问题
I am trying to restrict a node to perform certain flow,
For Example, I have two flows FlowOne and FlowTwo.
For PartyA, I want to give permission for FlowOne,
For PartyB permission for FlowTwo.
Permission to the rpc calls should be there also.
Here is my rpcUsers configuration
PartyA: rpcUsers = [[ user: "user1", "password": "test", "permissions": ["StartFlow.net.corda.mortgage.msr.flows.FlowOne","InvokeRpc.startFlow"]]]
PartyB: rpcUsers = [[ user: "user2", "password": "test", "permissions": ["StartFlow.net.corda.mortgage.msr.flows.FlowTwo","InvokeRpc.startFlow"]]]
I am not sure What I am missing in the permissions. Any suggestions are always welcome
回答1:
At start-up, the Corda webserver makes an RPC call to retrieve the NodeInfo of the node it is connecting to. It needs to explicitly be given the permission to make this call.
You do this by giving the RPC user:
- The
InvokeRpc.nodeInfopermission (you give an RPC user the permission to perform a given RPC operation by adding a permission of the formInvokeRpc.[RPC method name]) - The
ALLpermission (this gives the RPC user all permissions)
If you're starting the nodes via deployNodes, you add the permission as follows:
rpcUsers = [[user: "user1", "password": "test", "permissions": ["InvokeRpc.nodeInfo"]]]
Or:
rpcUsers = [[user: "user1", "password": "test", "permissions": ["ALL"]]]
If you're starting the nodes via the node driver (as seen here: https://github.com/corda/cordapp-example/blob/release-V3/kotlin-source/src/test/kotlin/com/example/NodeDriver.kt), you add the permission as follows:
val user = User("user1", "test", permissions = setOf("InvokeRpc.nodeInfo"))
Or:
val user = User("user1", "test", permissions = setOf("ALL"))
来源:https://stackoverflow.com/questions/50056621/corda-webserver-produces-exception-user-not-authorized-to-perform-rpc-call-node