I need help in understanding the concept of maintaining privacy of the user and not disclosing other users trying to do.
When user logs into the application and do a company search and try to find its details. The user is getting to see different company information.
Reason : There is an automation code running at the background and trying to retrieve a list of company details.
So, when user tries to retrieve a company details information, the user see a company details that was running in the background by automation code.
for ex: If user wanted to see or download Sony company information instead user is getting different company details like LG comapany i.e. because at that point of time automation code is trying to retrieve LG company information in the back ground.
This is because the form data is getting updated by the time users try to retrieve company details.
Below are my thoughts:
1. May I know what will be best solution is it using synchronization will help but I believe it affects performance?
2. Is it a good idea to store company information in a session?
Please let me know if I am not clear about my question.
The problem isn't synchronization, the problem is where you store the results. You are storing the Company and other information as instance-variables in a class which is used by all users. So whatever value is stored in that variable is visible by everyone. Instead you need to store that information into the user's Session.
there is a lot of information about how to use a Session, so a search will help you out.
If I understood your problem statement correctly, your users are doing searches for company details. To me, it implies that a user could search on multiple companies. Is this correct?
There are several contexts that you need to be aware of: Page, Request, Session, Application. If my understanding of your problem is correct, the most appropriate place to put the Company information is in the Request context. That way, information that your code provides to the presentation layer is visible only in the context of the current request being processed.
I know that what you provided is just sample/test code but something that jumps out at me is Line 17, where you create a new instance of Company. You pass in the company number and the user key. What does the user key have to do with Company? Is this the way you have it in your real code? I would expect something like this:
Where companySearchService is a POJO that knows how to perform the search for company details. This is the class that would instantiate Company if the search criteria produced a result.
The usual motivation for passing in a user is to provide some kind of audit trail of user activities. If that's the motivation for passing the user key in to the Company constructor, I would move that concern to a service, too.
where auditTrailService is another POJO that knows how to log events to an Audit Trail.
Also, check your Struts configuration. I'm a little rusty on Struts but I would make sure the Form is configured to be in the Request context. Your sample code looks like it should work as long as the Form is in the Request context. If the form were in a context with a wider scope, such as Application, then you'd definitely see the kind of problems you're seeing.
Ahh, yes of course, I totally missed the fact that those were declared as instance variables. You shouldn't use instance variables because there is only ONE instance of a particular Action class created per action mapping that you configure. When multiple threads execute through the Action class, they will all be accessing the same instance variables in that one Action class instance. Thus, if one user searches for "Sony" and another searches for "Panasonic" right after him, it is very likely that the first user will see the results for the "Panasonic" search because the Sony search result had already been overwritten by the Panasonic search result.
Just to clarify some of what's been mentioned here:
"problem isn't synchronization" - actually it is related to synchronization but not that you have to explicitly synchronized any methods in the Action class (which you should not do either). It's because there is a possibility of multiple request threads accessing the same instance variables and there is a danger of one thread improperly seeing changes made by another thread.
"the problem is where you store the results." - Agreed
"store that information in the user's Session." - this would probably work but a better fix is what was alluded to earlier: not to use instance variables in the Action class
"sample code looks like it should work" - Wrong, because of what Steve said about instance variables in the Action class
"Do not use class variables." - True, if they are mutable objects. That is, their values or state can be changed. Variables with primitive types declared as static final and other immutable objects can still be declared at either the class or instance level. In the context of the current problem, however, probably meant to write "instance variables", like Steve said.