Concurrent transaction issue in keycloak user attribute

1

Hi.

I managed our customer’s point as keycloak user attribute.

image
image2332×54 8.61 KB

I set ‘point’ as user attribute, and I handled it with keycloak api in Java Spring boot.
So, flow of update point is…
point = getPointByUserEmail(userEmail); // get point to update
point -= 10; // minus point
updatePointByUserEmail(userEmail, point); // update point

public Long getPointByUserEmail(String userEmail) {
        UserRepresentation userRepresentation = usersResource.search(userEmail, true).get(0);

        Map<String, List<String>> attributes = userRepresentation.getAttributes();
        if (attributes == null || attributes.get("point") == null)
            return null;
        return Long.parseLong(attributes.get("point").get(0));
    }

public void updatePointByUserEmail(String userEmail, Long point) {
        UserRepresentation userRepresentation = usersResource.search(userEmail, true).get(0);
        UserResource userResource = usersResource.get(userRepresentation.getId());

        Map<String, List<String>> attributes = userRepresentation.getAttributes();
        attributes.put("point", Arrays.asList(point.toString()));
        userRepresentation.setAttributes(attributes);
        userResource.update(userRepresentation);
    }

It works well.
But my problem is when user requests simultaneously at almost same time to update point,
It doesn’t work well.

For example, there are 2 requests at once. (initial point = 100, minus point per request = 10)
I expected it would be 80 point, because 100 - (10 * 2) = 80
But it was 90 point.

So I think I need to set isolation level to transaction in point.
In JPA, there is @Lock annotation… but, how can I do it in keycloak ?
Is there any way that I can set isolation level in keycloak api so that my function will work well ?

This is code when I handle point,

public class someController {
	public ResponseEntity<String> methodToHandleRequest(@RequestBody Dto param, HttpServletRequest request) {
		...
		Long point = null;
		try {
			point = userAttributesService.getPoint();
			if (point == null)
				throw new NullPointerException();
		} catch (Exception e) {
			e.printStackTrace();
			return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body("error");
		}
		if (point < 10)
			return ResponseEntity.status(HttpStatus.PAYMENT_REQUIRED).body("you have at least 10 points " + "(current: " + point + ")");

		userAttributesService.updatePoint(point - 10);
		...
}