There is nothing built into the API for limiting the number of users.
They container you're using might have some configurable thread limits but that wouldn't help you in this case. HTTP is a stateless protocol, meaning that every hit to your site involves creating a new connection which is destroyed as soon as the page is built. This means that, even under very high traffic from hundreds of users, you'll probably never have as many as 5 concurrent hits.
You could limit the number of sessions but doing so will probably be a bit difficult for someone just starting out with JSP.
I have a demo application that tracks user sessions and displays them in a page for administrators. http://simple.souther.us/not-so-simple.html (look for SessionMonitor). Something like that could be altered to count the number of current sessions and deny access to the application to new users until one of the existing sessions is invalidated. Of course, you'll still have the issue of people who walk away from the app with out explicitly logging out. This could leave people locked out for a period of time, even if there aren't really 5 people actively using your app?
Out of curiosity, why do you want to limit your app to 5 people? [ December 06, 2007: Message edited by: Ben Souther ]
You could limit the number of named users that can be created for your application to 5. (You could build this limitation into the administration module of your application where new users are registered.)
And allow a user to be logged in not more than once at the same time. This will prevent that accounts are shared.
And you will have to provide a fulltime administrator that will unlock accounts that have not been closed properly, or that lost their connection.
The result: - not more than 5 users can log on at the same time - you can expect regular service calls to unlock (unluck?) users.