[jira] [Commented] (FINERACT-2485) [GSoC 2026] [POC] Standardize and Harden Transaction Idempotency for Savings and Loans

[saifulhuq (Jira)]

    [ 
https://issues.apache.org/jira/browse/FINERACT-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18067608#comment-18067608
 ] 

saifulhuq commented on FINERACT-2485:
-------------------------------------

Hi [~dpk376] , thanks for your interest in this sub-task and the performance 
discussion.

To save you time on drafting an ADR: the architectural decisions you are 
suggesting (a pluggable {{{}IdempotencyStore{}}}, payload 
hashing/canonicalization, and completely decoupling from {{{}CommandSource{}}}) 
have already been formalized and reviewed in the system-wide RFC linked in the 
comment history above (finalized March 5th).

Regarding the database locking mechanism: a standard {{UNIQUE}} constraint in a 
Spring Data JPA environment will still inevitably trigger a 
{{DataIntegrityViolationException}} at the Hibernate layer during a concurrent 
race condition. This resurrects the exact JVM stack trace overhead Aleks and I 
specifically architected this specification to avoid.

The finalized RFC solves this by bypassing Hibernate's exception translation 
entirely. We are utilizing a native PostgreSQL {{INSERT ... ON CONFLICT DO 
NOTHING}} query. This allows the {{OncePerRequestFilter}} to evaluate an $O(1)$ 
integer return ({{{}0{}}} rows affected) and short-circuit the request with a 
409 Conflict without a single JVM exception being thrown.

Feel free to review the attached RFC document for the full {{CommandHasher}} 
and {{IdempotencyService}} interface contracts that govern the payload 
validation you mentioned.

> [GSoC 2026] [POC] Standardize and Harden Transaction Idempotency for Savings 
> and Loans
> --------------------------------------------------------------------------------------
>
>                 Key: FINERACT-2485
>                 URL: https://issues.apache.org/jira/browse/FINERACT-2485
>             Project: Apache Fineract
>          Issue Type: Sub-task
>            Reporter: saifulhuq
>            Priority: Major
>              Labels: poc, security
>
> *Goal:* Standardize idempotency enforcement to prevent replay attacks in core 
> financial modules. *Implementation Strategy (Addressing James Dailey's 
> feedback):*
>  # *Opt-In Architecture:* New logic will be behind a Global Configuration 
> flag. Default remains legacy behavior to ensure 100% backward compatibility.
>  # *Phased Approach:* Audit existing {{m_portfolio_command_source}} usage and 
> bridge gaps in the Savings module first.
>  # *Testing:* Implementation of integration tests simulating network 
> failures/retries.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)