How to hide Akka remote actors from lookup?

2019-03-31 01:47发布

站内问答 / 前端开发
520 1 4

I am running the Akka 2.0.2 microkernel and want to implement an authentication scheme for untrusted remote actors.

The first thing that comes to mind is to set up an authentication actor which returns a reference to the work actor when authentication succeeds.

However, how should I protect the work actor from simply being directly looked up remotely via actorFor(), circumventing authentication altogether?

That is, I want to prevent remote actors from accessing actors in my microkernel actor system without authentication.

Not giving the work actor a name in actorOf() is not enough, because it will get an easily-guessed autogenerated name. Is there a way to disable remote lookup for actors, yet still be able to give out their ActorRef to remote systems?

1条回答
2楼-- · 2019-03-31 02:07

I think you were on the right track with the authentication actor. Have the authentication actor return both the ActorRef and a token. The remote actors must include that token in messages to your local worker actor. The worker actor will validate the token before doing the work. 

trait AuthenticatingActor { this => Actor
  val authenticationService = //...

  def receive = {
    case UnauthenticatedRequest(token, msg) =>
      if (authenticationService.validate(token) 
        authenticatedRecieve(msg)
      else
        sender ! RequestNotAuthenticated(token, "token invalid")

  def authenticatedReceive: Receive
}

class Worker extends AuthenticatingActor with Actor {
  def authenticatedReceive: Receive = //..
}

class AuthenticationActor extends Actor {
  val authenticationService = //..
  var worker: ActorRef = _

  def receive = {
    case Authenticate(username, password) =>
      val token = authenticationService.authenticate(username, password)
      sender ! token.map(AuthenticationSuccess(_, worker).
                     getOrElse(AuthenticationFailure)
    //..
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)