Secure Java Web Services

Trainingsziel

Dieser Kurs vermittelt folgende Kenntnisse und Fähigkeiten:

• Describe the issues and concerns relating to securing web service interactions



• Describe the tools and techniques available for securing a Java web service



• Design and implement a secure Java web service using the tools and technologies provided in the Java Web Services Development Pack version 1.6

Teilnehmerkreis

Students who can benefit from this course are business component and client developers who are creating web services and are interested in implementing standard security mechanisms in their web service applications.

Voraussetzungen

Um diesen Kurs erfolgreich absolvieren zu können, sollten Sie über folgende Vorkenntnisse verfügen:

• Implement and deploy a J2EE platform application containing web and Enterprise JavaBeans (EJB)-tier components



• Assemble, deploy, and test a distributed Java platform technology application



• Use the Ant build environment (or other tool sets required by the labs)



• Describe the steps required to design and architect an enterprise application



• Create a Java web service that exposes web-tier or EJB-component tier functionality using the tools and technologies provided by the Java Web Services Developer Pack version 1.6 (Java WSDP 1.6)

Im Vorfeld

FJ-310-EE5: Anwendungsentwicklung für die Java EE-Plattform

DWS-385: Entwicklung von Java Web Services

Im Anschluss

SL-425: Entwicklung von Architekturen für Enterprise Java Anwendungen

SL-500-EE5: Java(TM) EE Patterns

OO-226: OO-Analyse und -Design mit UML

Überblick über den Inhalt des Trainings

The Developing Secure Java Web Services workshop provides business component and client developers with the information they need to design, implement, deploy, and maintain secure web services and web service clients using Java technology components and the Java 2 Platform, Enterprise Edition (J2EE) platform. A J2EE application that implements an online auction house serves as the foundation for the lab exercises in this course. The students design and implement a variety of security solutions for the auction house based on the issues and considerations presented in the course materials. The focus of the course is on message-based security solutions, although other security mechanisms, such as transport-layer security and application-layer security are also addressed during the two day workshop. The workshop labs implement web services according to the WUS (WSDL, UDDI, SOAP) model.

The students perform the course lab exercises using the NetBeans Integrated Development Environment (IDE).

Basics of Security

• Describe the characteristics of application security
• Describe how encryption is used to provide security for a web service application
• Describe how digital signatures are used to provide security for a web service application
• Select the proper security mechanism for securing a suite of application functions
• Deploy and test the J2EE application used as the basis for the lab exercises in this course

Implementing Secure Web Services

• List and describe the characteristics of the common mechanisms that can be used to secure a web service application
• Describe the security features provided by the J2SE 1.5 and J2EE 1.4 APIs
• List and describe the function of the various organizations and initiatives that address web services security
• Evaluate the security requirements of a J2EE application

Web Services Security Threats and Countermeasures

• Identify the security challenges and threats in a web service application
• Identify appropriate candidate technologies to address the security challenges in a web service application
• Identify the security challenges presented by the auction system functionality and choose appropriate candidate technologies to address the application''s security needs

Implementing Secure Java Web Services Using J2EE Application-Layer and Transport-Layer Security

• Describe how to secure Java web services using J2EE application security
• Describe how to secure web services using transport-layer security
• Use basic authentication in a J2EE web service application
• Use transport-layer security to secure a J2EE web service application

Implementing Secure Java Web Services using Message-Layer Security

• Describe the functionality provided in XWS-Security for securing web service applications
• Describe how to use the XWS-Security command line tools to generate a security solution for a J2EE web service
• Implement an XWS-Security solution for a J2EE web service that uses Digital Signatures and XML Encryption

Kurssprache deutsch, Unterrichtsmaterial überwiegend in englischer Sprache.