Apache Http client gets stuck

The apache libraries are extremely popular in the development community. However, in my experience they are frequently misused due to lack of the proper documentation and meaningful examples.

The examples, provided usually only cover the basic use cases and more importantly neither source provide enough information about some aspects of the usage of such library that could have dire consequences.

I came across one of such "hidden secret" couple of weeks ago. Our customer used HttpClient class in Android application to check if the server is alive. The idea behind the code was that it sends a GET request to the non-existent server resource, server responds with the 404 error hence its alive.

Danger of misunderstanding

Few weeks ago i was looking into problem that one of our customers encountered where a Android application incorrectly used an Android Timer to run a heartbeat check, i.e. to check if the server side of the application is accessible and alive.

In essence, what happened is that application started generating the large number of the requests to the heartbeat resource after a very specific network outage.

The issue surfaced only under very specific set of the circumstances:
a network request is just hangs. I've managed to replicate the issue fiddling with the router and blocking the network traffic in the way that initial handshake succeeds.

This is usually a very specific scenario when lots of troubles with the application design are showing up on the surface. It could be replicated by blocking the traffic through the firewall. In this case client sends the request, does not time out on the request but never receives the response, hence the socket is kept open but no data is received fro, the server.

The problem that we eventually uncovered was that the Timer job was started with with Timer.scheduleAtFixedRate method.

I only assume that person who originally used the method misunderstood its meaning: i believe that idea was that method guarantees that method is fired with the specified interval. However, the problem is that this method is trying to fire up all the calls that were missed in case if one of the calls took too long, i.e. if it took N minutes to execute one call of the timer's method (potentially because the socket thread was hanging and no timeout occurred) and original interval was one minute as soon as timer is back to normal, i.e. hanging thread is back, it will attempt to fire up all the missing calls to the thread method at once, literally providing a great tool to create a DDoS attack against the server side.

So, remember to use in such circumstances the Timer.schedule method instead.

A skeptic guide to use of the spring platform

In the past number of years i was known for being skeptical about overuse of the frameworks and third party libraries in the java development. I wrote before about my views onto the Hibernate in particular and ORM in general. From the other hand, i previously had quite hard time fixing the projects that were using Spring framework, hence i could not call myself a huge fan of the Spring either.

I am not going to go deep into why i believe using it everywhere could be wrong or what really could Spring bring to the average Java developer or architect in order to make their job better: this post not about that.

What happened was that recently i decided to go back to it to freshen up the knowledge of the Spring framework in the first place and also to see what has changed since i used it last time. It is a well known fact that knowing certain set of libraries and frameworks is a must when talking about finding the job in the java world.

So, i am going to post observations on the way, so at least i won't need to go through all the misery of resolving various issues which will arise (i am sure there will be plenty of them). So sit tight...