We have a Swing client application that talks to an EJB 2.1 backend (JBoss) via HTTP (URL/invoker/JNDIFactory). Everytime the calls arrive on the JEE tier, we do user authentication but we would would like to keep user state. Is there any pattern-based way how we can achieve this with JEE 1.4 and EJB 2.1 and our Swing Client? Thanks in advance.