Languages

German, English

Who Can Benefit

Students who can benefit from this course are:

• Java Developers creatng business component and client application, system integrators, IT architects, and other technical personnel interested in implementing standard security mechanisms in their web service applications
• Java Developers interested in pursuing the Sun Certified Web Services Developer certification

Prerequisites

To succeed fully in this course, students should be able to:

• Demonstrate some knowledge of the declarative programming concepts used in the Java EE technology and be able to create simple Java EE applications
• Create a Java web service
• Demonstrate proficiency with XML and interpret XML documents
• Display experience with the Java programming language and distributed programming (multi-tier architectures)

Skills Gained

Upon completion of this course, students should be able to:

• Identify the need to secure web services
• List and explain the primary elements and concepts of application security
• Outline the factors that must be considered when designing a web service security solution
• Describe the issues and concerns related to securing web service interactions
• Analyze the security requirements of web services
• Identify the security challenges and threats in a web service application
• Evaluate the tools and technologies available for securing a Java web service
• Secure web services by using application-layer security, transport-layer security, and message-layer security
• Describe the concept of identity and the drivers behind identity management solutions
• Explain the role of Sun Java System Access Manager in securing web services
• Secure web services by using UserName token profile
• Secure web services by relying on Sun Java System Access Manager

Related Courses

Before:

• Developing Applications for the Java EE Platform (FJ-310-EE6)
• Developing Web Services Using Java Technology (DWS-4050-EE6)

Course Content

Module 1 - Encapsulating the Basics of Security

• Summarize the characteristics of web services and analyze the impact on application security
• Examine how the data exposed by a web service can impact its security requirements
• Describe the security principles of web architecture
• Describe the characteristics of application security
• Describe the technologies used to implement application security

Module 2 - Examining Web Services Security Threats and Countermeasures

• Identify the security requirements of web services
• List the features that are typically provided by a properly implemented security mechanism
• List the security principles for web services
• Identify the security challenges and threats in a web service application
• Identify the technologies to address the security challenges in a web service application

Module 3 - Securing Java Web Services Using JavaEE

• Identify methods to implement security in Java Platform, Enterprise Edition (JavaEE) applications
• Describe how to use Secure Sockets Layer (SSL) to secure a JavaEE web service application
• Outline the security mechanisms used by JavaEE web-tier applications
• Describe the JavaEE authentication service
• Describe how to secure web services by using application-layer and transport-layer security

Module 4 - Introduction to Web Services Security

• Explain message-layer security and its advantages over transport-layer security
• Describe various web services security extension specifications and how they address web service security requirements

Module 5 - Web Services Security with JAX-WS and Project Metro

• Explain the WS-Policy specification
• Describe how to attach policy assertions to a Web Services Description Language (WSDL) file
• Describe the web services security technology in Metro
• Describe how to configure web services security by using Metro

Module 6 - Authentication in JAX-WS

• Manipulate SOAP structures directly using the SAAJ API
• Obtain and verify authentication information using the JAAS API
• Understand and use the extension mechanism provided by JAX-WS Handlers to incorporate authentication support in a web service
• Understand and use the validation framework provided by WSIT to incorporate authentication support in a web service

Module 7 - Identity Management and OpenSSO

• Define identity and identity management
• Describe the need for identity management in enterprise applications
• Identify the technologies behind an identity management solution
• Describe the capabilities of OpenSSO
• Integrate OpenSSO in the deployment of web services