使用作曲家构建实时应用程序 [英] Building a real time application USing composer
问题描述
考虑一个场景:我正在构建企业Web应用程序,其中部分数据驻留在Blockchain和普通数据库中.它是授权的应用程序. .bna有两种类型的参与者admin和普通用户
Consider a scenario: I am building the Enterprise Web application, in which some part of the data resides in Blockchain and in the normal database. It is the authorized application. .bna has two types of participant admin and normal user
用例1) 客户在申请表上以管理员"身份注册.在此过程中, 用户名和密码保存在普通数据库中. 现在,需要使用API在区块链中与参与者"admin"并行创建相同的用户.创建它的完整过程是什么?我们如何实现呢?
Use case 1) Customer registers as "admin" on the application form. During the process, Username and password are saved in the normal database. Now the same user needs to be created in the Blockchain as Participant "admin" in parallel using the API's.What is the complete process to create it. How can we achieve it?
用例2)另一个客户以普通"用户身份登录.我们如何进行身份验证以显示普通用户数据,而不是"admin"用户数据.
Use case 2) Another Customers login as "normal" user.how can we authenticate to show, normal user data instead of "admin" user data.
推荐答案
感谢您的提问.
要点是,您的应用程序用户(存储在您提到的普通"数据库中)已作为Composer身份注册和注册(即通过结构授权证书(CA)),并且为其颁发了证书(从而成为(由Composer用于业务网络的CA颁发的区块链身份).这些Composer身份映射到您在Hyperledger Composer中部署的运行时业务网络中的参与者(您的应用程序用户参与者).因此,来自应用程序用户的日常交易,将以映射的参与者身份提交事务(例如,创建资产,更新资产,调用业务事务xyz)(问责制追溯到提交该请求的真实身份).
The main point is that your application users (stored in the 'normal' database you mention) are registered and enrolled as Composer identities (ie via the Fabric Certificate of Authority (CA), and for which certificates are issued (thereby becoming blockchain identities, as issued by the CA that Composer is using for the business network). Those Composer identities are mapped to participants (your application user participant) in the runtime business network you deployed in Hyperledger Composer. So everyday transactions from your application users, will submit transactions (eg. create asset, update asset, invoke business transaction xyz ) as the mapped participant (and the accountability is traced back to the real identity that submitted it).
不确定要如何实现它,但显然可以使用REST API(由建模,部署的网络生成并由应用程序和应用程序体系结构使用),或者在应用程序用户使用后立即使用JS API发生的事情已进行注册.由您决定.
Not sure how you want to achieve it but you can obviously use the REST APIs (generated from your modeled, deployed network and consumed by your application and application architecture) or, something that happens using the JS APIs immediately after a application user registration has taken place. Its up to you.
回答您的问题
1)此处是一个使用API的身份问题示例
1) An example of Identity Issue (using APIs) is here
var businessNetwork = new BusinessNetworkConnection();
return businessNetwork.connect('admin@tutorial-network')
.then(() => {
return businessNetwork.issueIdentity('org.acme.biznet.Trader#Trader_001', 'usr001')
})
.then((result) => {
console.log(`userID = ${result.userID}`);
console.log(`userSecret = ${result.userSecret}`);
})
.catch((error) => {
console.error(error);
});
var businessNetwork = new BusinessNetworkConnection();
// Connect as the identity
return businessNetwork.connect('usr001@tutorial-network')
.then(() => {
return businessNetwork.ping();
})
.then((result) => {
console.log(`participant = ${result.participant ? result.participant : '<no participant found>'}`);
})
.catch((error) => {
console.error(error);
});
在命令行中,您可以使用
from the command line you can list the issued identities using
composer identity list -c admin@tutorial-network
$class: org.hyperledger.composer.system.Identity
identityId: 9b49f67c262c0ae23e1e0c4a8dc61c4a12b5119df2b6a49fa2e02fa56b8818c3
name: usr001
issuer: 27c582d674ddf0f230854814b7cfd04553f3d0eac55e37d915386c614a5a1de9
certificate:
state: ISSUED
participant: resource:org.acme.biznet.Trader#Trader_001
很明显,您可以继续为那些参与者创建名片(一次性流程)(以便能够在商业网络上提交交易),以便可以与(从他们的应用程序中)与这些应用程序用户安全地共享这些名片.将在区块链上进行交易(例如,作为身份验证/注册的应用程序用户,例如使用REST API与业务网络进行交互).
Obviously you can go on to create business cards (one time process) for those participants (to be able to submit transactions on the business network ) so that they can be securely shared with those application users, who (from their application) will transact on the blockchain (eg, as authenticated/registered application users to interact with the business network, say using the REST APIs).
我不确定您的应用程序管理员"用户将如何翻译,但您可以将其建模为Composer中企业网络中的参与者类型的应用程序管理员.真正的原因在于您为什么要区分业务网络上的参与者,以及客户用户(无论通过您的应用程序还是其他方式)在访问该区块链分类账数据时应看到什么(例如).他们执行的交易的历史记录.特定的客户管理员也许能够查看应用程序用户针对该客户的交易记录?
I'm not entirely sure how your 'application admin' users would translate but it is an application admin that you would model as a Participant type in your business network in Composer. Its really about why you want to differentiate your participants on the business network, and what customer users (whether through your application or other means) should see when they access that blockchain ledger data - eg. a history of transactions they performed. A particular customer Admin may be able to see a history of transactions for that customer by application user ?
2)身份验证正确吗?用户已在此阶段登录.也许您的意思是访问控制(授权).最简单的方法是,普通"用户(参与者类型)和管理员"用户(如您所定义的admin)是针对企业网络使用ACL规则,这意味着客户只能看到与他们相关的数据,并且(如果必要)您要控制其访问权限的参与者用户的类型.但这仅用于区块链上的数据-很显然,您将对普通数据库使用合适的授权策略.
2) Is authentication the right word? The user has logged in at this stage. Perhaps you mean access control (authorization). The simplest way is that 'normal' users (participant type) and 'admin' users (as you've defined admin) is to use ACL rules for the business network, that means the Customer can only see data relevant to them and (if necessary) the type of participant user you want to control access for. But that's only for the data on the blockchain - you obviously would use a suitable authorization strategy for your normal database.
这篇关于使用作曲家构建实时应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
