I manage few spring based web applications. for example if my client is a flex application, with many modules/screens. Access to the screen or page or even a spring service is controlled by spring security based on the user role.
At certain time we may want to block access to that screen or service completely irrespective of the access granted by role. May be we want to take down a specific page/screen or a service for maintenance. and enable it after certain time. What is the best practice to achieve it. I do not want to restart the application.
I think of using some filter, so every request will pass through the filter and this filter will have the logic to check , if the current operation or view is allowed or disabled.
Is this the better way to handle it. or Is there any other solution.
What is the best practice.
Servlet filtler is a good choice if you want to block pages known by URL. This solution is simple and pretty straightforward.
Spring aspect will be better if you want to block services. Just wrap classes you would like to block and perform a check prior to calling it. Throw a specific exception that you can handle in the presentation layer.
We implemented a similar feature once in REST-based application. A global filter/aspect blocks all non-GET methods effectively switching an application to read-only mode.