Java Google云存储API无法在应用程序引擎上获取应用程序默认凭据,正在查找计算引擎错误
我在一个运行在谷歌应用程序引擎(而不是计算引擎)上的Play(v2.5.12)应用程序中使用了谷歌云存储API库的自定义代码。云存储API已启用。我正在尝试将一个文件(作为文件流)发送到Google云平台中的存储桶 代码如下:Java Google云存储API无法在应用程序引擎上获取应用程序默认凭据,正在查找计算引擎错误,java,google-app-engine,google-cloud-storage,Java,Google App Engine,Google Cloud Storage,我在一个运行在谷歌应用程序引擎(而不是计算引擎)上的Play(v2.5.12)应用程序中使用了谷歌云存储API库的自定义代码。云存储API已启用。我正在尝试将一个文件(作为文件流)发送到Google云平台中的存储桶 代码如下: public static String sendFileToBucket(InputStream fileStream, String fileName) throws IOException { Logger.info("GoogleStorage: send
public static String sendFileToBucket(InputStream fileStream, String fileName) throws IOException {
Logger.info("GoogleStorage: sendFileToBucket: Starting...");
Storage storage = StorageOptions.getDefaultInstance().getService();
// Modify access list to allow all users with link to read file
List<Acl> acls = new ArrayList<>();
acls.add(Acl.of(Acl.User.ofAllUsers(), Acl.Role.READER));
// the inputstream is closed by default, so we don't need to close it
// here
Blob blob = null;
blob = storage.create(BlobInfo.newBuilder(BUCKET_NAME, fileName).setAcl(acls).build(),
fileStream);
return blob.getMediaLink();
}
以下是全部错误:
[warn] c.g.a.o.ComputeEngineCredentials - Failed to detect whether we are running on Google Compute Engine.
java.net.SocketException: Network is unreachable: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
[warn] c.g.a.o.ComputeEngineCredentials - Failed to detect whether we are running on Google Compute Engine.
java.net.SocketException: Network is unreachable: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
[warn] c.g.a.o.ComputeEngineCredentials - Failed to detect whether we are running on Google Compute Engine.
java.net.SocketException: Network is unreachable: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
com.google.cloud.storage.StorageException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.google.cloud.storage.spi.v1.HttpStorageRpc.translate(HttpStorageRpc.java:220)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.create(HttpStorageRpc.java:291)
at com.google.cloud.storage.StorageImpl.create(StorageImpl.java:148)
at google.GoogleStorage.sendFileToBucket(GoogleStorage.java:80)
at controllers.AdultPTPController.adultPTPUpdateFields(AdultPTPController.java:3878)
at controllers.AdultPTPController.adultPTPUpdate(AdultPTPController.java:3544)
at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$10$$anonfun$apply$10.apply(Routes.scala:2083)
at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$10$$anonfun$apply$10.apply(Routes.scala:2083)
at play.core.routing.HandlerInvokerFactory$$anon$4.resultCall(HandlerInvoker.scala:157)
at play.core.routing.HandlerInvokerFactory$$anon$4.resultCall(HandlerInvoker.scala:156)
at play.core.routing.HandlerInvokerFactory$JavaActionInvokerFactory$$anon$14$$anon$3$$anon$1.invocation(HandlerInvoker.scala:136)
at play.core.j.JavaAction$$anon$1.call(JavaAction.scala:73)
at play.http.HttpRequestHandler$1.call(HttpRequestHandler.java:54)
at play.core.j.JavaAction$$anonfun$7.apply(JavaAction.scala:108)
at play.core.j.JavaAction$$anonfun$7.apply(JavaAction.scala:108)
at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24)
at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24)
at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:56)
at play.api.libs.iteratee.Execution$trampoline$.execute(Execution.scala:70)
at play.core.j.HttpExecutionContext.execute(HttpExecutionContext.scala:48)
at scala.concurrent.impl.Future$.apply(Future.scala:31)
at scala.concurrent.Future$.apply(Future.scala:492)
at play.core.j.JavaAction.apply(JavaAction.scala:108)
at play.api.mvc.Action$$anonfun$apply$2$$anonfun$apply$5$$anonfun$apply$6.apply(Action.scala:112)
at play.api.mvc.Action$$anonfun$apply$2$$anonfun$apply$5$$anonfun$apply$6.apply(Action.scala:112)
at play.utils.Threads$.withContextClassLoader(Threads.scala:21)
at play.api.mvc.Action$$anonfun$apply$2$$anonfun$apply$5.apply(Action.scala:111)
at play.api.mvc.Action$$anonfun$apply$2$$anonfun$apply$5.apply(Action.scala:110)
at scala.Option.map(Option.scala:146)
at play.api.mvc.Action$$anonfun$apply$2.apply(Action.scala:110)
at play.api.mvc.Action$$anonfun$apply$2.apply(Action.scala:103)
at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:251)
at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:249)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply$mcV$sp(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:72)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:90)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:415)
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.access$100(HttpURLConnection.java:90)
at sun.net.www.protocol.http.HttpURLConnection$8.run(HttpURLConnection.java:1250)
at sun.net.www.protocol.http.HttpURLConnection$8.run(HttpURLConnection.java:1248)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:782)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1247)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:77)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:981)
at com.google.api.client.googleapis.media.MediaHttpUploader.executeCurrentRequestWithoutGZip(MediaHttpUploader.java:545)
at com.google.api.client.googleapis.media.MediaHttpUploader.executeCurrentRequest(MediaHttpUploader.java:562)
at com.google.api.client.googleapis.media.MediaHttpUploader.directUpload(MediaHttpUploader.java:360)
at com.google.api.client.googleapis.media.MediaHttpUploader.upload(MediaHttpUploader.java:334)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:428)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.create(HttpStorageRpc.java:288)
... 44 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 71 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 77 more
这个错误让我感到困惑,因为我是在谷歌应用程序引擎上运行应用程序,而不是在计算引擎上运行。我检查了服务帐户,我只有默认的应用程序引擎帐户和为Google Drive Access创建的服务帐户
我正在使用应用程序默认凭据,如下所述:
默认的App Engine服务帐户没有密钥,但将创建一个密钥,然后尝试以下代码示例:
Storage storage = StorageOptions.newBuilder()
.setCredentials(ServiceAccountCredentials.fromStream(new FileInputStream("/path/to/my/key.json")))
.build()
.getService();
从本页:
解决我的问题
我在这方面找到了一些帖子,但我无法解释如何在我的代码中实现,因此它们对我没有帮助:
我感谢你的帮助
-------------------------2018年3月23日编辑--------------------------------
收到错误后:
java.io.IOException: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
在链接之后,它在该页面上声明:
If your application runs on Compute Engine, Kubernetes Engine, the App Engine flexible environment, or Cloud Functions, you don't need to create your own service account.
但我使用的是appengineflex环境,这让我很困惑
因此,我转到Google Cloud项目,选择IAM&Admin>Service Accounts,并为默认的App Engine Service account创建了一个密钥,下载并将代码更改为:
public static String sendFileToBucket(InputStream fileStream, String fileName) throws IOException {
Logger.info("GoogleStorage: sendFileToBucket: Starting...");
GoogleCredential credential = null;
String credentialsFileName = "";
Storage storage = null;
Logger.info("GoogleStorage: authorize: Getting credentialsFileName path...");
credentialsFileName = Configuration.root().getString("google.storage.credentials.file");
Logger.info("GoogleStorage: authorize: credentialsFileName = " + credentialsFileName);
Logger.info("GoogleStorage: authorize: Setting InputStream...");
InputStream in = GoogleStorage.class.getClassLoader().getResourceAsStream(credentialsFileName);
if (in == null) {
Logger.info("GoogleStorage: authorize: InputStream is null");
}
Logger.info("GoogleStorage: authorize: InputStream set...");
storage = StorageOptions.newBuilder()
.setCredentials(ServiceAccountCredentials.fromStream(in))
.build()
.getService();
// Modify access list to allow all users with link to read file
List<Acl> acls = new ArrayList<>();
acls.add(Acl.of(Acl.User.ofAllUsers(), Acl.Role.READER));
// the inputstream is closed by default, so we don't need to close it
// here
Blob blob = null;
blob = storage.create(BlobInfo.newBuilder(BUCKET_NAME, fileName).setAcl(acls).build(),
fileStream);
return blob.getMediaLink();
}
我看到:
com.google.cloud.storage.StorageException: Error getting access token for service account
所以,我猜这仍然是服务帐户凭据的问题。直接获取应用程序默认凭据怎么样 请尝试以下方法:
GoogleCredentials applicationDefault = GoogleCredentials.getApplicationDefault();
if (applicationDefault.createScopedRequired()){
applicationDefault = applicationDefault.createScoped(Collections.singleton("https://www.googleapis.com/auth/devstorage.full_control"));
}
final Storage storage = StorageOptions.newBuilder()
.setCredentials(applicationDefault)
.build()
.getService();
另外,您使用的是AppEngine标准版还是flexible?我在使用Compute Engine时遇到过类似的问题。然后,我在环境中使用一个静态路径来存储所需的所有属性。这是我的变量类:
public class Variables(){
public Variables(){
if(!loaded)init();
}
final static Logger logger = Logger.getLogger(Variables.class);
static Properties prop = new Properties();
static InputStream input = null;
static boolean loaded = false;
private static void init(){
try{
logger.info("Loading properties for server . . . ");
//Do not change this path
input = new FileInputStream("/path-on-server/app-config.properties");
prop.load(input);
loaded = true;
}catch(Exception ex){
logger.error("Error while loading configuration file for server. . . ");
logger.error(ex.getMessage());
}
finally{
try {
input.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
public static final String gcsClientId = getGCSClientId();
public static final String gcsClientEmail = getGCSClientEmail();
public static final String gcsPrivateKey = getGCSPrivateKey();
public static final String gcsPrivateKeyId = getGCSPrivateKeyId();
public static final String gcsProjectId = getGCSProjectId();
public static final String gcsBucketName = getGCSBucketName();
private static String getGCSClientId(){
if(!loaded)init();
return prop.getProperty("storageClientId");
}
private static String getGCSClientEmail(){
if(!loaded)init();
return prop.getProperty("storageClientEmail");
}
private static String getGCSPrivateKeyId(){
if(!loaded)init();
return prop.getProperty("storagePrivateKeyId");
}
private static String getGCSPrivateKey(){
if(!loaded)init();
return prop.getProperty("storagePrivateKey");
}
private static String getGCSProjectId(){
if(!loaded)init();
return prop.getProperty("storageProjectId");
}
private static String getGCSBucketName(){
if(!loaded)init();
return prop.getProperty("storageBucketName");
}
}
然后在我的Google存储中使用variables类:
public class GoogleCloudStorage {
Variables variables = new Variables();
public GoogleCloudStorage() {
setDefaultStorageCredentials();
}
private static Storage storage = null;
private static String bucketName = null;
private static Credentials credentials = null;
private void setDefaultStorageCredentials() {
try {
this.bucketName = variables.gcsBucketName;
credentials = ServiceAccountCredentials.fromPkcs8(variables.gcsClientId, variables.gcsClientEmail,
variables.gcsPrivateKey, variables.gcsPrivateKeyId, null);
storage = StorageOptions.newBuilder()
.setCredentials(credentials)
.setProjectId(variables.gcsProjectId).build().getService();
} catch (Exception e) {
e.printStackTrace();
}
}
}
希望这有帮助。我正在使用App Engine Flex。我在上面添加了代码并收到了以下错误:
java.io.IOException:应用程序默认凭据不可用。如果在谷歌计算引擎中运行,它们是可用的。否则,必须定义指向定义凭据的文件的环境变量GOOGLE\u APPLICATION\u CREDENTIALS。看见https://developers.google.com/accounts/docs/application-default-credentials 有关更多信息。
遵循该链接,该链接将我发送到。我查看了上面的URL,由于我使用的是App Engine Flex环境,因此页面上会显示:如果您的应用程序运行在Compute Engine、Kubernetes Engine、,使用App Engine灵活的环境或云功能,您无需创建自己的服务帐户。
您是否仍遇到此问题?
public class Variables(){
public Variables(){
if(!loaded)init();
}
final static Logger logger = Logger.getLogger(Variables.class);
static Properties prop = new Properties();
static InputStream input = null;
static boolean loaded = false;
private static void init(){
try{
logger.info("Loading properties for server . . . ");
//Do not change this path
input = new FileInputStream("/path-on-server/app-config.properties");
prop.load(input);
loaded = true;
}catch(Exception ex){
logger.error("Error while loading configuration file for server. . . ");
logger.error(ex.getMessage());
}
finally{
try {
input.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
public static final String gcsClientId = getGCSClientId();
public static final String gcsClientEmail = getGCSClientEmail();
public static final String gcsPrivateKey = getGCSPrivateKey();
public static final String gcsPrivateKeyId = getGCSPrivateKeyId();
public static final String gcsProjectId = getGCSProjectId();
public static final String gcsBucketName = getGCSBucketName();
private static String getGCSClientId(){
if(!loaded)init();
return prop.getProperty("storageClientId");
}
private static String getGCSClientEmail(){
if(!loaded)init();
return prop.getProperty("storageClientEmail");
}
private static String getGCSPrivateKeyId(){
if(!loaded)init();
return prop.getProperty("storagePrivateKeyId");
}
private static String getGCSPrivateKey(){
if(!loaded)init();
return prop.getProperty("storagePrivateKey");
}
private static String getGCSProjectId(){
if(!loaded)init();
return prop.getProperty("storageProjectId");
}
private static String getGCSBucketName(){
if(!loaded)init();
return prop.getProperty("storageBucketName");
}
}
public class GoogleCloudStorage {
Variables variables = new Variables();
public GoogleCloudStorage() {
setDefaultStorageCredentials();
}
private static Storage storage = null;
private static String bucketName = null;
private static Credentials credentials = null;
private void setDefaultStorageCredentials() {
try {
this.bucketName = variables.gcsBucketName;
credentials = ServiceAccountCredentials.fromPkcs8(variables.gcsClientId, variables.gcsClientEmail,
variables.gcsPrivateKey, variables.gcsPrivateKeyId, null);
storage = StorageOptions.newBuilder()
.setCredentials(credentials)
.setProjectId(variables.gcsProjectId).build().getService();
} catch (Exception e) {
e.printStackTrace();
}
}
}