如何隐藏查找阿卡远程演员？ [英] How to hide Akka remote actors from lookup?

问题描述

我运行的是阿卡2.0.2微内核，并希望实施不受信任的远程参与者的认证方案。

I am running the Akka 2.0.2 microkernel and want to implement an authentication scheme for untrusted remote actors.

，想到的第一件事是建立一个认证演员返回到工作的演员时的参考认证成功。

The first thing that comes to mind is to set up an authentication actor which returns a reference to the work actor when authentication succeeds.

不过，我应该如何保护工作从演员干脆直接被通过actorFor（）远程抬头一看，干脆绕过身份验证？

However, how should I protect the work actor from simply being directly looked up remotely via actorFor(), circumventing authentication altogether?

也就是说，我想prevent远程参与者访问在我的微内核系统男主角的演员不进行认证。

That is, I want to prevent remote actors from accessing actors in my microkernel actor system without authentication.

不放弃工作的演员actorOf名称（）是不够的，因为它会得到一个很容易猜到自动生成的名称。有没有一种方法来禁用远程查找对演员，但仍然能够给他们的ActorRef到远程系统？

Not giving the work actor a name in actorOf() is not enough, because it will get an easily-guessed autogenerated name. Is there a way to disable remote lookup for actors, yet still be able to give out their ActorRef to remote systems?

推荐答案

我觉得你在正确的轨道与认证演员上。有认证演员同时返回ActorRef和令牌。远程参与者必须在消息令牌到本地工人的演员。工人将演员做的工作之前验证令牌。

I think you were on the right track with the authentication actor. Have the authentication actor return both the ActorRef and a token. The remote actors must include that token in messages to your local worker actor. The worker actor will validate the token before doing the work.

trait AuthenticatingActor { this => Actor
  val authenticationService = //...

  def receive = {
    case UnauthenticatedRequest(token, msg) =>
      if (authenticationService.validate(token) 
        authenticatedRecieve(msg)
      else
        sender ! RequestNotAuthenticated(token, "token invalid")

  def authenticatedReceive: Receive
}

class Worker extends AuthenticatingActor with Actor {
  def authenticatedReceive: Receive = //..
}

class AuthenticationActor extends Actor {
  val authenticationService = //..
  var worker: ActorRef = _

  def receive = {
    case Authenticate(username, password) =>
      val token = authenticationService.authenticate(username, password)
      sender ! token.map(AuthenticationSuccess(_, worker).
                     getOrElse(AuthenticationFailure)
    //..
}

这篇关于如何隐藏查找阿卡远程演员？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！