Reputation: 147
How can i restrict a set of nodes from initiating a flow
If i have two kinds of parties ex: BankA, BankB, InsuranceA, InsuranceB. Can I restrict transactions to be only initiated by Insurance parties ?
So I do not want BankA to be able to start a specific flow.
Upvotes: 2
Views: 352
Answers (2)
Reputation: 23140
There are several approaches that allow you to prevent nodes from starting certain flows:
You could only install the CorDapp defining the insurer-specific flows on the insurer nodes, and not on the bank nodes
- You may even go so far as only making available the CorDapp JAR containing the insurer flows to the insurer nodes
As Kid101 says, you could restrict the nodes' RPC permissions to only allow the RPC users of the insurer nodes to start the flow in question. For example:
rpcUsers=[ { username=exampleUser password=examplePass permissions=[ "StartFlow.net.corda.flows.ExampleFlow1", "StartFlow.net.corda.flows.ExampleFlow2" ] } ... ]
These two approaches rely on trust between the nodes. There's nothing to stop one of the bank nodes obtaining the CorDapp containing the insurer flows and granting themselves the RPC permissions to start it.
If the nodes are distrusting (which you should assume they are in a DLT world), you should take one of the following approaches instead:
You could perform a check within the responder flow. For example, if you have the flow pair
IssueInsurancePolicyFlow/IssueInsurancePolicyFlowResponder, you can add a check inIssueInsurancePolicyFlowResponderto ensure that the initiator of theIssueInsurancePolicyFlowis an insurer node.In pseudocode:
if (counterpartySession.counterparty !in insurerNodeList) { throw IllegalStateException("Flow must be run by an insurer node.") }Here, it is up to you to decide how the list of valid insurer nodes is retrieved. It could be read from the responder node's database, for example.
Note that this approach only works if there is a required signer other than the initiator (besides the notary). Otherwise, there is no way to force a dishonest bank node to send a message to an honest counterparty to invoke the responder flow (and thus the included check).
Note also that this check should be placed in the responder flow, because the initiator cannot modify the code running on the responder side. If the check is placed in the initiator flow, a bank node could create their own initiating flow and leave this check out
You could perform a check within the contract itself. For example:
override fun verify(tx: LedgerTransaction) { ... val dealStateOutput = tx.outputsOfType<DealState>().single() if (dealStateOutput.insurer !in approvedInsurers) throw IllegalArgumentException("Unapproved insurer.") ... }The difficulty with this approach is getting the list of approved insurers into the contract. You could hard-code it, but it might change over time, forcing you to upgrade the contract. One alternative would be to include an oracle-signed command indicating that a given insurer is approved, and checking this insurer matches the insurer on the output state.
Upvotes: 4
Reputation: 1470
One way would be to have different set of RPC clients for Bank and Insurance Company with appropriate permissions . In permissions you can define which user can start what flow. Permissions can be set in your node configuration in the build.gradle file.
Upvotes: 1
Related Questions
- Restricting flow access of nodes in Corda network
- Corda drain flows on a node that won't start
- How to pass in a list of Partys for invocation of a flow from the Node shell
- Can a Corda node initiate a flow session with itself?
- How to change the Initiator of a flow within a flow in Corda?
- In Corda, how to define an InitiatedBy flow without defining the Initiating flow?
- How to trigger a corda Scedulable flow from one node but to be executed by another node
- Constraints on number of subflows?
- In Corda, can an acceptor (i.e. initiated) flow invoke subflows?
- Corda: Sharing transactions with a node such that it can't consume them