I am stucked with this authentication part since last 15 days. Authentication at mobile end taking place via Google Oauth (Gmail Authentication) and getting token successfully but at App Engine authentication is failing. I don't know what I am doing wrong? Code for Cloud Endpoint is:
private ABC abc;
ABC.Builder builder = new ABC.Builder(AndroidHttp.newCompatibleTransport(),
new AndroidJsonFactory(), googleAccountCredential)
.setApplicationName(Constants.APPLICATION_NAME)
.setRootUrl("url").
setGoogleClientRequestInitializer(new GoogleClientRequestInitializer() {
@Override
public void initialize(AbstractGoogleClientRequest<?> abstractGoogleClientRequest) throws IOException {
abstractGoogleClientRequest.setDisableGZipContent(true);
}});
abc= builder.build();
Calling Method of Endpoint:
abc.users("").execute();
Spring Authentication in Security config:
public class SecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
// @formatter:off
http.authorizeRequests()
.antMatchers("/_ah/spi/BackendService.getApiConfigs",
"/_ah/spi/BackendService.logMessages").permitAll()
.antMatchers("/_ah/api/**").permitAll()
.antMatchers("/_ah/admin/**").permitAll()
.antMatchers("/_ah/resources/**").permitAll()
.anyRequest().authenticated() // .anyRequest().permitAll()
.and()
.headers().frameOptions().disable()
.and()
.exceptionHandling()
.authenticationEntryPoint(new AuthenticationErrorEntryPoint())
.and()
.sessionManagement()
.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
.and()
.csrf().disable();
http.addFilterBefore(authenticationFilterBean(), UsernamePasswordAuthenticationFilter.class);
// @formatter:on
}
}
AuthenticationFilter code:
public class AuthenticationFilter extends GenericFilterBean {
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {
try {
User user = OAuthServiceFactory.getOAuthService().getCurrentUser(Constants.EMAIL_SCOPE);
log.info("OAUTH USER: " + user.getEmail());
final UserDetails userDetails = userDetailsService.loadUserByUsername(user.getEmail());
Authentication authentication = new UserDetailsAuthentication(userDetails);
SecurityContextHolder.getContext().setAuthentication(authentication);
log.info("USER: " + userDetails.getUsername());
log.info("AUTHORITIES: " + userDetails.getAuthorities().toString());
} catch (Exception ex) {
Throwable error = ex;
if (error.getClass() == UndeclaredThrowableException.class) {
error = error.getCause();
}
log.log(Level.SEVERE, error.getMessage(), error);
}
filterChain.doFilter(request, response);
}
}
Exception at mobile end:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
02-17 16:39:12.008 22822-22981/com.g4s.javelin.javelinmobile W/System.err: {
02-17 16:39:12.008 22822-22981/com.g4s.javelin.javelinmobile W/System.err: "code": 403,
02-17 16:39:12.008 22822-22981/com.g4s.javelin.javelinmobile W/System.err: "errors": [
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: {
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: "domain": "global",
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: "message": "Full authentication is required to access this resource",
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: "reason": "forbidden"
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: }
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: ],
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: "message": "Full authentication is required to access this resource"
02-17 16:39:12.018 22822-22981/com.g4s.javelin.javelinmobile W/System.err: }
App Engine Log is:
abc.security.filter.AuthenticationFilter doFilter: (AuthenticationFilter.java:48)
com.google.appengine.api.oauth.InvalidOAuthParametersException:
at com.google.appengine.api.oauth.OAuthServiceImpl.makeSyncCall(OAuthServiceImpl.java:139)
at com.google.appengine.api.oauth.OAuthServiceImpl.getGetOAuthUserResponse(OAuthServiceImpl.java:115)
at com.google.appengine.api.oauth.OAuthServiceImpl.getCurrentUser(OAuthServiceImpl.java:42)