Spring Security Training

Spring Security Training

  • Overview

This in-depth course introduces the Java web developer to the Spring Security Training framework. We start with an overview and practical exercises in basic usage: XML configuration for authentication and URL-based authorization. Then we start to dig into Spring Security  training as a Java model, and develop advanced techniques including custom user realms, custom authorization constraints, method-based authorization, and instance-based authorization.
We then explore two increasingly popular extensions to Spring Security. We consider the Security Assertions Markup Language, or SAML, and the wide range of identity and security features it offers — but quickly focus on it’s support for single sign-on (SSO), and learn how the Spring Security SAML Extension enables applications to interact with SAML identity providers to implement SSO and single logout. And we look at OAuth for Spring Security, which enables third-party authorization scenarios, and learn how to implement both the server and client sides of the OAuth 2.0 flow.
  • Goals

  1. Configure Spring Security for HTTP BASIC authentication.
  2. Implement form-based authentication.
  3. Configure other authentication features including remember-me, anonymous users, and logout.
  4. Apply authorization constraints to URLs and URL patterns.
  5. Bind authorization roles to user accounts in relational databases.
  6. Plug application-specific user realms into Spring Security by implementing UserDetailsService.
  7. Implement application-specific authorization constraints as AccessDecisionVoters.
  8. Fix authorization constraints over individual methods of service beans, in lieu of URL authorization or in tandem with it.
  9. Express user identity in terms of SAML <Subject>s.
  10. Implement SAML SSO from the service-provider side.
  11. Implement OAuth 2.0 authorization-server and resource-server roles.
  12. Implement an OAuth 2.0 client.
  • Class Materials
Each student in our Live Online and our Onsite classes receives a comprehensive set of materials, including course notes and all the class examples.
  • Class Prerequisites
Experience in the following is required for this Spring class:

  • Java programming:
  • Experience with the Spring framework
  • Basic knowledge of XML:
  • Some servlets and/or JSP experience will be beneficial for purposes of understanding the impact of each security feature that we configure. There is no web-application coding involved in the Spring Security Training course.

Key features

  • 32 hours of instructor-led training
  • 32 hours of high-quality eLearning content
  • 5 simulation exams (250 questions each)
  • 8 domain-specific test papers (10 questions each)
  • 30 CPEs offered
  • 98.6% pass rate

Spring Security Training                                                              Duration :- 4 Days

  • Spring Security

  • Acquiring and Integrating Spring Security
  • Relationship to Spring
  • Relationship to Java EE Standards
  • Basic Configuration
  • How It Works
  • Integration: LDAP, CAS, X.509, OpenID, etc.
  • Integration: JAAS

  • Authentication

  • The <http> Configuration
  • The <intercept-url> Constraint
  • The <form-login> Configuration
  • Login Form Design
  • “Remember Me”
  • Anonymous “Authentication”
  • Logout
  • The JDBC Authentication Provider
  • The Authentication/Authorization Schema
  • Using Hashed Passwords
  • Why Hashing Isn’t Enough
  • Using Salts
  • PasswordEncoder and SaltSource
  • Key Lengthening
  • Channel Security
  • Session Management

  • URL Authorization

  1. URL Authorization
  2. Programmatic Authorization: Servlets
  3. Programmatic Authorization: Spring Security
  4. Role-Based Presentation
  5. The Spring Security Tag Library

  • Under the Hood: Authentication

  • The Spring Security API
  • The Filter Chain
  • Authentication Manager and Providers
  • The Security Context
  • Plug-In Points
  • Implementing UserDetailsService
  • Connecting User Details to the Domain Model

  • Under the Hood: Authorization

  • Authorization
  • FilterSecurityInterceptor and Friends
  • The AccessDecisionManager
  • Voting
  • Configuration Attributes
  • Access-Decision Strategies
  • Implementing AccessDecisionVoter
  • The Role Prefix

  • Method and Instance Authorization

  • Method Authorization
  • Using Spring AOP
  • XML vs. Annotations
  • @PreAuthorize and @PostAuthorize
  • Spring EL for Authorization
  • @PreFilter and @PostFilter
  • Domain-Object Authorization
  • The ACL Schema
  • Interface Model
  • ACL-Based Presentation

  • Introduction to SAML/li_item]

  • History of SAML
  • Assertions
  • Protocol
  • Bindings
  • Profiles
  • Using OpenSAML

  • SAML Assertions and Protocol

  • “Vouching for” a User
  • Assertions and Subjects
  • NameID Types
  • Authentication Contexts
  • Requests, Queries, and Responses
  • Attribute Queries
  • SAML and XML Signature

  • SAML Bindings

  • Speaking “Through” the Browser
  • The SOAP Binding
  • SAML Over HTTP
  • The Redirect, POST, and Artifact Bindings
  • The PAOS Binding
  • The URI Binding

  • Federated Identity and SSO

  • SAML 2.0 Federations
  • Single Sign-On
  • Account Linking and Persistent Pseudonyms
  • Transient Pseudonyms
  • Name ID Mapping
  • Single Logout
  • Federation Termination

  • The Spring Security SAML Extension

  • Combining SSO and Other Authentication Styles
  • Customization
  • Configuring an SP
  • Configuring OpenAM
  • Login and Logout Handlers
  • IdP Discovery
  • The SSO Processing Filters
  • The SAML Filter Chain
  • The SAML Entry Point
  • The Spring Security SAML Extension
  • Authorization and Attributes

  • OAuth for Spring Security

  • Third-Party Authorization
  • OAuth
  • Roles and Initial Flow
  • Grant Types
  • Access Tokens
  • The Google OAuth API
  • OAuth for Spring Security
  • Client-Details Services
  • Token Services
  • The AuthorizationEndpoint
  • The TokenEndpoint
  • The UserApprovalHandler
  • The Resource-Server Filter
  • The ScopeVoter
  • The OAuth-Aware RestTemplate
  • AccessTokenProviders
  • The OAuth Redirecting Filter

You can enroll for this classroom training online. Payments can be made using any of the following options and receipt of the same will be issued to the candidate automatically via email.

1. Online ,By deposit the mildain bank account

2. Pay by cash team training center location

Highly qualified and certified instructors with 20+ years of experience deliver more than 200+ classroom training.
Venue is finalized few weeks before the training and you will be informed via email. You can get in touch with our 24/7 support team for more details. Contact us Mob no:- 8447121833, Mail id:  [email protected] . If you are looking for an instant support, you can chat with us too.
We provide transportation or refreshments along with the training.
Contact us using the form on the right of any page on the mildain website, or select the Live Chat link. Our customer service representatives will be able to give you more details.

Find This Training in Other Cities:-

Kolkata,Bangalore,Mumbai,Hyderabad,Pune ,Delhi,Chennai,

Mildain Solutions/Corp Office Delhi(NCR)

HeadQuarter Office:
Plot No 17, C Block Market, Sec 36,
Noida (U.P.)-201301(India)
Bangalore office:
Mildain Solutions,
No 7 & 8,Krishna Reddy Layout,
Domlur(Bangalore) 560071(India)
Hyderabad office:
Mildain Solutions

Mumbai office:

Mildain Solutions
5th Floor, Block B, Godrej IT Park,
Pirojshanagar, LBS Marg, Vikhroli West,
Mumbai, Maharashtra
 (+91) 1204326873
(+91) 8447121833
Contact Us

Your Name (required)

Your Email (required)

Contact Number




Drop Us A Query

Your Name (required)

Your Email (required)

Contact Number





good session..!!
will be useful to improve my technical Knowledge..
The concepts of the Instructor was mind-blowing…Lots of Industry examples…Very well organized…
Ajay Nunna
Nice session…!! enjoyed learning new things
Really good training. It helped me to clear a lot of doubts which were present in my mind for a long time.
“ The course content is very good and satisfactory. The trainer is also good with his teaching abilities.”
Apply the knowledge in understanding the new 11b framework setup in our system.
Apply the skill in day to day operational maintenance of our IT infrastrututre.