9

Basically, I am trying to understand how to write correct (or "to correctly write"?) transactional code, when developing REST service with Jax-RS and Spring. Also, we're using JOOQ for data-access. But that shouldn't be very relevant...
Consider simple model, where we have some organisations, that have these fields: "id", "name", "code". All of which must be unique. Also there's a status field.
Organization might be removed at some point. But we don't want to remove the data altogether, because we want to save it for analytical/maintenance purposes. So we just set organization 'status' field to 'REMOVED'.
Because we don't delete the organization row from the table, we can't simply put the unique constraint on the "name" column, because, we might delete organization and then create a new one with the same name. But let's assume that codes has to be unique globally, so we DO have a unique constraint on the code column.

So with that, let's see this simple example, that creates organization, performing some checks along the way.

Resource:

@Component
@Path("/api/organizations/{organizationId: [0-9]+}")
@Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaTypeEx.APPLICATION_JSON_UTF_8)
public class OrganizationResource {
    @Autowired
    private OrganizationService organizationService;

    @Autowired
    private DtoConverter dtoConverter;

    @POST
    public OrganizationResponse createOrganization(@Auth Person person, CreateOrganizationRequest request) {

        if (organizationService.checkOrganizationWithNameExists(request.name())) {
            // this throws special Exception which is intercepted and translated to response with 409 status code
            throw Responses.abortConflict("organization.nameExist", ImmutableMap.of("name", request.name()));
        }

        if (organizationService.checkOrganizationWithCodeExists(request.code())) {
            throw Responses.abortConflict("organization.codeExists", ImmutableMap.of("code", request.code()));
        }

        long organizationId = organizationService.create(person.user().id(), request.name(), request.code());
        return dtoConverter.from(organization.findById(organizationId));
    }
}

DAO service looks like that:

@Transactional(DBConstants.SOME_TRANSACTION_MANAGER)
public class OrganizationServiceImpl implements OrganizationService {
    @Autowired
    @Qualifier(DBConstants.SOME_DSL)
    protected DSLContext context;

    @Override
    public long create(long userId, String name, String code) {
        Organization organization = new Organization(null, userId, name, code, OrganizationStatus.ACTIVE);
        OrganizationRecord organizationRecord = JooqUtil.insert(context, organization, ORGANIZATION);
        return organizationRecord.getId();
    }

    @Override
    public boolean checkOrganizationWithNameExists(String name) {
        return checkOrganizationExists(Tables.ORGANIZATION.NAME, name);
    }

    @Override
    public boolean checkOrganizationWithCodeExists(String code) {
        return checkOrganizationExists(Tables.ORGANIZATION.CODE, code);
    }

    private boolean checkOrganizationExists(TableField<OrganizationRecord, String> checkField, String checkValue) {
        return context.selectCount()
                .from(Tables.ORGANIZATION)
                .where(checkField.eq(checkValue))
                .and(Tables.ORGANIZATION.ORGANIZATION_STATUS.ne(OrganizationStatus.REMOVED))
                .fetchOne(DSL.count()) > 0;
    }
}

This brings some questions:

  1. Should I put @Transactional annotation on Resource's createOrganization method? Or should I create one more service that talks to DAO and put @Transactional annotation to it's method? Something else?
  2. What would happen if two users concurrently send request with the same "code" field. Before first transaction is commited the checks are successfully passed, so no 409 respones will be sent. Than first transaction will be committed properly, but the second one will violate DB constraint. This will throw SQLException. How to gracefully handle that? I mean I still want to show nice error message on the client side, saying that name is already used. But I can't really parse SQLException or smth.. can I?
  3. Similar to the previous one, but this time "name" is not unique. In this case, second transaction will not violate any constraints, which leads to having two organization with the same name, that violates our buisness constraints.
  4. Where can I see/learn tutorials/code/etc., that you consider great examples on how to write correct/reliable REST+DB code with complicated buisness logic. Github/books/blogs, whatever. I've tried to find something like that myselft, but most examples just focus on the plumbing - add these libs to maven, use these annotations, there is your simple CRUD, the end. They don't contain any transactional considirations at all. I.e.

UPDATE: I know about isolation level and the usual error/isolation matrix (dirty reads, etc..). The problem I have is finding some "production-ready" sample to learn from. Or a good book on a subject. I still don't really get how to handle all the errors properly.. I guess I need to retry a couple of times, if transaction failed.. and than just throw some generic error and implement client, that handles that.. But do I really have to use SERIALIZABLE mode, whenever I use range queries? Because it will affect performance greatly. But otherwise how can I garantee that transaction will fail..

Anyway I've decided that for now I need more time to learn about transactions and db management in general to tackle this problem...

Dzmitry Paulenka
  • 1,879
  • 12
  • 14

4 Answers4

1

Generally, without talking about transactionality, endpoint should only grab parameters from the request and call the Service. It shouldn't do business logic.

It seems your checkXXX methods are part of the business logic, because they throw errors about domains-specific conflicts. Why not put them into the Service into one method, which is by the way transactional?

//service code
public Organization createOrganization(String userId, String name, String code) {

    if (this.checkOrganizationWithNameExists(request.name())) {
        throw ...
    }

    if (this.checkOrganizationWithCodeExists(code)) {
        throw ...
    }

    long organizationId = this.create(userId, name, code);
    return dao.findById(organizationId);
}

I took as your parameters are Strings, but they can be anything. I'm not sure you want to throw Responses.abortConflict in the service layer because it seems to be a REST concept, but you can define your own exception types for it if you want.

Endpoint code should look like this, however, it might contain additional try-catch block which converts the thrown exceptions to Error responses:

//endpoint code
@POST
public OrganizationResponse createOrganization(@Auth Person person, CreateOrganizationRequest request) {
    String code = request.code();
    String name = request.name();
    String userId = person.user().id();
    return dtoConverter.from(organizationService.createOrganization(userId, name, code));
}

As for question 2 and 3, transaction isolation levels are your friends. Put isolation level high enough. I think 'repeatable read' is the suitable one in your case. Your checkXXX methods will detect if some other transaction commits entities with the same name or code and it's guaranteeed that the situations stays by the time 'create' method is executed. One more useful read regarding Spring and transaction isolation levels.

pcjuzer
  • 2,724
  • 4
  • 25
  • 34
  • But it still doesn't help to solve problem with incorrect data. Meaning questions 2 and 3 in the question... – Dzmitry Paulenka Aug 22 '16 at 16:10
  • Data-checks are done in the service and you throw your own exception. You don't have to parse SQLException. Transaction isolation guarantees that once you did the checks in the service they are still valid during the 'create' statement. Even if two requests arrive at the same time, one of them will be delayed until the other is committed (or something like that, it depends on the level). I think this covers question 2 and 3. – pcjuzer Sep 12 '16 at 09:26
  • 1
    It's not that simple... SERIALIZABLE isolation is too restrictive to use for every case, but even REPEATABLE_READ is not enough. I had to use SELECT FOR UPDATE to make it work somehow, but that way concurrency will suffer... BTW, I've put testing project on github, so anyone can play with it... https://github.com/Fantast/gs-managing-transactions – Dzmitry Paulenka Sep 12 '16 at 14:16
  • If scalability is an issue and you need really high throughput for this particular operation then some things can be done yet. For example caching the names and codes and check the cache before starting the transaction. Furthermore, if scalability is indeed an issue, you'd better to get familiar with parsing constraint violations from SQLExceptions and get rid of the explicit checks. – pcjuzer Sep 16 '16 at 12:54
1

As per my understanding the best way to handle DB level transaction you must use Spring's Isolation trnsaction in effective way in the dao layer. Below is sample industry standard codde in your case...

public interface OrganizationService {
    @Retryable(maxAttempts=3,value=DataAccessResourceFailureException.class,backoff=@Backoff(delay = 1000))
    public boolean checkOrganizationWithNameExists(String name);    
}

@Repository
@EnableRetry
public class OrganizationServiceImpl implements OrganizationService {
    @Transactional(isolation = Isolation.READ_COMMITTED)
    @Override
    public boolean checkOrganizationWithNameExists(String name){
        //your code
        return  true;       
    }
}

Please pinch me if I'm wrong in here

Abhinab Kanrar
  • 1,532
  • 2
  • 20
  • 46
0

Separation of concern :

  • Jax-rs resource (endpoint) layer : just handle the request, invoke the service and wrap the potential exception in appropriate response code (just catch and wrap manually or use exception mapper).
  • Service / business layer : expose a transactional method for each unit of work, business error must be handled as checked exception, operational ones as unchecked (subclasses of RuntimeException).
  • Data access layer: just handle the data access stuff (i.e. get db context, executes query and eventually map the result).

I insist on one thing, the good place to have transaction boundaries is the place where your business methods are defined. A transaction scope must be a business unit of work.

Regarding the concurrency issue, there is 2 way to handle this kind of concurrency problem : pessimistic or optimistic locking.

  • Pessimistic :

    • Lock
    • do your stuff
    • Update
    • Release lock

  • Optimistic :

    • check version
    • do your stuff
    • update if version is same, fail otherwise

Pessimistic is an issue regarding scalability and performance, optimistic problem is that you sometimes end by sending an operating error to the end-user.

I would personally go with optimistic locking in your case, JOOQ support it

Community
  • 1
  • 1
Gab
  • 7,869
  • 4
  • 37
  • 68
  • For optimistic locking, It's not clear what records should I version? I want to protect the INSERT operation from creating duplicate entries. But in that case I'm not really changing any records, am I? I guess, I can make it work somehow.. like create table containing all names ever used - but it seems ugly... As for pessimistic lock - do you mean I should use `SELECT..FOR UPDATE`? Or just use `REPEATABLE READ` isolation? – Dzmitry Paulenka Aug 29 '16 at 16:52
  • I just can't understand, if it will actually protect my case, where I INSERT new records as a decision made by selecting other records, I.e. check if name exist, then insert new record with this name, otherwise do nothing. – Dzmitry Paulenka Aug 29 '16 at 16:52
  • Sry I read too fast. `REPEATABLE READ` does not prevent insertion of new data, you have to lock the entire table and so set the level to serializable. I suppose `select for update` does only lock the selected statement and is so not suitable. You may maintain an org table version entry in a dedicated table to implement optimistic locking and insert the new org and increment version in same transaction but it's not very elegant – Gab Aug 30 '16 at 09:47
-1

First off the DAO layer should not even know it's being fronted by a REST webservice. Be sure to separate responsibilities.

Keep the @Transactional on the DAO. If you are issuing only a single statement than you need to decide if you are OK with dirty reads. Basically, figure out what the lowest Isolation Level is for your application. Every method will start a new Transaction (unless called from another method that already had one started) and if any Exceptions are thrown it will rollback any calls. You can setup a custom ExceptionHandler in your Controller to handle SQLDataIntegrityExceptions (like you're "code" insert example).

Use an Aggregate Primary Key that covers (id, name, code, status) so you can have an org with the same name but one will be "CURRENT" and one will be "REMOVED"

Gandalf
  • 9,648
  • 8
  • 53
  • 88
  • Well, what if there are other valid statuses SUSPENDED, etc? The point is that I can't do it with simple constraints... Should I allways write complicated triggers for every complex constraint, therefore duplicating what I've written in Java? Also how to gracefully recover from violating those constraints? And where can I find good example of code that follows those practices? – Dzmitry Paulenka Aug 20 '16 at 08:25
  • 1
    a transaction scope is an unit of work, the unit of works is not defined at the DAO level, generally speaking having @Transactionnal annotations at DAO level is a design smell – Gab Aug 23 '16 at 09:39
  • @Gab Very much disagree - where do you think Transaction information should be defined if not as close to where the database interactions are? – Gandalf Aug 24 '16 at 17:41
  • Well you may disagree, that's your problem :) I suggest you google a bit on the subject, Java-ee practices are very explicit on the question, We are talking about logical transaction, which may imply other resources than databases. otherwise just look at http://stackoverflow.com/questions/1079114/where-does-the-transactional-annotation-belong – Gab Aug 25 '16 at 12:32