Developing Secure Java Web Services (DWS-4120-EE5)

Languages

Back to top

Who Can Benefit

Back to top

Prerequisites

• Demonstrate some knowledge of the declarative programming concepts used in the Java EE technology and be able to create simple Java EE applications
• Create a Java web service
• Demonstrate proficiency with XML and interpret XML documents
• Display experience with the Java programming language and distributed programming (multi-tier architecture)

Back to top

Skills Gained

• Identify the need to secure web services
• List and explain the primary elements and concepts of application security
• Outline the factors that must be considered when designing a web service security solution
• Describe the issues and concerns related to securing web service interactions
• Analyze the security requirements of web services
• Identify the security challenges and threats in a web service application
• Evaluate the tools and technologies available for securing a Java web service
• Secure web services by using application-layer security, transport-layer security, and message-layer security
• Describe the concept of identity and the drivers behind identity management solutions
• Explain the role of Sun Java System Access Manager in securing web services
• Secure web services by using WS-I BSP token profiles
• Secure web services by using Liberty token profiles

Back to top

Topics

Back to top

Related Courses

Before:

• Developing Applications for the Java EE Platform (FJ-310-EE5)
• Web Services Enabling Technologies (WJO-1118) (Optional)
• Overview of XML (WJO-1115)
• Creating Web Services Using Java Technology (DWS-3111-EE5)
• Designing Java Web Services (DWS-4112-EE5) (Optional)
• Overview of Java Application Security (WJO-1113)
• Web Services Infrastructure and Organizations (WJO-1114) (Optional)

Back to top

Course Content

Module 1 - Encapsulating the Basics of Security

• Summarize the characteristics of web services and analyze the impact on application security
• Examine how the data exposed by a web service can impact its security requirements
• Describe the security principles of web architecture
• Describe the characteristics of application security
• Describe the technologies used to implement application security
• Identify the security issues in a web service model
• Evaluate the security requirements of web services

Lab 1 - Exploring the Auction Application

• Start the Application Server database
• Deploy the credit card web service
• Deploy the auction application
• Explore the auction application
• Run the auction application

Module 2 - Examining Web Services Security Threats and Countermeasures

• Identify the security requirements of web services
• List the features that are typically provided by a properly implemented security mechanism
• List the security principles for web services
• Identify the security challenges and threats in a web service application
• Identify the technologies to address the security challenges in a web service application
• Explain the need for a web services security model
• Describe the primary mechanisms to secure web services

Lab 2 - Examining Security Threats and Countermeasures

• Evaluate the security needs of the auction application
• Identify security solutions for the auction application
• Evaluate security in the auction application

Module 3 - Overview of Web Services Security Solutions

• Explain the web service framework
• Explain the need to establish standards for web services security
• Describe the various web services security solutions
• Describe Project Metro
• Define Web Services Interoperability Technology (WSIT)
• Describe the Metro security specifications

Lab 3 - Designing Security for Web Services Applications

• Analyze web services security needs

Module 4 - Securing Java Web Services Using Application-Layer and Transport-Layer Security

• Identify the various methods to implement security in Java Platform, Enterprise Edition (Java EE platform) applications
• Describe how to use Secure Sockets Layer (SSL) to secure a Java EE 5 web service application
• Outline the security mechanisms used by Java EE 5 web-tier applications
• State the functions of the Java EE 5 authentication service
• Describe how to secure web services by using application-layer security and transport-layer security

Lab 4 - Implementing Application-Layer and Transport-Layer Security

• Implement basic authentication for a web service
• Implement transport-layer security for a web service

Module 5 - Securing Java Web Services Using Message-Layer Security

• Explain message-layer security and its advantages
• Explain the WS-Policy specification
• Describe how to attach policy assertions to a Web Services Description Language (WSDL) file
• Describe the web services security technology in Metro
• Explain the security specifications implemented by Metro
• Describe how to configure web services security by using Metro
• Describe how to configure web services security by using the NetBeans Metro plug-in
• Explain how GlassFish offers integrated support for the web services security standards
• Describe how to configure GlassFish for message security
• Describe how to enable application-specific web services security by using GlassFish
• Describe how to enable message security in a client application by using GlassFish

Lab 5 - Implementing Message-Layer Security

• Secure an interoperable web service using Metro 1.2
• Secure a web service using Secure Token service (STS)
• Secure web services using the message security providers available in GlassFish

Module 6 - Relating Web Services Security and Identity Management

• Define the concept of identity and identity management
• Describe the need for identity management
• Describe the business drivers for identity management
• Identify the technologies behind an identity management solution
• Describe the capabilities of Sun Java System Access Manager 7.1
• Describe the components and features of Sun Java System Access Manager 7.1
• Describe identity management support in NetBeans IDE
• Describe how to install Sun Java System Access Manager 7.1

Lab 6 - Installing and Configuring Access Manager

• Install and configure Access Manager 7.1 Patch 1

Module 7 - Securing Web Services Using WS-I BSP Token Profiles

• Explain the Security Assertion Markup Language (SAML)
• Demonstrate SSO system flow by using SAML tokens
• Describe how to configure SAML support on Access Manager
• Describe how to enable SAML-based authentication to secure a web service client and a web service provider by using Access Manager
• Describe how to secure web services by using WS-I BSP tokens

Lab 7 - Securing Web Services Using WS-I BSP Token Profiles

• Secure web services using the WS-I BSP SAML-HolderOfKey security mechanism
• Secure web services using the WS-I BSP UserNameToken security mechanism
• Secure web services using the WS-I BSP X509Token security mechanism

Module 8 - Securing Web Services Using Liberty Token Profiles

• Describe the network identity implementation
• Describe the Liberty Alliance project and the Liberty specification
• List and explain the web services security providers in Sun Java System Access Manager 7.1
• Describe federated identity
• Explain Liberty web services and Liberty process flow
• Describe how to secure web services by using Liberty tokens

Lab 8 - Securing Web Services Using Liberty Tokens

• Secure web services using the LibertyBearerToken security mechanism
• Secure web services using the LibertySAMLToken security mechanism
• Secure web services using the LibertyX509Token security mechanism

Back to top

Browse Other Course Topic Areas