March 1, 2010

New Course on Spring Security

117D Coursebook

Today Capstone releases a new course on using the Spring Security framework to secure Java web applications. Course 117D, Spring Security, shows how to configure simple or sophisticated authentication features and define fine-grained authorization policies over URLs or Java methods. Spring Security makes a nice alternative to Java-EE standard security mechanisms as implemented in the web container, offering a broader range of features and built-in integration with many external authentication frameworks.

Course 117D combines nicely with other Spring courses, for those without prior Spring experience. There is also some interesting interplay between this course and Course 121, Securing Java Web Applications, which uses standard Java EE techniques but also discusses general web-application security topics (cross-site scripting, injection attacks, HTTPS, etc.) in more depth.