How can i restrict a set of nodes from initiating a flow

耗尽温柔 提交于 2020-05-29 11:40:25

问题


If i have two kinds of parties ex: BankA, BankB, InsuranceA, InsuranceB. Can I restrict transactions to be only initiated by Insurance parties ?

So I do not want BankA to be able to start a specific flow.


回答1:


One way would be to have different set of RPC clients for Bank and Insurance Company with appropriate permissions . In permissions you can define which user can start what flow. Permissions can be set in your node configuration in the build.gradle file.




回答2:


There are several approaches that allow you to prevent nodes from starting certain flows:

  • You could only install the CorDapp defining the insurer-specific flows on the insurer nodes, and not on the bank nodes

    • You may even go so far as only making available the CorDapp JAR containing the insurer flows to the insurer nodes
  • As Kid101 says, you could restrict the nodes' RPC permissions to only allow the RPC users of the insurer nodes to start the flow in question. For example:

    rpcUsers=[
        {
            username=exampleUser
            password=examplePass
            permissions=[
                "StartFlow.net.corda.flows.ExampleFlow1",
                "StartFlow.net.corda.flows.ExampleFlow2"
            ]
        }
        ...
    ]
    

These two approaches rely on trust between the nodes. There's nothing to stop one of the bank nodes obtaining the CorDapp containing the insurer flows and granting themselves the RPC permissions to start it.

If the nodes are distrusting (which you should assume they are in a DLT world), you should take one of the following approaches instead:

  • You could perform a check within the responder flow. For example, if you have the flow pair IssueInsurancePolicyFlow / IssueInsurancePolicyFlowResponder, you can add a check in IssueInsurancePolicyFlowResponder to ensure that the initiator of the IssueInsurancePolicyFlow is an insurer node.

    In pseudocode:

    if (counterpartySession.counterparty !in insurerNodeList) {
        throw IllegalStateException("Flow must be run by an insurer node.")
    }
    

    Here, it is up to you to decide how the list of valid insurer nodes is retrieved. It could be read from the responder node's database, for example.

    Note that this approach only works if there is a required signer other than the initiator (besides the notary). Otherwise, there is no way to force a dishonest bank node to send a message to an honest counterparty to invoke the responder flow (and thus the included check).

    Note also that this check should be placed in the responder flow, because the initiator cannot modify the code running on the responder side. If the check is placed in the initiator flow, a bank node could create their own initiating flow and leave this check out

  • You could perform a check within the contract itself. For example:

    override fun verify(tx: LedgerTransaction) {
        ...
    
        val dealStateOutput = tx.outputsOfType<DealState>().single()
        if (dealStateOutput.insurer !in approvedInsurers)
            throw IllegalArgumentException("Unapproved insurer.")
    
        ...
    }  
    

    The difficulty with this approach is getting the list of approved insurers into the contract. You could hard-code it, but it might change over time, forcing you to upgrade the contract. One alternative would be to include an oracle-signed command indicating that a given insurer is approved, and checking this insurer matches the insurer on the output state.



来源:https://stackoverflow.com/questions/50049864/how-can-i-restrict-a-set-of-nodes-from-initiating-a-flow

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!