|
|
|
|
Securing Java Web Services |
|
|
|
This training is plan for J2EE developer for developing secure Web services. This training will cover XML signature, encryption standards, WS-Security specification, token profiles, and the Security Assertions Markup Language (SAML). |
|
|
|
|
|
This training covers theory, practical with hands-on exercise. Participants will spend roughly half of the time on lab excersie such as XML signature and encryption, running JAX-RPC web services, adding WS-Security headers, signing and encrypting message content, and passing SAML assertions and configuring J2EE tools to support signature and encryption of SOAP messages under the JAX-RPC.
|
|
|
|
|
|
Course Content |
|
|
|
|
|
1. Web-Service Security
- Overview of Web Services Security
- Threats
- Technology and Techniques
- Solution Levels
- HTTP Solutions
- The World-Wide Web Consortium
- XML Solutions
- Encryption
- Hashing
- Signature
- OASIS
- Web-Services Solutions
- Technology Stacks: WS-Federation and Liberty Alliance
- WS-Security
- SAML
2. HTTP Security
- HTTP Authentication Schemes
- HTTP BASIC
- HTTP DIGEST
- Securing Web-Service URLs
- HTTPS
- JAX-RPC Support
- Axis Support
3. XML Signature
- XML Digital Signature
- Canonical XML
- Enveloped, Enveloping, and Detached Signatures
- SignedInfo and References
- The Java Cryptography Architecture
- Keystores
- keytool
- X.509 Certificates
- The KeyStore API
- Java XML Digital Signature API
- Steps to Sign and Verify XML Content
- JAX-RPC Message Handlers
- Foiling the Man in the Middle
4. XML Encryption
- XML Encryption
- EncryptedData
- Element vs. Content Encryption
- Encrypted Keys
- The Java Cryptography Extensions
- Apache XML Security
- Steps to Encrypt and Decrypt XML Content
5. WS-Security
- The WS-Security Specifications
- Relationship to W3C Specifications
- Security Tokens
- Timestamps
- Tools for WS-Security
- Integrating into JAX-RPC Services and Clients
6. Securing Web Services
- Practical Use of WS-Security
- Foiling Replay Attacks
- Dynamic Security Policies
7. The Security Assertions Markup Language
- History of SAML
- Goals and Non-Goals
- Authorities
- Assertions
- Protocol
8. SAML Assertions
- The Assertions Schema
- Extensibility
- Assertions and Subjects
- NameIdentifiers and SubjectConfirmations
- AuthenticationStatements
- AttributeStatements
- AuthorizationDecisionStatements
- Actions and Evidence
- SAML Tokens
- OpenSAML
- Signing SAML Assertions
9. SAML Protocol
- SAML Messaging
- The SAML Protocol Schema
- Request Types
- Response Types
- Status and StatusCode
- AuthenticationQuery
- AttributeQuery
- AuthorizationDecisionQuery
- SAML as the Substance
|
|
|
|
|
|
Price: Rs. 50000/-
|
|
|
|
|
|
Duration: 3 Days (24 Hours) – 9:00 AM – 6:00 PM
|
|
|
|
|
|
Development Environment |
|
|
- Eclipse
- Aache, JBoss
- OS - Windows XP
|
|
|
|
|
|
Prerequisites
|
|
|
|
|
|
- Java programming, J2EE, Web Development and Database Knowledge
|
|
|
|
|
|
Location
|
|
|
|
|
|
TBD
|
|
|
|
|
|
Registration
|
|
|
|
|
|
For registration or group training, please send email on For more information, please contact us on +91-9898084558, +91-79-40047258
|
|
|
|
|
|
|
|