如何通过REST API进行身份验证并映射到Fabric凭据
-
如何使用用户名/密码创建新的用户帐户以针对composer-rest-server进行身份验证?
How can I create a new user account with username/password to authenticate against composer-rest-server?
如何使用这个新创建的用户帐户对composer-rest-server进行身份验证?
How would I authenticate with this newly created user account against composer-rest-server?
我将如何管理该用户的会话?
How would I manage the session for that user?
如何将该用户映射到网络参与者?
How can I map this user to a network participant?
能否将作曲家休息服务器用户映射到一个以上的网络参与者(即,扮演不同的角色)?
Can composer-rest-server user be mapped to more then one network participant (i.e. perform different roles)?
我需要为每个作曲家休息服务器用户创建一个钱包吗?
Do I need to create a wallet for each composer-rest-server user?
如何在多个composer-rest-server实例之间共享钱包?
How would I share wallets across number of instances of composer-rest-server?
在Composer中,您可以对参与者类型进行建模,例如org.acme.Person.然后,您可以创建那些参与者类型的实例,例如org.acme.Person#simon,并将这些实例存储在参与者注册表中.
In Composer, you can model participant types, such as org.acme.Person. You can then create instances of those participant types, such as org.acme.Person#simon, and those instances are stored in participant registries.
然后,您可以向参与者的实例颁发身份.此过程将生成可发送给该参与者的注册ID和机密,以便他们进行注册.一个身份链接到一个参与者,但是一个参与者可以具有多个身份.
You can then issue an identity to an instance of a participant. This process generates an enrolment ID and secret that can be sent to that participant so they can enrol. One identity is linked to one participant, but one participant can have multiple identities.
当参与者使用注册ID和密码进行注册时,将生成一个注册证书并将其放入其钱包(使用连接配置文件中的keyValStore属性配置).一旦生成了注册证书,就使注册密码无效.该机密只能使用一次-它不是密码.
When a participant enrols using the enrolment ID and secret, an enrolment certificate is generated and placed into their wallet (configured using the keyValStore property in the connection profile). Once the enrolment certificate has been generated, the enrolment secret is made invalid. The secret can be only used one time - it is not a password.
如果钱包中已经存在注册证书,则不使用注册密码.我们已计划将来进行一些更改,以使所有API和CLI中的注册机密成为可选选项,因此您可以忽略它.
If an enrolment certificate already exists in the wallet, then enrolment secret is not used. We have planned some future changes to make the enrolment secret optional in all APIs and CLIs so you can omit it.
当该参与者使用该注册证书提交交易时,Composer链代码从注册证书中提取注册ID,并使用它来查找向其颁发身份的参与者实例.这是当前参与者".
When that participant submits a transaction using that enrolment certificate, the Composer chaincode extracts the enrolment ID from the enrolment certificate, and uses it to look up the participant instance that the identity was issued to. This is the "current participant".
所有使用基于Composer的访问控制,并使用permissions.acl中定义的规则,都是基于当前参与者.
All Composer based access control, using the rules defined in permissions.acl, is based around the current participant.
当前,Composer REST服务器支持单个注册ID,该ID在启动时在命令行上指定.对Composer REST服务器的所有REST API调用都使用此注册证书来提交事务.
Currently, the Composer REST server supports a single enrolment ID which is specified on the command line at startup. All REST API calls to the Composer REST server use this enrolment certificate to submit transactions.
目前正在做一些改进工作: https://github.com/hyperledger/composer/issues/142
There is work being done at the moment to improve this: https://github.com/hyperledger/composer/issues/142
请详细阅读此GitHub问题.由于这项工作仍在进行中,因此没有用于配置Composer REST服务器安全性的用户文档.
Please read this GitHub issue in detail. Since this work is still in-progress, there is no user documentation for configuring Composer REST server security.
您的列表中有一些有趣的要求:
There are some interesting requirements in your list:
- 我将如何为该用户管理会话?
有API密钥,但是没有简单的方法来检索或管理API密钥.我有关于扩展REST服务器UI(Swagger UI)以管理API密钥的想法,但是还没有具体的方法.
There are API keys, but there is no easy way to retrieve or manage API keys. I have ideas about extending the REST server UI (Swagger UI) to manage API keys, but nothing concrete yet.
- 能否将作曲家休息服务器用户映射到一个以上的网络参与者(即,扮演不同的角色)?
用户钱包当前可以包含多个身份,但是默认情况下仅使用其中一个.用户可以通过提交REST API调用来选择默认身份.够了吗?
A users wallet can currently contain multiple identities, but only one of them is used by default. The user can choose the default identity by submitting a REST API call. Is that sufficient?
- 我需要为每个作曲家休息服务器用户创建一个钱包吗?
每个用户都有自己的钱包组.用户首次登录时,将创建一个默认钱包.一个用户可以创建多个钱包,但是默认情况下仅使用其中一个.用户可以通过提交REST API调用来选择默认钱包.您是否要在用户之间共享钱包?
Each user has their own set of wallets. A default wallet is created when the user logins for the first time. A user can create multiple wallets, but only one of them is used by default. The user can choose the default wallet by submitting a REST API call. Are you looking to share wallets between users?
- 如何在多个composer-rest-server实例之间共享钱包?
您需要使用诸如MongoDB之类的持久性数据存储来在多个实例之间持久化钱包数据;再次,这是正在进行的工作,尚未记录.
You need to use a persistent data store such as MongoDB to persist the wallet data across multiple instances; again, this is work in-progress and not yet documented.
我建议由于这是正在进行的工作,因此我们将讨论移至GitHub问题:-)
I suggest that since this is in-progress work we move the discussion to the GitHub issue :-)