Thanks Jonathan, that's are great points. Especially, I haven't realized the fact about other recovery modules. I'm not an Agroal contributor but my perspective is following.
The connections are not about to be created every 2 minutes. The AutoCloseable for XAResource is up to the implementation to cover. For Agroal it's to return the connection back to the pool. I assume this is a benefit for Agroal design to use the standard manner of handling of connection either for business logic or for the recovery.
As I was studying e.g. the IronJacamar code there is a special separate connection only for recovery which is never closed. It requires the special handling around such connection (e.g. like "is still alive?").
I consider that recovery behaves a little differently to a user. The recovery asks every two minutes for "a new XAResource" (connection). The resource is expected to be working and is never closed/returned.
A user asks for a connection and works with it for arbitrary long time and then it closes it. If he needs a new connection then he asks for a new one. Not closing an opened connection and asking for a new one is considered as a bad dangerous practice and is to blame the user for such a wrong usage.
I see now that the other modules may work with the XAResource loaded by bottom-up recovery in XARecoveryModule. As I understand it, then currently it's the AtomicActionRecoveryModule which reloads the state from the persistent storage but if the XAResourceRecord is not capable to deserialize then it asks the XARecoveryModule for help[1]. Currently it's the only place, what I can see, where this inter recovery module interaction happens.
I'm not sure if the XAResource reference counting would help as the resource is created only once, and I expect to work only with one instance here, while I want to find a place where to close it safely.
As an idea, what about to have some synchronization for XAResourceRecovery[2] (like `public XAResource[] getXAResources(EndRecoverySynchronization sync);`) and which will be called at time when all recovery modules finished its work for particular recovery cycle, aka. somewhere at PeriodicRecovery[3]. What do you think?
Anyway, I will point Luis to this thread if he wants to provide details about Agroal implementation considerations.
Thanks,
Ondra