Developing Secure Java Web Services

Students who can benefit from this course:

Business component and client application developers, system integrators, IT architects, and other technical personnel
Java EE 5 software developers planning on implementing and securing web services
Developers interested in implementing Service Oriented Architecture (SOA) in their enterprise

• Identify the need to secure web services
• List and explain the primary elements and concepts of application security
• Outline the factors that must be considered when designing a web service security solution
• Describe the issues and concerns related to securing web service interactions
• Analyze the security requirements of web services
• Identify the security challenges and threats in a web service application
• Evaluate the tools and technologies available for securing a Java web service
• Secure web services by using application-layer security, transport-layer security, and message-layer security
• Describe the concept of identity and the drivers behind identity management solutions
• Explain the role of Sun Java System Access Manager in securing web services
• Secure web services by using WS-I BSP token profiles
• Secure web services by using Liberty token profiles

Encapsulating the Basics of Security

• Summarize the characteristics of web services and analyze the impact on application security
• Examine how the data exposed by a web service can impact its security requirements
• Describe the security principles of web architecture
• Describe the characteristics of application security
• Describe the technologies used to implement application security
• Identify the security issues in a web service model
• Evaluate the security requirements of web services
• Explore the Auction Application

Examining Web Services Security Threats and Countermeasures

• Identify the security requirements of web services
• List the features that are typically provided by a properly implemented security mechanism
• List the security principles for web services
• Identify the security challenges and threats in a web service application
• Identify the technologies to address the security challenges in a web service application
• Explain the need for a web services security model
• Describe the primary mechanisms to secure web services
• Examine Security Threats and Countermeasures

Overview of Web Services Security Solutions

• Explain the web service framework
• Explain the need to establish standards for web services security
• Describe the various web services security solutions
• Describe Project Metro
• Define Web Services Interoperability Technology (WSIT)
• Describe the Metro security specifications
• Design Security for Web Services Applications

Securing Java Web Services Using Application-Layer and Transport-Layer Security

• Identify the various methods to implement security in Java Platform, Enterprise Edition (Java EE platform) applications
• Describe how to use Secure Sockets Layer (SSL) to secure a Java EE 5 web service application
• Outline the security mechanisms used by Java EE 5 web-tier applications
• State the functions of the Java EE 5 authentication service
• Describe how to secure web services by using application-layer security and transport-layer security
• Implement Application-Layer and Transport-Layer Security
• Implement basic authentication for a web service
• Implement transport-layer security for a web service

Securing Java Web Services Using Message-Layer Security

• Describe how to attach policy assertions to a Web Services Description Language (WSDL) file
• Describe the web services security technology in Metro
• Explain the security specifications implemented by Metro
• Describe how to configure web services security by using Metro
• Describe how to configure web services security by using the NetBeans Metro plug-in
• Describe how to configure GlassFish for message security
• Describe how to enable application-specific web services security by using GlassFish
• Describe how to enable message security in a client application by using GlassFish

Relating Web Services Security and Identity Management

• Describe the need for identity management
• Describe the business drivers for identity management
• Describe the capabilities of Sun Java System Access Manager 7.1
• Describe the components and features of Sun Java System Access Manager 7.1
• Describe identity management support in NetBeans IDE
• Describe how to install Sun Java System Access Manager 7.1
• Install and Configure Access Manager
• Install and configure Access Manager 7.1 Patch 1

Securing Web Services Using WS-I BSP Token Profiles

• Explain the Security Assertion Markup Language (SAML)
• Demonstrate SSO system flow by using SAML tokens
• Describe how to configure SAML support on Access Manager
• Describe how to enable SAML-based authentication to secure a web service client and a web service provider by using Access Describe how to secure web services by using WS-I BSP tokens
• Secure web services using the WS-I BSP SAML-HolderOfKey security mechanism
• Secure web services using the WS-I BSP UserNameToken security mechanism
• Secure web services using the WS-I BSP X509Token security mechanism

Securing Web Services Using Liberty Token Profiles

• Describe the network identity implementation
• List and explain the web services security providers in Sun Java System Access Manager 7.1
• Describe federated identity
• Explain Liberty web services and Liberty process flow
• Describe how to secure web services by using Liberty tokens
• Secure web services using the LibertyBearerToken security mechanism
• Secure web services using the LibertySAMLToken security mechanism
• Secure web services using the LibertyX509Token security mechanism