I relied on the idea of @Dániel Kis and implemented the websocket session management with the key point of storing websocket sessions for authenticated users in Singleton-like object.
public class WebSocketConfig implements WebSocketMessageBrokerConfigurer {
public void configureWebSocketTransport(WebSocketTransportRegistration registration) {
registration.addDecoratorFactory(new WebSocketHandlerDecoratorFactory() {
public WebSocketHandler decorate(final WebSocketHandler handler) {
return new WebSocketHandlerDecorator(handler) {
public void afterConnectionEstablished(final WebSocketSession session) throws Exception {
String username = session.getPrincipal().getName();
WebsocketSessionHolder.addSession(username, session);
Class to store websocket users' sessions WebsocketSessionHolder. I use 'synchronized' blocks for thread safety. Actually this blocks are not expensive operations because each of methods (addSession and closeSessions) are used not so often (On establishing and terminating connection). No need to use ConcurrentHashMap or SynchronizedMap here because we perform bunch of operations with the list in these methods.
public class WebsocketSessionHolder {
static {
sessions = new HashMap<>();
private static Map<String, List<WebSocketSession>> sessions;
public static void addSession(String username, WebSocketSession session)
synchronized (sessions) {
var userSessions = sessions.get(username);
if (userSessions == null)
userSessions = new ArrayList<WebSocketSession>();
sessions.put(username, userSessions);
public static void closeSessions(String username) throws IOException
synchronized (sessions) {
var userSessions = sessions.get(username);
if (userSessions != null)
for(var session : userSessions) {
And the final touch - terminating (disconnecting) specified user websocket sessions ("ADMIN" in the example), say in some Controller
public class PageController {
public void killSessions() throws Exception {