Oracle - DWS-4120-EE6: Developing Secure Java Web Services

KURSZIEL
Oracle - DWS-4120-EE6: Developing Secure Java Web Services: Students who can benefit from this course are:

• Java Developers creatng business component and client application, system integrators, IT architects, and other technical personnel interested in implementing standard security mechanisms in their web service applications
• Java Developers interested in pursuing the Sun Certified Web Services Developer certification

Upon completion of this course, students should be able to:

• Identify the need to secure web services
• List and explain the primary elements and concepts of application security
• Outline the factors that must be considered when designing a web service security solution
• Describe the issues and concerns related to securing web service interactions
• Analyze the security requirements of web services
• Identify the security challenges and threats in a web service application
• Evaluate the tools and technologies available for securing a Java(TM) web service
• Secure web services by using application-layer security, transport-layer security, and message-layer security
• Describe the concept of identity and the drivers behind identity management solutions
• Explain the role of Sun Java System Access Manager (or OpenSSO) in securing web services
• Secure web services by using UserName token profile
• Secure web services by relying on Sun Java System Access Manager (OpenSSO).

ZIELGRUPPE
Students who can benefit from this course are:

• Java Developers creatng business component and client application, system integrators, IT architects, and other technical personnel interested in implementing standard security mechanisms in their web service applications
• Java Developers interested in pursuing the Sun Certified Web Services Developer certification

Upon completion of this course, students should be able to:

• Identify the need to secure web services
• List and explain the primary elements and concepts of application security
• Outline the factors that must be considered when designing a web service security solution
• Describe the issues and concerns related to securing web service interactions
• Analyze the security requirements of web services
• Identify the security challenges and threats in a web service application
• Evaluate the tools and technologies available for securing a Java(TM) web service
• Secure web services by using application-layer security, transport-layer security, and message-layer security
• Describe the concept of identity and the drivers behind identity management solutions
• Explain the role of Sun Java System Access Manager (or OpenSSO) in securing web services
• Secure web services by using UserName token profile
• Secure web services by relying on Sun Java System Access Manager (OpenSSO).

KURSINHALT
The Developing Secure Java(TM) Web Services workshop provides business component and client developers with the information they need to design, implement, deploy, and maintain secure web services and web service clients using Java technology components and the Java Platform, Enterprise Edition 6 (Java EE 6 platform). Students learn about the need to secure web services and the challenges associated with web services security. Students also learn about prominent industry standards and initiatives developed to provide comprehensive security solutions for web services, and how to apply them to secure web services. In particular, students learn how to secure web services by using application-layer security, transport-layer security, and message-layer security technologies, such as those specified by the WS-* security extensions. Students learn how to secure web services by using the web services security infrastructure built into JavaEE 6 and Glassfish v3 (using Metro 1.2), along with the security providers in Sun Java(TM) System Access Manager 7.1. This comprehensive course also introduces identity management concepts, drivers behind identity management solutions, and Sun Java(TM) System Access Manager functions. Students perform the course lab exercises by using the NetBeans(TM) Integrated Development Environment (IDE) 6.8, Metro 1.2, Sun Java System Access Manager 7.1, and GlassFish v3.Course Outline:
Module 1 - Encapsulating the Basics of Security

• Summarize the characteristics of web services and analyze the impact on application security
• Examine how the data exposed by a web service can impact its security requirements
• Describe the security principles of web architecture
• Describe the characteristics of application security
• Describe the technologies used to implement application security
• Identify the security issues in a web service model
• Evaluate the security requirements of web services

Module 2 - Examining Web Services Security Threats and Countermeasures

• Identify the security requirements of web services
• List the features that are typically provided by a properly implemented security mechanism
• List the security principles for web services
• Identify the security challenges and threats in a web service application
• Identify the technologies to address the security challenges in a web service application
• Explain the need for a web services security model
• Describe the primary mechanisms to secure web services

Module 3 - Overview of Web Services Security Solutions

• Explain the web service framework
• Explain the need to establish standards for web services security
• Describe the various web services security solutions
• Describe the WS-* security specifications
• Describe Project Metro, as an implementation of WS-* extensions.

Module 4 - Securing Java(TM) Web Services Using Application-Layer and Transport-Layer Security

• Identify the various methods available to incorporate security in Java(TM) Platform, Enterprise Edition (Java(TM) EE platform) applications
• Describe how to use Secure Sockets Layer (SSL) to secure a Java EE 5 web service application implemented with either JAX-WS or JAX-RS
• Outline the security mechanisms used by Java EE 6 web-tier and business-tier applications
• State the functions of the Java EE 5 authentication service
• Describe how to secure web services by using application-layer security and transport-layer security
• Incorporate authentication services to JAX-WS and JAX-RS-based web services

Module 5 - Securing Java(TM) Web Services Using Message-Layer Security

• Explain message-layer security and its advantages
• Explain the WS-* extension specifications, and in particular those related to WS-Security:
• WS-Policy
• WS-Security
• WS-Addressing
• WS-ReliableMessaging
• WS-Trust
• Describe how to attach policy assertions to a Web Services Description Language (WSDL) file
• Describe the web services security technology in Metro
• Explain the security specifications implemented by Metro
• Describe how to configure web services security by using Metro
• Describe how to configure web services security by using NetBeans(TM) 6.8
• Explain how GlassFish offers integrated support for the web services security standards
• Describe how to configure GlassFish for message security
• Describe how to enable application-specific web services security by using GlassFish
• Describe how to enable message security in a client application by using GlassFish
• Implement simple user authentication mechanisms using JAX-WS and Metro

Module 6 - Relating Web Services Security and Identity Management

• Define the concept of identity and identity management
• Describe the need for identity management
• Describe the business drivers for identity management
• Identify the technologies behind an identity management solution
• Describe the capabilities of Sun Java System Access Manager 7.1
• Describe the components and features of Sun Java System Access Manager 7.1
• Describe identity management support in NetBeans IDE
• Describe how to install Sun Java System Access Manager 7.1
• Describe how to secure web services by having Metro rely on Sub Java System Access Manager to provide authentication and authorization services.

VORRAUSSETZUNG
To succeed fully in this course, students should be able to:

• Demonstrate some knowledge of the declarative programming concepts used in the Java EE technology and be able to create simple Java EE applications
• Create a Java web service
• Demonstrate proficiency with XML and interpret XML documents
• Display experience with the Java programming language and distributed programming (multi-tier architecture)

Related Courses Before:

• Developing Applications for the Java EE Platform (FJ-310-EE5)
• Web Services Enabling Technologies (WJO-1118) (optional)
• Overview of XML (WJO-1115)
• Developing Web Services Using Java Technology (DWS-4050-EE6) (optional)
• Overview of Java Application Security (WJO-1113)
• Web Services Infrastructure and Organizations (WJO-1114) (optional)