How can I have list of all users logged in (via spring security) my web application -

i'm using spring security in web application, , want have list of users logged in program.
how can have access list? aren't kept somewhere within spring framework? securitycontextholder or securitycontextrepository?

for accessing list of logged in users need inject sessionregistry instance bean.

@autowired @qualifier("sessionregistry") private sessionregistry sessionregistry; 

and using injcted sessionregistry can access list of principals:

list<object> principals = sessionregistry.getallprincipals();  list<string> usersnameslist = new arraylist<string>();  (object principal: principals) {     if (principal instanceof user) {         usersnameslist.add(((user) principal).getusername());     } } 

but before injecting session registry need define session management part in spring-security.xml (look @ session management section in spring security reference documentation) , in concurrency-control section should set alias session registry object (session-registry-alias) inject it.

    <security:http access-denied-page="/error403.jsp" use-expressions="true" auto-config="false">         <security:session-management session-fixation-protection="migratesession" session-authentication-error-url="/login.jsp?authfailed=true">              <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="true" expired-url="/login.html" session-registry-alias="sessionregistry"/>         </security:session-management>      ...     </security:http>