[
https://issues.apache.org/jira/browse/AMQ-3166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13962827#comment-13962827
]
Lars Ditzel commented on AMQ-3166:
----------------------------------
We had an issue in production with lost messages in a transacted batch, due to
server memory limit settings (producer flow control). Setting an exception
handler on the connection factory is not enough to be on the safe side, as we
were able to construct a test case that builds a race condition between the
producer thread and the exception handler thread such that the commit is done
before the asynchronous exception callback is fired by the server response.
E.g. set server memory limit to 1 MB only, send batch of 100 messages, server
can handle only 95 messages, commit is done before callback is triggered: 5
messages are lost, 95 messages appear in the queue.
As lost messages within a transaction are really a bad thing we would
appreciate Gary Tully's approach of setting a flag in the transaction context,
so that any exception will always and reliably yield a JMS rollback. Besides
that, an exception should be thrown in the commit thread such that there is no
chance of having a silent failure from the client perspective. Otherwise the
rollback may go unnoticed.
Transaction handling should also be safe for those users that forget to set the
exception handler at all.
I do not favor the option of doing a commit for only a part of my message
batch, i.e. when you have a failure after message 101 you should not be able to
commit messages 1 to 100. For me transactions are always an all-or-nothing
matter. As with asynchronous sends you have a delay of several send operations
until the exception handler gets fired it would require significant client
logic to determine which messages survived and which got lost.
> client calls to createProducer() and send() successful even though
> BrokerFilter methods throw exceptions
> --------------------------------------------------------------------------------------------------------
>
> Key: AMQ-3166
> URL: https://issues.apache.org/jira/browse/AMQ-3166
> Project: ActiveMQ
> Issue Type: Bug
> Components: Broker, JMS client
> Affects Versions: 5.4.2, 5.5.0
> Reporter: Arthur Naseef
> Assignee: Arthur Naseef
> Attachments: AMQ3166Test.java, AMQ3166Test.java,
> FailedTransactionTracking.java, FailedTransactionTrackingPlugin.java
>
>
> Client calls to createProducer() always return without an error even though a
> BrokerFilter's addProducer() method throws an exception on the request. In
> contrast, createConsumer() throws an exception, as expected, when
> BrokerFilter's addConsumer() throws an exception.
> Clients using transacted sessions always return successfully from send() when
> a BrokerFilter's send() method throws an exception.
> Below is a broker configuration file using <authorizationPlugin> to
> illustrate the problem.
> To reproduce the problem With this configuration, a test client only needs to
> connect with user = "user" and password = "password", and then attempt to
> produce messages with a transacted session to any queue other than ABC (e.g.
> DEF).
> Tracing the cause of the issue has lead to finding that the client code for
> creating a producer uses an Async send for the producer information. The
> analogous code for consumers uses a Sync send.
> I will work on a patch. It would be very helpful to have feedback on the
> operation of the bus and the best way to resolve this problem. Based on my
> research, it seems that createProducer() should be using a Sync send in place
> of the Async one. Not yet sure about send(). Another possibility is to move
> the security operations to earlier in the internal broker flow.
> === SAMPLE BROKER XML ===
> <beans
> xmlns="http://www.springframework.org/schema/beans";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> http://activemq.apache.org/schema/core
> http://activemq.apache.org/schema/core/activemq-core.xsd";>
> <broker xmlns="http://activemq.apache.org/schema/core";
> brokerName="localhost"
> dataDirectory="${activemq.base}/data"
> destroyApplicationContextOnStop="true" >
> <persistenceAdapter>
> <kahaDB directory="${activemq.base}/data/kahadb"/>
> </persistenceAdapter>
>
> <plugins>
> <simpleAuthenticationPlugin anonymousAccessAllowed="true">
> <users>
> <authenticationUser username="user" password="password"
> groups="users"/>
> </users>
> </simpleAuthenticationPlugin>
> <authorizationPlugin>
> <map>
> <authorizationMap>
> <authorizationEntries>
> <authorizationEntry queue="ABC" read="users"
> write="users" admin="users" />
> <authorizationEntry topic="ActiveMQ.Advisory.>"
> read="users" write="users" admin="users" />
> </authorizationEntries>
> </authorizationMap>
> </map>
> </authorizationPlugin>
> </plugins>
> <transportConnectors>
> <transportConnector name="openwire" uri="tcp://0.0.0.0:61616"/>
> </transportConnectors>
> </broker>
> </beans>
--
This message was sent by Atlassian JIRA
(v6.2#6252)
