Error : Full Authentication is required while request goes from mobile client with Google App Engine using Spring Auth

28 views

Skip to first unread message

kirti Hudda via StackOverflow

unread,

Feb 17, 2017, 6:58:06 AM2/17/17

to google-appengin...@googlegroups.com

I am stucked with this authentication part since last 15 days. Authentication at mobile end taking place via Google Oauth (Gmail Authentication) and getting token successfully but at App Engine authentication is failing. I don't know what I am doing wrong? Code for Cloud Endpoint is:

private ABC abc;   
ABC.Builder builder = new ABC.Builder(AndroidHttp.newCompatibleTransport(),
            new AndroidJsonFactory(), googleAccountCredential)
            .setApplicationName(Constants.APPLICATION_NAME)
            .setRootUrl("url").
                    setGoogleClientRequestInitializer(new GoogleClientRequestInitializer() {
                        @Override
                        public void initialize(AbstractGoogleClientRequest<?> abstractGoogleClientRequest) throws IOException {
                            abstractGoogleClientRequest.setDisableGZipContent(true);


                        }});

    abc= builder.build();

Calling Method of Endpoint:

abc.users("").execute();

Spring Authentication in Security config:

 public class SecurityConfig extends WebSecurityConfigurerAdapter {
 protected void configure(HttpSecurity http) throws Exception {

    // @formatter:off
    http.authorizeRequests()
            .antMatchers("/_ah/spi/BackendService.getApiConfigs",
                    "/_ah/spi/BackendService.logMessages").permitAll()
            .antMatchers("/_ah/api/**").permitAll()
            .antMatchers("/_ah/admin/**").permitAll()
            .antMatchers("/_ah/resources/**").permitAll()
            .anyRequest().authenticated() // .anyRequest().permitAll()
            .and()
            .headers().frameOptions().disable()
        .and()
            .exceptionHandling()
                .authenticationEntryPoint(new AuthenticationErrorEntryPoint())
        .and()
            .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
        .and()
            .csrf().disable();

    http.addFilterBefore(authenticationFilterBean(), UsernamePasswordAuthenticationFilter.class);
    // @formatter:on
}

}

AuthenticationFilter code:

public class AuthenticationFilter  extends GenericFilterBean {
@Override
  public void doFilter(ServletRequest request, ServletResponse response,      FilterChain filterChain) throws IOException, ServletException {
    try {
        User user = OAuthServiceFactory.getOAuthService().getCurrentUser(Constants.EMAIL_SCOPE);
        log.info("OAUTH USER: " + user.getEmail());
        final UserDetails userDetails = userDetailsService.loadUserByUsername(user.getEmail());
        Authentication authentication = new UserDetailsAuthentication(userDetails);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        log.info("USER: " + userDetails.getUsername());
        log.info("AUTHORITIES: " + userDetails.getAuthorities().toString());
    } catch (Exception ex) {
        Throwable error = ex;
        if (error.getClass() == UndeclaredThrowableException.class) {
            error = error.getCause();
        }
        log.log(Level.SEVERE, error.getMessage(), error);
    }
    filterChain.doFilter(request, response);
}
  }

Exception at mobile end:

com.google.api.client.googleapis.json.GoogleJsonResponseException: 403                     Forbidden
02-17 16:39:12.008 22822-22981/com.g4s.javelin.javelinmobile W/System.err: {
02-17 16:39:12.008 22822-22981/com.g4s.javelin.javelinmobile W/System.err:   "code": 403,
02-17 16:39:12.008 22822-22981/com.g4s.javelin.javelinmobile W/System.err:   "errors": [
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err:     {
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err:       "domain": "global",
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err:       "message": "Full authentication is required to access this resource",
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err:       "reason": "forbidden"
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err:     }
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err:   ],
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err:   "message": "Full authentication is required to access this resource"

02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: }

App Engine Log is:

    abc.security.filter.AuthenticationFilter doFilter:                (AuthenticationFilter.java:48)
com.google.appengine.api.oauth.InvalidOAuthParametersException: 
    at com.google.appengine.api.oauth.OAuthServiceImpl.makeSyncCall(OAuthServiceImpl.java:139)
    at com.google.appengine.api.oauth.OAuthServiceImpl.getGetOAuthUserResponse(OAuthServiceImpl.java:115)
    at com.google.appengine.api.oauth.OAuthServiceImpl.getCurrentUser(OAuthServiceImpl.java:42)

Please DO NOT REPLY directly to this email but go to StackOverflow:
http://stackoverflow.com/questions/42297342/error-full-authentication-is-required-while-request-goes-from-mobile-client-wi

Reply all

Reply to author

Forward

0 new messages