Security in Java applications with Spring Security

Learn of authentication and authorization


If you have a web application in Java, you undoubtedly have to know how to secure it, and Spring Security offers you one of the best options to do so.

Nowadays we have a set of options to apply security, it owns, provided by an application server, and Spring Security that is a framework that focuses on providing authentication and authorization to Java applications;And like all Spring projects, true power is in the ease of using the components provided to implement safety schemes.

In short, Spring Security will help you have a comprehensive safety support, protect against session, clickjacking, Cross Site Request Forgery, among others, integrate it very quickly to a conventional or better web application to a web application with SpringMVC.

· Who is it directed:

This training is widely recommended for:

  • Developers wishing to implement security in web applications with Java
  • You want to implement authentication with a LDAP directory
  • You want to implement the authorization of resources in calls to methods or segments of a view
  • Encrypt communication and put authorization based on N factors

· Pre-requirements:


  • Know the elements of web applications with Java: Servlets, Filters, etc.
  • Know the use of Spring, IOC and DI
  • Having handled some taglib in conjunction with JSP
  • Know about AOP
  • SEPA handle data access with JDBC
  • Management of LDAP directories
  • Know the use of SSL certificates
  • SEPA Handle data access with Hibernate
  • Essential knowledge of the use of CAS

· Training content:

  • Security in Web applications with SpringSecurity
    • Authentication and authorization
    • What is Spring Security?
    • Assurance of the application
  • Implementation of security mechanisms
    • Servlet Filter.
    • Basic authentication
    • User authentication
    • Handling of bad authentications
  • Specialized use of SpringSecurity elements
    • Use of LDAP directories
    • Assurance of invocations of methods
    • Security management in Views
    • Spel for access settings
    • Administration of the session and concurrent users
    • UserDetails and UserDetailService
    • Transmission assurance with SSL
    • Authentication with X509 (certified client)
    • Using Cas Authentication Provider