[
https://issues.apache.org/jira/browse/FINERACT-2485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18063113#comment-18063113
]
saifulhuq commented on FINERACT-2485:
-------------------------------------
*[UPDATE: Finalized Architectural Specification]*
Following a rigorous architectural review and discussion with [~aleks]
regarding FINERACT-2169, the implementation strategy for this POC has been
completely refactored.
We are abandoning the previously proposed exception-based control flow
({{{}DataIntegrityViolationException{}}}) as it introduces unacceptable JVM
stack trace overhead on the critical execution path.
The finalized architecture abandons decorators in favor of *Composition* and
utilizes a *Multi-Level Caching* strategy for fail-fast execution. The core
pillars of the updated design are:
# *Early Rejection (Fail-Fast):* Interception shifted to the Servlet Filter
layer utilizing $O(1)$ boolean state checks ({{{}isDuplicate(key){}}}) rather
than retroactive database rollbacks.
# *Composition:* Injection of a standalone, domain-agnostic
{{IdempotencyService}} rather than wrapping the core command pipeline.
# *Extensibility:* Introduction of a {{CommandHasher}} interface for pluggable
payload hashing, supporting commercial integrators.
# *Multi-Level Cache:* Implementation of a generic CacheManager (L1: Caffeine
-> L2: Redis) integrated with the existing {{CommandAuditor}} for O(1) response
retrieval.
The complete Architectural RFC Document (co-reviewed with Aleks) can be viewed
here:
[https://docs.google.com/document/d/1uQd0ImlYpCbWknMpwprdLDQBjWm0C5xuue-5q3wiWCc/edit?tab=t.0]
This ticket will serve as the execution track for this specification under the
umbrella of FINERACT-2169
> [GSoC 2026] [POC] Standardize and Harden Transaction Idempotency for Savings
> and Loans
> --------------------------------------------------------------------------------------
>
> Key: FINERACT-2485
> URL: https://issues.apache.org/jira/browse/FINERACT-2485
> Project: Apache Fineract
> Issue Type: Task
> Reporter: saifulhuq
> Priority: Major
> Labels: gsoc2026, poc, security
>
> *Goal:* Standardize idempotency enforcement to prevent replay attacks in core
> financial modules. *Implementation Strategy (Addressing James Dailey's
> feedback):*
> # *Opt-In Architecture:* New logic will be behind a Global Configuration
> flag. Default remains legacy behavior to ensure 100% backward compatibility.
> # *Phased Approach:* Audit existing {{m_portfolio_command_source}} usage and
> bridge gaps in the Savings module first.
> # *Testing:* Implementation of integration tests simulating network
> failures/retries.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
