How to prevent race conditions in a web application?

Consider an e-commerce site, where Alice and Bob are both editing the product listings. Alice is improving descriptions, while Bob is updating prices. They start editing the Acme Wonder Widget at the same time. Bob finishes first and saves the product with
the new price. Alice takes a bit longer to update the description, and when she finishes, she saves the product with her new description. Unfortunately, she also overwrites the price with the old price, which was not intended.
In my experience, these issues are extremely common in web apps. Some software (e.g. wiki software) does have protection against this - usually the second save fails with "the page was updated while you were editing". But most web sites do not
have this protection.
It's worth noting that the controller methods are thread-safe in themselves. Usually they use database transactions, which make them safe in the sense that if Alice and Bob try to save at the precise same moment, it won't cause corruption. The race condition
arises from Alice or Bob having stale data in their browser.
How can we prevent such race conditions? In particular, I'd like to know:
What techniques can be used? e.g. tracking the time of last change. What are the pros and cons of each.
What is a helpful user experience?
What frameworks have this protection built in?

Hi,
>> Consider an e-commerce site, where Alice and Bob are both editing the product listings. Alice is improving descriptions, while Bob is updating
prices. They start editing the Acme Wonder Widget at the same time. Bob finishes first and saves the product with the new price. Alice takes a bit longer to update the description, and when she finishes, she saves the product with her new description. Unfortunately,
she also overwrites the price with the old price, which was not intended.
This is a classic question that you can find in any developing exam :-)
there are several options according the behavior that fit your needs, and several points that need to be taken into consideration.
1.  Using locking in the application side, you can make sure that two people do not open the same product for editing. this is in most cases the best option.
* I am not talking about
thread-safe but the implementation is almost the same. The locking can be done using singleton class and have a static boolean element. Every time a user want to edit we check this value as first action. If the value is false then we lock the and
change it to true -> do what ever we need -> change the value to false -> unlock.
Behavior: First person that try to edit lock the product and the second get a message that this product is unders editing. In this case you do not open connection to database and your application prevent any problem.
2. Using "read your writes", as mentioned
Behavior: this mean that several people can open the same product for editing, and only when they try to send it to server they get a message telling them that they have waist their
time and someone else already change the product information. At this point they have two option: (1) overwrite what the other person did, (2) start from the beginning.
This is the way most WIKI websites work.
3. Using real-time web functionality like SignalR, WebSocket, or any streaming for example. In this case you can send the person that work on the edit a message like "this product have already been edit" and stop give him the extra time to
think what you want to do. You will need to use one of the above option maybe, but since the user get the information in real time he have time to chose.
4. Using "Change before Write" or "read before edit": The idea is to have a column that point if the row is in use. the type of this column should be same as the user unique column type. Before the user start you check the value
of this column. If it is 0 then you change it to the user unique value (for example user_id), If the value was not 0 then you know that someone else is editing the product. In this case the locking is managed in the database. make sure that you work with transactions
while reading the value and changing it! you can change the default from share lock to X lock as well during this action, if you really want.
There are several other option, if those do not fits your needs
  Ronen Ariely
 [Personal Site]    [Blog]    [Facebook]

Similar Messages

  • How to upload documents to DMS from web application externally

    We have a webdynpro based J2EE application. We want to create a SAP DMS ( KPRO ) document using this web application externally.
    Any inputs on this scenario ?
    I am able to create similar using an ABAP report which reads the client file and create the DMS document using BAPI_DOCUMENT_CREATE.
    How do we achieve this using external web application ..
    Please HELP in this.
    Thanks..

    Hi Divya,
    Good day...!
    A custom UI component will berrequired to upload the data from a Flat File into CRM WEBUI.
    The View in this UI Component can have 2 fields lets say u2013  ID and File to Upload and a button 'upload'.
    When the UPLOAD button is clicked , the event u2018ONFILEUPLOADu2019 is triggered.
    A Javascript function u2018fileUpload()u2019 reads the Excel file and formats the data in the form of a long string with Line Breaks corresponding to each row in the excel file. This string is stored in a Hidden HTML form element u2018Excel_Datau2019.
    In the Event Handler for u2018ONFILEUPLOADu2019, the hidden form element u2018EXCEL_DATAu2019 is read and retrived.
      lv_file_data = request->get_form_field( name = lv_excel_data ).
      me->lv_id = request->get_form_field( name = lv_schema_id ).

  • How to enhance the context menu in Web Applications - BW 7.0

    We have to enhance the context menu of several Web Applications and,
    initially, we based our solution on the paper "How to enhance the
    context menu of Web Applications", from June, 2002, but the solution
    described on the paper refers to the BW version 3.0 and we need the
    solution for the BW version 7.0. The technical content described on the
    paper, version 3.0, is very different from the content of the version
    7.0, used by us. Is this feature available for the version 7.0?

    Hi,
    did you find a solution already?
    Thanks,
    Frank

  • How to use maven project with fusion web application

    hi i have seen the tutoriel of oracle on how to use maven 2 with jdevelopper ,
    but how to integrate it on a fusion web application ???
    Edited by: 922454 on 9 avr. 2012 04:39

    If you have not managed to help yourself out with maven for ADF here is a quick workaround you can try. Invoke ant's ojdeploy task from maven. Refer step-by-step guide here.
    http://maveninjdeveloper.blogspot.in/2012/04/handle-adf-application-maven-ant.html

  • How sharepoint understand when user requests for web applications by their DNS names

    HI
    I configured Alternate access mapping in my sharepoint farm for default ,intranet zones
    and spt farm has two web front end servers and they load balancing by F5 device
    in WFE servers there are different web applications are running on different ports
    so here I want to know how load balancing works, load balancing configured in F5 device.
    when users request a webapplication from browser (ex http://cms) where this request will go
    1)when I ping cms and other web applicaations  it returns me a loadbalancer  server IP  for all web applications;
    ping cms : it returns 10.xxx.0.80 , same ip returns when I ping for other web app
    but ex CMS web application run on the 10.xxx.1.26:81 port in sharepoint server
    2) and these sharepoint web applications running on different ports in sharepoint  web servers , so here  how sharepoint understand when user requests for web applications by their DNS names
    http://cms and http://products  etc
    adil

    I'm not sure if the F5 can add a port number (I'm not an expert on load balancers).  But in general if you design the SharePoint site to run on port 81 then you need to have port 81 appended to the request or it won't work.  http://cms in your
    example would take you to http://cms:80 not http://cms:81.  But in general DNS will resolve the address back to the F5 load balancer.  The load balancer will look at the header of the HTTP request (which contains the original address you requested)
    and forward the request to the appropriate web front end IP address.  If your web front end is using one IP address for multiple sites then those sites need to be differntiated by using a custom port like 81 (which must be included in the original request)
    or because a host header was bound to the web application when it was created.  If they are running on different port numbers then the request must include the port number by the time it gets to the SharePoint server.
    Paul Stork SharePoint Server MVP
    Principal Architect: Blue Chip Consulting Group
    Blog: http://dontpapanic.com/blog
    Twitter: Follow @pstork
    Please remember to mark your question as "answered" if this solves your problem.

  • How to import javafx into a existing web application??

    how to import javafx into a existing web application in netbeans 6.5??

    how to import javafx into a existing web application in netbeans 6.5??

  • How to avoid directory listing in java web applications.

    how to avoid directory listing in java web applications.
    That is on typing the url of the application it should not the directory listing. Welcome tag in web.xml doesnot fully solve the problem, since still the images folder etc is still accessible

    I know of two ways.
    If you're using tomcat and have access to the conf directory.
    Edit your $TOMCAT/conf/web.xml. Find your default servlet properties and change
      <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
        <init-param>
          <param-name>debug</param-name>
          <param-value>0</param-value>
        </init-param>
        <init-param>
          <param-name>listings</param-name>
          <param-value>true</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
      </servlet>to  <servlet>
        <servlet-name>default</servlet-name>
        <servlet-class>org.apache.catalina.servlets.DefaultServlet</servlet-class>
        <init-param>
          <param-name>debug</param-name>
          <param-value>0</param-value>
        </init-param>
        <init-param>
          <param-name>listings</param-name>
          <param-value>false</param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
      </servlet>And restart your server. This will affect every directory on the server, and return a 405 directory browsing forbidden error.
    Another way, is to place an index.jsp inside each directory with a simple one line redirect to your applications CONTEXT_PATH.response.sendRedirect("http://yourserver/yourapp/");This will only affect specific directories which contain these index.jsp files.
    Hope this helps

  • How to prevent downloading wsdl in weblogic web service client

    Hi,
    I get a problem regarding weblogic web service client. My working environment:
    weblogic server 8.1
    Windows XP SP2
    JDK 1.4
    I use the weblogic tool to generate the client jar file from the wsdl file.
         <target name="generate-client">
              <clientgen wsdl="ACCESS.wsdl"
                   packageName="xxxxxx.client"
                   clientJar="${client}/${AccessClient_jar_file}"
                   keepGenerated="true"
                   saveWSDL="true"
              />
              <javac srcdir="${source}"
              destdir="${client}"
              includes="**/AccessClient.java">
              <classpath>
              <pathelement path="${client}/${AccessClient_jar_file}"/>
              </classpath>
              </javac>
         </target>
    After that, I create a client java file to invoke the service deploy in the server.
    public static void main(String[] argv)
    throws Exception
         int transactionId = 100;
         int id = 1000;
    // Setup the global JAXM message factory
    System.setProperty("javax.xml.soap.MessageFactory", "weblogic.webservice.core.soap.MessageFactoryImpl");
    // Setup the global JAX-RPC service factory
    System.setProperty( "javax.xml.rpc.ServiceFactory", "weblogic.webservice.core.rpc.ServiceFactoryImpl");
    AccessServicePorts ws = new AccessServicePorts_Impl(argv[0]);
    AccessService port = ws.getAccessService();
    // Resource - create
    Resource resource = new Resource();
    resource.setRES_CD("Create ResCo");
    resource.setCODE_CODE("code_cod");
    resource.setRES_TYPE("Resource typ");
    resource.setCOMMON_FIELD(common);
    AccessDefaultResult resultItems = port.createResource(resource);
    System.out.println("createResource : " + resultItems);
    I find that this web service client always issue 2 http requests to invoke an web service method deployed in server.
    1st http reqeust:
    GET /AccessEpol/EpolServiceSoap?WSDL HTTP/1.1
    User-Agent: Java/1.4.2_08
    Host: 127.0.0.1:8001
    Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
    Connection: keep-alive
    the return result is the wsdl downloaded from the server.
    2nd http request is the real web service request.
    The question is how could I eliminate the 1st http request because it's really unnecessary. I use other web service client like Axis 1.x, Axis client never has the http request to download the wsdl from the server.
    I read through weblogic web service document. It do mentions that put saveWSDL="true" in the clientgen ant task. the default value for saveWSDL is true already. I did try saveWSDL="false" also. None of them can eliminate the 1st http request.
    appreciate for any answer my question?

    Hi David,
    thanks for the reply.
    More or less I agree some points you mentioned above.
    I did use Axis 1.x to test the inter-operability. The web service was developed in Weblogic 8.1 and is a part of an existing web application. It will be merged to existing application deployed in weblogic 8.1.
    I also program the web service client to test the web service.
    The implementation of the server and client will be handed over the project team and training for supporting or continuous development have to be conducted by me. So I don't like to use two types of technologies which will make thing complex.
    I found this issue when I tried to protected the web service endpoint, eg http://localhost:7001/epol/service, using the web application Basic mechanism. The wsdl URL http://localhost:7001/epol/service?WSDL is also protected in this case. Unfortunately the username/password pair is not sent to the server when the weblogic client download the WSDL from the server. In this case, the client failed and throw exception.

  • How to call a report from a web application

    Hi,
    I have a web server in wich is installed Reports 6i. My question is how can I call reports 6i to generate a pdf using a .rep file from my web application (built with java)?

    Hi,
    The below link will be very useful for one who need idea on calling Oracle Report from Java Application,
    http://www.oracle.com/technology/products/reports/htdocs/getstart/examples/reportswebservice/index.html
    Thanks & Rgds,
    M T

  • How to restrict access to a deployed web application

    I have a web application (ear-file) and i want to configure NetWeaver so that only certain users can use the web application.
    How/where to configure the Application server to reach that goal?

    Hi Ludger,
    You can create J2EE Security Roles:
    http://help.sap.com/saphelp_nw04/helpdata/en/c2/e13e4045796913e10000000a1550b0/frameset.htm
    Regards,
    Siddhesh

  • How to create reports from my existing web application on Java/J2EE with Oracle Client 10g as the backend?? Help sought for

    Our company has developed an  Web Application and we are also looking out for the development of reports using Business Objects Exterprise XI Release 2 and for this purporse I do require some help from the forum who can literally show me how to get on and working on creating the reports.

    Thats why I thought I should make the following chain in the keystore, possibly in this order.
    1. My private key (simply generated in the server)
    2. Import Root certificates from NS
    3. Import Trusted certificate issued by NS
    Then when I sign with my private key surely an association will be formed to the trusted authority certificate. The problem I'm having is when I first made my private key I used openSSL as it was only intended for HTTPS. Now I need to create a keystore so I can use jarsigner to sign the jar file, and I can't see how to create a keystore using my existing private key. Surely if I created a new key and self sign, then import the trusted certificate the association will fail, as the private key will not be the same 1 that I used to make the CSR when applying for the trusted certificate.

  • How to handle multiple datasources in a web application?

    I have a J2EE Web application with Servlets and Java ServerPages. Beside this I have a in-house developed API for certain services built using Hibernate and Spring with POJO's and some EJB.
    There are 8 databases which will be used by the web application. I have heard that multiple datasources with Spring is hard to design around. Considering that I have no choice not to use Spring or Hibernate as the API's are using it.
    Anyone have a good design spesification for how to handle multiple datasources. The datasource(database) will be chosen by the user in the web application.

    Let me get this straight. You have a web application that uses spring framework and hibernate to access the database. You want the user to be able to select the database that he wants to access using spring and hibernate.
    Hopefully you are using the Spring Framework Hibernate DAO. I know you can have more that one spring application context. You can then trying to load a seperate spring application context for each database. Each application context would have it's own configuration files with the connection parameters for each datasource. You could still use JNDi entries in the web.xml for each datasource.
    Then you would need a service locater so that when a user selected a datasource he would get the application context for that datasource which he would use for the rest of his session.
    I think it is doable. It means a long load time. And you'll need to keep the application contexts as small as possible to conserve resources.

  • How to capture the Status code in Web application Transcation monitoring if we are using multiple Request

    Hi Team
    We would like to monitor 12 url,s which requires Authentication. Hence i have added the same in one Single Web application transcation template.
    i have added the below info to the get the Stats code displayed in Alert
    Status code is $Data/Context/RequestResults/RequestResult["1"]/BasePageData/StatusCode$
    when i recived a alert it gave the Status code of the 1st Request
    hence i changed the same as
    Status code is $Data/Context/RequestResults/RequestResult["12"]/BasePageData/StatusCode$
    But still i am facing the same issue .
    My first request shows me a status code of 200, and my 12th Request comes with 500 but in the alert i get 200 but it should be 500.
    Kindly help me in how i can get the Status code for the multiple  Request.
    Regards
    Sriram

    Hi Sriram,
    Please run the test of your 12th Request, view full result and check if Status Code is 200.
    Meanwhile, you can run the URL manually to check the result.
    Niki Han
    TechNet Community Support

  • How to create a war file of web application

    Hi Techies
    How to create a war file of the web application?
    And plz tell me the utilities used for it.

    hi,
    To compress a 'abc' web application into a "Web Archive" file named abc.war, follow the steps below:
    1> Open a command prompt and cd to the application's dir:
    <TOMCAT_HOME>\webapps\abc
    2> Use the java archive command 'jar' to bundle up your application:
    jar -cvf abc.war *
    3> Move this to any other server and work with it!! :)
    -- Abdel Raoof Olakara
    http://olakara.googlepages.com

  • How to display BLOB image column with WEB application, JSF, ADF BC

    I looking for a way to display the content from a blob column on a WEB application, JSF, ADF BC
    The blob column contains a JPEG image.
    About the application
    The model contains a viewobject where the blob column attribute (photoimg) type is of type : BlobDomain
    Now I have to create the view to display the content of photoimg inside a JSF-JSP page.
    Any advice ?

    Search is your friend
    How to display the content of a BLOB column in a ADF/BC pages ?
    John

Maybe you are looking for

  • Bug in java.awt.geom.Rectangle2D.contains method

    I cannot understand why not awt.geom.Rectangle2D.contains() return the right value??? Or maybe i don�t understand it properly. Check out this code snippet import java.awt.geom.*; public class Test     public static void main(String[] args)        //R

  • How to optimize my Macbook Pro

    I made a clean install of OS X Yosemite a couple of weeks back. There are very few programs. I just want to make sure the hardware is working at its optimal state and there are no foreseeaable problems. Kindly share your suggestions and feedback. Her

  • How can I disable the behance pics during the startup of my CC 2014 programmes?

    When I start my photoshop cc 2014 and illustrator and all other apps, there ware always some behance pics from users. is there a way to disable them? thanks a lot alex

  • Wifi & bluetouth of iphone 3gs

    Hi guys!! I need your help!i updated a week ago my iphone 3gs for the fist time & after that a message pops out all the time saying that it isnt available 2 use wifi cause i dont have internet on my phone!that is true but that message used 2 pop out

  • GLPCA

    Friends, The data volume in GLPCA is growing very high for us. This is mainly due t0 backflush which is generating lot of line item postings (which we can not avoid)to materials which in turn posting actual line item in GLPCA. I checked OSS 178919. W