General J2EE: Blocking the sharing of the same username in a login operation

  1. Hello,
        Imagine a Security Framework for J2EE Applications, which could be accessed by both Web and EJB container. This framework would offer an API for user login. Is there any useful pattern to block a second try to login in an application using the same username? I mean, only one instance of the username could be logged in in a given time.
        I would not like to use a database approach. I´ve been thinking of replicating this behavior in both Web and EJB container by using an identifier stored in application scope (HttpSession) and in an EJB Stateful, respectively.
        I´d appreciate any idea.
  2. Are you using a clustering or a single J2EE instance? If it is the latter, I believe you can make use of the Singleton pattern to keep track of all the users (e.g. store all current users in a HashMap in the Singleton) and block the second attempt.