User not permissioned via RPC but gets thru via web API ? <IOU demo>


(Charles) #1

So I’m porting the IOU demo to use Rpc calls. I started the nodes via /build/nodes/runnodes , i.e. did not start via Main.kt driver dsl,

I’m creating a new IOU via RPC so I am invoking a flow e.g.

cordaProxy.startFlowDynamic(ExampleFlow.Initiator, state, otherParty).returnValue.getOrThrow()

I should mention that I"m using Groovy.

I’m getting the “user not permissioned exception” and indeed , the node.conf (s) do not setup any permissions e.g.

rpcUsers=[
    {
        password=test
        permissions=[]
        user=user1
    }
]

so I’m fairly confident that if I setup permissions in the node.conf (s) I’ll get thru this.

However, what I don’t understand is how the web api gets thru ? Same set of users with same permissions i.e. none, however via the web api one can invoke a flow apparently in disregard for permissions.

What am i missing ? thanks


(Joel Dudley) #2

For now, the webserver is given super-user permissions, allowing it to kick off flows. This will change in the future.

These permissions are granted in NodeWebServer.connectLocalRpcAsNodeUser():

private fun connectLocalRpcAsNodeUser(): CordaRPCOps {
    log.info("Connecting to node at ${config.artemisAddress} as node user")
    val client = CordaRPCClient(config.artemisAddress, config)
    client.start(ArtemisMessagingComponent.NODE_USER, ArtemisMessagingComponent.NODE_USER)
    return client.proxy()
}

Where NODE_USER means that the user has maximum permissions.


(kamlendra Tiwari) #3

Hi Charles/ Joel
I am developing a simple application on corda where i have 3 parties and 4 flows.
out of 3 parties, 2 are having permission for 1-1 flow each and 1 party is having permission for 2 flows,
i have mentioned the permission in gradle file like:

node {
name "O=PartyA,L=New York,C=US"
advertisedServices = []
p2pPort 10008
rpcPort 10009
webPort 10010
cordapps = [
“com.example:cordapp1:$version”,
“net.corda:corda-finance:$corda_release_version”
]
rpcUsers = [[ user: “user1”, “password”: “test”, “permissions”: [“com.example.ExampleFlowOne”,“com.example.ExampleFlowTwo”]]]
}
but the problem is all parties are able to access all the flows, seems like it is not picking up the permission property.
anyways the permission property is there in the node.conf of each nodes, after the build is successful, but still problem exists.
I have tried both ways(web API & RPC), it is showing same behaviour for both, please help me.
waiting for your response.


(kamlendra Tiwari) #4

issue has been resolved now.!