If you have a web application in Java, you undoubtedly have to know how to secure it, and Spring Security offers you one of the best options to do so.
Nowadays we have a set of options to apply security, it owns, provided by an application server, and Spring Security that is a framework that focuses on providing authentication and authorization to Java applications;And like all Spring projects, true power is in the ease of using the components provided to implement safety schemes.
In short, Spring Security will help you have a comprehensive safety support, protect against session, clickjacking, Cross Site Request Forgery, among others, integrate it very quickly to a conventional or better web application to a web application with SpringMVC.
· Who is it directed:
This training is widely recommended for:
- Developers wishing to implement security in web applications with Java
- You want to implement authentication with a LDAP directory
- You want to implement the authorization of resources in calls to methods or segments of a view
- Encrypt communication and put authorization based on N factors
· Pre-requirements:
Needed:
- Know the elements of web applications with Java: Servlets, Filters, etc.
- Know the use of Spring, IOC and DI
- Having handled some taglib in conjunction with JSP
- Know about AOP
- SEPA handle data access with JDBC
Recommended:
- Management of LDAP directories
- Know the use of SSL certificates
- SEPA Handle data access with Hibernate
- Essential knowledge of the use of CAS
· Training content:
- Security in Web applications with SpringSecurity
- Authentication and authorization
- What is Spring Security?
- Assurance of the application
- Implementation of security mechanisms
- Servlet Filter.
- Basic authentication
- User authentication
- Handling of bad authentications
- Specialized use of SpringSecurity elements
- Use of LDAP directories
- Assurance of invocations of methods
- Security management in Views
- Spel for access settings
- Administration of the session and concurrent users
- UserDetails and UserDetailService
- Transmission assurance with SSL
- Authentication with X509 (certified client)
- Using Cas Authentication Provider