Using Spring Session
Before we can dig into those nice security policies and authorization rules we just talked about, we need a solution to secure multiple microservices.
What is the exact problem? When we log in to the first piece of our social media platform, we want that status to be carried through to the other components with ease.
The solution is Spring Session (http://projects.spring.io/spring-session/), which supports multiple third-party data stores to offload session state including Redis, MongoDB, GemFire, Hazelcast, and others. Instead of the session data being stored in memory, it is externalized to a separate data store.
This provides multiple benefits such as the following:
- Provides scalability when running multiple instances of various services
- Avoids the need for session affinity (sticky sessions) by not requiring load balancers to route clients to the same instance
- Leverages a data store's built-in expiration options (if desired)
- Multi-user profiles
There is one other, hidden...