We have developed a system, which is completely stateless i.e. it is comprised of just Stateless Session beans.
Now there is a requirement to add Licensing to the system. We are thinking of the following approach:
Have a Stateful session bean that represents a currently logged in user. This implies that when a user logs on we create a stateful session bean and return the reference of the bean to the user. All calls to the system are made through the stateful session bean. When the user logs off the stateful session bean is also released.
The drawback with the approach listed above is that we will have one stateful session bean per user on the server, which could reduce the scalability of the system.
Can you suggest some other approach that could help us maintain the scalability of the system?
If you just want to limit the access to the system to logged in users then you can use J2EE Security (JAAS) to limit the access to logged in users.