Refactored the process of ledger init operation: uniquely processed by TransactionBatchProcessor;

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/AccountSet.java

@@ -70,10 +70,6 @@ public class AccountSet implements Transactional, MerkleProvable {
 		this.accessPolicy = accessPolicy;
 	}
 
-	// public HashDigest getAccountRootHash() {
-	// return merkleDataset.getRootHash();
-	// }
-
 	@Override
 	public HashDigest getRootHash() {
 		return merkleDataset.getRootHash();

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/DefaultOperationHandleRegisteration.java

@@ -1,20 +1,31 @@
 package com.jd.blockchain.ledger.core;
 
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
-import java.util.Map.Entry;
 import java.util.concurrent.ConcurrentHashMap;
 
 import org.springframework.stereotype.Component;
 
 import com.jd.blockchain.ledger.LedgerException;
+import com.jd.blockchain.ledger.Operation;
 import com.jd.blockchain.ledger.core.handles.ContractCodeDeployOperationHandle;
 import com.jd.blockchain.ledger.core.handles.DataAccountKVSetOperationHandle;
 import com.jd.blockchain.ledger.core.handles.DataAccountRegisterOperationHandle;
 import com.jd.blockchain.ledger.core.handles.JVMContractEventSendOperationHandle;
+import com.jd.blockchain.ledger.core.handles.LedgerInitOperationHandle;
 import com.jd.blockchain.ledger.core.handles.RolesConfigureOperationHandle;
 import com.jd.blockchain.ledger.core.handles.UserAuthorizeOperationHandle;
 import com.jd.blockchain.ledger.core.handles.UserRegisterOperationHandle;
+import com.jd.blockchain.transaction.ContractCodeDeployOpTemplate;
+import com.jd.blockchain.transaction.ContractEventSendOpTemplate;
+import com.jd.blockchain.transaction.DataAccountKVSetOpTemplate;
+import com.jd.blockchain.transaction.DataAccountRegisterOpTemplate;
+import com.jd.blockchain.transaction.LedgerInitOpTemplate;
+import com.jd.blockchain.transaction.RolesConfigureOpTemplate;
+import com.jd.blockchain.transaction.UserAuthorizeOpTemplate;
+import com.jd.blockchain.transaction.UserRegisterOpTemplate;
 
 @Component
 public class DefaultOperationHandleRegisteration implements OperationHandleRegisteration {
@@ -23,51 +34,74 @@ public class DefaultOperationHandleRegisteration implements OperationHandleRegis
 
 	private Map<Class<?>, OperationHandle> handles = new ConcurrentHashMap<>();
 
-	private Map<Class<?>, OperationHandle> cacheMapping = new ConcurrentHashMap<>();
-
 	static {
-		addDefaultHandle(new RolesConfigureOperationHandle());
-		addDefaultHandle(new UserAuthorizeOperationHandle());
-		addDefaultHandle(new DataAccountKVSetOperationHandle());
-		addDefaultHandle(new DataAccountRegisterOperationHandle());
-		addDefaultHandle(new UserRegisterOperationHandle());
-		addDefaultHandle(new ContractCodeDeployOperationHandle());
-		addDefaultHandle(new JVMContractEventSendOperationHandle());
+		registerDefaultHandle(new LedgerInitOperationHandle());
+
+		registerDefaultHandle(new RolesConfigureOperationHandle());
+
+		registerDefaultHandle(new UserAuthorizeOperationHandle());
+
+		registerDefaultHandle(new UserRegisterOperationHandle());
+
+		registerDefaultHandle(new DataAccountKVSetOperationHandle());
+
+		registerDefaultHandle(new DataAccountRegisterOperationHandle());
+
+		registerDefaultHandle(new ContractCodeDeployOperationHandle());
+
+		registerDefaultHandle(new JVMContractEventSendOperationHandle());
 	}
 
-	private static void addDefaultHandle(OperationHandle handle) {
+	private static void registerDefaultHandle(OperationHandle handle) {
 		DEFAULT_HANDLES.put(handle.getOperationType(), handle);
 	}
 
 	/**
-	 * 以最高优先级插入一个操作处理器；
+	 * 注册操作处理器；此方法将覆盖默认的操作处理器配置；
 	 * 
 	 * @param handle
 	 */
 	public void registerHandle(OperationHandle handle) {
+		List<Class<?>> opTypes = new ArrayList<Class<?>>();
+		for (Class<?> opType : handles.keySet()) {
+			if (opType.isAssignableFrom(handle.getOperationType())) {
+				opTypes.add(opType);
+			}
+		}
+
+		for (Class<?> opType : opTypes) {
+			handles.put(opType, handle);
+		}
 		handles.put(handle.getOperationType(), handle);
 	}
 
 	private OperationHandle getRegisteredHandle(Class<?> operationType) {
 		OperationHandle hdl = handles.get(operationType);
 		if (hdl == null) {
-			for (Entry<Class<?>, OperationHandle> entry : handles.entrySet()) {
-				if (entry.getKey().isAssignableFrom(operationType)) {
-					hdl = entry.getValue();
+			hdl = DEFAULT_HANDLES.get(operationType);
+			
+			//按“操作类型”的继承关系匹配；
+			if (hdl == null) {
+				for (Class<?> opType : handles.keySet()) {
+					if (opType.isAssignableFrom(operationType)) {
+						hdl = handles.get(opType);
+						break;
+					}
 				}
 			}
-		}
-		return hdl;
-	}
-
-	private OperationHandle getDefaultHandle(Class<?> operationType) {
-		OperationHandle hdl = DEFAULT_HANDLES.get(operationType);
-		if (hdl == null) {
-			for (Entry<Class<?>, OperationHandle> entry : DEFAULT_HANDLES.entrySet()) {
-				if (entry.getKey().isAssignableFrom(operationType)) {
-					hdl = entry.getValue();
+			
+			if (hdl == null) {
+				for (Class<?> opType : DEFAULT_HANDLES.keySet()) {
+					if (opType.isAssignableFrom(operationType)) {
+						hdl = DEFAULT_HANDLES.get(opType);
+						break;
+					}
 				}
 			}
+			
+			if (hdl != null) {
+				handles.put(operationType, hdl);
+			}
 		}
 		return hdl;
 	}
@@ -80,20 +114,19 @@ public class DefaultOperationHandleRegisteration implements OperationHandleRegis
 	 * java.lang.Class)
 	 */
 	@Override
-	public OperationHandle getHandle(Class<?> operationType) {
-		OperationHandle hdl = cacheMapping.get(operationType);
-		if (hdl != null) {
-			return hdl;
-		}
-		hdl = getRegisteredHandle(operationType);
+	public OperationHandle getHandle(Class<? extends Operation> operationType) {
+		OperationHandle hdl = getRegisteredHandle(operationType);
 		if (hdl == null) {
-			hdl = getDefaultHandle(operationType);
-			if (hdl == null) {
-				throw new LedgerException("Unsupported operation type[" + operationType.getName() + "]!");
-			}
+			throw new LedgerException("Unsupported operation type[" + operationType.getName() + "]!");
 		}
-		cacheMapping.put(operationType, hdl);
 		return hdl;
 	}
 
+	private static class OpHandleStub {
+
+		private Class<? extends Operation> operationType;
+
+		private OperationHandle operationHandle;
+
+	}
 }

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/EmptyLedgerDataset.java

@@ -0,0 +1,209 @@
+package com.jd.blockchain.ledger.core;
+
+import com.jd.blockchain.crypto.HashDigest;
+import com.jd.blockchain.ledger.AccountHeader;
+import com.jd.blockchain.ledger.LedgerAdminInfo;
+import com.jd.blockchain.ledger.MerkleProof;
+import com.jd.blockchain.ledger.ParticipantDataQuery;
+import com.jd.blockchain.ledger.ParticipantNode;
+import com.jd.blockchain.utils.Bytes;
+
+public class EmptyLedgerDataset implements LedgerDataQuery {
+	
+	private static final LedgerAdminDataQuery EMPTY_ADMIN_DATA = new EmptyAdminData();
+	
+	private static final UserAccountQuery EMPTY_USER_ACCOUNTS = new EmptyUserAccountSet();
+	
+	private static final DataAccountQuery EMPTY_DATA_ACCOUNTS = new EmptyDataAccountSet();
+	
+	private static final ContractAccountQuery EMPTY_CONTRACT_ACCOUNTS = new EmptyContractAccountSet();
+
+	private static final ParticipantDataQuery EMPTY_PARTICIPANTS = new EmptyParticipantData();
+
+	@Override
+	public LedgerAdminDataQuery getAdminDataset() {
+		return EMPTY_ADMIN_DATA;
+	}
+
+	@Override
+	public UserAccountQuery getUserAccountSet() {
+		return EMPTY_USER_ACCOUNTS;
+	}
+
+	@Override
+	public DataAccountQuery getDataAccountSet() {
+		return EMPTY_DATA_ACCOUNTS;
+	}
+
+	@Override
+	public ContractAccountQuery getContractAccountset() {
+		return EMPTY_CONTRACT_ACCOUNTS;
+	}
+
+
+	private static class EmptyAdminData implements LedgerAdminDataQuery{
+		
+
+		@Override
+		public LedgerAdminInfo getAdminInfo() {
+			return null;
+		}
+
+		@Override
+		public ParticipantDataQuery getParticipantDataset() {
+			return EMPTY_PARTICIPANTS;
+		}
+		
+	}
+	
+	private static class EmptyParticipantData implements ParticipantDataQuery{
+
+		@Override
+		public HashDigest getRootHash() {
+			return null;
+		}
+
+		@Override
+		public MerkleProof getProof(Bytes key) {
+			return null;
+		}
+
+		@Override
+		public long getParticipantCount() {
+			return 0;
+		}
+
+		@Override
+		public boolean contains(Bytes address) {
+			return false;
+		}
+
+		@Override
+		public ParticipantNode getParticipant(Bytes address) {
+			return null;
+		}
+
+		@Override
+		public ParticipantNode[] getParticipants() {
+			return null;
+		}
+		
+	}
+	
+	private static class EmptyUserAccountSet implements UserAccountQuery{
+
+		@Override
+		public AccountHeader[] getAccounts(int fromIndex, int count) {
+			return null;
+		}
+
+		@Override
+		public long getTotalCount() {
+			return 0;
+		}
+
+		@Override
+		public HashDigest getRootHash() {
+			return null;
+		}
+
+		@Override
+		public MerkleProof getProof(Bytes key) {
+			return null;
+		}
+
+		@Override
+		public UserAccount getUser(String address) {
+			return null;
+		}
+
+		@Override
+		public UserAccount getUser(Bytes address) {
+			return null;
+		}
+
+		@Override
+		public boolean contains(Bytes address) {
+			return false;
+		}
+
+		@Override
+		public UserAccount getUser(Bytes address, long version) {
+			return null;
+		}
+		
+		
+	}
+	
+	private static class EmptyDataAccountSet implements DataAccountQuery{
+
+		@Override
+		public AccountHeader[] getAccounts(int fromIndex, int count) {
+			return null;
+		}
+
+		@Override
+		public HashDigest getRootHash() {
+			return null;
+		}
+
+		@Override
+		public long getTotalCount() {
+			return 0;
+		}
+
+		@Override
+		public MerkleProof getProof(Bytes address) {
+			return null;
+		}
+
+		@Override
+		public DataAccount getDataAccount(Bytes address) {
+			return null;
+		}
+
+		@Override
+		public DataAccount getDataAccount(Bytes address, long version) {
+			return null;
+		}
+		
+	}
+
+	private static class EmptyContractAccountSet implements ContractAccountQuery{
+
+		@Override
+		public AccountHeader[] getAccounts(int fromIndex, int count) {
+			return null;
+		}
+
+		@Override
+		public HashDigest getRootHash() {
+			return null;
+		}
+
+		@Override
+		public long getTotalCount() {
+			return 0;
+		}
+
+		@Override
+		public MerkleProof getProof(Bytes address) {
+			return null;
+		}
+
+		@Override
+		public boolean contains(Bytes address) {
+			return false;
+		}
+
+		@Override
+		public ContractAccount getContract(Bytes address) {
+			return null;
+		}
+
+		@Override
+		public ContractAccount getContract(Bytes address, long version) {
+			return null;
+		}
+	}
+}

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/FullPermissionedSecurityManager.java

@@ -0,0 +1,98 @@
+package com.jd.blockchain.ledger.core;
+
+import java.util.Set;
+
+import com.jd.blockchain.ledger.LedgerPermission;
+import com.jd.blockchain.ledger.LedgerSecurityException;
+import com.jd.blockchain.ledger.TransactionPermission;
+import com.jd.blockchain.utils.Bytes;
+
+class FullPermissionedSecurityManager implements LedgerSecurityManager {
+
+	public static final FullPermissionedSecurityManager INSTANCE = new FullPermissionedSecurityManager();
+
+	@Override
+	public SecurityPolicy createSecurityPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) {
+		return new FullPermissionedPolicy(endpoints, nodes);
+	}
+
+	private static class FullPermissionedPolicy implements SecurityPolicy {
+
+		private Set<Bytes> endpoints;
+		private Set<Bytes> nodes;
+
+		public FullPermissionedPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) {
+			this.endpoints = endpoints;
+			this.nodes = nodes;
+		}
+
+		@Override
+		public Set<Bytes> getEndpoints() {
+			return endpoints;
+		}
+
+		@Override
+		public Set<Bytes> getNodes() {
+			return nodes;
+		}
+
+		@Override
+		public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
+			return true;
+		}
+
+		@Override
+		public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
+			return true;
+		}
+
+		@Override
+		public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
+			return true;
+		}
+
+		@Override
+		public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
+			return true;
+		}
+
+		@Override
+		public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy)
+				throws LedgerSecurityException {
+		}
+
+		@Override
+		public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
+				throws LedgerSecurityException {
+		}
+
+		@Override
+		public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException {
+		}
+
+		@Override
+		public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
+				throws LedgerSecurityException {
+		}
+
+		@Override
+		public boolean isEndpointValid(MultiIDsPolicy midPolicy) {
+			return true;
+		}
+
+		@Override
+		public boolean isNodeValid(MultiIDsPolicy midPolicy) {
+			return true;
+		}
+
+		@Override
+		public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
+		}
+
+		@Override
+		public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
+		}
+
+	}
+
+}

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerAdminDataset.java

@@ -108,7 +108,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery,
 	public UserRolesSettings getUserRoles() {
 		return userRoles;
 	}
-	
+
 	@Override
 	public LedgerAdminInfo getAdminInfo() {
 		return this;
@@ -392,7 +392,7 @@ public class LedgerAdminDataset implements Transactional, LedgerAdminDataQuery,
 			return;
 		}
 		participants.cancel();
-		metadata = new LedgerMetadataInfo(origMetadata);
+		metadata =origMetadata == null ? new LedgerMetadataInfo() :  new LedgerMetadataInfo(origMetadata);
 	}
 
 	public static class LedgerMetadataInfo implements LedgerMetadata_V2 {

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerInitializer.java

@@ -9,14 +9,12 @@ import com.jd.blockchain.ledger.DigitalSignature;
 import com.jd.blockchain.ledger.LedgerBlock;
 import com.jd.blockchain.ledger.LedgerInitException;
 import com.jd.blockchain.ledger.LedgerInitSetting;
-import com.jd.blockchain.ledger.Operation;
 import com.jd.blockchain.ledger.ParticipantNode;
 import com.jd.blockchain.ledger.SecurityInitSettings;
 import com.jd.blockchain.ledger.TransactionBuilder;
 import com.jd.blockchain.ledger.TransactionContent;
 import com.jd.blockchain.ledger.TransactionRequest;
-import com.jd.blockchain.ledger.TransactionState;
-import com.jd.blockchain.ledger.UserRegisterOperation;
+import com.jd.blockchain.service.TransactionBatchResultHandle;
 import com.jd.blockchain.storage.service.KVStorageService;
 import com.jd.blockchain.transaction.SignatureUtils;
 import com.jd.blockchain.transaction.TxBuilder;
@@ -24,6 +22,14 @@ import com.jd.blockchain.transaction.TxRequestBuilder;
 
 public class LedgerInitializer {
 
+	private static final FullPermissionedSecurityManager FULL_PERMISSION_SECURITY_MANAGER = new FullPermissionedSecurityManager();
+
+	private static final LedgerDataQuery EMPTY_LEDGER_DATA_QUERY = new EmptyLedgerDataset();
+
+	private static final OperationHandleRegisteration DEFAULT_OP_HANDLE_REG = new DefaultOperationHandleRegisteration();
+
+	private LedgerService EMPTY_LEDGERS = new LedgerManager();
+
 	private LedgerInitSetting initSetting;
 
 	private TransactionContent initTxContent;
@@ -36,6 +42,8 @@ public class LedgerInitializer {
 
 	private volatile boolean canceled = false;
 
+	private TransactionBatchResultHandle txResultsHandle;
+
 	/**
 	 * 初始化生成的账本hash； <br>
 	 * 
@@ -115,7 +123,7 @@ public class LedgerInitializer {
 			throw new LedgerInitException("The ledger has been canceled!");
 		}
 		committed = true;
-		this.ledgerEditor.commit();
+		this.txResultsHandle.commit();
 	}
 
 	public void cancel() {
@@ -148,18 +156,13 @@ public class LedgerInitializer {
 
 		TransactionRequest txRequest = txReqBuilder.buildRequest();
 
-		LedgerTransactionContext txCtx = ledgerEditor.newTransaction(txRequest);
-		Operation[] ops = txRequest.getTransactionContent().getOperations();
-		// 注册用户； 注：第一个操作是 LedgerInitOperation；
-		// TODO：暂时只支持注册用户的初始化操作；
-		for (int i = 1; i < ops.length; i++) {
-			UserRegisterOperation userRegOP = (UserRegisterOperation) ops[i];
-			txCtx.getDataset().getUserAccountSet().register(userRegOP.getUserID().getAddress(),
-					userRegOP.getUserID().getPubKey());
-		}
+		TransactionBatchProcessor txProcessor = new TransactionBatchProcessor(FULL_PERMISSION_SECURITY_MANAGER,
+				ledgerEditor, EMPTY_LEDGER_DATA_QUERY, DEFAULT_OP_HANDLE_REG, EMPTY_LEDGERS);
 
-		txCtx.commit(TransactionState.SUCCESS, null);
+		txProcessor.schedule(txRequest);
 
-		return ledgerEditor.prepare();
+		txResultsHandle = txProcessor.prepare();
+		return txResultsHandle.getBlock();
 	}
+
 }

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerRepositoryImpl.java

@@ -109,16 +109,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
 		return latestState.block;
 	}
 
-//	private LedgerState getLatestState() {
-//		LedgerState state = latestState;
-//		if (state == null) {
-//			LedgerBlock latestBlock = innerGetBlock(innerGetLatestBlockHeight());
-//			state = new LedgerState(latestBlock);
-//			latestState = state;
-//		}
-//		return state;
-//	}
-
 	/**
 	 * 重新检索加载最新的状态；
 	 * 
@@ -264,20 +254,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	@Override
 	public TransactionSet getTransactionSet(LedgerBlock block) {
 		long height = getLatestBlockHeight();
-//		TransactionSet transactionSet = null;
 		if (height == block.getHeight()) {
-//			// 缓存最近一个区块的数据；
-//			LedgerState state = getLatestState();
-//			transactionSet = state.transactionSet;
-//			if (transactionSet == null) {
-//				LedgerAdminInfo adminAccount = getAdminInfo(block);
-//				transactionSet = loadTransactionSet(block.getTransactionSetHash(),
-//						adminAccount.getSettings().getCryptoSetting(), keyPrefix, exPolicyStorage, versioningStorage,
-//						true);
-//				state.transactionSet = transactionSet;
-//			}
-//			return transactionSet;
-
 			// 从缓存中返回最新区块的数据集；
 			return latestState.getTransactionSet();
 		}
@@ -290,18 +267,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	@Override
 	public LedgerAdminDataset getAdminInfo(LedgerBlock block) {
 		long height = getLatestBlockHeight();
-//		LedgerAdminDataset adminAccount = null;
 		if (height == block.getHeight()) {
-//			// 缓存读；
-//			LedgerState state = getLatestState();
-//			adminAccount = state.adminAccount;
-//			if (adminAccount == null) {
-//				adminAccount = new LedgerAdminDataset(block.getAdminAccountHash(), keyPrefix, exPolicyStorage,
-//						versioningStorage, true);
-//				state.adminAccount = adminAccount;
-//			}
-//			return adminAccount;
-
 			return latestState.getAdminDataset();
 		}
 
@@ -315,20 +281,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	@Override
 	public UserAccountQuery getUserAccountSet(LedgerBlock block) {
 		long height = getLatestBlockHeight();
-//		UserAccountSet userAccountSet = null;
 		if (height == block.getHeight()) {
-//			// 缓存读；
-//			LedgerState state = getLatestState();
-//			userAccountSet = state.userAccountSet;
-//			if (userAccountSet == null) {
-//				LedgerAdminDataset adminAccount = getAdminInfo(block);
-//				userAccountSet = loadUserAccountSet(block.getUserAccountSetHash(),
-//						adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage,
-//						versioningStorage, true);
-//				state.userAccountSet = userAccountSet;
-//			}
-//			return userAccountSet;
-
 			return latestState.getUserAccountSet();
 		}
 		LedgerAdminDataset adminAccount = getAdminInfo(block);
@@ -343,20 +296,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	@Override
 	public DataAccountQuery getDataAccountSet(LedgerBlock block) {
 		long height = getLatestBlockHeight();
-//		DataAccountSet dataAccountSet = null;
 		if (height == block.getHeight()) {
-//			// 缓存读；
-//			LedgerState state = getLatestState();
-//			dataAccountSet = state.dataAccountSet;
-//			if (dataAccountSet == null) {
-//				LedgerAdminDataset adminAccount = getAdminInfo(block);
-//				dataAccountSet = loadDataAccountSet(block.getDataAccountSetHash(),
-//						adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage,
-//						versioningStorage, true);
-//				state.dataAccountSet = dataAccountSet;
-//			}
-//			return dataAccountSet;
-
 			return latestState.getDataAccountSet();
 		}
 
@@ -372,20 +312,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	@Override
 	public ContractAccountQuery getContractAccountSet(LedgerBlock block) {
 		long height = getLatestBlockHeight();
-//		ContractAccountSet contractAccountSet = null;
 		if (height == block.getHeight()) {
-//			// 缓存读；
-//			LedgerState state = getLatestState();
-//			contractAccountSet = state.contractAccountSet;
-//			if (contractAccountSet == null) {
-//				LedgerAdminDataset adminAccount = getAdminInfo(block);
-//				contractAccountSet = loadContractAccountSet(block.getContractAccountSetHash(),
-//						adminAccount.getPreviousSetting().getCryptoSetting(), keyPrefix, exPolicyStorage,
-//						versioningStorage, true);
-//				state.contractAccountSet = contractAccountSet;
-//			}
-//			return contractAccountSet;
-
 			return latestState.getContractAccountSet();
 		}
 
@@ -401,17 +328,7 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	@Override
 	public LedgerDataset getDataSet(LedgerBlock block) {
 		long height = getLatestBlockHeight();
-//		LedgerDataSet ledgerDataSet = null;
 		if (height == block.getHeight()) {
-//			// 缓存读；
-//			LedgerState state = getLatestState();
-//			ledgerDataSet = state.ledgerDataSet;
-//			if (ledgerDataSet == null) {
-//				ledgerDataSet = innerDataSet(block);
-//				state.ledgerDataSet = ledgerDataSet;
-//			}
-//			return ledgerDataSet;
-
 			return latestState.getLedgerDataset();
 		}
 
@@ -463,15 +380,10 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	}
 
 	static Bytes encodeLedgerIndexKey(HashDigest ledgerHash) {
-		// return LEDGER_PREFIX + Base58Utils.encode(ledgerHash.toBytes());
-		// return new Bytes(ledgerHash.toBytes()).concatTo(LEDGER_PREFIX);
 		return LEDGER_PREFIX.concat(ledgerHash);
 	}
 
 	static Bytes encodeBlockStorageKey(HashDigest blockHash) {
-		// String key = ByteArray.toBase58(blockHash.toBytes());
-		// return BLOCK_PREFIX + key;
-
 		return BLOCK_PREFIX.concat(blockHash);
 	}
 
@@ -483,29 +395,13 @@ class LedgerRepositoryImpl implements LedgerRepository {
 		String usersetKeyPrefix = keyPrefix + USER_SET_PREFIX;
 		String datasetKeyPrefix = keyPrefix + DATA_SET_PREFIX;
 		String contractsetKeyPrefix = keyPrefix + CONTRACT_SET_PREFIX;
-		// String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX;
 
-		// UserAccountSet userAccountSet = new
-		// UserAccountSet(adminAccount.getSetting().getCryptoSetting(),
-		// PrefixAppender.prefix(USER_SET_PREFIX, ledgerExStorage),
-		// PrefixAppender.prefix(USER_SET_PREFIX, ledgerVerStorage),
-		// DEFAULT_ACCESS_POLICY);
 		UserAccountSet userAccountSet = new UserAccountSet(adminAccount.getSettings().getCryptoSetting(),
 				usersetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY);
 
-		// DataAccountSet dataAccountSet = new
-		// DataAccountSet(adminAccount.getSetting().getCryptoSetting(),
-		// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerExStorage),
-		// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerVerStorage),
-		// DEFAULT_ACCESS_POLICY);
 		DataAccountSet dataAccountSet = new DataAccountSet(adminAccount.getSettings().getCryptoSetting(),
 				datasetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY);
 
-		// ContractAccountSet contractAccountSet = new
-		// ContractAccountSet(adminAccount.getSetting().getCryptoSetting(),
-		// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerExStorage),
-		// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerVerStorage),
-		// DEFAULT_ACCESS_POLICY);
 		ContractAccountSet contractAccountSet = new ContractAccountSet(adminAccount.getSettings().getCryptoSetting(),
 				contractsetKeyPrefix, ledgerExStorage, ledgerVerStorage, DEFAULT_ACCESS_POLICY);
 
@@ -517,10 +413,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
 
 	static TransactionSet newTransactionSet(LedgerSettings ledgerSetting, String keyPrefix,
 			ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage) {
-		// TransactionSet transactionSet = new
-		// TransactionSet(ledgerSetting.getCryptoSetting(),
-		// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerExStorage),
-		// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerVerStorage));
 
 		String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX;
 
@@ -534,8 +426,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
 		LedgerAdminDataset adminAccount = new LedgerAdminDataset(dataSnapshot.getAdminAccountHash(), keyPrefix,
 				ledgerExStorage, ledgerVerStorage, readonly);
 
-//		CryptoSetting cryptoSetting = adminAccount.getPreviousSetting().getCryptoSetting();
-
 		UserAccountSet userAccountSet = loadUserAccountSet(dataSnapshot.getUserAccountSetHash(), cryptoSetting,
 				keyPrefix, ledgerExStorage, ledgerVerStorage, readonly);
 
@@ -554,10 +444,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	static UserAccountSet loadUserAccountSet(HashDigest userAccountSetHash, CryptoSetting cryptoSetting,
 			String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage,
 			boolean readonly) {
-		// return new UserAccountSet(userAccountSetHash, cryptoSetting,
-		// PrefixAppender.prefix(USER_SET_PREFIX, ledgerExStorage),
-		// PrefixAppender.prefix(USER_SET_PREFIX, ledgerVerStorage), readonly,
-		// DEFAULT_ACCESS_POLICY);
 
 		String usersetKeyPrefix = keyPrefix + USER_SET_PREFIX;
 		return new UserAccountSet(userAccountSetHash, cryptoSetting, usersetKeyPrefix, ledgerExStorage,
@@ -567,10 +453,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	static DataAccountSet loadDataAccountSet(HashDigest dataAccountSetHash, CryptoSetting cryptoSetting,
 			String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage,
 			boolean readonly) {
-		// return new DataAccountSet(dataAccountSetHash, cryptoSetting,
-		// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerExStorage,
-		// PrefixAppender.prefix(DATA_SET_PREFIX, ledgerVerStorage), readonly,
-		// DEFAULT_ACCESS_POLICY);
 
 		String datasetKeyPrefix = keyPrefix + DATA_SET_PREFIX;
 		return new DataAccountSet(dataAccountSetHash, cryptoSetting, datasetKeyPrefix, ledgerExStorage,
@@ -580,10 +462,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
 	static ContractAccountSet loadContractAccountSet(HashDigest contractAccountSetHash, CryptoSetting cryptoSetting,
 			String keyPrefix, ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage,
 			boolean readonly) {
-		// return new ContractAccountSet(contractAccountSetHash, cryptoSetting,
-		// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerExStorage,
-		// PrefixAppender.prefix(CONTRACT_SET_PREFIX, ledgerVerStorage), readonly,
-		// DEFAULT_ACCESS_POLICY);
 
 		String contractsetKeyPrefix = keyPrefix + CONTRACT_SET_PREFIX;
 		return new ContractAccountSet(contractAccountSetHash, cryptoSetting, contractsetKeyPrefix, ledgerExStorage,
@@ -592,9 +470,6 @@ class LedgerRepositoryImpl implements LedgerRepository {
 
 	static TransactionSet loadTransactionSet(HashDigest txsetHash, CryptoSetting cryptoSetting, String keyPrefix,
 			ExPolicyKVStorage ledgerExStorage, VersioningKVStorage ledgerVerStorage, boolean readonly) {
-		// return new TransactionSet(txsetHash, cryptoSetting,
-		// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerExStorage),
-		// PrefixAppender.prefix(TRANSACTION_SET_PREFIX, ledgerVerStorage), readonly);
 
 		String txsetKeyPrefix = keyPrefix + TRANSACTION_SET_PREFIX;
 		return new TransactionSet(txsetHash, cryptoSetting, txsetKeyPrefix, ledgerExStorage, ledgerVerStorage,

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/LedgerSecurityManagerImpl.java

@@ -7,15 +7,17 @@ import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 
-import com.jd.blockchain.ledger.LedgerInitSetting;
 import com.jd.blockchain.ledger.LedgerPermission;
 import com.jd.blockchain.ledger.LedgerSecurityException;
+import com.jd.blockchain.ledger.ParticipantDataQuery;
+import com.jd.blockchain.ledger.ParticipantDoesNotExistException;
 import com.jd.blockchain.ledger.RolePrivilegeSettings;
 import com.jd.blockchain.ledger.RolePrivileges;
 import com.jd.blockchain.ledger.RolesPolicy;
 import com.jd.blockchain.ledger.TransactionPermission;
-import com.jd.blockchain.ledger.UserRolesSettings;
+import com.jd.blockchain.ledger.UserDoesNotExistException;
 import com.jd.blockchain.ledger.UserRoles;
+import com.jd.blockchain.ledger.UserRolesSettings;
 import com.jd.blockchain.utils.Bytes;
 
 /**
@@ -36,17 +38,17 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 	private Map<Bytes, UserRoles> userRolesCache = new ConcurrentHashMap<>();
 	private Map<String, RolePrivileges> rolesPrivilegeCache = new ConcurrentHashMap<>();
 
-	public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings) {
+	private ParticipantDataQuery participantsQuery;
+	private UserAccountQuery userAccountsQuery;
+
+	public LedgerSecurityManagerImpl(RolePrivilegeSettings rolePrivilegeSettings, UserRolesSettings userRolesSettings,
+			ParticipantDataQuery participantsQuery, UserAccountQuery userAccountsQuery) {
 		this.rolePrivilegeSettings = rolePrivilegeSettings;
 		this.userRolesSettings = userRolesSettings;
+		this.participantsQuery = participantsQuery;
+		this.userAccountsQuery = userAccountsQuery;
 	}
-	
-	
-	public static void initSecuritySettings(LedgerInitSetting initSettings, LedgerEditor editor) {
-		
-	}
-	
-	
+
 	@Override
 	public SecurityPolicy createSecurityPolicy(Set<Bytes> endpoints, Set<Bytes> nodes) {
 		Map<Bytes, UserRolesPrivileges> endpointPrivilegeMap = new HashMap<>();
@@ -62,7 +64,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 			nodePrivilegeMap.put(userAddress, userPrivileges);
 		}
 
-		return new UserRolesSecurityPolicy(endpointPrivilegeMap, nodePrivilegeMap);
+		return new UserRolesSecurityPolicy(endpointPrivilegeMap, nodePrivilegeMap, participantsQuery, userAccountsQuery);
 	}
 
 	private UserRolesPrivileges getUserRolesPrivilegs(Bytes userAddress) {
@@ -142,15 +144,22 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 		 */
 		private Map<Bytes, UserRolesPrivileges> nodePrivilegeMap = new HashMap<>();
 
+		private ParticipantDataQuery participantsQuery;
+
+		private UserAccountQuery userAccountsQuery;
+
 		public UserRolesSecurityPolicy(Map<Bytes, UserRolesPrivileges> endpointPrivilegeMap,
-				Map<Bytes, UserRolesPrivileges> nodePrivilegeMap) {
+				Map<Bytes, UserRolesPrivileges> nodePrivilegeMap, ParticipantDataQuery participantsQuery,
+				UserAccountQuery userAccountsQuery) {
 			this.endpointPrivilegeMap = endpointPrivilegeMap;
 			this.nodePrivilegeMap = nodePrivilegeMap;
+			this.participantsQuery = participantsQuery;
+			this.userAccountsQuery = userAccountsQuery;
 		}
 
 		@Override
-		public boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) {
-			if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) {
+		public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
+			if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
 				// 至少一个；
 				for (UserRolesPrivileges p : endpointPrivilegeMap.values()) {
 					if (p.getLedgerPrivileges().isEnable(permission)) {
@@ -158,7 +167,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 					}
 				}
 				return false;
-			} else if (MultiIdsPolicy.ALL == midPolicy) {
+			} else if (MultiIDsPolicy.ALL == midPolicy) {
 				// 全部；
 				for (UserRolesPrivileges p : endpointPrivilegeMap.values()) {
 					if (!p.getLedgerPrivileges().isEnable(permission)) {
@@ -172,8 +181,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 		}
 
 		@Override
-		public boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) {
-			if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) {
+		public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
+			if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
 				// 至少一个；
 				for (UserRolesPrivileges p : endpointPrivilegeMap.values()) {
 					if (p.getTransactionPrivileges().isEnable(permission)) {
@@ -181,7 +190,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 					}
 				}
 				return false;
-			} else if (MultiIdsPolicy.ALL == midPolicy) {
+			} else if (MultiIDsPolicy.ALL == midPolicy) {
 				// 全部；
 				for (UserRolesPrivileges p : endpointPrivilegeMap.values()) {
 					if (!p.getTransactionPrivileges().isEnable(permission)) {
@@ -195,8 +204,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 		}
 
 		@Override
-		public boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) {
-			if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) {
+		public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
+			if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
 				// 至少一个；
 				for (UserRolesPrivileges p : nodePrivilegeMap.values()) {
 					if (p.getLedgerPrivileges().isEnable(permission)) {
@@ -204,7 +213,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 					}
 				}
 				return false;
-			} else if (MultiIdsPolicy.ALL == midPolicy) {
+			} else if (MultiIDsPolicy.ALL == midPolicy) {
 				// 全部；
 				for (UserRolesPrivileges p : nodePrivilegeMap.values()) {
 					if (!p.getLedgerPrivileges().isEnable(permission)) {
@@ -218,8 +227,8 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 		}
 
 		@Override
-		public boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) {
-			if (MultiIdsPolicy.AT_LEAST_ONE == midPolicy) {
+		public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
+			if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
 				// 至少一个；
 				for (UserRolesPrivileges p : nodePrivilegeMap.values()) {
 					if (p.getTransactionPrivileges().isEnable(permission)) {
@@ -227,7 +236,7 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 					}
 				}
 				return false;
-			} else if (MultiIdsPolicy.ALL == midPolicy) {
+			} else if (MultiIDsPolicy.ALL == midPolicy) {
 				// 全部；
 				for (UserRolesPrivileges p : nodePrivilegeMap.values()) {
 					if (!p.getTransactionPrivileges().isEnable(permission)) {
@@ -241,9 +250,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 		}
 
 		@Override
-		public void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy)
+		public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy)
 				throws LedgerSecurityException {
-			if (!isEnableToEndpoints(permission, midPolicy)) {
+			if (!isEndpointEnable(permission, midPolicy)) {
 				throw new LedgerSecurityException(String.format(
 						"The security policy [Permission=%s, Policy=%s] for endpoints rejected the current operation!",
 						permission, midPolicy));
@@ -251,9 +260,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 		}
 
 		@Override
-		public void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy)
+		public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
 				throws LedgerSecurityException {
-			if (!isEnableToEndpoints(permission, midPolicy)) {
+			if (!isEndpointEnable(permission, midPolicy)) {
 				throw new LedgerSecurityException(String.format(
 						"The security policy [Permission=%s, Policy=%s] for endpoints rejected the current operation!",
 						permission, midPolicy));
@@ -261,8 +270,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 		}
 
 		@Override
-		public void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException {
-			if (!isEnableToNodes(permission, midPolicy)) {
+		public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy)
+				throws LedgerSecurityException {
+			if (!isNodeEnable(permission, midPolicy)) {
 				throw new LedgerSecurityException(String.format(
 						"The security policy [Permission=%s, Policy=%s] for nodes rejected the current operation!",
 						permission, midPolicy));
@@ -270,9 +280,9 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 		}
 
 		@Override
-		public void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy)
+		public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
 				throws LedgerSecurityException {
-			if (!isEnableToNodes(permission, midPolicy)) {
+			if (!isNodeEnable(permission, midPolicy)) {
 				throw new LedgerSecurityException(String.format(
 						"The security policy [Permission=%s, Policy=%s] for nodes rejected the current operation!",
 						permission, midPolicy));
@@ -289,6 +299,98 @@ public class LedgerSecurityManagerImpl implements LedgerSecurityManager {
 			return nodePrivilegeMap.keySet();
 		}
 
+		@Override
+		public boolean isEndpointValid(MultiIDsPolicy midPolicy) {
+			if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
+				// 至少一个；
+				for (Bytes address : getEndpoints()) {
+					if (userAccountsQuery.contains(address)) {
+						return true;
+					}
+				}
+				return false;
+			} else if (MultiIDsPolicy.ALL == midPolicy) {
+				// 全部；
+				for (Bytes address : getEndpoints()) {
+					if (!userAccountsQuery.contains(address)) {
+						return false;
+					}
+				}
+				return true;
+			} else {
+				throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!");
+			}
+		}
+
+		@Override
+		public boolean isNodeValid(MultiIDsPolicy midPolicy) {
+			if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
+				// 至少一个；
+				for (Bytes address : getNodes()) {
+					if (participantsQuery.contains(address)) {
+						return true;
+					}
+				}
+				return false;
+			} else if (MultiIDsPolicy.ALL == midPolicy) {
+				// 全部；
+				for (Bytes address : getNodes()) {
+					if (!participantsQuery.contains(address)) {
+						return false;
+					}
+				}
+				return true;
+			} else {
+				throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!");
+			}
+		}
+
+		@Override
+		public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
+			if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
+				// 至少一个；
+				for (Bytes address : getEndpoints()) {
+					if (userAccountsQuery.contains(address)) {
+						return;
+					}
+				}
+				throw new UserDoesNotExistException("All endpoint signers were not registered!");
+			} else if (MultiIDsPolicy.ALL == midPolicy) {
+				// 全部；
+				for (Bytes address : getEndpoints()) {
+					if (!userAccountsQuery.contains(address)) {
+						throw new UserDoesNotExistException("The endpoint signer[" + address + "] was not registered!");
+					}
+				}
+				return;
+			} else {
+				throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!");
+			}
+		}
+
+		@Override
+		public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
+			if (MultiIDsPolicy.AT_LEAST_ONE == midPolicy) {
+				// 至少一个；
+				for (Bytes address : getNodes()) {
+					if (participantsQuery.contains(address)) {
+						return;
+					}
+				}
+				throw new ParticipantDoesNotExistException("All node signers were not registered as participant!");
+			} else if (MultiIDsPolicy.ALL == midPolicy) {
+				// 全部；
+				for (Bytes address : getNodes()) {
+					if (!participantsQuery.contains(address)) {
+						throw new ParticipantDoesNotExistException(
+								"The node signer[" + address + "] was not registered as participant!");
+					}
+				}
+			} else {
+				throw new IllegalArgumentException("Unsupported MultiIdsPolicy[" + midPolicy + "]!");
+			}
+		}
+
 	}
 
 }

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIdsPolicy.java → source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/MultiIDsPolicy.java

@@ -1,12 +1,12 @@
 package com.jd.blockchain.ledger.core;
 
 /**
- * 多身份的权限校验策略；
+ * 多重身份的校验策略；
  * 
  * @author huanghaiquan
  *
  */
-public enum MultiIdsPolicy {
+public enum MultiIDsPolicy {
 
 	/**
 	 * 至少有一个都能通过；

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/OperationHandleRegisteration.java

@@ -1,7 +1,9 @@
 package com.jd.blockchain.ledger.core;
 
+import com.jd.blockchain.ledger.Operation;
+
 public interface OperationHandleRegisteration {
 
-	OperationHandle getHandle(Class<?> operationType);
+	OperationHandle getHandle(Class<? extends Operation> operationType);
 
 }

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/SecurityPolicy.java

@@ -30,6 +30,22 @@ public interface SecurityPolicy {
 	 */
 	Set<Bytes> getNodes();
 
+	/**
+	 * 终端身份是否合法；
+	 * 
+	 * @param midPolicy
+	 * @return
+	 */
+	boolean isEndpointValid(MultiIDsPolicy midPolicy);
+
+	/**
+	 * 节点身份是否合法；
+	 * 
+	 * @param midPolicy
+	 * @return
+	 */
+	boolean isNodeValid(MultiIDsPolicy midPolicy);
+
 	/**
 	 * 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限；<br>
 	 * 
@@ -37,7 +53,7 @@ public interface SecurityPolicy {
 	 * @param midPolicy  针对多个签名用户的权限策略；
 	 * @return 返回 true 表示获得授权； 返回 false 表示未获得授权；
 	 */
-	boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy);
+	boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy);
 
 	/**
 	 * 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限；<br>
@@ -46,7 +62,7 @@ public interface SecurityPolicy {
 	 * @param midPolicy  针对多个签名用户的权限策略；
 	 * @return 返回 true 表示获得授权； 返回 false 表示未获得授权；
 	 */
-	boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy);
+	boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy);
 
 	/**
 	 * 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限；<br>
@@ -55,7 +71,7 @@ public interface SecurityPolicy {
 	 * @param midPolicy  针对多个签名用户的权限策略；
 	 * @return 返回 true 表示获得授权； 返回 false 表示未获得授权；
 	 */
-	boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy);
+	boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy);
 
 	/**
 	 * 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限；<br>
@@ -64,7 +80,23 @@ public interface SecurityPolicy {
 	 * @param midPolicy  针对多个签名用户的权限策略；
 	 * @return 返回 true 表示获得授权； 返回 false 表示未获得授权；
 	 */
-	boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy);
+	boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy);
+
+	/**
+	 * 检查终端身份的合法性；
+	 * 
+	 * @param midPolicy
+	 * @throws LedgerSecurityException
+	 */
+	void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException;
+	
+	/**
+	 * 检查节点身份的合法性；
+	 * 
+	 * @param midPolicy
+	 * @throws LedgerSecurityException
+	 */
+	void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException;
 
 	/**
 	 * 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限；<br>
@@ -74,7 +106,7 @@ public interface SecurityPolicy {
 	 * @param midPolicy  针对多个签名用户的权限策略；
 	 * @throws LedgerSecurityException
 	 */
-	void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException;
+	void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException;
 
 	/**
 	 * 检查签署交易的终端用户(来自{@link TransactionRequest#getEndpointSignatures()})是否被授权了参数指定的权限；<br>
@@ -84,7 +116,8 @@ public interface SecurityPolicy {
 	 * @param midPolicy
 	 * @throws LedgerSecurityException
 	 */
-	void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException;
+	void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
+			throws LedgerSecurityException;
 
 	/**
 	 * 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限；<br>
@@ -94,7 +127,7 @@ public interface SecurityPolicy {
 	 * @param midPolicy
 	 * @throws LedgerSecurityException
 	 */
-	void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException;
+	void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException;
 
 	/**
 	 * 检查签署交易的节点参与方(来自{@link TransactionRequest#getNodeSignatures()})是否被授权了参数指定的权限；<br>
@@ -104,6 +137,6 @@ public interface SecurityPolicy {
 	 * @param midPolicy
 	 * @throws LedgerSecurityException
 	 */
-	void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException;
+	void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException;
 
 }

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionBatchProcessor.java

@@ -46,7 +46,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
 
 	private LedgerEditor newBlockEditor;
 
-	private LedgerDataQuery previousBlockDataset;
+	private LedgerDataQuery ledgerQueryer;
 
 	private OperationHandleRegisteration opHandles;
 
@@ -60,15 +60,15 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
 	private TransactionBatchResult batchResult;
 
 	/**
-	 * @param newBlockEditor       新区块的数据编辑器；
-	 * @param previousBlockDataset 新区块的前一个区块的数据集；即未提交新区块之前的经过共识的账本最新数据集；
-	 * @param opHandles            操作处理对象注册表；
+	 * @param newBlockEditor 新区块的数据编辑器；
+	 * @param ledgerQueryer  账本查询器，只包含新区块的前一个区块的数据集；即未提交新区块之前的经过共识的账本最新数据集；
+	 * @param opHandles      操作处理对象注册表；
 	 */
 	public TransactionBatchProcessor(LedgerSecurityManager securityManager, LedgerEditor newBlockEditor,
-			LedgerDataQuery previousBlockDataset, OperationHandleRegisteration opHandles, LedgerService ledgerService) {
+			LedgerDataQuery ledgerQueryer, OperationHandleRegisteration opHandles, LedgerService ledgerService) {
 		this.securityManager = securityManager;
 		this.newBlockEditor = newBlockEditor;
-		this.previousBlockDataset = previousBlockDataset;
+		this.ledgerQueryer = ledgerQueryer;
 		this.opHandles = opHandles;
 		this.ledgerService = ledgerService;
 	}
@@ -95,7 +95,7 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
 			SecurityContext.setContextUsersPolicy(securityPolicy);
 
 			// 安全校验；
-			checkSecurity();
+			checkSecurity(securityPolicy);
 
 			// 验证交易请求；
 			checkRequest(reqExt);
@@ -143,23 +143,26 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
 	}
 
 	/**
-	 * 验证交易的参与方的权限；
+	 * 执行安全验证；
 	 */
-	private void checkSecurity() {
-		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-
-		// 验证当前交易请求的节点参与方是否具有权限；
-		securityPolicy.checkNodes(LedgerPermission.APPROVE_TX, MultiIdsPolicy.AT_LEAST_ONE);
+	private void checkSecurity(SecurityPolicy securityPolicy) {
+		// 验证节点和终端身份的合法性；
+		// 多重身份签署的必须全部身份都合法；
+		securityPolicy.checkEndpointValidity(MultiIDsPolicy.ALL);
+		securityPolicy.checkNodeValidity(MultiIDsPolicy.ALL);
+
+		// 验证参与方节点是否具有核准交易的权限；
+		securityPolicy.checkNodePermission(LedgerPermission.APPROVE_TX, MultiIDsPolicy.AT_LEAST_ONE);
 	}
 
 	private void checkRequest(TransactionRequestExtension reqExt) {
 		// TODO: 把验签和创建交易并行化；
-		checkTxContent(reqExt);
+		checkTxContentHash(reqExt);
 		checkEndpointSignatures(reqExt);
 		checkNodeSignatures(reqExt);
 	}
 
-	private void checkTxContent(TransactionRequestExtension requestExt) {
+	private void checkTxContentHash(TransactionRequestExtension requestExt) {
 		TransactionContent txContent = requestExt.getTransactionContent();
 		if (!TxBuilder.verifyTxContentHash(txContent, txContent.getHash())) {
 			// 由于哈希校验失败，引发IllegalTransactionException，使外部调用抛弃此交易请求；
@@ -169,44 +172,34 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
 		}
 	}
 
-	private void checkEndpointSignatures(TransactionRequestExtension request) {
+	private void checkNodeSignatures(TransactionRequestExtension request) {
 		TransactionContent txContent = request.getTransactionContent();
-		Collection<Credential> endpoints = request.getEndpoints();
-		if (endpoints != null) {
-			for (Credential endpoint : endpoints) {
-				if (!previousBlockDataset.getUserAccountSet().contains(endpoint.getAddress())) {
-					throw new UserDoesNotExistException(
-							"The endpoint signer[" + endpoint.getAddress() + "] was not registered!");
-				}
-
-				if (!SignatureUtils.verifyHashSignature(txContent.getHash(), endpoint.getSignature().getDigest(),
-						endpoint.getPubKey())) {
+		Collection<Credential> nodes = request.getNodes();
+		if (nodes != null) {
+			for (Credential node : nodes) {
+				if (!SignatureUtils.verifyHashSignature(txContent.getHash(), node.getSignature().getDigest(),
+						node.getPubKey())) {
 					// 由于签名校验失败，引发IllegalTransactionException，使外部调用抛弃此交易请求；
 					throw new IllegalTransactionException(
-							String.format("Wrong transaction endpoint signature! --[Tx Hash=%s][Endpoint Signer=%s]!",
-									request.getTransactionContent().getHash(), endpoint.getAddress()),
+							String.format("Wrong transaction node signature! --[Tx Hash=%s][Node Signer=%s]!",
+									request.getTransactionContent().getHash(), node.getAddress()),
 							TransactionState.IGNORED_BY_WRONG_CONTENT_SIGNATURE);
 				}
 			}
 		}
 	}
 
-	private void checkNodeSignatures(TransactionRequestExtension request) {
+	private void checkEndpointSignatures(TransactionRequestExtension request) {
 		TransactionContent txContent = request.getTransactionContent();
-		Collection<Credential> nodes = request.getNodes();
-		if (nodes != null) {
-			for (Credential node : nodes) {
-				if (!previousBlockDataset.getAdminDataset().getParticipantDataset().contains(node.getAddress())) {
-					throw new ParticipantDoesNotExistException(
-							"The node signer[" + node.getAddress() + "] was not registered to the participant set!");
-				}
-
-				if (!SignatureUtils.verifyHashSignature(txContent.getHash(), node.getSignature().getDigest(),
-						node.getPubKey())) {
+		Collection<Credential> endpoints = request.getEndpoints();
+		if (endpoints != null) {
+			for (Credential endpoint : endpoints) {
+				if (!SignatureUtils.verifyHashSignature(txContent.getHash(), endpoint.getSignature().getDigest(),
+						endpoint.getPubKey())) {
 					// 由于签名校验失败，引发IllegalTransactionException，使外部调用抛弃此交易请求；
 					throw new IllegalTransactionException(
-							String.format("Wrong transaction node signature! --[Tx Hash=%s][Node Signer=%s]!",
-									request.getTransactionContent().getHash(), node.getAddress()),
+							String.format("Wrong transaction endpoint signature! --[Tx Hash=%s][Endpoint Signer=%s]!",
+									request.getTransactionContent().getHash(), endpoint.getAddress()),
 							TransactionState.IGNORED_BY_WRONG_CONTENT_SIGNATURE);
 				}
 			}
@@ -236,14 +229,14 @@ public class TransactionBatchProcessor implements TransactionBatchProcess {
 					// assert; Instance of operation are one of User related operations or
 					// DataAccount related operations;
 					OperationHandle hdl = opHandles.getHandle(operation.getClass());
-					hdl.process(operation, dataset, request, previousBlockDataset, this, ledgerService);
+					hdl.process(operation, dataset, request, ledgerQueryer, this, ledgerService);
 				}
 			};
 			OperationHandle opHandle;
 			int opIndex = 0;
 			for (Operation op : ops) {
 				opHandle = opHandles.getHandle(op.getClass());
-				BytesValue opResult = opHandle.process(op, dataset, request, previousBlockDataset, handleContext,
+				BytesValue opResult = opHandle.process(op, dataset, request, ledgerQueryer, handleContext,
 						ledgerService);
 				if (opResult != null) {
 					operationResults.add(new OperationResultData(opIndex, opResult));

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/TransactionEngineImpl.java

@@ -43,8 +43,10 @@ public class TransactionEngineImpl implements TransactionEngine {
 		LedgerDataQuery previousBlockDataset = ledgerRepo.getDataSet(ledgerBlock);
 
 		LedgerAdminDataQuery previousAdminDataset = previousBlockDataset.getAdminDataset();
-		LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(previousAdminDataset.getAdminInfo().getRolePrivileges(),
-				previousAdminDataset.getAdminInfo().getUserRoles());
+		LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(
+				previousAdminDataset.getAdminInfo().getRolePrivileges(),
+				previousAdminDataset.getAdminInfo().getUserRoles(), previousAdminDataset.getParticipantDataset(),
+				previousBlockDataset.getUserAccountSet());
 		batch = new InnerTransactionBatchProcessor(ledgerHash, securityManager, newBlockEditor, previousBlockDataset,
 				opHdlRegs, ledgerService, ledgerBlock.getHeight());
 		batchs.put(ledgerHash, batch);
@@ -75,8 +77,8 @@ public class TransactionEngineImpl implements TransactionEngine {
 		 * @param opHandles            操作处理对象注册表；
 		 */
 		public InnerTransactionBatchProcessor(HashDigest ledgerHash, LedgerSecurityManager securityManager,
-				LedgerEditor newBlockEditor, LedgerDataQuery previousBlockDataset, OperationHandleRegisteration opHandles,
-				LedgerService ledgerService, long blockHeight) {
+				LedgerEditor newBlockEditor, LedgerDataQuery previousBlockDataset,
+				OperationHandleRegisteration opHandles, LedgerService ledgerService, long blockHeight) {
 			super(securityManager, newBlockEditor, previousBlockDataset, opHandles, ledgerService);
 			this.ledgerHash = ledgerHash;
 			this.blockHeight = blockHeight;

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbstractLedgerOperationHandle.java

@@ -7,7 +7,7 @@ import com.jd.blockchain.ledger.TransactionPermission;
 import com.jd.blockchain.ledger.core.LedgerDataQuery;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerService;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.OperationHandle;
 import com.jd.blockchain.ledger.core.OperationHandleContext;
 import com.jd.blockchain.ledger.core.SecurityContext;
@@ -49,7 +49,7 @@ public abstract class AbstractLedgerOperationHandle<T extends Operation> impleme
 			OperationHandleContext handleContext, LedgerService ledgerService) {
 		// 权限校验；
 		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-		securityPolicy.checkEndpoints(TransactionPermission.DIRECT_OPERATION, MultiIdsPolicy.AT_LEAST_ONE);
+		securityPolicy.checkEndpointPermission(TransactionPermission.DIRECT_OPERATION, MultiIDsPolicy.AT_LEAST_ONE);
 
 		// 操作账本；
 		@SuppressWarnings("unchecked")

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/AbtractContractEventSendOperationHandle.java

@@ -15,7 +15,7 @@ import com.jd.blockchain.ledger.core.LedgerDataQuery;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerQueryService;
 import com.jd.blockchain.ledger.core.LedgerService;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.OperationHandle;
 import com.jd.blockchain.ledger.core.OperationHandleContext;
 import com.jd.blockchain.ledger.core.SecurityContext;
@@ -35,7 +35,7 @@ public abstract class AbtractContractEventSendOperationHandle implements Operati
 			LedgerDataQuery previousBlockDataset, OperationHandleContext opHandleContext, LedgerService ledgerService) {
 		// 权限校验；
 		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-		securityPolicy.checkEndpoints(TransactionPermission.CONTRACT_OPERATION, MultiIdsPolicy.AT_LEAST_ONE);
+		securityPolicy.checkEndpointPermission(TransactionPermission.CONTRACT_OPERATION, MultiIDsPolicy.AT_LEAST_ONE);
 
 		// 操作账本；
 		ContractEventSendOperation contractOP = (ContractEventSendOperation) op;

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/ContractCodeDeployOperationHandle.java

@@ -5,7 +5,7 @@ import com.jd.blockchain.ledger.LedgerPermission;
 import com.jd.blockchain.ledger.core.LedgerDataQuery;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerService;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.OperationHandleContext;
 import com.jd.blockchain.ledger.core.SecurityContext;
 import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -26,7 +26,7 @@ public class ContractCodeDeployOperationHandle extends AbstractLedgerOperationHa
 
 		// 权限校验；
 		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-		securityPolicy.checkEndpoints(LedgerPermission.UPGRADE_CONTRACT, MultiIdsPolicy.AT_LEAST_ONE);
+		securityPolicy.checkEndpointPermission(LedgerPermission.UPGRADE_CONTRACT, MultiIDsPolicy.AT_LEAST_ONE);
 
 		// 操作账本；
 		ContractCodeDeployOperation contractOP = (ContractCodeDeployOperation) op;

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountKVSetOperationHandle.java

@@ -9,7 +9,7 @@ import com.jd.blockchain.ledger.core.DataAccount;
 import com.jd.blockchain.ledger.core.LedgerDataQuery;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerService;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.OperationHandleContext;
 import com.jd.blockchain.ledger.core.SecurityContext;
 import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -27,7 +27,7 @@ public class DataAccountKVSetOperationHandle extends AbstractLedgerOperationHand
 			OperationHandleContext handleContext, LedgerService ledgerService) {
 		// 权限校验；
 		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-		securityPolicy.checkEndpoints(LedgerPermission.WRITE_DATA_ACCOUNT, MultiIdsPolicy.AT_LEAST_ONE);
+		securityPolicy.checkEndpointPermission(LedgerPermission.WRITE_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE);
 
 		// 操作账本；
 		DataAccount account = newBlockDataset.getDataAccountSet().getDataAccount(kvWriteOp.getAccountAddress());

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/DataAccountRegisterOperationHandle.java

@@ -6,7 +6,7 @@ import com.jd.blockchain.ledger.LedgerPermission;
 import com.jd.blockchain.ledger.core.LedgerDataQuery;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerService;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.OperationHandleContext;
 import com.jd.blockchain.ledger.core.SecurityContext;
 import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -25,7 +25,7 @@ public class DataAccountRegisterOperationHandle extends AbstractLedgerOperationH
 
 		// 权限校验；
 		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-		securityPolicy.checkEndpoints(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIdsPolicy.AT_LEAST_ONE);
+		securityPolicy.checkEndpointPermission(LedgerPermission.REGISTER_DATA_ACCOUNT, MultiIDsPolicy.AT_LEAST_ONE);
 
 		// 操作账本；
 		DataAccountRegisterOperation dataAccountRegOp = (DataAccountRegisterOperation) op;

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/LedgerInitOperationHandle.java

@@ -0,0 +1,27 @@
+package com.jd.blockchain.ledger.core.handles;
+
+import com.jd.blockchain.ledger.BytesValue;
+import com.jd.blockchain.ledger.LedgerInitOperation;
+import com.jd.blockchain.ledger.Operation;
+import com.jd.blockchain.ledger.core.LedgerDataQuery;
+import com.jd.blockchain.ledger.core.LedgerDataset;
+import com.jd.blockchain.ledger.core.LedgerService;
+import com.jd.blockchain.ledger.core.OperationHandle;
+import com.jd.blockchain.ledger.core.OperationHandleContext;
+import com.jd.blockchain.ledger.core.TransactionRequestExtension;
+
+public class LedgerInitOperationHandle implements OperationHandle {
+
+	@Override
+	public Class<?> getOperationType() {
+		return LedgerInitOperation.class;
+	}
+
+	@Override
+	public BytesValue process(Operation op, LedgerDataset newBlockDataset, TransactionRequestExtension requestContext,
+			LedgerDataQuery previousBlockDataset, OperationHandleContext handleContext, LedgerService ledgerService) {
+		// 对初始化操作不需要做任何处理；
+		return null;
+	}
+
+}

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/RolesConfigureOperationHandle.java

@@ -8,7 +8,7 @@ import com.jd.blockchain.ledger.RolesConfigureOperation.RolePrivilegeEntry;
 import com.jd.blockchain.ledger.core.LedgerDataQuery;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerService;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.OperationHandleContext;
 import com.jd.blockchain.ledger.core.SecurityContext;
 import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -25,7 +25,7 @@ public class RolesConfigureOperationHandle extends AbstractLedgerOperationHandle
 			OperationHandleContext handleContext, LedgerService ledgerService) {
 		// 权限校验；
 		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-		securityPolicy.checkEndpoints(LedgerPermission.CONFIGURE_ROLES, MultiIdsPolicy.AT_LEAST_ONE);
+		securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);
 
 		// 操作账本；
 		RolePrivilegeEntry[] rpcfgs = operation.getRoles();

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserAuthorizeOperationHandle.java

@@ -13,7 +13,7 @@ import com.jd.blockchain.ledger.UserRolesSettings;
 import com.jd.blockchain.ledger.core.LedgerDataQuery;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerService;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.OperationHandleContext;
 import com.jd.blockchain.ledger.core.SecurityContext;
 import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -30,7 +30,7 @@ public class UserAuthorizeOperationHandle extends AbstractLedgerOperationHandle<
 			OperationHandleContext handleContext, LedgerService ledgerService) {
 		// 权限校验；
 		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-		securityPolicy.checkEndpoints(LedgerPermission.CONFIGURE_ROLES, MultiIdsPolicy.AT_LEAST_ONE);
+		securityPolicy.checkEndpointPermission(LedgerPermission.CONFIGURE_ROLES, MultiIDsPolicy.AT_LEAST_ONE);
 
 		// 操作账本；
 

source/ledger/ledger-core/src/main/java/com/jd/blockchain/ledger/core/handles/UserRegisterOperationHandle.java

@@ -6,7 +6,7 @@ import com.jd.blockchain.ledger.UserRegisterOperation;
 import com.jd.blockchain.ledger.core.LedgerDataQuery;
 import com.jd.blockchain.ledger.core.LedgerDataset;
 import com.jd.blockchain.ledger.core.LedgerService;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.OperationHandleContext;
 import com.jd.blockchain.ledger.core.SecurityContext;
 import com.jd.blockchain.ledger.core.SecurityPolicy;
@@ -24,7 +24,7 @@ public class UserRegisterOperationHandle extends AbstractLedgerOperationHandle<U
 			OperationHandleContext handleContext, LedgerService ledgerService) {
 		// 权限校验；
 		SecurityPolicy securityPolicy = SecurityContext.getContextUsersPolicy();
-		securityPolicy.checkEndpoints(LedgerPermission.REGISTER_USER, MultiIdsPolicy.AT_LEAST_ONE);
+		securityPolicy.checkEndpointPermission(LedgerPermission.REGISTER_USER, MultiIDsPolicy.AT_LEAST_ONE);
 
 		// 操作账本；
 		UserRegisterOperation userRegOp = (UserRegisterOperation) op;

source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/ContractInvokingTest.java

@@ -102,7 +102,13 @@ public class ContractInvokingTest {
 		// 创建和加载合约实例；
 		BlockchainKeypair contractKey = BlockchainKeyGenerator.getInstance().generate();
 		Bytes contractAddress = contractKey.getAddress();
+
 		TestContract contractInstance = Mockito.mock(TestContract.class);
+		final String asset = "AK";
+		final long issueAmount = new Random().nextLong();
+		when(contractInstance.issue(anyString(), anyLong())).thenReturn(issueAmount);
+
+		// 装载合约；
 		contractInvokingHandle.setup(contractAddress, TestContract.class, contractInstance);
 
 		// 注册合约处理器；
@@ -124,11 +130,8 @@ public class ContractInvokingTest {
 		// 构建基于接口调用合约的交易请求，用于测试合约调用；
 		TxBuilder txBuilder = new TxBuilder(ledgerHash);
 		TestContract contractProxy = txBuilder.contract(contractAddress, TestContract.class);
-		TestContract contractProxy1 = txBuilder.contract(contractAddress, TestContract.class);
 
-		String asset = "AK";
-		long issueAmount = new Random().nextLong();
-		when(contractInstance.issue(anyString(), anyLong())).thenReturn(issueAmount);
+		// 构造调用合约的交易；
 		contractProxy.issue(asset, issueAmount);
 
 		TransactionRequestBuilder txReqBuilder = txBuilder.prepareRequest();
@@ -475,10 +478,10 @@ public class ContractInvokingTest {
 		LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class);
 
 		SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class);
-		when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true);
 
 		when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy);
 

source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/LedgerSecurityManagerTest.java

@@ -1,6 +1,5 @@
 package test.com.jd.blockchain.ledger.core;
 
-import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
@@ -8,6 +7,7 @@ import java.util.HashMap;
 import java.util.Map;
 
 import org.junit.Test;
+import org.mockito.Mockito;
 
 import com.jd.blockchain.crypto.Crypto;
 import com.jd.blockchain.crypto.CryptoAlgorithm;
@@ -18,15 +18,17 @@ import com.jd.blockchain.ledger.BlockchainKeyGenerator;
 import com.jd.blockchain.ledger.BlockchainKeypair;
 import com.jd.blockchain.ledger.CryptoSetting;
 import com.jd.blockchain.ledger.LedgerPermission;
+import com.jd.blockchain.ledger.ParticipantDataQuery;
 import com.jd.blockchain.ledger.Privileges;
 import com.jd.blockchain.ledger.RolesPolicy;
 import com.jd.blockchain.ledger.TransactionPermission;
 import com.jd.blockchain.ledger.core.CryptoConfig;
 import com.jd.blockchain.ledger.core.LedgerSecurityManager;
 import com.jd.blockchain.ledger.core.LedgerSecurityManagerImpl;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.RolePrivilegeDataset;
 import com.jd.blockchain.ledger.core.SecurityPolicy;
+import com.jd.blockchain.ledger.core.UserAccountQuery;
 import com.jd.blockchain.ledger.core.UserRoleDataset;
 import com.jd.blockchain.storage.service.utils.MemoryKVStorage;
 import com.jd.blockchain.utils.Bytes;
@@ -125,8 +127,12 @@ public class LedgerSecurityManagerTest {
 		userRolesDataset.addUserRoles(kpPlatform.getAddress(), RolesPolicy.UNION, platformRoles);
 		userRolesDataset.commit();
 
+		ParticipantDataQuery partisQuery = Mockito.mock(ParticipantDataQuery.class);
+		UserAccountQuery usersQuery = Mockito.mock(UserAccountQuery.class);
+
 		// 创建安全管理器；
-		LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(rolePrivilegeDataset, userRolesDataset);
+		LedgerSecurityManager securityManager = new LedgerSecurityManagerImpl(rolePrivilegeDataset, userRolesDataset,
+				partisQuery, usersQuery);
 
 		// 定义终端用户列表；终端用户一起共同具有 ADMIN、OPERATOR 角色；
 		final Map<Bytes, BlockchainKeypair> endpoints = new HashMap<>();
@@ -146,16 +152,16 @@ public class LedgerSecurityManagerTest {
 			// 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限；
 			if (p == LedgerPermission.REGISTER_USER || p == LedgerPermission.REGISTER_DATA_ACCOUNT
 					|| p == LedgerPermission.WRITE_DATA_ACCOUNT) {
-				assertTrue(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE));
+				assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
 			} else {
-				assertFalse(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE));
+				assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
 			}
 
 			if (p == LedgerPermission.APPROVE_TX) {
 				// 共识参与方只有 PLATFORM 角色的权限：核准交易；
-				assertTrue(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE));
+				assertTrue(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
 			} else {
-				assertFalse(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE));
+				assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
 			}
 		}
 
@@ -163,12 +169,12 @@ public class LedgerSecurityManagerTest {
 		for (TransactionPermission p : transactionPermissions) {
 			// 终端节点有 ADMIN 和 OPERATOR 两种角色的合并权限；
 			if (p == TransactionPermission.DIRECT_OPERATION || p == TransactionPermission.CONTRACT_OPERATION) {
-				assertTrue(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE));
+				assertTrue(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
 			} else {
-				assertFalse(policy.isEnableToEndpoints(p, MultiIdsPolicy.AT_LEAST_ONE));
+				assertFalse(policy.isEndpointEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
 			}
 
-			assertFalse(policy.isEnableToNodes(p, MultiIdsPolicy.AT_LEAST_ONE));
+			assertFalse(policy.isNodeEnable(p, MultiIDsPolicy.AT_LEAST_ONE));
 		}
 	}
 

source/ledger/ledger-core/src/test/java/test/com/jd/blockchain/ledger/core/TransactionBatchProcessorTest.java

@@ -122,10 +122,10 @@ public class TransactionBatchProcessorTest {
 		LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class);
 
 		SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class);
-		when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true);
 
 		when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy);
 

source/test/test-integration/src/main/java/test/com/jd/blockchain/intgr/perf/LedgerPerformanceTest.java

@@ -45,7 +45,7 @@ import com.jd.blockchain.ledger.core.LedgerEditor;
 import com.jd.blockchain.ledger.core.LedgerManager;
 import com.jd.blockchain.ledger.core.LedgerRepository;
 import com.jd.blockchain.ledger.core.LedgerSecurityManager;
-import com.jd.blockchain.ledger.core.MultiIdsPolicy;
+import com.jd.blockchain.ledger.core.MultiIDsPolicy;
 import com.jd.blockchain.ledger.core.SecurityPolicy;
 import com.jd.blockchain.ledger.core.TransactionBatchProcessor;
 import com.jd.blockchain.service.TransactionBatchResultHandle;
@@ -676,44 +676,61 @@ public class LedgerPerformanceTest {
 		}
 
 		@Override
-		public boolean isEnableToEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy) {
+		public boolean isEndpointEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
 			return true;
 		}
 
 		@Override
-		public boolean isEnableToEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy) {
+		public boolean isEndpointEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
 			return true;
 		}
 
 		@Override
-		public boolean isEnableToNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) {
+		public boolean isNodeEnable(LedgerPermission permission, MultiIDsPolicy midPolicy) {
 			return true;
 		}
 
 		@Override
-		public boolean isEnableToNodes(TransactionPermission permission, MultiIdsPolicy midPolicy) {
-			// TODO Auto-generated method stub
-			return false;
+		public boolean isNodeEnable(TransactionPermission permission, MultiIDsPolicy midPolicy) {
+			return true;
 		}
 
 		@Override
-		public void checkEndpoints(LedgerPermission permission, MultiIdsPolicy midPolicy)
+		public void checkEndpointPermission(LedgerPermission permission, MultiIDsPolicy midPolicy)
 				throws LedgerSecurityException {
 		}
 
 		@Override
-		public void checkEndpoints(TransactionPermission permission, MultiIdsPolicy midPolicy)
+		public void checkEndpointPermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
 				throws LedgerSecurityException {
 		}
 
 		@Override
-		public void checkNodes(LedgerPermission permission, MultiIdsPolicy midPolicy) throws LedgerSecurityException {
+		public void checkNodePermission(LedgerPermission permission, MultiIDsPolicy midPolicy) throws LedgerSecurityException {
 		}
 
 		@Override
-		public void checkNodes(TransactionPermission permission, MultiIdsPolicy midPolicy)
+		public void checkNodePermission(TransactionPermission permission, MultiIDsPolicy midPolicy)
 				throws LedgerSecurityException {
 		}
 
+		@Override
+		public boolean isEndpointValid(MultiIDsPolicy midPolicy) {
+			return true;
+		}
+
+		@Override
+		public boolean isNodeValid(MultiIDsPolicy midPolicy) {
+			return true;
+		}
+
+		@Override
+		public void checkEndpointValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
+		}
+
+		@Override
+		public void checkNodeValidity(MultiIDsPolicy midPolicy) throws LedgerSecurityException {
+		}
+
 	}
 }

source/tools/tools-mocker/src/main/java/com/jd/blockchain/mocker/MockerNodeContext.java

@@ -451,10 +451,10 @@ public class MockerNodeContext implements BlockchainQueryService {
 		LedgerSecurityManager securityManager = Mockito.mock(LedgerSecurityManager.class);
 
 		SecurityPolicy securityPolicy = Mockito.mock(SecurityPolicy.class);
-		when(securityPolicy.isEnableToEndpoints(any(LedgerPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToEndpoints(any(TransactionPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToNodes(any(LedgerPermission.class), any())).thenReturn(true);
-		when(securityPolicy.isEnableToNodes(any(TransactionPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isEndpointEnable(any(LedgerPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isEndpointEnable(any(TransactionPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isNodeEnable(any(LedgerPermission.class), any())).thenReturn(true);
+		when(securityPolicy.isNodeEnable(any(TransactionPermission.class), any())).thenReturn(true);
 
 		when(securityManager.createSecurityPolicy(any(), any())).thenReturn(securityPolicy);