Nombre de jours

2 day(s)

Audience

Java developers and architects who want to learn how to secure their enterprise applications

Prerequisites

Some experience with building Java enterprise applications is required

Objectives

Learn how to protect and secure enterprise applications and the application server

Methods

Classroom training with hands-on exercises

Description

One of the key elements of any enterprise application, is security. While it is important to implement a robust and scalable application with an incredible responsive interface, without security it becomes vulnerable. To protect the users, the company and the data, security must be considered from the beginning. It must be possible to control and restrict who is permitted to access the application, and what operations a user is allowed to perform. Unfortunately, not many developers know how to effectively secure their applications. This course is meant to help you understand how to implement security using the Java EE 6 APIs.

During this course, you will learn how to enable security using the built-in features of Java EE 6. You will be introduced into some basic terminology and the different deployment descriptors that will help you set up security. Afterwards, you will learn how to enforce authentication, and how to configure authorization once a user has been identified. The course continues by showing how to enforce security on web, JMS, EJB modules and Web Services. Both the declarative and programmatic options of Java EE will be shown. Next you will also see how to use Secure Sockets Layer (SSL) to encrypt web applications and thus secure the transport. To protect the server even further, you will also restrict access to the management interfaces. All these topics will be put to practice using multiple exercises on the JBoss 7 application server.

While security is an extensive topic, this course will help you to get started, and the contents will be of use for the many future enterprise applications you will develop!

Contents

• Introduction
  • Security in Enterprise Applications
  • Authentication
  • Authorization
  • Terminology
  • Authentication and Authorization in Java EE
  • Deployment Descriptors
  • Declarative and Programmatic Security
• The JBoss AS 7 Security Subsystem
  • The JBoss AS 7 Security Subsystem
  • Login Modules
  • Using the UserRoles Login Module
  • Using the Database Login Module
  • Encrypting Passwords
  • Using an LDAP Login Module
  • Exercise #01
• Web Module Security
  • Authentication and Authorization in Web Modules
  • Authentication Mechanisms
  • BASIC Authentication
  • DIGEST Authentication
  • CLIENT-CERT Authentication
  • FORM-Based Authentication
  • Enforcing Transport Security
  • Security Elements of Web Application DD
  • Authorization in Java EE
  • Using Annotations to Enforce Security
  • Programmatic Security
  • Exercise #02
• EJB Module Security
  • Securing EJBs
  • Using Deployment Descriptors
  • Security Annotations
  • Accessing EJBs Securely
  • Default Security Domain for EJBs
  • Default Security Behaviour Without Annotations
  • Programmatically Secure EJB Modules
  • Application Client Security
  • Defining Security in the Enterprise Application Level
  • Exercise #03
• Securing JMS
  • Securing JMS
  • Securing Destinations
  • Authentication and Authorization in JMS
  • Exercise #04
• Securing Web Services
  • Web Services Security in Web Modules
  • Web Services Security in EJB Modules
  • WS-Security
  • Exercise #05
• Securing the JBoss AS 7 Management Interfaces
  • Securing the JBoss AS 7 Management Interfaces
  • Exercise #06
• Securing the Transport Layer
  • Securing the Transport Layer
  • Enabling SSL on JBoss AS
  • Certificate Management Tools
  • Securing the HTTP Communication
  • Redirecting to HTTPS
  • Requesting a CA-signed Certificate
  • Exercise #07
• Summary
  • Summary
  • References