Hello,

I'm looking for some design advice. I'm using JBoss 3.2.5. Here's my situation;


Users log into to the website (Tomcat within Jboss) to authenticate themselves.

When they do this a session bean is called which generates and stores a key for the user. The key is returned to the user in html as a parameter for an applet. The applet connects to a custom server(non-web, runs within Jboss) using the key to indentify themself. The server queries
the session bean to see which user the key belongs to, if any.
When a user logs off the website, or their Http session times out, their key is destroyed.

At the moment the user/key pair is stored in a Singleton object that's retrieved within the session bean by a getInstance() call. This works fine for now as I'm only on one machine but will obviously fail when
clustering across multiple machines as the JVM on each machine would have its own singleton object.

What should I do so that it will work with clustering across multiple machines?
I could of course store the key in the database but this seems silly for temporary data.
Storing it in the HttpSession is not an option as the custom server needs to access it.

Can a Stateful session bean that's shared across the cluster help me? I don't know much about them.
I wouldn't really need an instance for each user, just a KeyManager stateful session that had a user/key hashtable.

Any advice would be much appreciated.

Thanks in advance

James


P.S. Could TreeCache be of any use? Single Sign On (SSO)? I've heard these mentioned but I don't know anything more than their names. Anything else??