Developing Secure Java Web Services

Course Overview

dents who can benefit from this course are business component and client application developers, system integrators, IT architects, and other technical personnel who are creating web services and are interested in implementing standard security mechanisms in their web service applications. In addition, Java EE 5 software developers planning on implementing and securing web services can also benefit from this course. Students who can benefit from this course are interested in implementing Service Oriented Architecture (SOA) in their enterprise.

Skills Gained

Upon Completion Of This Course, Students Should Be Able To:

• Identify the need to secure web services
• List and explain the primary elements and concepts of application security
• Outline the factors that must be considered when designing a web service security solution
• Evaluate the tools and technologies available for securing a Java web service
• Analyze the security requirements of web services
• Identify the security challenges and threats in a web service application
• Secure web service using application-layer, transport-layer security, and message-layer security
• Secure web services using the message security providers available in Sun Java System Application Server
• Examine the need for identity management to secure web services
• State the role of the Access Manager in securing web services
• Illustrate identity management capabilities in the NetBeans environment
• Secure web services using the UserNameToken profile, SAML and Liberty tokens

Prerequisites

succeed fully in this course, students should be able to:

• Demonstrate some knowledge of the declarative programming concepts used in the Java 2 Platform, Enterprise Edition (J2EE) technology and be able to create simple J2EE applications
• Create a Java web service
• Demonstrate proficiency with XML and interpret XML documents
• Display experience with the Java programming language and distributed programming (multi-tier architecture)

Course Outline

Module 1 - Encapsulating the Basics of Security

• Summarize the characteristics of web services and analyze its impact on application security
• Examine how the data exposed by a web service can affect its security requirements
• Describe the security principles of web architecture
• State the characteristics of application security
• Underline the technologies used to implement application security
• Identify the security issues in a web service model
• Evaluate the security requirements of web services

Module 2 - Examining Web Services Security Threats and Countermeasures

• Deduce the security requirements of web services
• Analyze the security challenges and threats in a web service application
• Comprehend the technologies to address the security challenges in a web service application
• Examine the issues that must be considered when designing a web service security solution
• List the features that are typically provided by a properly implemented security mechanism
• Analyze how the characteristics of web services affect application security

Module 3 - Explaining Web Services Security Initiatives and Organizations

• Explain web services security model
• Appreciate the need to establish standards for web services security
• List and define the functions of various organizations and initiatives that addresses web services security
• Outline the web services specifications and technology to secure web services
• Discuss the web services security technologies and solutions offered by Sun
• Outline the common mechanisms that can be used to secure a web service application

Module 4 - Securing Java Web Services Using Application-Layer and Transport-Layer Security

• Illustrate the various methods to implement security to Java EE applications
• Use Secured Socket Layer (SSL) to secure a Java EE 5 web service application
• Outline the security mechanisms used by Java EE 5 web-tier applications
• State the functions of the Java EE authentication service
• Secure web services using application layer security and transport-layer security

Module 5 - Implementing Secure Java Web Services Using Message-Layer Security

• Explain message-layer security and explain its advantages
• Appraise soap message security against transport and application-layer security
• Evaluate message-layer security mechanisms
• Illustrate how Sun Java System Application Server offers integrated support for the Web services security standards
• Configure Sun Java System Application Server for message security
• Configure application-specific web services security using Sun Java System Application Server
• Secure Java EE 5 web services using message security providers
• Implement message security in client application

Module 6 - Securing SOAP Messages Using XML and Web Services Security (XWSS)

• State the various options to secure SOAP messages
• Explore the functionality provided in XWS-Security for securing web service applications
• Demonstrate the process and steps to secure a web service using XWSS security
• Signify how digital signatures and message encryption are used to secure a web service application
• Create security configuration file
• Create security handler
• Create environment properties for the security configuration file
• Implement an XWS-Security solution for a JAX-WS web service

Module 7 - Relating Web Services Security and Identity Management

• Describe identity management and the business drivers behind identity management solutions
• Indicate the technologies behind an identity management solution
• Examine the need for identity management to secure web services
• Evaluate the capabilities of Sun Java System Access Manager 7.1
• List and describe the components and features of Access Manager
• Illustrate identity management capabilities in the NetBeans environment
• Install and configure NetBeans Enterprise Pack
• Secure web services using the UserNameToken profile

Module 8 - Securing Web Services Using Security Assertion Markup Language (SAML) Tokens

• Explain the Security Assertions Markup Language (SAML)
• Demonstrate Single Sign-On (SSO) system flow using SAML tokens
• Configure SAML support on the Sun Java System Access Manager
• Enable SAML-based authentication to secure a web service client and a web service provider using Access Manager
• Secure web services using SAML tokens

Module 9 - Securing Web Services Using Liberty Tokens

• Describe network identity implementation
• Underline the Liberty Alliance project and the Liberty specification
• List and explain the web services security providers in Access Manager 7.1
• Describe federated identity
• Explain Liberty web services and Liberty process flow
• Send caller's identity using the LibertyBearerToken profile
• Configure the LibertySAMLToken support
• Secure web services using Liberty tokens

Follow Up Courses

Before:

• Developing Applications for the Java EE Platform (FJ-310)
• Web Services Enabling Technologies (WJO-1118)
• Overview of XML (WJO-1115)
• Creating Web Services Using Java Technology (DWS-3111)
• Designing Java Web Services (DWS-4112)
• Overview of Java Application Security (WJO-1113)
• Web Services Infrastructure and Organizations (WJO-1114) (Optional)

Developing Secure Java Web Services / DWS-4120-EE5