I have some applications with Spring Boot, Spring Security, Spring Sessions and Spring Redis.
One of my applications (I will call it "Permissions") is responsible for providing a login service to all my other applications. This is already working fine.
Now, I want to use Permissions to manage sessions for all my other applications (like a create, delete, get and save session). Permissions will persist these sessions in Redis.
Permissions itself is an application that uses itself to manage login and session, and everything works fine (login and session persistence on Redis).
To manage sessions, I need to provide a service in Permissions and consume this service in other applications, but I don't have ideia what filter or implementation of session I must override in both applications to make this feature works fine.
Anybody have an ideia to centralize the sessions management and apply new rules like a invalidate or create new sessions in a unique point to all other systems?