Developing Secure Java Web Services (DWS-4120-EE5)
The Developing Secure Java Web Services workshop provides business component and client developers with the information they need to design, implement, deploy, and maintain secure web services and web service clients using Java technology components and the Java Platform, Enterprise Edition 5 (Java EE 5) platform. Students learn how and when to use XML Encryption and XML Digital Signatures. The students learn about prominent industry standards and initiatives developed to provide comprehensive security solutions for web services. In addition, the students learn how to secure web services using the XML and Web Services Security (XWS-Security) framework, federated identity, Security Assertion Markup Language (SAML) tokens, and Liberty tokens. This comprehensive course covers identity management concepts, drivers behind identity management solutions and Access Manager functions. Students learn how to secure web services using the web services security providers in Sun Java System Access Manager 7.1. The students perform the course lab exercises using the NetBeans Integrated Development Environment (IDE) 5.5, NetBeans Enterprise Pack 5.5, and Sun Java System Application Server 9.0 Update1 (GlassFish V1).
Skills Gained
Upon completion of this course, students should be able to:
Identify the need to secure web services
List and explain the primary elements and concepts of application security
Outline the factors that must be considered when designing a web service security solution
Evaluate the tools and technologies available for securing a Java web service
Analyze the security requirements of web services
Identify the security challenges and threats in a web service application
Secure web service using application-layer, transport-layer security, and message-layer security
Secure web services using the message security providers available in Sun Java System Application Server
Examine the need for identity management to secure web services
State the role of the Access Manager in securing web services
Illustrate identity management capabilities in the NetBeans environment
Secure web services using the UserNameToken profile, SAML and Liberty tokens
Who Can Benefit
Students who can benefit from this course are business component and client application developers, system integrators, IT architects, and other technical personnel who are creating web services and are interested in implementing standard security mechanisms in their web service applications. In addition, Java EE 5 software developers planning on implementing and securing web services can also benefit from this course. Students who can benefit from this course are interested in implementing Service Oriented Architecture (SOA) in their enterprise.
Prerequisites
To succeed fully in this course, students should be able to:
Demonstrate some knowledge of the declarative programming concepts used in the Java 2 Platform, Enterprise Edition (J2EE) technology and be able to create simple J2EE applications
Create a Java web service
Demonstrate proficiency with XML and interpret XML documents
Display experience with the Java programming language and distributed programming (multi-tier architecture)
Code:
DWS-4120-EE5
Length:
3 days
Type:
Instructor-Led
Certified By:
Sun Microsystems
Tuition:
$2,100 / $1,785 GSA GOV.
This course is taught by Certified Sun Microsystems instructors. There is a difference. Learn More
This course is in the following categories. Click the categories to find similar courses and topics of interest.
Summarize the characteristics of web services and analyze its impact on application security
Examine how the data exposed by a web service can affect its security requirements
Describe the security principles of web architecture
State the characteristics of application security
Underline the technologies used to implement application security
Identify the security issues in a web service model
Evaluate the security requirements of web services
Module 2 - Examining Web Services Security Threats and Countermeasures
Deduce the security requirements of web services
Analyze the security challenges and threats in a web service application
Comprehend the technologies to address the security challenges in a web service application
Examine the issues that must be considered when designing a web service security solution
List the features that are typically provided by a properly implemented security mechanism
Analyze how the characteristics of web services affect application security
Module 3 - Explaining Web Services Security Initiatives and Organizations
Explain web services security model
Appreciate the need to establish standards for web services security
List and define the functions of various organizations and initiatives that addresses web services security
Outline the web services specifications and technology to secure web services
Discuss the web services security technologies and solutions offered by Sun
Outline the common mechanisms that can be used to secure a web service application
Module 4 - Securing Java Web Services Using Application-Layer and Transport-Layer Security
Illustrate the various methods to implement security to Java EE applications
Use Secured Socket Layer (SSL) to secure a Java EE 5 web service application
Outline the security mechanisms used by Java EE 5 web-tier applications
State the functions of the Java EE authentication service
Secure web services using application layer security and transport-layer security
Module 5 - Implementing Secure Java Web Services Using Message-Layer Security
Explain message-layer security and explain its advantages
Appraise soap message security against transport and application-layer security
Evaluate message-layer security mechanisms
Illustrate how Sun Java System Application Server offers integrated support for the Web services security standards
Configure Sun Java System Application Server for message security
Configure application-specific web services security using Sun Java System Application Server
Secure Java EE 5 web services using message security providers
Implement message security in client application
Module 6 - Securing SOAP Messages Using XML and Web Services Security (XWSS)
State the various options to secure SOAP messages
Explore the functionality provided in XWS-Security for securing web service applications
Demonstrate the process and steps to secure a web service using XWSS security
Signify how digital signatures and message encryption are used to secure a web service application
Create security configuration file
Create security handler
Create environment properties for the security configuration file
Implement an XWS-Security solution for a JAX-WS web service
Module 7 - Relating Web Services Security and Identity Management
Describe identity management and the business drivers behind identity management solutions
Indicate the technologies behind an identity management solution
Examine the need for identity management to secure web services
Evaluate the capabilities of Sun Java System Access Manager 7.1
List and describe the components and features of Access Manager
Illustrate identity management capabilities in the NetBeans environment
Install and configure NetBeans Enterprise Pack
Secure web services using the UserNameToken profile
Module 8 - Securing Web Services Using Security Assertion Markup Language (SAML) Tokens
Explain the Security Assertions Markup Language (SAML)
Demonstrate Single Sign-On (SSO) system flow using SAML tokens
Configure SAML support on the Sun Java System Access Manager
Enable SAML-based authentication to secure a web service client and a web service provider using Access Manager
Secure web services using SAML tokens
Module 9 - Securing Web Services Using Liberty Tokens
Describe network identity implementation
Underline the Liberty Alliance project and the Liberty specification
List and explain the web services security providers in Access Manager 7.1
Describe federated identity
Explain Liberty web services and Liberty process flow
Send caller's identity using the LibertyBearerToken profile
Configure the LibertySAMLToken support
Secure web services using Liberty tokens
When you take a certified course with ExitCertified, you are learning from
the creators of the products you use. Our commitment to your IT
community, along with our authorization to deliver certified courses,
ensures you receive a premium training experience.
