Spring MVC, Security and Web Services

Course Duration: 2 days

Course Outline:

Spring MVC Primer

Spring Security

Authentication
- The <http> Configuration
- The <intercept-url> Constraint
- The <form-login> Configuration
- Login Form Design
- “Remember Me”
- Anonymous “Authentication”
- Logout
- The JDBC Authentication Provider
- The Authentication/Authorization Schema
- Using Hashed Passwords
- Channel Security
- Session Management
URL Authorization
- URL Authorization Overview
- Programmatic Authorization: Servlets
- Programmatic Authorization: Spring Security
- Role-Based Presentation
- The Spring Security Tag Library
Under the Hood: Authentication
- The Spring Security API
- The Filter Chain
- Authentication Manager and Providers
- The Security Context
- Implementing UserDetailsService
- Connecting User Details to the Domain Model
Under the Hood: Authorization
- Authorization Overview
- FilterSecurityInterceptor and Friends
- The AccessDecisionManager
URL Authorization
- Method Authorization
- Using Spring AOP
- XML vs. Annotations

RESTful, Development using Spring Framework

Core REST concepts and REST support in Spring 4.x
Use Spring-MVC to create RESTful Web services and clients
REST specific annotations in Spring
- @ResponseBody and @RequestBody
  - Marshalling XML and JSON Objects
- @PathVariable and URITemplates
Low level client access with HttpClient
Abstract client access with the RestTemplate
- getForObject, postForEntity, exchange
- UriComponentsBuilder and UriComponent
CONNEG – contract negotiation
Exchanging headers
Data Exchange, XML, JSON
Message Converters
Spring 4 specifics – @RestController and AsyncRestTemplate
Ajax invocation of Spring RESTful services

SOAP Web Services with Spring-WS (Optional)