
|
The Developing Secure Java Web Services workshop provides business component and client developers with the information they need to design, implement, deploy, and maintain secure web services and web service clients using Java technology components and the Java Platform, Enterprise Edition 5 (Java EE 5 platform). Students learn about the need to secure web services and the challenges associated with web services security. Students also learn about prominent industry standards and initiatives developed to provide comprehensive security solutions for web services. In addition, students learn how to secure web services by using application-layer security, transport-layer security, and message-layer security. This comprehensive course also covers identity management concepts, drivers behind identity management solutions, and Sun Java System Access Manager functions. Students also learn how to secure web services by using the web services security providers in Sun Java System Access Manager 7.1. Students perform the course lab exercises by using the NetBeans Integrated Development Environment (IDE) 6.1, Metro 1.2, Sun Java System Access Manager 7.1, and GlassFish v2.
Languages
English
Back to top
Who Can Benefit
Students who can benefit from this course are business component and client application developers, system integrators, IT architects, and other technical personnel who are creating web services and are interested in implementing standard security mechanisms in their web service applications. In addition, Java EE 5 software developers planning on implementing and securing web services can also benefit from this course. Students who can benefit from this course are interested in implementing Service Oriented Architecture (SOA) in their enterprise.
Back to top
Prerequisites
To succeed fully in this course, students should be able to:
- Demonstrate some knowledge of the declarative programming concepts used in the Java EE technology and be able to create simple Java EE applications
- Create a Java web service
- Demonstrate proficiency with XML and interpret XML documents
- Display experience with the Java programming language and distributed programming (multi-tier architecture)
Back to top
Skills Gained
Upon completion of this course, students should be able to:
- Identify the need to secure web services
- List and explain the primary elements and concepts of application security
- Outline the factors that must be considered when designing a web service security solution
- Describe the issues and concerns related to securing web service interactions
- Analyze the security requirements of web services
- Identify the security challenges and threats in a web service application
- Evaluate the tools and technologies available for securing a Java web service
- Secure web services by using application-layer security, transport-layer security, and message-layer security
- Describe the concept of identity and the drivers behind identity management solutions
- Explain the role of Sun Java System Access Manager in securing web services
- Secure web services by using WS-I BSP token profiles
- Secure web services by using Liberty token profiles
Back to top
Topics
Back to top
Related Courses
Before:
Back to top
Course Content
Module 1 - Encapsulating the Basics of Security
- Summarize the characteristics of web services and analyze the impact on application security
- Examine how the data exposed by a web service can impact its security requirements
- Describe the security principles of web architecture
- Describe the characteristics of application security
- Describe the technologies used to implement application security
- Identify the security issues in a web service model
- Evaluate the security requirements of web services
Lab 1 - Exploring the Auction Application
- Start the Application Server database
- Deploy the credit card web service
- Deploy the auction application
- Explore the auction application
- Run the auction application
Module 2 - Examining Web Services Security Threats and Countermeasures
- Identify the security requirements of web services
- List the features that are typically provided by a properly implemented security mechanism
- List the security principles for web services
- Identify the security challenges and threats in a web service application
- Identify the technologies to address the security challenges in a web service application
- Explain the need for a web services security model
- Describe the primary mechanisms to secure web services
Lab 2 - Examining Security Threats and Countermeasures
- Evaluate the security needs of the auction application
- Identify security solutions for the auction application
- Evaluate security in the auction application
Module 3 - Overview of Web Services Security Solutions
- Explain the web service framework
- Explain the need to establish standards for web services security
- Describe the various web services security solutions
- Describe Project Metro
- Define Web Services Interoperability Technology (WSIT)
- Describe the Metro security specifications
Lab 3 - Designing Security for Web Services Applications
- Analyze web services security needs
Module 4 - Securing Java Web Services Using Application-Layer and Transport-Layer Security
- Identify the various methods to implement security in Java Platform, Enterprise Edition (Java EE platform) applications
- Describe how to use Secure Sockets Layer (SSL) to secure a Java EE 5 web service application
- Outline the security mechanisms used by Java EE 5 web-tier applications
- State the functions of the Java EE 5 authentication service
- Describe how to secure web services by using application-layer security and transport-layer security
Lab 4 - Implementing Application-Layer and Transport-Layer Security
- Implement basic authentication for a web service
- Implement transport-layer security for a web service
Module 5 - Securing Java Web Services Using Message-Layer Security
- Explain message-layer security and its advantages
- Explain the WS-Policy specification
- Describe how to attach policy assertions to a Web Services Description Language (WSDL) file
- Describe the web services security technology in Metro
- Explain the security specifications implemented by Metro
- Describe how to configure web services security by using Metro
- Describe how to configure web services security by using the NetBeans Metro plug-in
- Explain how GlassFish offers integrated support for the web services security standards
- Describe how to configure GlassFish for message security
- Describe how to enable application-specific web services security by using GlassFish
- Describe how to enable message security in a client application by using GlassFish
Lab 5 - Implementing Message-Layer Security
- Secure an interoperable web service using Metro 1.2
- Secure a web service using Secure Token service (STS)
- Secure web services using the message security providers available in GlassFish
Module 6 - Relating Web Services Security and Identity Management
- Define the concept of identity and identity management
- Describe the need for identity management
- Describe the business drivers for identity management
- Identify the technologies behind an identity management solution
- Describe the capabilities of Sun Java System Access Manager 7.1
- Describe the components and features of Sun Java System Access Manager 7.1
- Describe identity management support in NetBeans IDE
- Describe how to install Sun Java System Access Manager 7.1
Lab 6 - Installing and Configuring Access Manager
- Install and configure Access Manager 7.1 Patch 1
Module 7 - Securing Web Services Using WS-I BSP Token Profiles
- Explain the Security Assertion Markup Language (SAML)
- Demonstrate SSO system flow by using SAML tokens
- Describe how to configure SAML support on Access Manager
- Describe how to enable SAML-based authentication to secure a web service client and a web service provider by using Access Manager
- Describe how to secure web services by using WS-I BSP tokens
Lab 7 - Securing Web Services Using WS-I BSP Token Profiles
- Secure web services using the WS-I BSP SAML-HolderOfKey security mechanism
- Secure web services using the WS-I BSP UserNameToken security mechanism
- Secure web services using the WS-I BSP X509Token security mechanism
Module 8 - Securing Web Services Using Liberty Token Profiles
- Describe the network identity implementation
- Describe the Liberty Alliance project and the Liberty specification
- List and explain the web services security providers in Sun Java System Access Manager 7.1
- Describe federated identity
- Explain Liberty web services and Liberty process flow
- Describe how to secure web services by using Liberty tokens
Lab 8 - Securing Web Services Using Liberty Tokens
- Secure web services using the LibertyBearerToken security mechanism
- Secure web services using the LibertySAMLToken security mechanism
- Secure web services using the LibertyX509Token security mechanism
Back to top
Browse Other Course Topic Areas
|
Get the Training News
Check out the Learning Link for new and featured courses, offers and training news.
Put Your Goals Within Reach
Get the Sun Training Guide and take your technical skills to the next level.
|