There's nothing in CAS protocol that allows to query a server for the list of the currently active tickets.
I assume you are using Jasig CAS as your server. I think you could add a view, controller and domain object injected with current ticket registry and simply call TicketRegistry.getTickets() to have all Tickets (including expired ones). You will still have to call getAuthentication for the implementation of Ticket (it exists in both ServiceTicket and ServiceGrantingTicket but I could not find it in any superclass or interface), and then Authentication.getPrincipal().
I do not know if the list of PrincipalS that you will get will contains duplicates, but if I were you I would test for such duplicates.
CAS is a Spring application so the first place to look for adding this stuff should be cas-server-webapp/src/main/webapp/WEB-INF/cas-servlet.xml.
I'm afraid I can't do more without knowing the exact implementation of CAS you will use.
cas-server-webapp is a spring-mvc app, so you should find a lot of information in Spring documentation - please note that as CAS 3.1 uses version 2 of Spring you should look at http://docs.spring.io/spring-framework/docs/2.5.3/reference/ .
The following is only a skeleton of what could be done and is untested stuff that may contains typo or other mistakes. Also, there are no interfaces, and view name is hardcoded what are not recommended practices in real world. It must be taken for what it is : a simplified skeletal example of a possible implementation.
Domain object (optional)
private TicketRegistry ticketRegistry;
public class LoggedUsersService {
public List<what_you_want> getLoggedInUsers() {
List<Principal> userList; // or List<Authentication> or ...
// extract pricipal list from ticketRegistry
...
return userList;
}
public void setTicketRegistry(TicketRegistry ticketRegistry) {
this.ticketRegistry = ticketRegistry);
}
}
It should be declared in deployerConfigContext.xml
<bean id="loggedUserService" class="path_to/LoggerUserService">
<property name="ticketRegistry" ref="ticketRegistry"/>
</bean>
It is optional because you could do that stuff directly in controller ... but separation makes tests easier.
Controller
private LoggedUsersService loggedUsersService;
public class LoggedUserController implements Controller {
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) {
ModelAndView mav = new ModelAndView();
// set view name and optionaly whant you need to do
mav.setViewName("loggedusers")
mav.addObject("userList", loggedUserService.getLoggedInUsers());
return mav;
}
public void setLoggedUsersService(LoggedUserService loggedUsersService) {
this.loggedUsersService = loggedUsersService;
}
}
It should be declared in cas-servlet.xml
and included in a handler mapping
<bean id="loggedUserController" class="path_to/LoggerUserService">
<property name="ticketRegistry" ref="ticketRegistry"/>
</bean>
<bean id="handlerMappingC"
...
<props>
...
<prop key="/loggedUsers">loggedUsersController</prop>
</props>
...
</bean>
View
Then in your loggedusers.jsp
, you can access to the list of users under bean name "userList" in request scope
<jsp:useBean id="userList" scope="request"/>