The HA proxies don't allow failover once a tx has reached a server. This can lead to this kind of situation:
EJB A deployed on nodes 1 and 2.
EJB B deployed on nodes 1 and 2.
1) Start tx, invoke on A.1.
2) Lookup B.
3) Invoke on B. LB policy picks B.2
4) Node 2 is dead for some reason so call fails.
5) Can't fail over because tx context won't allow a failover after a call has reached a server.
But, B.1 is fine and is running on the only node the tx has invoked on.
Approach to improving this. This is based on JRMPInovkerProxyHA methods, but the idea is generic:
In invocationHasReachedAServer, instead of storing null as the value, you store the target (key is the tx).
In invoke, if there's a tx, you add that target (if there is one) to the invocation as transient metadata
The LB policy gets passed the invocation as an arg when it chooses a target (this is already in the API)
LB policy checks for the metadata. If there, and that target is in its target list, return that target