Two-Project Series

Role-Based Access Control for APIs Using LDAP you own this product

basics of Java, JavaScript, HTML, and CSS
skills learned
implementing basic HTTP authentication with username and password • implementing session management • authorizing requests based on user role • logging requests for auditing purposes
Sashank Dara
2 weeks · 8-10 hours per week average · BEGINNER

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • share your subscription with another person
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!


5, 10 or 20 seats+ for your team - learn more

In this series of liveProjects, you’ll develop and implement role-based access controls to limit which employees can access a REST API. You’ll step into the shoes of a developer modernizing their company’s personal time-off request application, taking on essential access control tasks such as adding HTTP authentication, securely storing passwords in a database, and authorizing leave requests by employees based on user role. Each liveProject in this series can be tackled by itself or as part of an extended learning course.

These projects are designed for learning purposes and are not complete, production-ready applications or solutions.

here's what's included

Project 1 LDAP RBAC: Authentication

In this liveProject, you’ll add basic HTTP authentication to an API for granting Personal Time Off requests using the Lightweight Directory Access Protocol (LDAP). This application contains sensitive personal information and so its security is essential. You’ll establish authentication that ensures only registered users can access the API and provides login requirements to authenticate users before they get access.

Project 2 LDAP RBAC: Authorization

In this liveProject, you’ll establish functionalities to provide role-based authorization for leave requests made through a Personal Time Off API. Using the Lightweight Directory Access Protocol (LDAP), you’ll set up access controls so that only managers and other authorized users can retrieve non-personal leave records and approve leave requests.

book resources

When you start each of the projects in this series, you'll get full access to the following book for 90 days.

choose your plan


only $41.67 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • Role-Based Access Control for APIs Using LDAP project for free

project author

Sashank Dara

Sashank Dara received his PhD in cybersecurity from IIIT-Bangalore in the area of applied cryptography and threat intelligence. He’s an expert cybersecurity technologist with more than 17 years of experience in the field, including as a consultant advisor for Manipal Global Education Services’ cybersecurity programs and as a security technology and strategy advisor for security startups including Appknox, Haltdos, and He remains a trusted information security consultant and advisor for top companies in EdTech, IT/ITes, academia, and real estate. He’s the co-inventor of 5 U.S. patents (and 3 IETF drafts) in the areas of cloud, SDN, and NFV security, and he’s published more than a dozen research papers at IEEE, LNCS conferences in the areas of cloud security, privacy, cryptography, and threat intelligence. A prolific speaker at security conferences and invited talks, Dara is currently the CTO and co-founder of Seconize, an award-winning cybersecurity startup pioneering a cyber risk and compliance management SaaS product suite.


This liveProject series is for Java developers who have read up on the basics of LDAP. To begin this liveProject series, you will need to be familiar with the following:

  • Basics of Java
  • Basics of JavaScript
  • Basics of HTML and CSS
  • Basics of Spring
  • Basics of JDBC
  • Basic debugging
  • Code reviews
  • Code refactoring
  • Unit testing
  • Security testing

you will learn

In this liveProject you will learn to implement session management in line with established standards and best practices.

  • Understanding an API specified in Open API Specification 3.0 using Swagger
  • Setting up the environment to implement the API specification provided using Java Spring
  • Learning the basics of Lightweight Directory Access Protocol (LDAP)
  • Implementing basic HTTP authentication with username and password as per LDAP protocol
  • Implementing session management as per LDAP protocol
  • Authorizing requests based on user role as per LDAP protocol
  • Logging requests for auditing purposes using standard formats
  • Testing the functionality of the reference API implementation using Postman


You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.