Spring 3 Security

Course:  SPRSEC
Duration:  3 Days
Level:  II
Course Summary

This course introduces the Java web developer to the Spring Security framework. It includes AOP, transaction processing plus security usage: XML configuration for authentication and URL-based authorization. Advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization are included. Students will learn to use Spring security to implement authentication and role-based authorization policies for their Java web applications (whether or not those applications use Spring themselves), and how to customize the behavior of Spring Security to their requirements. The course will give some background on general web-application security -- for example, pros and cons of HTTP BASIC, DIGEST, and form-based authentication strategies, or what a session-fixation attack actually is.

« Hide The Details
Topics Covered In This Course

The Spring Framework

  • Overview of Spring
  • The Core Module
  • Inversion of Control
  • XML and Java Views of the Container
  • Configuring JavaBeans
  • Dependency Injection
  • Web Application Contexts
  • Aspect-Oriented Programming (AOP)
  • Spring Transactions

Spring Security

  • Typical security used on the web
  • Acquiring and Integrating Spring Security
  • Relationship to Spring
  • Relationship to Java EE Standards
  • Basic Configuration
  • Integration: LDAP, CAS, X.509
  • Integration: JAAS


  • The Configuration
  • The Constraint
  • The Configuration
  • Login Form Design
  • Anonymous "Authentication"
  • Logout
  • The JDBC Authentication Provider
  • The Authentication/Authorization Schema
  • Using Hashed Passwords
  • Channel Security
  • Session Management

URL Authorization

  • URL Authorization
  • Programmatic Authorization: Servlets
  • Programmatic Authorization: Spring Security
  • Role-Based Presentation
  • The Spring Security Tag Library

Authentication Internals

  • The Spring Security API
  • The Filter Chain
  • Authentication Manager and Providers
  • The Security Context
  • Plug-In Points
  • Implementing UserDetailsService
  • Connecting User Details to the Domain Model

Authorization Internals

  • Authorization
  • FilterSecurityInterceptor
  • The AccessDecisionManager
  • Voting
  • Configuration Attributes
  • Access-Decision Strategies
  • Implementing AccessDecisionVoter
  • The Role Prefix

URL Authorization

  • Method Authorization
  • Using Spring AOP
  • XML vs. Annotations
  • Domain-Object Authorization
  • The ACL Schema
  • Interface Model
  • ACL-Based Presentation
What You Can Expect

At the end of this course, students will be able to:

  • Apply Spring Security
  • Use Aspect Oriented Programming
  • Understand Web and Spring Security options
  • Describe Authentication
  • Use Spring Authorization in Servlets
  • Work with URL Authorization
  • Use XML and Annotations configuration
Recommended Prerequisites

Java Programming Experience is essential.

Training Style

 Instructor led with 50% lecture and 50% lab.

« Hide The Details
Related Courses
Code Course Title Duration Level
Spring Framework Part 1 - Fundamentals, Injection, AOP, Beginning MVC
5 Days
Spring and Hibernate Development
5 Days
Spring Framework Part 2 - More MVC, Webflow, Web Services, Security, ROO
5 Days
Spring Framework Part 4 - Spring Data with JPA, Hadoop, MongoDB, and More
5 Days

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.
Notify me the next time this course is confirmed!
Can't find the course you want?
Call us at 800.533.3893, or
email us at [email protected]