SDC work with Appengine's cron jobs

125 views
Skip to first unread message

yaite

unread,
Oct 3, 2011, 11:15:37 AM10/3/11
to google-secure-data-connector
Hi, is it possible to make the SDC work with Appengine's cronjobs?

When I use the debugging query I get the following response:
request_service : AppEngine
request_appId : s~***************
request_requestId : (Id =**************)
sdc_routing : Internet
sdc_anonymous_user : true
sdc_internet_routing : USER_NOT_LOGGED_IN
response_sdc_status : ERROR[7]: Error in fetching this resource from
the Internet.

So, is there a parameter in SDC configuration to allow users not
logged access to the resources ?

Lonnie

unread,
Dec 2, 2011, 5:21:45 AM12/2/11
to google-secure-data-connector
I am also in need of a way to allow non-authenticated users to access
SDC resources, or possibly be able to specify the principal to be used
to authorize an SDC request.

jtello

unread,
May 25, 2012, 6:05:45 PM5/25/12
to googl...@googlegroups.com
I also have the same problem, did get something??

priC

unread,
Jun 30, 2012, 4:55:01 AM6/30/12
to googl...@googlegroups.com
Maybe there's a way to set programmatically current user in the cronjob?

Eric Pollmann

unread,
Jul 2, 2012, 4:14:23 PM7/2/12
to googl...@googlegroups.com
Hello Primiano, Joel, Lonnie and Aite,

We don't currently officially support this feature.  However, we are developing support for it and there's a way to try it out on an experimental basis.  As an experimental feature, it's not documented in the official SDC docs.  We plan on adding this feature in the future, but as it is experimental, we can't guarantee that it will be added, or that it will retain the present form.

Before trying it out there are a few important security notes:
 - You are enabling access to your resource with no authentication.  This means that incoming requests will not be checked to verify that they come from an authenticated user.  You must take precautions to ensure that no unexpected access is enabled by turning on this feature.
 - Carefully look at the entire rule definition to make sure that the level of unauthenticated access is appropriate for the resource. You can restrict access to only a specific set of AppEngine IDs, for example, or only applications within your domain (<allowOutsideDomainAccess>false</allowOutsideDomainAccess>).
 - Do NOT combine this feature with <allowAnyAppId>true</allowAnyAppId> unless you want ALL App Engine Apps written by any author to have unrestricted access to your resource.

Here's how to use it.  In your resourceRules.xml file, add this to the rule definition:

   <allowAnonymousAccess>true</allowAnonymousAccess>

A fuller example:

<resourceRules>
  <rule repeatable="true">
    <ruleNum>1</ruleNum>
    <agentId>agentId1</agentId>
    <allowDomainViewers>true</allowDomainViewers>
    <allowOutsideDomainAccess>false</allowOutsideDomainAccess>
    <allowAnonymousAccess>true</allowAnonymousAccess>
    <apps repeatable="true">
      <container>AppEngine</container>
      <appId>REPLACE-WITH-APPID</appId>
    </apps>
    <url>REPLACE-WITH-URL</url> 
    <urlMatch>HOSTPORT</urlMatch>
  </rule>
</resourceRules>

Please let us know if this works for you or not, we'd love to get feedback on it!

Thank you,
-Eric Pollmann
 SDC Engineer

--
You received this message because you are subscribed to the Google Groups "enterprise-data-questions" group.
To post to this group, send email to enterprise-d...@google.com.
To unsubscribe from this group, send email to enterprise-data-qu...@google.com.
For more options, visit this group at http://groups.google.com/a/google.com/group/enterprise-data-questions/?hl=en.

Dexter Legaspi

unread,
Jul 11, 2012, 1:40:05 PM7/11/12
to googl...@googlegroups.com
I can't get this to work as followed in the instructions...is there any new SDC client that we need to install?
 SDC Engineer

To post to this group, send email to enterprise-data-questions@google.com.
To unsubscribe from this group, send email to enterprise-data-questions+unsub...@google.com.

Eric Pollmann

unread,
Jul 11, 2012, 3:08:21 PM7/11/12
to googl...@googlegroups.com
Hi Dexter,

This should work with version 1.3, available here:

Is that the version you are using?  If so, can you provide more information about your setup?  For example, are you using App Engine, Apps Script, or a Gadget?  When you modified your rule to add <allowAnonymousAccess>true</allowAnonymousAccess>, what was the result?

Thank you,
-Eric



To post to this group, send email to enterprise-d...@google.com.
To unsubscribe from this group, send email to enterprise-data-qu...@google.com.

Joel Tello

unread,
Jul 11, 2012, 3:36:36 PM7/11/12
to googl...@googlegroups.com
Hi Eric, 

I already tried your solution but It didn't work. I'm getting the same error that before. This is the piece of code that is giving the exception:

urlfetch.fetch(url=url,headers={'use_intranet': 'yes'},deadline=60)

And this is the exception:

<class 'google.appengine.api.urlfetch_errors.DownloadError'>, DownloadError('ApplicationError: 2 ',), <traceback object at 0x10b926c0>

If I add a debug parameter to my url (X-secureDataConnectorDebug=text) I get this:

request_url : my_resource_url
request_service : AppEngine
request_appId : myAppID
request_requestId : (Id = xxxxxxxxx)

sdc_routing : Internet
sdc_anonymous_user : true
sdc_internet_routing : USER_NOT_LOGGED_IN
response_sdc_status : ok
response_content_size : 0

I have the lastest version 1.3rc2...
 SDC Engineer

To unsubscribe from this group, send email to enterprise-data-questions+unsubsc...@google.com.

Dexter Legaspi

unread,
Jul 11, 2012, 4:07:51 PM7/11/12
to googl...@googlegroups.com
Hi Eric

(Note that the app works as long as we have the authentication enabled)

We are using this under App Engine (Java).  We removed the code that deals with getting the current user (i presume we do that otherwise we are redirected to a page to authenticate):

   //UserService userService = UserServiceFactory.getUserService();  <-- commented out?
   // User user = userService.getCurrentUser(); <-- commented out?

    URLFetchService fetcher = URLFetchServiceFactory.getURLFetchService();

    URL dataURL = new URL("http://www.privatenetwork.com/hello?"); // <-- this is a REST ful call
    
    HTTPRequest fetchreq = new HTTPRequest(dataURL);


we get this exception:


java.io.IOException: Could not fetch URL: http://www.privatenetwork.com/hello?
	at com.google.appengine.api.urlfetch.URLFetchServiceImpl.convertApplicationException(URLFetchServiceImpl.java:115)
	at com.google.appengine.api.urlfetch.URLFetchServiceImpl.fetch(URLFetchServiceImpl.java:42)
	at hellosdc.HelloSDCServlet.doGet(HelloSDCServlet.java:32)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
	at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:102)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
	at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:35)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
	at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:43)
	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
	at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
	at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
	at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
(…)
Message has been deleted

priC

unread,
Jul 30, 2012, 8:33:03 AM7/30/12
to googl...@googlegroups.com
Hello Eric,
I have the same result as Joel Tello, so it does not work.

I 2012-07-30 13:23:22.261 test.SyncDb makeQuery: Riga numero 0: request_url : http://192.168.247.129:8080/jdbcbridge.jsp
I 2012-07-30 13:23:22.261 test.SyncDb makeQuery: Riga numero 1: request_service : AppEngine
I 2012-07-30 13:23:22.262 test.SyncDb makeQuery: Riga numero 2: request_appId : s~gecoinj
I 2012-07-30 13:23:22.262 test.SyncDb makeQuery: Riga numero 3: request_requestId : (Id = xxx74f22ca4a2xxx)
I 2012-07-30 13:23:22.262 test.SyncDb makeQuery: Riga numero 4: sdc_routing : Internet
I 2012-07-30 13:23:22.262 test.SyncDb makeQuery: Riga numero 5: sdc_anonymous_user : true
I 2012-07-30 13:23:22.262 test.SyncDb makeQuery: Riga numero 6: sdc_internet_routing : USER_NOT_LOGGED_IN
I 2012-07-30 13:23:22.262 test.SyncDb makeQuery: Riga numero 7: response_sdc_status : ok
I 2012-07-30 13:23:22.262 test.SyncDb makeQuery: Riga numero 8: response_content_size : 0

What's wrong?
 SDC Engineer

To post to this group, send email to enterprise-data-questions@google.com.
To unsubscribe from this group, send email to enterprise-data-questions+unsub...@google.com.
Reply all
Reply to author
Forward
0 new messages