java - Thread safe input validation -


i'm building spring boot application allows registering, submitting of various data , etc requires validation. example have entity setup basic constraints:

@entity public class account extends baseentity {      public static final int max_length = 64;      @column(unique = true, nullable = false, length = max_length)     private string username;      @column(unique = true, nullable = false, length = max_length)     private string email;      ... }

each time before creating new account, validation performed on service layer:

public account register(string username, string email, string rawpassword) {      if (!accountvalidator.validate(username, email, rawpassword)) {         return null;     }      account account = new account(username, email, passwordencoder.encode(rawpassword));     try {         return accountrepository.save(account);     } catch (dataintegrityviolationexception e) {         return null;     } }

the validator snippet:

public boolean validate(string username, string email, string password) {      if (!validateusernamestructure(username)) {         return false;     }      if (!validateemailstructure(email)) {         return false;     }      if (!validatepasswordstructure(password)) {         return false;     }      // performs query on users see if no such email or username     // exists. before checking email , username set     // lowercase characters on service layer.     if (accountservice.doesemailorusernameexist(email, username)) {         return false;     }     return true; }

now in case if lot of multiple requests , 1 of them manages past validation, encounter exception if username or email forced lowercase in first place. example want allow users register upper case/lower case username, email characters , etc. based on this question add additional field entity or add more complex constraint on database level, want without overflow data , in java code.

so example these 2 requests create new account milliseconds apart:

request 1: username=foo email=foo@foo.com  request 2: username=foo email=foo@foo.com

during phase check duplicates (email , username set lower case, when saving keep case intact):

if (accountservice.doesemailorusernameexist(email, username)) {     return false; }

however since requests close each other, first request might not have created new account yet check second account passes , 2 database entries.

so actual question be, how perform thread safe validation these kinds of actions in service layer without huge performance impact?

solution i've chosen example

when setting username , email, apply values lowercase counterparts , apply unique constraints on them well. way keep user set case 2 properties:

@entity public class account extends baseentity {      public static final int max_length = 64;      @column(unique = true, nullable = false, length = max_length)     private final string username;      @column(unique = true, nullable = false, length = max_length)     private string email;      @column(unique = true, nullable = false, length = max_length)     private final string normalizedusername;      @column(unique = true, nullable = false, length = max_length)     private string normalizedemail;      public account(string username, string email) {         this.username = username;         this.email = email;          this.normalizedusername = username.tolowercase();         this.normalizedemail = email.tolowercase();     }      ... }

there no simple solution without of database because transactions isolated each other.

the alternative temporarily store usernames/emails in memory , complex synchronizations perform checks. things more complicated in clustered environments. ugly , hard maintain (and may impact performance if lock single synchronization point held long).

the standard , straightforward solution use database constraints.


Comments

Post a Comment

Popular posts from this blog

php - Wordpress website dashboard page or post editor content is not showing but front end data is showing properly -

Image
recently have uploaded wordpress site onto server. have uploaded wordpress site in sub-folder under root folder ../root(domain root folder)/wordpress (where host wordpress folder). now problem content data in page or post in dashboard of wordpress admin panel not showing - see image. but data showing in front view - see image. if not browser cache issue , not issue happened tinymce editor during upgrade; try add config file: define('concatenate_scripts', false);
Read more

How to get the ip address of VM and use it to configure SSH connection dynamically in Ansible -

i trying ip address of vm , trying use establish ssh vm. following script: --- - hosts: localhost become: yes connection: local gather_facts: false serial: 1 vars_files: - createvmvars.yml tasks: - name: gathering vm info. vsphere_guest: vcenter_hostname: "{{vcenter_hostname}}" username: "{{vcenter_username}}" password: "{{vcenter_password}}" guest: "{{guest_name}}" vmware_guest_facts: yes register: var - debug: msg="{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" - name: establishing ssh connection. script: /home/shasha/devops/scripts/ssh_configure.sh "{{var.ansible_facts.hw_eth0.ipaddresses[0]}}" following content of ssh_configure.sh : #!/bin/sh ssh-keygen -t rsa ssh-copy-id $1 but when running playbook, getting following error while executing third task: error! 'var' undefined but debug module(second task) printin
Read more

javascript - Get parameter of GET request -

i make request: createxhrrequest( "get", fileurl, function( err, response ) { if( err ) { alert( "error get!" ); } alert(response); }); and full response: { "status" : "ok", "message" : "jvberi0xljqkjdduxdgkmy how can jvberi0xlj ? i try response.message , response["message"]. nothing works. just simple access this: var json = json.parse(response); json.message
Read more