I am using Container Managed Security and want to list/count the number of users authenticated so far. What would be the best strategy to do this? The problem is that the spec defines authenticated user as having non-null value in request.getUserPrincipal(). How could I count the number of Principal objects maintained by the container?
If the container doesn't allow a mechanism to exatract this information, you can look at ways to 'decorate' the login/logout process to maintain your own count. You can also add session listeners to track 'visitors' by finding sessions that do not have credentials attached.