bug: HikariCP connection pool exhaustion causes backend outages #152

New Issue

Closed

opened 2026-03-29 10:34:43 +02:00 by marcel · 1 comment

marcel commented 2026-03-29 10:34:43 +02:00

Owner

Copy Link

Problem

The backend repeatedly exhausts its HikariCP connection pool (total=10, active=10, idle=0) roughly 8–10 minutes after startup, causing all subsequent requests to fail with a 30-second timeout. A container restart temporarily fixes it, but it recurs.

HikariPool-1 - Connection is not available, request timed out after 30000ms (total=10, active=10, idle=0, waiting=2)

Root cause

spring.jpa.open-in-view is enabled (Spring Boot default).

This anti-pattern holds a database connection open for the entire duration of each HTTP request — from the moment the request arrives until the HTTP response is fully written. Under concurrent load (e.g. the dashboard's Promise.allSettled fires 3 API calls in parallel per page load), the pool of 10 connections fills up. Once full, new requests block for 30 seconds before failing.

This is confirmed in the startup logs:

WARN JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default.
Therefore, database queries may be performed during view rendering.
Explicitly configure spring.jpa.open-in-view to disable this warning

Impact

• Affects production — not just development/testing. Any page that triggers multiple concurrent API calls (like the new dashboard) can exhaust the pool under modest load.
• After exhaustion, the health check also fails (it needs a DB connection to report UP), making the container appear permanently unhealthy.

Fix

Add to backend/src/main/resources/application.yaml:

spring:
  jpa:
    open-in-view: false

This releases DB connections as soon as a @Transactional method returns, instead of holding them for the full request lifecycle. All existing service methods are already properly bounded with @Transactional, so no other code changes are needed.

Acceptance criteria

• spring.jpa.open-in-view: false added to application.yaml
• Backend stays healthy under sustained use (no pool exhaustion after 10+ minutes)
• Confirm no lazy-loading LazyInitializationException appears in logs after the change (all needed associations should be eagerly fetched or loaded within transactions)

## Problem The backend repeatedly exhausts its HikariCP connection pool (`total=10, active=10, idle=0`) roughly 8–10 minutes after startup, causing all subsequent requests to fail with a 30-second timeout. A container restart temporarily fixes it, but it recurs. ``` HikariPool-1 - Connection is not available, request timed out after 30000ms (total=10, active=10, idle=0, waiting=2) ``` ## Root cause **`spring.jpa.open-in-view` is enabled (Spring Boot default).** This anti-pattern holds a database connection open for the *entire duration of each HTTP request* — from the moment the request arrives until the HTTP response is fully written. Under concurrent load (e.g. the dashboard's `Promise.allSettled` fires 3 API calls in parallel per page load), the pool of 10 connections fills up. Once full, new requests block for 30 seconds before failing. This is confirmed in the startup logs: ``` WARN JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning ``` ## Impact - **Affects production** — not just development/testing. Any page that triggers multiple concurrent API calls (like the new dashboard) can exhaust the pool under modest load. - After exhaustion, the health check also fails (it needs a DB connection to report UP), making the container appear permanently unhealthy. ## Fix Add to `backend/src/main/resources/application.yaml`: ```yaml spring: jpa: open-in-view: false ``` This releases DB connections as soon as a `@Transactional` method returns, instead of holding them for the full request lifecycle. All existing service methods are already properly bounded with `@Transactional`, so no other code changes are needed. ## Acceptance criteria - [ ] `spring.jpa.open-in-view: false` added to `application.yaml` - [ ] Backend stays healthy under sustained use (no pool exhaustion after 10+ minutes) - [ ] Confirm no lazy-loading `LazyInitializationException` appears in logs after the change (all needed associations should be eagerly fetched or loaded within transactions)

marcel added the bugdevops labels 2026-03-29 10:34:56 +02:00

marcel referenced this issue from a commit 2026-03-29 11:47:09 +02:00

fix(#152): disable open-in-view to prevent HikariPool exhaustion

marcel commented 2026-04-22 15:25:45 +02:00

Author

Owner

Copy Link

Already fixed. spring.jpa.open-in-view: false is set in application.yaml with an explanatory comment.

Lazy-loading safety audit — confirmed all lazy relationships are safe with the current setting:

Field	How protected
Person.nameAliases (@OneToMany, lazy)	@JsonIgnore — never serialized
PersonNameAlias.person (@ManyToOne(LAZY))	@JsonIgnore — never serialized
Notification.recipient (@ManyToOne(LAZY))	Never returned as HTTP response; only .getId() used inside @Transactional
PasswordResetToken.user (@ManyToOne(LAZY))	Never returned as HTTP response; only accessed inside @Transactional
InviteToken.createdBy (@ManyToOne(LAZY))	Always wrapped in InviteListItemDTO before returning

Full test suite (1213 tests) passes with no LazyInitializationException.

Already fixed. `spring.jpa.open-in-view: false` is set in `application.yaml` with an explanatory comment. **Lazy-loading safety audit** — confirmed all lazy relationships are safe with the current setting: | Field | How protected | |---|---| | `Person.nameAliases` (`@OneToMany`, lazy) | `@JsonIgnore` — never serialized | | `PersonNameAlias.person` (`@ManyToOne(LAZY)`) | `@JsonIgnore` — never serialized | | `Notification.recipient` (`@ManyToOne(LAZY)`) | Never returned as HTTP response; only `.getId()` used inside `@Transactional` | | `PasswordResetToken.user` (`@ManyToOne(LAZY)`) | Never returned as HTTP response; only accessed inside `@Transactional` | | `InviteToken.createdBy` (`@ManyToOne(LAZY)`) | Always wrapped in `InviteListItemDTO` before returning | Full test suite (1213 tests) passes with no `LazyInitializationException`.

marcel closed this issue 2026-04-22 15:25:54 +02:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

feat/issue-533-mass-import-ux

worktree-feat+issue-557-upload-artifact-v3-pin

worktree-chore+issue-556-drop-client-branches-coverage-gate

fix/issue-514-prerender-crawl-bakes-redirects

fix/issue-472-prerender-entries

feat/issue-395-readme

feat/issue-345-bulk-mark-reviewed

feat/issue-344-bell-tooltip

feat/issue-341-annotieren-contrast

feat/issue-225-bulk-metadata-edit

feat/issue-317-bulk-upload

feat/issue-271-dashboard-redesign

docs/issue-240-mission-control-spec

refactor/issues-193-200

feat/issue-162-korrespondenz-redesign

feature/68-new-document-file-first

feat/81-discussion-discoverability

feat/62-document-bottom-panel

feature/56-backfill-file-hashes

feat/38-document-edit-history

fix/svelte5-test-delegation-and-login-auth

No results found.

Labels

Clear labels

P0-critical

Blocks a core user journey, causes data loss, or is a security/accessibility barrier. Work on this before P1+.

P1-high

Significant friction on a main user journey; workaround exists but is non-obvious. Next up after P0.

P2-medium

Noticeable improvement; doesn't block anything; schedule opportunistically.

P3-later

Cosmetic or parking-lot work; fine to stay open indefinitely.

audit

Read-only audit / assessment work; produces a report rather than changing code

bug

Something isn't working

cleanup

Removal of dead code, vague comments, naming violations, and scratch artifacts

collaboration

We want to extend the family archive to have more collaboration tools

conversation

descoped

We will do that later

devops

documentation

README, ARCHITECTURE, GLOSSARY, CONTRIBUTING, per-domain docs

epic

Marker for epic-level issues that group multiple child issues

feature

file-upload

legibility

Codebase Legibility Refactor — preparing the codebase for human evaluation and bus-factor reduction

notification

person

phase-1: security

Security hygiene — must be done first

phase-2: container-images

Production-ready multi-stage Docker images

phase-3: prod-compose

Production compose overlay + Caddy reverse proxy

phase-4: spring-prod-profile

Spring Boot production configuration profile

phase-5: backups

Database and object storage backup strategy

phase-6: deployment-docs

.env.example, DEPLOYMENT.md, runbook

phase-7: monitoring

Prometheus, Loki, Grafana, Alertmanager

refactor

Code restructuring without behaviour change

security

test

ui

UI/UX and accessibility issues

user

No Label bug devops

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

Jens marcel

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marcel/familienarchiv#152