Corda webserver produces exception "User not authorized to perform RPC call nodeInfo with target"

Question

I am trying to restrict a node to perform certain flow,

For Example, I have two flows FlowOne and FlowTwo.

For PartyA, I want to give permission for FlowOne,

For PartyB permission for FlowTwo.

Permission to the rpc calls should be there also.

Here is my rpcUsers configuration

PartyA: rpcUsers = [[ user: "user1", "password": "test", "permissions": ["StartFlow.net.corda.mortgage.msr.flows.FlowOne","InvokeRpc.startFlow"]]]

PartyB: rpcUsers = [[ user: "user2", "password": "test", "permissions": ["StartFlow.net.corda.mortgage.msr.flows.FlowTwo","InvokeRpc.startFlow"]]]

I am not sure What I am missing in the permissions. Any suggestions are always welcome

Answer 1

At start-up, the Corda webserver makes an RPC call to retrieve the NodeInfo of the node it is connecting to. It needs to explicitly be given the permission to make this call.

You do this by giving the RPC user:

• The InvokeRpc.nodeInfo permission (you give an RPC user the permission to perform a given RPC operation by adding a permission of the form InvokeRpc.[RPC method name])
• The ALL permission (this gives the RPC user all permissions)

If you're starting the nodes via deployNodes, you add the permission as follows:

rpcUsers = [[user: "user1", "password": "test", "permissions": ["InvokeRpc.nodeInfo"]]]

Or:

rpcUsers = [[user: "user1", "password": "test", "permissions": ["ALL"]]]

If you're starting the nodes via the node driver (as seen here: https://github.com/corda/cordapp-example/blob/release-V3/kotlin-source/src/test/kotlin/com/example/NodeDriver.kt), you add the permission as follows:

val user = User("user1", "test", permissions = setOf("InvokeRpc.nodeInfo"))

Or:

val user = User("user1", "test", permissions = setOf("ALL"))