I wanted to know how I can perform user locking (or the best way to perform the same) i.e. if a user is already logged in from a device and tries to login from another device, he/she should be notified that a session is already available for that user and an option to close other session and start a new one.

Framework Used Spring-MVC + hibernate 4.1.

And one more thing: how can I set a list of some user hashmap object in application context?

That can be done with Spring Security and Conncurrent Session Control. You can define how many sessions may exist concurrently and decide what to do if the maximum exceeds.

Their is a simple xml configuration in spring security for the same. First you have to register the SessionRegistry bean. I have used default class of SessionRegistryImpl of spring security for Session registry like :

<bean id="sessionRegistry"
        class="org.springframework.security.core.session.SessionRegistryImpl" />

After that we have to register the ConcurrentSessionControlStrategy with container and tell it the maximum session allowed per user. Example:

<bean id="sessionStrategy"
    class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
    <constructor-arg name="sessionRegistry" ref="sessionRegistry" />
    <property name="maximumSessions"
        value="${security.config.sessionStrategy.maximumSessions.value}" />
    <property name="exceptionIfMaximumExceeded" value="true" />
</bean>

security.config.sessionStrategy.maximumSessions.value is the integer value specified in property file. By varying the maximumSessions property value we can define maximum concurrent users easily.