Java Google云存储API无法在应用程序引擎上获取应用程序默认凭据,正在查找计算引擎错误
我在一个运行在谷歌应用程序引擎(而不是计算引擎)上的Play(v2.5.12)应用程序中使用了谷歌云存储API库的自定义代码。云存储API已启用。我正在尝试将一个文件(作为文件流)发送到Google云平台中的存储桶 代码如下:Java Google云存储API无法在应用程序引擎上获取应用程序默认凭据,正在查找计算引擎错误,java,google-app-engine,google-cloud-storage,Java,Google App Engine,Google Cloud Storage,我在一个运行在谷歌应用程序引擎(而不是计算引擎)上的Play(v2.5.12)应用程序中使用了谷歌云存储API库的自定义代码。云存储API已启用。我正在尝试将一个文件(作为文件流)发送到Google云平台中的存储桶 代码如下: public static String sendFileToBucket(InputStream fileStream, String fileName) throws IOException { Logger.info("GoogleStorage: send
public static String sendFileToBucket(InputStream fileStream, String fileName) throws IOException {
Logger.info("GoogleStorage: sendFileToBucket: Starting...");
Storage storage = StorageOptions.getDefaultInstance().getService();
// Modify access list to allow all users with link to read file
List<Acl> acls = new ArrayList<>();
acls.add(Acl.of(Acl.User.ofAllUsers(), Acl.Role.READER));
// the inputstream is closed by default, so we don't need to close it
// here
Blob blob = null;
blob = storage.create(BlobInfo.newBuilder(BUCKET_NAME, fileName).setAcl(acls).build(),
fileStream);
return blob.getMediaLink();
}
[warn] c.g.a.o.ComputeEngineCredentials - Failed to detect whether we are running on Google Compute Engine.
java.net.SocketException: Network is unreachable: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
[warn] c.g.a.o.ComputeEngineCredentials - Failed to detect whether we are running on Google Compute Engine.
java.net.SocketException: Network is unreachable: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
[warn] c.g.a.o.ComputeEngineCredentials - Failed to detect whether we are running on Google Compute Engine.
java.net.SocketException: Network is unreachable: connect
at java.net.DualStackPlainSocketImpl.waitForConnect(Native Method)
at java.net.DualStackPlainSocketImpl.socketConnect(DualStackPlainSocketImpl.java:85)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:172)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at sun.net.NetworkClient.doConnect(NetworkClient.java:175)
at sun.net.www.http.HttpClient.openServer(HttpClient.java:432)
com.google.cloud.storage.StorageException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.google.cloud.storage.spi.v1.HttpStorageRpc.translate(HttpStorageRpc.java:220)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.create(HttpStorageRpc.java:291)
at com.google.cloud.storage.StorageImpl.create(StorageImpl.java:148)
at google.GoogleStorage.sendFileToBucket(GoogleStorage.java:80)
at controllers.AdultPTPController.adultPTPUpdateFields(AdultPTPController.java:3878)
at controllers.AdultPTPController.adultPTPUpdate(AdultPTPController.java:3544)
at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$10$$anonfun$apply$10.apply(Routes.scala:2083)
at router.Routes$$anonfun$routes$1$$anonfun$applyOrElse$10$$anonfun$apply$10.apply(Routes.scala:2083)
at play.core.routing.HandlerInvokerFactory$$anon$4.resultCall(HandlerInvoker.scala:157)
at play.core.routing.HandlerInvokerFactory$$anon$4.resultCall(HandlerInvoker.scala:156)
at play.core.routing.HandlerInvokerFactory$JavaActionInvokerFactory$$anon$14$$anon$3$$anon$1.invocation(HandlerInvoker.scala:136)
at play.core.j.JavaAction$$anon$1.call(JavaAction.scala:73)
at play.http.HttpRequestHandler$1.call(HttpRequestHandler.java:54)
at play.core.j.JavaAction$$anonfun$7.apply(JavaAction.scala:108)
at play.core.j.JavaAction$$anonfun$7.apply(JavaAction.scala:108)
at scala.concurrent.impl.Future$PromiseCompletingRunnable.liftedTree1$1(Future.scala:24)
at scala.concurrent.impl.Future$PromiseCompletingRunnable.run(Future.scala:24)
at play.core.j.HttpExecutionContext$$anon$2.run(HttpExecutionContext.scala:56)
at play.api.libs.iteratee.Execution$trampoline$.execute(Execution.scala:70)
at play.core.j.HttpExecutionContext.execute(HttpExecutionContext.scala:48)
at scala.concurrent.impl.Future$.apply(Future.scala:31)
at scala.concurrent.Future$.apply(Future.scala:492)
at play.core.j.JavaAction.apply(JavaAction.scala:108)
at play.api.mvc.Action$$anonfun$apply$2$$anonfun$apply$5$$anonfun$apply$6.apply(Action.scala:112)
at play.api.mvc.Action$$anonfun$apply$2$$anonfun$apply$5$$anonfun$apply$6.apply(Action.scala:112)
at play.utils.Threads$.withContextClassLoader(Threads.scala:21)
at play.api.mvc.Action$$anonfun$apply$2$$anonfun$apply$5.apply(Action.scala:111)
at play.api.mvc.Action$$anonfun$apply$2$$anonfun$apply$5.apply(Action.scala:110)
at scala.Option.map(Option.scala:146)
at play.api.mvc.Action$$anonfun$apply$2.apply(Action.scala:110)
at play.api.mvc.Action$$anonfun$apply$2.apply(Action.scala:103)
at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:251)
at scala.concurrent.Future$$anonfun$flatMap$1.apply(Future.scala:249)
at scala.concurrent.impl.CallbackRunnable.run(Promise.scala:32)
at akka.dispatch.BatchingExecutor$AbstractBatch.processBatch(BatchingExecutor.scala:55)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply$mcV$sp(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at akka.dispatch.BatchingExecutor$BlockableBatch$$anonfun$run$1.apply(BatchingExecutor.scala:91)
at scala.concurrent.BlockContext$.withBlockContext(BlockContext.scala:72)
at akka.dispatch.BatchingExecutor$BlockableBatch.run(BatchingExecutor.scala:90)
at akka.dispatch.TaskInvocation.run(AbstractDispatcher.scala:39)
at akka.dispatch.ForkJoinExecutorConfigurator$AkkaForkJoinTask.exec(AbstractDispatcher.scala:415)
at scala.concurrent.forkjoin.ForkJoinTask.doExec(ForkJoinTask.java:260)
at scala.concurrent.forkjoin.ForkJoinPool$WorkQueue.runTask(ForkJoinPool.java:1339)
at scala.concurrent.forkjoin.ForkJoinPool.runWorker(ForkJoinPool.java:1979)
at scala.concurrent.forkjoin.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:107)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1283)
at sun.net.www.protocol.http.HttpURLConnection.access$100(HttpURLConnection.java:90)
at sun.net.www.protocol.http.HttpURLConnection$8.run(HttpURLConnection.java:1250)
at sun.net.www.protocol.http.HttpURLConnection$8.run(HttpURLConnection.java:1248)
at java.security.AccessController.doPrivileged(Native Method)
at java.security.AccessController.doPrivilegedWithCombiner(AccessController.java:782)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1247)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at com.google.api.client.http.javanet.NetHttpRequest.execute(NetHttpRequest.java:77)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:981)
at com.google.api.client.googleapis.media.MediaHttpUploader.executeCurrentRequestWithoutGZip(MediaHttpUploader.java:545)
at com.google.api.client.googleapis.media.MediaHttpUploader.executeCurrentRequest(MediaHttpUploader.java:562)
at com.google.api.client.googleapis.media.MediaHttpUploader.directUpload(MediaHttpUploader.java:360)
at com.google.api.client.googleapis.media.MediaHttpUploader.upload(MediaHttpUploader.java:334)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:428)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.google.cloud.storage.spi.v1.HttpStorageRpc.create(HttpStorageRpc.java:288)
... 44 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 71 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 77 more
Storage storage = StorageOptions.newBuilder()
.setCredentials(ServiceAccountCredentials.fromStream(new FileInputStream("/path/to/my/key.json")))
.build()
.getService();
java.io.IOException: The Application Default Credentials are not available. They are available if running in Google Compute Engine. Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials for more information.
If your application runs on Compute Engine, Kubernetes Engine, the App Engine flexible environment, or Cloud Functions, you don't need to create your own service account.
public static String sendFileToBucket(InputStream fileStream, String fileName) throws IOException {
Logger.info("GoogleStorage: sendFileToBucket: Starting...");
GoogleCredential credential = null;
String credentialsFileName = "";
Storage storage = null;
Logger.info("GoogleStorage: authorize: Getting credentialsFileName path...");
credentialsFileName = Configuration.root().getString("google.storage.credentials.file");
Logger.info("GoogleStorage: authorize: credentialsFileName = " + credentialsFileName);
Logger.info("GoogleStorage: authorize: Setting InputStream...");
InputStream in = GoogleStorage.class.getClassLoader().getResourceAsStream(credentialsFileName);
if (in == null) {
Logger.info("GoogleStorage: authorize: InputStream is null");
}
Logger.info("GoogleStorage: authorize: InputStream set...");
storage = StorageOptions.newBuilder()
.setCredentials(ServiceAccountCredentials.fromStream(in))
.build()
.getService();
// Modify access list to allow all users with link to read file
List<Acl> acls = new ArrayList<>();
acls.add(Acl.of(Acl.User.ofAllUsers(), Acl.Role.READER));
// the inputstream is closed by default, so we don't need to close it
// here
Blob blob = null;
blob = storage.create(BlobInfo.newBuilder(BUCKET_NAME, fileName).setAcl(acls).build(),
fileStream);
return blob.getMediaLink();
}
com.google.cloud.storage.StorageException: Error getting access token for service account
所以,我猜这仍然是服务帐户凭据的问题。直接获取应用程序默认凭据怎么样 请尝试以下方法:
GoogleCredentials applicationDefault = GoogleCredentials.getApplicationDefault();
if (applicationDefault.createScopedRequired()){
applicationDefault = applicationDefault.createScoped(Collections.singleton("https://www.googleapis.com/auth/devstorage.full_control"));
}
final Storage storage = StorageOptions.newBuilder()
.setCredentials(applicationDefault)
.build()
.getService();
另外,您使用的是AppEngine标准版还是flexible?我在使用Compute Engine时遇到过类似的问题。然后,我在环境中使用一个静态路径来存储所需的所有属性。这是我的变量类:
public class Variables(){
public Variables(){
if(!loaded)init();
}
final static Logger logger = Logger.getLogger(Variables.class);
static Properties prop = new Properties();
static InputStream input = null;
static boolean loaded = false;
private static void init(){
try{
logger.info("Loading properties for server . . . ");
//Do not change this path
input = new FileInputStream("/path-on-server/app-config.properties");
prop.load(input);
loaded = true;
}catch(Exception ex){
logger.error("Error while loading configuration file for server. . . ");
logger.error(ex.getMessage());
}
finally{
try {
input.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
public static final String gcsClientId = getGCSClientId();
public static final String gcsClientEmail = getGCSClientEmail();
public static final String gcsPrivateKey = getGCSPrivateKey();
public static final String gcsPrivateKeyId = getGCSPrivateKeyId();
public static final String gcsProjectId = getGCSProjectId();
public static final String gcsBucketName = getGCSBucketName();
private static String getGCSClientId(){
if(!loaded)init();
return prop.getProperty("storageClientId");
}
private static String getGCSClientEmail(){
if(!loaded)init();
return prop.getProperty("storageClientEmail");
}
private static String getGCSPrivateKeyId(){
if(!loaded)init();
return prop.getProperty("storagePrivateKeyId");
}
private static String getGCSPrivateKey(){
if(!loaded)init();
return prop.getProperty("storagePrivateKey");
}
private static String getGCSProjectId(){
if(!loaded)init();
return prop.getProperty("storageProjectId");
}
private static String getGCSBucketName(){
if(!loaded)init();
return prop.getProperty("storageBucketName");
}
}
public class GoogleCloudStorage {
Variables variables = new Variables();
public GoogleCloudStorage() {
setDefaultStorageCredentials();
}
private static Storage storage = null;
private static String bucketName = null;
private static Credentials credentials = null;
private void setDefaultStorageCredentials() {
try {
this.bucketName = variables.gcsBucketName;
credentials = ServiceAccountCredentials.fromPkcs8(variables.gcsClientId, variables.gcsClientEmail,
variables.gcsPrivateKey, variables.gcsPrivateKeyId, null);
storage = StorageOptions.newBuilder()
.setCredentials(credentials)
.setProjectId(variables.gcsProjectId).build().getService();
} catch (Exception e) {
e.printStackTrace();
}
}
}
希望这有帮助。我正在使用App Engine Flex。我在上面添加了代码并收到了以下错误:
java.io.IOException:应用程序默认凭据不可用。如果在谷歌计算引擎中运行,它们是可用的。否则,必须定义指向定义凭据的文件的环境变量GOOGLE\u APPLICATION\u CREDENTIALS。看见https://developers.google.com/accounts/docs/application-default-credentials 有关更多信息。如果您的应用程序运行在Compute Engine、Kubernetes Engine、,使用App Engine灵活的环境或云功能,您无需创建自己的服务帐户。public class Variables(){
public Variables(){
if(!loaded)init();
}
final static Logger logger = Logger.getLogger(Variables.class);
static Properties prop = new Properties();
static InputStream input = null;
static boolean loaded = false;
private static void init(){
try{
logger.info("Loading properties for server . . . ");
//Do not change this path
input = new FileInputStream("/path-on-server/app-config.properties");
prop.load(input);
loaded = true;
}catch(Exception ex){
logger.error("Error while loading configuration file for server. . . ");
logger.error(ex.getMessage());
}
finally{
try {
input.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
public static final String gcsClientId = getGCSClientId();
public static final String gcsClientEmail = getGCSClientEmail();
public static final String gcsPrivateKey = getGCSPrivateKey();
public static final String gcsPrivateKeyId = getGCSPrivateKeyId();
public static final String gcsProjectId = getGCSProjectId();
public static final String gcsBucketName = getGCSBucketName();
private static String getGCSClientId(){
if(!loaded)init();
return prop.getProperty("storageClientId");
}
private static String getGCSClientEmail(){
if(!loaded)init();
return prop.getProperty("storageClientEmail");
}
private static String getGCSPrivateKeyId(){
if(!loaded)init();
return prop.getProperty("storagePrivateKeyId");
}
private static String getGCSPrivateKey(){
if(!loaded)init();
return prop.getProperty("storagePrivateKey");
}
private static String getGCSProjectId(){
if(!loaded)init();
return prop.getProperty("storageProjectId");
}
private static String getGCSBucketName(){
if(!loaded)init();
return prop.getProperty("storageBucketName");
}
}
public class GoogleCloudStorage {
Variables variables = new Variables();
public GoogleCloudStorage() {
setDefaultStorageCredentials();
}
private static Storage storage = null;
private static String bucketName = null;
private static Credentials credentials = null;
private void setDefaultStorageCredentials() {
try {
this.bucketName = variables.gcsBucketName;
credentials = ServiceAccountCredentials.fromPkcs8(variables.gcsClientId, variables.gcsClientEmail,
variables.gcsPrivateKey, variables.gcsPrivateKeyId, null);
storage = StorageOptions.newBuilder()
.setCredentials(credentials)
.setProjectId(variables.gcsProjectId).build().getService();
} catch (Exception e) {
e.printStackTrace();
}
}
}