mateilles718 / google-api-java-client

Automatically exported from code.google.com/p/google-api-java-client
0 stars 0 forks source link

Storage API request from Compute Engine service account doesn't append OAuth token on redirected URL #866

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Version of google-api-java-client (e.g. 1.15.0-rc)?
google-api-hava-client 1.18.0-rc
google-api-services-storage v1beta2-rev42-1.18.0-rc

Java environment (e.g. Java 6, Android 2.3, App Engine)?
Standalone Java 7 environment running on Compute Engine

Describe the problem.
I'm using the java api client libraries from inside Compute engine using 
compute engine service accounts, an OAuth token is requested from the metadata 
server to make a request to cloud storage:

When the requested url looks like this:
https://www.googleapis.com/storage/v1beta2/b/ecarf/o/linkedgeodata_links.nt.gz?o
auth_token=ya29.1.AADtN_blahblahblah&alt=media

A Temporary redirect is received:
CONFIG: -------------- RESPONSE --------------
HTTP/1.1 307 Temporary Redirect
Content-Length: 201
X-XSS-Protection: 1; mode=block
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Alternate-Protocol: 443:quic
Location: https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz
Server: GSE

The api client follows the redirect, but without appending the OAuth token to 
the url:
Apr 06, 2014 9:35:54 AM com.google.api.client.http.HttpRequest execute
CONFIG: curl -v --compressed -H 'Accept-Encoding: gzip' -H 'User-Agent: ecarf 
Google-HTTP-Java-Client/1.18.0-rc (gzip)' -- 
'https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz'

and this fails with access denied. <?xml version='1.0' 
encoding='UTF-8'?><Error><Code>AccessDenied</Code><Message>Access 
denied.</Message></Error> 

if I copy the redirect url and append the OAuth token to it and paste on the 
browser it works ok
https://storage.googleapis.com/ecarf/linkedgeodata_links.nt.gz?oauth_token=ya29.
1.AADtN_blahblahblah&alt=media

How would you expect it to be fixed?

When receiving a redirect the api client should also append to the OAuth token 
when following the redirect

The debug logs are attached

Original issue reported on code.google.com by omer.daw...@gmail.com on 6 Apr 2014 at 10:15

Attachments:

GoogleCodeExporter commented 9 years ago
setting HttpRequestInitializer to attach an UnsuccessfulResponseHandler which 
reattaches the oauth token to the redirect url seems to get around the issue

this.storage = new  Storage.Builder(getHttpTransport(), JSON_FACTORY, new 
HttpRequestInitializer() {
                public void initialize(HttpRequest request) {
                    request.setUnsuccessfulResponseHandler(new RedirectHandler());
                }
            })
            .setApplicationName(Constants.APP_NAME).build();

public class RedirectHandler implements HttpUnsuccessfulResponseHandler {

    private static final String OAUTH_TOKEN_PARAM = "?oauth_token=";
    /*
     * (non-Javadoc)
     * @see com.google.api.client.http.HttpUnsuccessfulResponseHandler#handleResponse(
     * com.google.api.client.http.HttpRequest, com.google.api.client.http.HttpResponse, boolean)
     */
    public boolean handleResponse(
            HttpRequest request, HttpResponse response, boolean retrySupported) throws IOException {
        if (response.getStatusCode() == HttpStatusCodes.STATUS_CODE_TEMPORARY_REDIRECT) {

            String redirectLocation = response.getHeaders().getLocation();
            if (request.getFollowRedirects() && redirectLocation != null) {

                String url = request.getUrl().toString();
                String oauthToken = StringUtils.substringAfterLast(url, OAUTH_TOKEN_PARAM);
                // resolve the redirect location relative to the current location
                // re-append the oauth token request parameter
                request.setUrl(new GenericUrl(request.getUrl().toURL(redirectLocation + OAUTH_TOKEN_PARAM + oauthToken)));
                return true;
            }
        }
        return false;
    }
}

Original comment by omer.daw...@gmail.com on 6 Apr 2014 at 12:27

GoogleCodeExporter commented 9 years ago
This seems to be working fine in the API v1 cloud storage library. Can be closed

Original comment by omer.daw...@gmail.com on 23 Dec 2014 at 9:12

GoogleCodeExporter commented 9 years ago

Original comment by wonder...@google.com on 30 Dec 2014 at 4:45