permissionscorda

Restricting flow access of nodes in Corda network


My Corda application is working well except for the permissions management. Currently every node can start every flow, however this should not be possible. I tried to restrict the permissions of certain nodes in the build.gradle file. Here is one node as an example:

 node {
        name "O=PartyA,L=Paris,C=FR"
        p2pPort 10008
        rpcSettings {
            address("localhost:10009")
            adminAddress("localhost:10049")
        }
        rpcUsers = [
    [ 
        user: "user2",
        password: "test",
        permissions: ["StartFlow.FlowInitiatorOne","StartFlow.FlowInitiatorTwo"]
    ]
]
    }

I deploy my network using the deployNodes command. My flows are written in Java. Regardless of the permissions, PartyA is able to start all flows. The log file of PartyA shows that all flows are registered, before the permissions are added to the node.

[INFO ] 2019-12-13T09:35:25,796Z [main] internal.NodeFlowManager.registerInitiatedFlow - Registered com.template.flows.FlowInitiatorOne to initiate com.template.flows.FlowResponderOne (version 1)
[INFO ] 2019-12-13T09:35:25,797Z [main] internal.NodeFlowManager.registerInitiatedFlow - Registered com.template.flows.FlowInitiatorTwo to initiate com.template.flows.FlowResponderTwo (version 1)
[INFO ] 2019-12-13T09:35:25,798Z [main] internal.NodeFlowManager.registerInitiatedFlow - Registered com.template.flows.FlowInitiatorThree to initiate com.template.flows.FlowResponderThree (version 1)
[INFO ] 2019-12-13T09:35:25,800Z [main] internal.NodeFlowManager.registerInitiatedFlow - Registered com.template.flows.FlowInitiatorFour to initiate com.template.flows.FlowResponderFour (version 1)
[INFO ] 2019-12-13T09:35:25,793Z [main] internal.NodeFlowManager.registerInitiatedFlow - Registered com.template.flows.FlowInitiatorFive to initiate com.template.flows.FlowResponderFive (version 1)

Below the flow registrations, the log file shows the user with the right permissions

[INFO ] 2019-12-13T09:35:55,434Z [main] security.RPCSecurityManagerImpl.buildImpl - Constructing realm from list of users in config [User(user2, permissions=[StartFlow.FlowInitiatorOne, StartFlow.FlowInitiatorTwo])]

If I enter flow list in the terminal, PartyA will tell me that it can start all five flows. How do I fix this problem?


Solution

  • Your setup is correct and what you see in the log makes sense as well.
    1. When the node starts, it scans the cordapps folder and registers all the flows that it sees.
    2. Since you are connecting to the node directly (not through ssh or using the standalone shell) and your node is in dev mode; then Corda connects you to the node as user shell with password shell and you can run all flows.
    3. To test your RPC user, you would have to write a client that connects to your node using the test user; that client will be restricted to calling only the 2 flows that you specified.

    Read about different the types of accessing the node: https://docs.corda.net/shell.html

    You can see a sample client in R3's cordapp-example (it's in Kotlin):
    1. In the controller class, you call the flows using the proxy: https://github.com/corda/samples/blob/release-V4/cordapp-example/clients/src/main/kotlin/com/example/server/MainController.k
    2. Notice how the Gradle task to run that webserver uses the defined RPC user: https://github.com/corda/samples/blob/69ff8d4a668c520b6695be67864f4f96ab7ec809/cordapp-example/clients/build.gradle#L64
    3. The Java template comes with a predefined clients module as well: https://github.com/corda/cordapp-template-java/tree/release-V4/clients/src/main/java/com/template/webserver