Hi
I think you don't have to acess the database but at least you have to access a kind of persistence layer such as hibernate. because the two sessions of A and B are stored in different threats so it could be difficult to communicate between 2 threats. so you would create a table in a database named message(ID,fromUserID,toUserID,Title,Content). the next you have to map the table into a java class and the work is done. now a hibernate session works parallel to the database and if you won't flush the session there would be no database accesses. now users can create messages that will be stored as javabeans in the hibernate sessions(take the method save() of the MessageDAO) if you want to access the messages you just have to implement a method in every user bean that will peform the findByToUserID() method and return a list of all the messages. remember if you dont call session.flush() the table message always stays empty.
I hope i could help you
Vinc