[Struts-user] How do I prevent two calls concurrently?

I have a Struts application where a user enters an account id#
and a pin to enter the application. The user will already be
authenticated via an LDAP server prior to accessing my application, so
the remote user name is there, as well as role information. After the
user clicks [login], I fire a method that calls a stored proc to see if
the combination of their account/pin is valid in the database. I pass
their username as well. If the user has entered an invalid account# 5
times, they are to be locked out of just my application. When I issue
the check to see if the account# is invalid, I have to create a row to
track these invalid login attempts per this account. The problem is the
user double clicks [login] and can get two calls to the service method
to execute simultaneously. They both don't see a row, so they both do
an INSERT. One of the inserts fails due to a PK on the username.

How would I prevent this from occurring? My code that invokes
this service call is like:

public ActionForward login( ... )
{
// retrieve acct/pin from struts form

// I'd like to track/log user interaction with service, so
service
// has username as property
String user = request.getRemoteUser();
LoginService svc = new LoginService( user );

// acct object has other information about call (# bad
attempts, success flag, failure msg, last access date, etc.
Account acct = svc.login( user, acct, pin );
if (acct.isLoginSuccessful() {
// forward to next page
else
// return to input page, storing failure msg with #
attempts into ActionMessage

I'd appreciate any suggestions. I tried to simulate how this
might happen by creating multiple threads of the service, but then I
realized that each instance I created would still allow me to run the
login method concurrently, even if it was synchronized. I can imagine
that there are probably other areas in the application that might allow
multiple inserts of the EXACT same data if this double click occurs if
the PK is based on a sequence.

[Questions]
1. Is it simply a matter of making my service an instance
variable of this action and making the login method synchronized? 2.
Are there situations where I would not want there to be a single service
instance? Could it cause a bottleneck?

Every day I realize how little I know. Thanks for any/all
tips/pointers.

Eric