MEAN application, getting all sockets during a request

In my MEAN application I had a need to get the list of all open websockets during a particular request. Turns out with socket.io this is easily doable if can save a reference to the socketio variable during initialization.

For a typical socket.io init in Express, the app.js would contain the following code:

var app = express();
var socketio = require('socket.io')(server, {
    path: '/socket.io-client'
});
require('./config/socketio')(socketio);

So what you need to do is save a reference to the “socketio” variable, which can be retrieved from the request passed down in Express, and used to get all sockets. To do so, you can set it as an application-wide variable in Express like so in app.js:

app.set('socketio', socketio);

Next, a typical Express function handling a request looks like so:

function(req, res) {
}

From your request (the “req” variable) you can get a reference to the Express app, which allows you to get a reference to the socketio variable you set application wide, which you can use to get the list of sockets. Like so:

function(req, res)  {
    var sockets = req.app.get('socketio').sockets.sockets;
    //...
}

And now you can loop through all the sockets like below, and do whatever with them you’d like:

for (var socketId in sockets) {
    var socket = sockets[socketId];
}

As easy as that!

Setting up HTTP auth protecting a Tomcat servlet

In my last blog post I covered a custom Java servlet running on Tomcat that gives statistics on current active users using a Java application running on the Tomcat server.

You may realize that this servlet, or any Tomcat servlet/application is world-readable, and you may want to protect it with a password.

There are several ways you can password protect it. For example, you could simply create an input form where a password is entered, and only then display the information. Or add an authentication string to the URL, or add custom HTTP headers which the servlet reads.

This blog post covers the simple old school HTTP authentication, where the browser pops up a username/password dialog box to the user.

You can adopt the code below in your Tomcat servlet class:

public class MyClass extends HttpServlet {
 private HashMap < String, String > validUsers = new HashMap < String, String > ();

 public void init(final ServletConfig config) throws ServletException {
  validUsers.put("myuser:mypassword", "authorized");
 }

 public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
  String auth = request.getHeader("Authorization");
  if (!authenticate(auth)) {
   response.setHeader("WWW-Authenticate", "BASIC realm=\"My Website Auth\"");
   response.sendError(HttpServletResponse.SC_UNAUTHORIZED);

  } else {
   //User authenticated, allow them in and serve protected content here
  }
 }

 private boolean authenticate(String auth) {
  if (auth == null)
   return false;

  if (!auth.toUpperCase().startsWith("BASIC "))
   return false;

  String userpassEncoded = auth.substring(6);
  String userpassDecoded = new String(DatatypeConverter.parseBase64Binary(userpassEncoded));

  if ("authorized".equals(validUsers.get(userpassDecoded)))
   return true;
  else
   return false;
 }

}

As you can see, the servlet code first looks for an “Authorization” HTTP header, if not present it sends a standard response code, which causes the browser to prompt the user. The username/password are then transmitted to the servlet, which supports the standard BASIC authentication, with the username/password base64 encoded. The servlet then matches the username/password to a HashMap of configured users we’ve defined in the init() method.

Pretty simple!