Web Services Security Considerations in Java
Course: WSSEC
Duration: 1 Day
Level: II
On our website at:
http://www.verhoef-training.com/courses/WSSEC.html
Course Summary
This course teaches experienced Java Web Service programmers how to secure web services using Java. Using tools such as RAD and WebSphere Application Server, the student will learn how to use Digit Signatures, Encryption, and Security tokens. Best practices will bediscussed along with third party frameworks like Rampart.
Topics Covered In This Course
Overview
Typical scenario for WS-Security
- Authentication
- Integrity and confidentiality
Establishing a security context
Features of WS-Security in Application Server
- Supported specifications
- Unsupported specifications
Extensions in WebSphere Application Server
Architecture and deployment model
- High-level architecture
- Configuration structure
Development of WS-Security
- RAD Step-by-Step for digital signatures, encryption, and security tokens.
- How to define WS-Security configuration
- Generating sample key stores
- Authentication
- Integrity
- Confidentiality
- Adding a security timestamp
Testing on WebSphere Application Server
- Enabling security on the server
- Enabling the TCP/IP Monitor
- Testing the application with WS-Security
- Debugging and tracing
- Typical errors
Generating WS-Security Sample Configurations
- Running the Web Service wizard with security
- Scenario to generate and modify security definitions
- Modifying generated definitions to use own key stores
- Adding authentication and timestamp
Configuring WS-Security on an Application Server
- Modifying binding configurations
- Adding a custom JAAS configuration
- Configuring certificate caching
What You Can Expect
At the end of the course, students will be able to:
- Understand Web Service security options.
- Design and implement secure web services.
- Use RAD to create digital signatures, encrypt messages and add security tokens.
- Configure WebSphere Application to develop, test and deploy secure web services.
- Troubleshoot security problems.
Who Should Take This Course
This course is designed for experienced Java Web Service programmers.
Recommended Prerequisites
One or more years in developing Java Web Services.
Training Style
Lecture (50%) / Workshop (50%)
Related Courses
Code |
Course Title |
Duration |
Level |
|
JWSEC |
Java Web Security |
4 Days |
II |
Details |
Every student attending a Verhoef Training class will receive
a certificate good for $100 toward their next public class taken
within a year.
You can also buy "Verhoef Vouchers" to get a discounted rate for a
single student in any of our public or web-based classes.
Contact your account manager or our sales office for details.