How to manage authenticated status in EJB3?

There is a task of managing desktop client session status:

1. Ensure only single client is "connected".
2. Force client logout - kill session.
3. Kill client session on timeout due to inac开发者_JS百科tivity.

Server-side is JBoss and EJB3. How to achieve such task?

You can use Singleton Pattern here, once initialized, deny subsequent requests thereafter in synchronized method by using delegate to access interfaces (local/remote).

Maintain you own idle-timer & start it at event occurence either mouse/key for your window.

On timeout, you can de-reference the initialized objects & redirect to login.

Method annotated with @Remove allows to kill EJB3 session.

We can ensure uniqueness of session by adding it to static (or other unique) container and check for existence before returning it for the new client. If existing session found, we throw an exception for the user.

So, this answers my questions, I think.