为什么Hyperledger composer acl文件不生效? [英] Why does hyperledger composer acl file not take effect?

问题描述

rest-server提供选项指定是否要保护生成的REST API:(y/N)"，这是强制执行acl吗?

rest-server gives the option "Specify if you want the generated REST API to be secured: (y/N)", is this to enforce the acl?

我一直在尝试使用hyperledger-composer节点js客户端设置一个简单的测试.在我的配置中，我有以下内容:

I've been trying to setup a simple test using hyperledger-composer node js client. In my config I have the following:

      "connection-info" : {
 "participantId" : "gk1",
 "participantPwd" :"CjysyeLjriRT",
 "businessNetworkIdentifier" : "myBizNetwork",
 "connectionProfile" : "defaultProfile"}

在我的业务网络定义中，我具有以下内容:

In my business network definition I have the following:

rule Default {
description: "DENY all participants access to all resources"
participant: "ANY"
operation: ALL
resource: "net.name.myBizNetwork"
action: DENY }

当我在node js应用程序中调用以下代码时，我仍然可以看到资源:

When I call the following code in node js app, I can still see the resources:

this.bizNetworkConnection.getAssetRegistry('net.name.myBizNetwork.TestAsset');
            }).then((registry) => {
                return registry.find('testAssetId = ' + id);

很明显，我想使用访问控制来做更多的场景，但是据我了解，这应该可行.

Obviously I'd like to do more scenarios with access control, but in my understanding this should work.

推荐答案

一个好的第一点就是在这里的在线游乐场中试用模型，acl和脚本文件，

A good first point of call is to try out your model, acl, and script files in the online playground here https://composer-playground.mybluemix.net/

注意-默认情况下，您是管理员，可以通过以下方式模拟成为参与者:

Note - you are an admin by default, to simulate being a participant you can do so by:

1. 单击操场右上方的管理员" "+发行新ID"

1. Clicking 'admin' in the top right of the playground '+ Issue New ID'

提供一个用户ID(随您喜欢)和参与者(将是您之前创建的ID)，然后按新建"

Supply a User ID (whatever you like) and participant (will be one you created earlier) and then press 'Create New'

通过查看您的代码，您拒绝的资源是"net.name.myBizNetwork". 在此处遵循文档 https://hyperledger.github.io/composer/reference/acl_language. html 我认为要拒绝访问网络中的资源，您需要添加'*'通配符(请参阅链接中的示例"部分).如果这不起作用，则可能与身份有关.

From looking at your code, the resource you deny is "net.name.myBizNetwork". Following the documentation here https://hyperledger.github.io/composer/reference/acl_language.html I think that to deny access to the resources within your network you will need to add a '*' wildcard (see the Examples section in the link). If that doesn't work it may have something to do with identities.

据我所知，如果要使用身份，则需要保护API安全.但是，您还需要创建/绑定现有参与者的身份，然后使用这些身份成为"该参与者.在此处查看文章 https://hyperledger.github.io/composer/managing/identity-issue.html 默认情况下，您是Null参与者(通过对网络执行ping操作，可以查看您当前是什么"参与者)

Another note, from my understanding, you need to secure the API if you want to use identities. However, you also need to create/bind identities to existing participants, and then use those identities to 'be' that participant. See the article here https://hyperledger.github.io/composer/managing/identity-issue.html By default, you are a Null participant (you can see what participant you currently 'are' by pinging the network)

这篇关于为什么Hyperledger composer acl文件不生效?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！