Offline - Online database syncronising

<?xml version="1.0"?>
<!DOCTYPE hibernate-mapping PUBLIC
        "-//Hibernate/Hibernate Mapping DTD 3.0//EN"
        "http://hibernate.sourceforge.net/hibernate-mapping-3.0.dtd">

    <hibernate-mapping package="nl.foo.data">

        <class name="User" table="user">

            <id name="id" type="long" unsaved-value="null">
                <column name="id" not-null="true"/>
                <generator class="identity"/>
            </id>

            <version name="version"
                     column="version"
                     type="integer"/>
          
        </class>

</hibernate-mapping>

Do you have isolation issues in your webform?

In this blogentry I want to make clear that your webforms could be
subject to isolation issues like lost updates and unrepeatable reads
if no locking is applied. I'm going to explain what causes this
problem and how it can be solved.

In a lot of webapplications webforms are used and it is common
practice that the business transaction for the form spans two system
transactions:
<dir>
       <li>
               the first transaction is executed when the form is shown:
information is retrieved from the database and placed in the form (and
maybe in a session: directly or indirectly).
       </li>
       <li>
               the second transaction is executed when the form is submitted: the
data is processed and placed in the database.
       </li>
</dir>
The reason why the transaction is divided, is because using a single
system transaction requires that transaction to be open from the
moment that the form is shown untill the form is submitted. This
causes a lot of lockcontention and lockcontention reduces scalability
of the application. Imagine what happens when a user decides to make
dinner before he submits.

The problem with this approach is that it could be subject to
isolation issues because no protection is provided after the first
transaction finishes and the second one starts. This makes your system
vonerable to isolation issues like lost updates and unrepeatable
reads. The biggest problem with these types of errors is that they are
very hard to detect and to reproduce. So some users experience strange
problems but the code doesn't show any bugs.

That is why you need some kind of locking mechanism that doesn't rely
on an active transaction. This type of locking is called offline
locking. There are two different approaches:
<dir>
       <li>pessimistic offline locking</li>
       <li>optimistic offline locking</li>
</dir>

<h3>Optimistic Offline Locking</h3>
With the optimistic approach you are optimistic about the fact that
the chance is very small that a different transaction is going to
update the same record(s) in the period that the current record is
between the 2 transactions and that the consequences of the conflict
are not that bad.

It works like this: a version is added to the record(s) and when the
record is read, the version is copied to the object. When the object
is submitted to the database, the version of the object can be checked
with the version of the record.  If a different transaction has
modified that record, the version in the database is higher and you
know the 'lock' has failed. That is how optimistic locking is able to
detect conflicts.

The advantage of optimistic locking is that it scales better (because
it is subject to less lockcontention) and that it is quite easy to
implement. If you store the objects in the session of the webcontainer
and use a modern OR-mapper like Hibernate, you don't have to do
anything special because Hibernate will check the versions for you (if
you have actived optimistic locking). If you are using a long
(hibernate) session the versions can be checked when the session is
reattached to the db. (checken).

If you don't want to rely on the session of your webcontainer (because
it also reduced scalability) you could store the information in a
hidden field in the form. I think you have to realize that this could
be a security risk because someone could alter the version manually.
If you think this could be an issue, you could encrypt the version
before placing it.

<h3>Pessimistic Offline Locking</h3>

<h3>Being pragmatic</h3>
In some cases you need to be pragmatic. Ofcourse it technically is
better to do locking, but it takes extra time. And if the chances of
conflicts are small (eg: a forum user that is updating his email
address) and the consequences are small, it would acceptable to skip
the locking. But I think it is important that you realize the
consequences of this approach and that you are able to justify it.

If you want to read more about this subject I recommend "Patterns of
Enterpise Application Architecture" from Martin Fowler. In the
"Concurrency" chapter you can find a lot more information about this 
interresting but tricky subject.