how to check if user is authenticated (logged in) in a servlet/jsp application from node js

Question

how to check if user is authenticated (logged in) in a servlet/jsp application from node js

In my servlet/jsp application, I have a username,password, user_role stored in a database and my app is running in port 8080. I have a node js application running in port 8081 to implement some real time application. I am using express and socket.io in my node js app. Both my applications are running in windows server 2008.

In my node js app, before running following code:

 io.sockets.on('connection', function (socket) {
     //check if user is logged in jsp app then do following
     socket.emit('news', { hello: 'world' });
 });

How can I achieve this or how can I access session of servlet/jsp from node js ? Please suggest me with solutions that works on windows platform only.

javascript
node.js
servlets

Answer 1

You would let your server/jsp application create an authentication token and then send this token to your socket.io server as the first client event.

That means that you can't authenticate the socket.io client upon connection. The socket.io client needs to send this token first. Your socket.io server checks this token and then sets a an authenticated flag on the clients connection object.

Flow:

Browser requests token from server/jsp
server/jsp checks if user is logged in, if so, creates a secure token with userId (using private key)
Browser connects to socket.io server
Browser sends token to socket.io server
socket.io server checks whether token is valid (checks using public key)
socket.io sets an authenticated flag on the connection object.

...

socket.io server only emits events to connections with the authenticated flag.