Issue 866 in google-api-java-client: Storage API request from Compute Engine service account doesn't append OAuth token on redirected URL
0 views
Skip to first unread message
google-api-...@googlecode.com
Apr 6, 2014, 6:15:28 AM4/6/14
to google-api-jav...@googlegroups.com
Status: New
Owner: wonder...@google.com
Labels: Type-Defect Priority-Medium
New issue 866 by omer.daw...@gmail.com: Storage API request from Compute
Engine service account doesn't append OAuth token on redirected URL
http://code.google.com/p/google-api-java-client/issues/detail?id=866
Version of google-api-java-client (e.g. 1.15.0-rc)?
google-api-hava-client 1.18.0-rc
google-api-services-storage v1beta2-rev42-1.18.0-rc
Java environment (e.g. Java 6, Android 2.3, App Engine)?
Standalone Java 7 environment running on Compute Engine
Describe the problem.
I'm using the java api client libraries from inside Compute engine using
compute engine service accounts, an OAuth token is requested from the
metadata server to make a request to cloud storage:
When the requested url looks like this:
https://www.googleapis.com/storage/v1beta2/b/ecarf/o/linkedgeodata_links.nt.gz?oauth_token=ya29.1.AADtN_blahblahblah&alt=media
A Temporary redirect is received:
CONFIG: -------------- RESPONSE --------------
HTTP/1.1 307 Temporary Redirect
Content-Length: 201
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Alternate-Protocol: 443:quic
Location: https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz
Server: GSE
The api client follows the redirect, but without appending the OAuth token
to the url:
Apr 06, 2014 9:35:54 AM com.google.api.client.http.HttpRequest execute
CONFIG: curl -v --compressed -H 'Accept-Encoding: gzip' -H 'User-Agent:
ecarf Google-HTTP-Java-Client/1.18.0-rc (gzip)'
-- 'https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz'
and this fails with access denied. <?xml version='1.0'
encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access
denied.</Message></Error>
if I copy the redirect url and append the OAuth token to it and paste on
the browser it works ok
https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz?oauth_token=ya29.1.AADtN_blahblahblah&alt=media
How would you expect it to be fixed?
When receiving a redirect the api client should also append to the OAuth
token when following the redirect
The debug logs are attached
Attachments:
debug_logs.txt 8.9 KB
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
Owner: wonder...@google.com
Labels: Type-Defect Priority-Medium
New issue 866 by omer.daw...@gmail.com: Storage API request from Compute
Engine service account doesn't append OAuth token on redirected URL
http://code.google.com/p/google-api-java-client/issues/detail?id=866
Version of google-api-java-client (e.g. 1.15.0-rc)?
google-api-hava-client 1.18.0-rc
google-api-services-storage v1beta2-rev42-1.18.0-rc
Java environment (e.g. Java 6, Android 2.3, App Engine)?
Standalone Java 7 environment running on Compute Engine
Describe the problem.
I'm using the java api client libraries from inside Compute engine using
compute engine service accounts, an OAuth token is requested from the
metadata server to make a request to cloud storage:
When the requested url looks like this:
https://www.googleapis.com/storage/v1beta2/b/ecarf/o/linkedgeodata_links.nt.gz?oauth_token=ya29.1.AADtN_blahblahblah&alt=media
A Temporary redirect is received:
CONFIG: -------------- RESPONSE --------------
HTTP/1.1 307 Temporary Redirect
Content-Length: 201
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Alternate-Protocol: 443:quic
Location: https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz
Server: GSE
The api client follows the redirect, but without appending the OAuth token
to the url:
Apr 06, 2014 9:35:54 AM com.google.api.client.http.HttpRequest execute
CONFIG: curl -v --compressed -H 'Accept-Encoding: gzip' -H 'User-Agent:
ecarf Google-HTTP-Java-Client/1.18.0-rc (gzip)'
-- 'https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz'
and this fails with access denied. <?xml version='1.0'
encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access
denied.</Message></Error>
if I copy the redirect url and append the OAuth token to it and paste on
the browser it works ok
https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz?oauth_token=ya29.1.AADtN_blahblahblah&alt=media
How would you expect it to be fixed?
When receiving a redirect the api client should also append to the OAuth
token when following the redirect
The debug logs are attached
Attachments:
debug_logs.txt 8.9 KB
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
google-api-...@googlecode.com
Apr 6, 2014, 8:27:41 AM4/6/14
to google-api-jav...@googlegroups.com
Comment #1 on issue 866 by omer.daw...@gmail.com: Storage API request from
Compute Engine service account doesn't append OAuth token on redirected URL
http://code.google.com/p/google-api-java-client/issues/detail?id=866
setting HttpRequestInitializer to attach an UnsuccessfulResponseHandler
http://code.google.com/p/google-api-java-client/issues/detail?id=866
which reattaches the oauth token to the redirect url seems to get around
the issue
this.storage = new Storage.Builder(getHttpTransport(), JSON_FACTORY, new
HttpRequestInitializer() {
public void initialize(HttpRequest request) {
request.setUnsuccessfulResponseHandler(new RedirectHandler());
}
})
.setApplicationName(Constants.APP_NAME).build();
public class RedirectHandler implements HttpUnsuccessfulResponseHandler {
private static final String OAUTH_TOKEN_PARAM = "?oauth_token=";
/*
* (non-Javadoc)
* @see
com.google.api.client.http.HttpUnsuccessfulResponseHandler#handleResponse(
* com.google.api.client.http.HttpRequest,
com.google.api.client.http.HttpResponse, boolean)
*/
public boolean handleResponse(
HttpRequest request, HttpResponse response, boolean retrySupported)
throws IOException {
if (response.getStatusCode() ==
HttpStatusCodes.STATUS_CODE_TEMPORARY_REDIRECT) {
String redirectLocation = response.getHeaders().getLocation();
if (request.getFollowRedirects() && redirectLocation != null) {
String url = request.getUrl().toString();
String oauthToken = StringUtils.substringAfterLast(url,
OAUTH_TOKEN_PARAM);
// resolve the redirect location relative to the current location
// re-append the oauth token request parameter
request.setUrl(new GenericUrl(request.getUrl().toURL(redirectLocation +
OAUTH_TOKEN_PARAM + oauthToken)));
return true;
}
}
return false;
google-api-...@googlecode.com
Dec 23, 2014, 4:12:22 PM12/23/14
to google-api-jav...@googlegroups.com
Comment #2 on issue 866 by omer.daw...@gmail.com: Storage API request from
Compute Engine service account doesn't append OAuth token on redirected URL
https://code.google.com/p/google-api-java-client/issues/detail?id=866
This seems to be working fine in the API v1 cloud storage library. Can be
closed
google-api-...@googlecode.com
Dec 30, 2014, 11:45:23 AM12/30/14
to google-api-jav...@googlegroups.com
Updates:
Status: Done
Comment #3 on issue 866 by wonder...@google.com: Storage API request from
Status: Done
Comment #3 on issue 866 by wonder...@google.com: Storage API request from
Compute Engine service account doesn't append OAuth token on redirected URL
https://code.google.com/p/google-api-java-client/issues/detail?id=866
(No comment was entered for this change.)
https://code.google.com/p/google-api-java-client/issues/detail?id=866
Reply all
Reply to author
Forward
0 new messages