rest-server提供选项指定是否要保护生成的REST API:(y/N)",这是强制执行acl吗?
rest-server gives the option "Specify if you want the generated REST API to be secured: (y/N)", is this to enforce the acl?
我一直在尝试使用hyperledger-composer节点js客户端设置一个简单的测试.在我的配置中,我有以下内容:
I've been trying to setup a simple test using hyperledger-composer node js client. In my config I have the following:
"connection-info" : { "participantId" : "gk1", "participantPwd" :"CjysyeLjriRT", "businessNetworkIdentifier" : "myBizNetwork", "connectionProfile" : "defaultProfile"}在我的业务网络定义中,我具有以下内容:
In my business network definition I have the following:
rule Default { description: "DENY all participants access to all resources" participant: "ANY" operation: ALL resource: "net.name.myBizNetwork" action: DENY }当我在node js应用程序中调用以下代码时,我仍然可以看到资源:
When I call the following code in node js app, I can still see the resources:
this.bizNetworkConnection.getAssetRegistry('net.name.myBizNetwork.TestAsset'); }).then((registry) => { return registry.find('testAssetId = ' + id);很明显,我想使用访问控制来做更多的场景,但是据我了解,这应该可行.
Obviously I'd like to do more scenarios with access control, but in my understanding this should work.
推荐答案一个好的第一点就是在这里的在线游乐场中试用模型,acl和脚本文件, composer-playground.mybluemix/
A good first point of call is to try out your model, acl, and script files in the online playground here composer-playground.mybluemix/
注意-默认情况下,您是管理员,可以通过以下方式模拟成为参与者:
Note - you are an admin by default, to simulate being a participant you can do so by:
单击操场右上方的管理员" "+发行新ID"
Clicking 'admin' in the top right of the playground '+ Issue New ID'
提供一个用户ID(随您喜欢)和参与者(将是您之前创建的ID),然后按新建"
Supply a User ID (whatever you like) and participant (will be one you created earlier) and then press 'Create New'
通过查看您的代码,您拒绝的资源是"net.name.myBizNetwork". 在此处遵循文档 hyperledger.github.io/composer/reference/acl_language. html 我认为要拒绝访问网络中的资源,您需要添加'*'通配符(请参阅链接中的示例"部分).如果这不起作用,则可能与身份有关.
From looking at your code, the resource you deny is "net.name.myBizNetwork". Following the documentation here hyperledger.github.io/composer/reference/acl_language.html I think that to deny access to the resources within your network you will need to add a '*' wildcard (see the Examples section in the link). If that doesn't work it may have something to do with identities.
据我所知,如果要使用身份,则需要保护API安全.但是,您还需要创建/绑定现有参与者的身份,然后使用这些身份成为"该参与者.在此处查看文章 hyperledger.github.io/composer/managing/identity-issue.html 默认情况下,您是Null参与者(通过对网络执行ping操作,可以查看您当前是什么"参与者)
Another note, from my understanding, you need to secure the API if you want to use identities. However, you also need to create/bind identities to existing participants, and then use those identities to 'be' that participant. See the article here hyperledger.github.io/composer/managing/identity-issue.html By default, you are a Null participant (you can see what participant you currently 'are' by pinging the network)
更多推荐
为什么Hyperledger composer acl文件不生效?
发布评论