways outside of a classroom setting. To that end, we offer some free on line tutorials which we will update extensively in the very near future. We also offer mentoring services to help design, integrate and develop large scale complicated systems.

Public Training Schedule

Java Training - June 11th - 15th

C/C++ Training - June 11th - 15th

Object Oriented C# Training - August 13th - 17th

See all public training classes & Register

public training registration
Some of the places where we have taught >>
  • New York City
  • Los Angeles, California
  • Chicago, Illinois
  • Houston, Texas
  • Philadelphia, Pennsylvania
  • Pittsburgh, Pennsylvania
  • Phoenix, Arizona
  • San Antonio, Texas
  • San Diego, California
  • Dallas, Texas
  • San Jose California
  • Buffalo, New York
  • Toronto, Canada
  • Montreal, Canada
  • Detroit, Michigan
  • Indianapolis, Indiana
  • Jacksonville, Florida
  • San Francisco, California
  • Columbus, Ohio
  • Austin, Texas
  • Memphis, Tennessee
  • Baltimore, Maryland
  • Fort Worth, Texas
  • Charlotte, North Carolina
  • El Paso, Texas
  • Milwaukee, Wisconsin
  • Seattle, Washington
  • Boston, Massachusetts
  • Denver, Colorado
  • Louisville, Kentucky
  • Washington DC
  • Nashville, Tennessee
  • Las Vegas, Nevada
  • Portland, Oregon
  • Oklahoma City, Oklahoma
  • Tucson, Arizona
  • Albuquerque, New Mexico
  • Long Beach, California
  • Atlanta, Georgia
  • Fresno, California
  • Sacramento, California
  • New Orleans, Louisiana
  • Cleveland, Ohio
  • Kansas City, Kansas
  • Boulder, Colorado
  • Virginia Beach, Virginia
  • Omaha, Nebraska
  • Oakland, California
  • Miami, Florida
  • Tulsa, Oklahoma
  • Honolulu, Hawaii
  • Minneapolis, Minnesota
  • Colorado Springs, Colorado
©2012 The Hartmann Software Group, Independence Plaza, B-180 1001 16th Street, Denver, Colorado 80265