Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Securing Web Services with Java EE 5
Overview

This advanced seminar will introduce Java developers to key technology for developing and deploying secure Web services. This course uses interactive discussions and hands-on exercise to illustrate XML signature and encryption standards, the WS-Security specification and token profiles, and the Security Assertions Markup Language (SAML). Using various case studies, each student will practice signing and encrypting XML message content, and configuring J2EE tools to support signature and encryption of SOAP messages under the Java API for XML-Based RPC (JAX-RPC).

The course emphasizes practical hands-on exercise, and approximately 50% of their classroom time solving specific security problems. The initial exercise will focus on XML signature and encryption work using local files, However, the bulk of the work is with running JAX-RPC web services: adding WS-Security headers, signing and encrypting message content, and passing SAML assertions among various parties to a messaging scenario.


Prerequisites

You should be familiar with the basics of the Java language and experience in developing Java Web services is assumed via either JAX-RPC or SAAJ. Additionally, experience with XML is encouraged

Class Format

Lecture and Lab

Audience

This course is designed for Java programmers who need to build secure applications. It has also proved helpful for system administrators and security officers who need a clear understanding of how security works within Java.

Learning Objectives

After completing this course, the student should be able to:

  • Learn the role of security with Web services
  • Illustrate HTTP protocols
  • Demonstrate basic HTTP security concepts and authentication schemes
  • Understand JAX-RPC support with HTTP security
  • Comparison of HTTP and HTTPS
  • Depict the role of encryption and hashing
  • Define the usage of XML signatures
  • Illustrate the JCA architecture
  • Demonstrate the architecture of X.509 Certificates
  • Depict the usage of Keystores and the KeyStore API
  • Understand basics of XML encryption
  • Define WS-Security specification and integration into JAX-RPC services
  • Demonstrate ability to prevent hacker attacks
  • Illustrate the role of SAML
  • Depict the SAML assertion schema and use of SAML tokens
Course Duration

4 Days

Course outline

Web Services Security
  • Overview
  • Threats and Attacks
  • Solution levels
  • Basic Security Patterns
HTTP Solutions
  • XML solutions
  • Basic encryption
  • Hashing concepts
  • Use of signatures
  • WS-Security
  • Role of SAML
Use of HTTPS
  • Authentication Schemes
    • Basic
    • Digest
    • Form
    • Certificate
  • Role of HTTPS
  • JAX-RPC Support
  • URL security
Using XML Signatures
  • Defining XML digital signatures
  • Java Cryptography Architecture
  • Use of Keystores
  • Using keytool
  • X.509 Certificates
    • Architecture
    • Types
    • Retrieval
    • Distribution
  • X.509 Certificate format
  • Revocation Lists
  • XML Digital Signature API

XML Encryption
  • Basics
  • Using encrypted keys
  • Using JCA Extensions
  • Encrypting and Decrypting XML
WS-Security
  • WS-Security specification
  • W3C relationship
  • Use of Security tokens
  • Role of Timestamps
  • WS-Security tools
  • JAX-RPC integration
Securing Web Services
  • Practical usages
  • Foiling attacks
  • Using Security policies

Security Assertion Markup Language (SAML)
  • Assertion schema
  • Use of Extensibility
  • Assertions and Subjects
  • Components
    • AuthenticationStatement
    • AttributeStatements
    • AuthorizationDecisionStatements
  • Actions
  • SAML Tokens
  • SAML Protocol
    • Request Types
    • Response Types
  • SAML Messaging
  • Standards

Java Authentication and Authorization services
  • Authentication and Authorization
  • JAAS Overview
  • LoginContext
  • Subjects, Principals, and PrivilegedActions
  • Authentication with the NTLoginModule
  • Defining Permissions in Policy Files
  • KeyStoreLoginModule
  • Callbacks
  • NameCallback and PasswordCallback
  • The Policy Class
Using Java EE Security
  • Authentication
  • Authorization
  • Security Layers
    • Features
    • Topology
    • Protocols
    • SSL
  • Application Server Management
  • LTPA
  • SSO
  • Identity Assertion
  • Declarative Security
    • Security Roles
    • Run-As Delegation
    • Securing resources
    • Creating Constraints
  • Authentication types
    • Form
    • Digital
    • Basic
    • Certificate
  • Trust Association
  • Custom Trust Assocation Interceptors

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved