关于hyperledger composer中的访问控制以实现业务网络

时间:2018-05-27 10:22:14

标签: hyperledger-composer

我尝试使用composer开发一个块链式Web应用程序。 我编写了“.acl”文件来实现访问控制,我还向不同的参与者发出了不同的ID,然后启动了REST服务器。

接下来我要问的是,REST服务器如何识别我的身份?

就像,一种参与者被命名为“交易者”,我指定“交易者”无法访问链码中的函数“A”,但是REST服务器生成了“A”的API,然后我写了一个简单的html文件并发送对localhost:3000的POST请求,我可以直接调用此函数。我甚至不知道我通过什么样的身份访问这个界面。

我对此感到困惑,有人可以帮助我吗?

1 个答案:

答案 0 :(得分:2)

还记得你是如何启动REST服务器的吗?您必须指定商业网卡,并且可能是具有所有读写权限的管理员卡。最有可能的是,您通过护照禁用了身份验证。

有了这两个元素,您当然可以通过调用任何可用的API函数来执行任何操作。

您可以参考composer-rest-server unit Unit1; interface uses System.SysUtils, System.Types, System.UITypes, System.Classes, System.Variants, FMX.Types, FMX.Controls, FMX.Forms, FMX.Graphics, FMX.Dialogs, IdBaseComponent, IdThreadComponent, FMX.StdCtrls, FMX.Layouts, FMX.Controls.Presentation, FMX.ScrollBox, FMX.Memo, System.IOUtils, AndroidAPI.JNIBridge, Androidapi.JNI.JavaTypes, android.os.StatFs, Posix.Unistd; type TForm1 = class(TForm) Memo1: TMemo; Button1: TButton; Layout1: TLayout; AniIndicator1: TAniIndicator; Layout2: TLayout; STOP: TButton; Layout3: TLayout; Label1: TLabel; IdThreadComponent1: TIdThreadComponent; Button2: TButton; procedure IdThreadComponent1Run(Sender: TIdThreadComponent); procedure Button1Click(Sender: TObject); procedure STOPClick(Sender: TObject); procedure Button2Click(Sender: TObject); procedure IdThreadComponent1Stopped(Sender: TIdThreadComponent); procedure IdThreadComponent1Terminate(Sender: TIdThreadComponent); private { Private declarations } public { Public declarations } breakit: boolean; //createnewrandfileActive: boolean; copydataActive: boolean; procedure CopyData(); procedure CreateNewRandFile(Fsize : Int64); function CheckDiskSize(aDir : String): Int64; end; var Form1: TForm1; implementation {$R *.fmx} uses Androidapi.Helpers; procedure TForm1.Button1Click(Sender: TObject); begin breakit := false; IdThreadComponent1.Start; end; function TForm1.CheckDiskSize(aDir : String): Int64; var aStatFS : JStatFs; //aTmpAvailableSpace : Int64; begin aStatFS := TJStatFs.JavaClass.init(StringToJString(aDir)); //aTmpAvailableSpace := aStatFS.getBlockSize * aStatFS.getAvailableBlocks; //aTmpAvailableSpace := aStatFS.getAvailableBytes; //aStatFS := nil; result := aStatFS.getAvailableBytes; end; procedure TForm1.CreateNewRandFile(Fsize : Int64); var FileStream1: TFileStream; RandomFileToCopy : string; Rand1 : Int64; begin //createnewrandfileActive := true; //memo1.BeginUpdate; //memo1.Lines.Add('Begin CreateNewRandFile'); //memo1.EndUpdate; // create random file if Fsize > CheckDiskSize(TPath.GetTempPath) then Fsize := CheckDiskSize(TPath.GetTempPath); //memo1.lines.add('free space: ' + IntToStr(CheckDiskSize((TPath.GetTempPath)))); //memo1.lines.add('create file size: ' + IntToStr(Fsize)); Randomize; RandomFileToCopy := TPath.GetTempPath + TPath.DirectorySeparatorChar + 'random.fil'; //memo1.Lines.Add(RandomFileToCopy); if FileExists(RandomFileToCopy) = false then begin FileStream1 := TFileStream.Create(RandomFileToCopy, fmCreate or fmOpenWrite or fmShareDenyWrite); try while FileStream1.Size < Fsize do begin Rand1 := Random(2147483600); FileStream1.WriteBuffer(Rand1, SizeOf(Rand1)); //Label1.Text := IntToStr(FileStream1.Size); if breakit = true then break; end; finally FileStream1.Free; end; end; //memo1.lines.add('free space ' + IntToStr(CheckDiskSize(TPath.GetTempPath))); //memo1.BeginUpdate; //memo1.Lines.Add('End of CreateNewRandFile'); // memo1.EndUpdate; //createnewrandfileActive := false; end; procedure TForm1.Button2Click(Sender: TObject); begin CreateNewRandFile(128000000); // create a 128mb file end; procedure TForm1.CopyData(); var DriveStr : String; RandomFileToCopy : String; FileNameCounter : integer; FolderCounter : integer; FolderName : string; FolderArea : string; RandomFileName : String; begin copydataActive := true; breakit := false; FileNameCounter := 0; FolderCounter := 0; //memo1.BeginUpdate; //memo1.Lines.Add('Begin of Copy'); //memo1.EndUpdate; DriveStr := TPath.GetTempPath() + TPath.DirectorySeparatorChar; //memo1.Lines.Add('DriveStr ' + DriveStr); RandomFileToCopy := DriveStr + 'random.fil'; //memo1.Lines.Add('RandomFileToCopy ' + RandomFileToCopy); //memo1.Lines.Add('Creating Random File...'); // create random file CreateNewRandFile(64000000); //64 mb file inc(FolderCounter); FolderName := 'rand' + IntToStr(FolderCounter); //memo1.Lines.Add('FolderName ' + FolderName); FolderArea := TPath.GetTempPath() + TPath.DirectorySeparatorChar + FolderName; //memo1.Lines.Add('FolderArea ' + FolderArea); while DirectoryExists(FolderArea) = true do begin inc(FolderCounter); FolderName := 'rand' + IntToStr(FolderCounter); FolderArea := TPath.GetTempPath() + TPath.DirectorySeparatorChar + FolderName; if breakit = true then break; end; TDirectory.CreateDirectory(FolderArea); while CheckDiskSize(FolderArea) > 0 do begin if breakit = true then break; //memo1.Lines.Add('CreateDir(FolderName) ' + FolderName); //FolderArea := FolderArea + TPath.DirectorySeparatorChar; //memo1.Lines.Add('FolderArea ' + FolderArea); RandomFileName := FolderArea + 'ran' + IntToStr(FileNameCounter) + '.fil'; //memo1.Lines.Add('RandomFileName ' + RandomFileName); FileNameCounter := 0; while FileNameCounter<126 do begin inc(FileNameCounter); //while FileExists(RandomFileName) do //begin RandomFileName := FolderArea + TPath.DirectorySeparatorChar + 'ran' + IntToStr(FileNameCounter) + '.fil'; //end; //memo1.Lines.Add(RandomFileName); //Label1.Text := RandomFileName; try //if FileExists(RandomFileName) = true then DeleteFile(RandomFileName); TFile.Copy(RandomFileToCopy, RandomFileName); Except On E: Exception Do begin //memo1.BeginUpdate; showmessage(E.ClassName + ' ERROR: ' + E.Message); //memo1.EndUpdate; breakit := true; end; end; if breakit = true then break; end; while DirectoryExists(FolderArea) = true do begin inc(FolderCounter); FolderName := 'rand' + IntToStr(FolderCounter); FolderArea := TPath.GetTempPath() + TPath.DirectorySeparatorChar + FolderName; if breakit = true then break; end; TDirectory.CreateDirectory(FolderArea); end; //memo1.BeginUpdate; //memo1.Lines.Add('End of Copy'); //memo1.EndUpdate; //memo1.Lines.Add('Deleting Created Fillers'); copydataActive := false; end; procedure TForm1.IdThreadComponent1Run(Sender: TIdThreadComponent); begin if breakit = true then begin IdThreadComponent1.Stop; exit; end; if copydataActive = false then begin AniIndicator1.Enabled := true; CopyData(); end; sleep(500); end; procedure TForm1.IdThreadComponent1Stopped(Sender: TIdThreadComponent); begin AniIndicator1.Enabled := false; end; procedure TForm1.IdThreadComponent1Terminate(Sender: TIdThreadComponent); begin AniIndicator1.Enabled := false; end; procedure TForm1.STOPClick(Sender: TObject); begin breakit := true; IdThreadComponent1.Stop; end; end. 来实施您的身份验证方案。

您应该在ACL权限文件中为某些组(例如“患者”,“医生”,“付款人”)允许的内容编写规则。请参阅passport authentication instructions中的“授予网络访问控制”部分,其中包含一些非常相似的示例。

如果错误的实体尝试,则非法API调用将会失败。