• Online, Self-Paced
Course Description

The Spring Framework is an open source framework and inversion of controller container for the Java platform. The Spring Framework is one of the most popular application development frameworks for creating enterprise Java applications. This course covers the basics in adding security (authentication and authorization) to a Spring application. In this course, you will learn how to secure Spring applications using some of the various features of Spring Security.

Learning Objectives

Getting Up and Running with Spring Security

  • start the course
  • recognize more about the Spring Security project and the features it offers
  • set up the necessary dependencies to use Spring Security
  • set up a filter to be used by Spring Security
  • create an XML security application context for configuring Spring Security
  • require authentication to gain access to a Spring MVC web app by declaring valid users and roles from within Spring Security
  • enable Spring Security to authenticate by using HTTP Basic Authentication

Spring Security and Database Authentication

  • recognize the process of configuring Spring Security to use authentication information from an external database
  • create the necessary database tables needed by Spring Security to provide database authentication
  • use Spring Security to secure an application based on database authentication records
  • use a minimal approach to configuring Spring Security to authenticate from database records

Securing Spring Security Database Tables

  • recognize methods for working with Spring Security and encrypted database passwords
  • configure Spring Security to work with MD5 encrypted database passwords
  • configure Spring Security to work with BCrypt encrypted database passwords

Using Spring Security JSP Tags

  • recognize how to access and work with Spring Security JSP tags
  • use the authentication tag to access information about the currently logged in user
  • use the authorization tag to require authorization before evaluating page elements

Customizing Spring Security

  • recognize some of the various places that Spring Security should be customized
  • configure Spring Security to provide a custom login page
  • configure Spring Security to provide a custom login page routed through a Spring MVC controller
  • configure Spring Security to display authentication errors when using a custom login page
  • configure Spring Security to provide logout functionality

Access Control Using Expressions

  • recognize the basics of authorization using expressions and Spring Security
  • require authorization before allowing access to a URL in a Spring application
  • require authorization before allowing a method to execute in a Spring application

Practice: Spring Security Project

  • use the Spring Security project to add security to a Java Spring application

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Software Development