堆栈内存溢出
  简体   繁体   English

当我未登录时,Google的API资源管理器不适用于我的Google部署

[英]Google's API explorer does not work for my Google deployment when I am not logged in

 原文  2018-09-18 20:00:06       java/ google-cloud-endpoints

问题描述

I have a Google project credible-nation-130012 to which I deployed an app written in Java. 我有一个Google项目credible-nation-130012,并在其中部署了用Java编写的应用程序。 It uses the AppEngine standard environment. 它使用AppEngine标准环境。 The only contents is a Google endpoint. 唯一的内容是Google端点。 You can see the sources at GitHub: https://github.com/mhdirkse/least-common-multiplier . 您可以在GitHub上查看源代码: https : //github.com/mhdirkse/least-common-multiplier

While not logged in with Google, I wanted to test my deployment. 虽然未使用Google登录,但我想测试我的部署。 To do this, I visited https://credible-nation-130012.appspot.com/_ah/api/explorer using Firefox. 为此,我使用Firefox访问了https://credible-nation-130012.appspot.com/_ah/api/explorer My API did not appear. 我的API没有出现。 I pressed F12 for developer information and saw the following errors: 我按F12键获取开发人员信息,并看到以下错误:

https://apis-explorer.appspot.com/apis-explorer/?base=https://credible-nation-130012.appspot.com/_ah/api#p/ https://apis-explorer.appspot.com/apis-explorer/?base=https://credible-nation-130012.appspot.com/_ah/api#p/

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis . 跨域请求被阻止:“同源起源”策略不允许在https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%中读取远程资源3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis . (原因:CORS标头'Access-Control-Allow-Origin'缺失)。[了解更多]跨域请求被阻止:同源策略禁止在https://accounts.google.com/ServiceLogin?service上读取远程资源。 = ah&passive = true&continue = https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis (Reason: CORS request did not succeed).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis . (原因:CORS请求未成功)。[了解更多]跨域请求被阻止:“同源协议”不允许通过https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https读取远程资源: //appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis (Reason: CORS header 'Access-Control-Allow-Origin' missing).[Learn More] Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://accounts.google.com/ServiceLogin?service=ah&passive=true&continue=https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis . (原因:CORS标头'Access-Control-Allow-Origin'缺失)。[了解更多]跨域请求被阻止:同源策略禁止在https://accounts.google.com/ServiceLogin?service上读取远程资源。 = ah&passive = true&continue = https://appengine.google.com/_ah/conflogin%3Fcontinue%3Dhttps://credible-nation-130012.appspot.com/_ah/api/discovery/v1/apis (Reason: CORS request did not succeed).[Learn More] (原因:CORS请求未成功)。[了解更多]

Then I closed the tab and visited console.cloud.google.com to log in. After this my API appeared at https://credible-nation-130012.appspot.com/_ah/api/explorer and it worked. 然后,我关闭了选项卡,并访问console.cloud.google.com进行登录。此后,我的API出现在https://credible-nation-130012.appspot.com/_ah/api/explorer上,并且可以正常工作。

I guess that the API explorer cannot properly access https://accounts.google.com . 我猜想API浏览器无法正确访问https://accounts.google.com It expects to get back a header Access-Control-Allow-Origin but that is not present. 它期望取回标头Access-Control-Allow-Origin,但该标头不存在。 Does this have anything to do with my application, or is it a bug in the API explorer? 这与我的应用程序有关吗,还是API Explorer中的错误? Or is this behavior intended by Google? 还是Google故意这样做? Any help is welcome. 欢迎任何帮助。

With kind regards, 亲切的问候,

Martijn Dirkse 马丁·德克塞(Martijn Dirkse)

By the way: I am demonstrating this project for a job application. 顺便说一句:我正在为工作申请演示这个项目。 If I get help on this question, I will make this clear on GitHub and in communication with possible employers. 如果我在这个问题上得到帮助,我会在GitHub上明确说明这一点,并与可能的雇主进行沟通。

2 个解决方案

解决方案1
 1 已采纳  2018-09-18 20:21:38

The issue is likely in your web.xml . 该问题可能在您的web.xml You have set an admin auth constraint for all URLs, and API Explorer needs to access a certain URL path /_ah/api/discovery/v1/apis (and paths under it) to work. 您已经为所有URL设置了admin auth约束,并且API Explorer需要访问某个URL路径/_ah/api/discovery/v1/apis (及其下的路径)才能起作用。 Remove the constraint or loosen it to exclude /_ah/api . 删除约束或放宽约束以排除/_ah/api

解决方案2
 0  2018-09-18 21:24:16

I had had a security constraint in web.xml, as follows: 我在web.xml中有一个安全约束,如下所示: 

<security-constraint>
  <web-resource-collection>
    <web-resource-name>all</web-resource-name>
    <url-pattern>/*</url-pattern>
  </web-resource-collection>
  <auth-constraint>
    <role-name>admin</role-name>
  </auth-constraint>
  <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
</security-constraint>

I think that was the error. 我认为那是错误。 This says that the URL credible-nation-130012.appspot.com/_ah/api/explorer requires the 'administrator' role. 这表示URL credible-nation-130012.appspot.com/_ah/api/explorer要求具有“管理员”角色。 But remote applications accessing an endpoints API are not administrators. 但是访问端点API的远程应用程序不是管理员。 Putting this security constraint seems to be nonsense. 放置此安全约束似乎是胡说八道。

Restricting access to my API also is not that important. 限制对我的API的访问也不是那么重要。 This is a toy project that I want to demonstrate. 这是我要演示的玩具项目。

I have seen that after logging out, it takes time before this has effect. 我已经看到注销后需要一段时间才能生效。 I will check tomorrow whether my app behaves as intended. 我明天将检查我的应用程序是否符合预期。

I do not need help for now anymore. 我现在不需要帮助了。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Google Speech API Java客户端无法在我的计算机上运行 - Google Speech API Java Client does not work on my computer 当我的应用程序尝试访问 Google Drive API 时,我收到 com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request - When my application is trying to access Google Drive API, I am getting com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request Android上的Google登录-由于未登录而无法登录 - Google SignIn on Android - Log out does not work since not logged in Android Google MAP API不起作用 - Android Google MAP API does not work Android | 登录Google Api有时不起作用 - Android | SignIn Google Api sometimes does not work 为什么我的Google Maps Android应用程序无法与Android App Api Key一起使用? - Why does my Google Maps Android app not work with my Android App Api Key? 我正在尝试在我的应用程序中添加google登录,但是这种依赖性不起作用 - I am trying to add google signin in my app but this dependency does not working 我已经在谷歌控制台中启用了 PLACES API 并使用 SHA 密钥注册了我的应用程序,但我仍然在启用 Places Api 时遇到错误 - I have enabled PLACES API in google console and registered my App with SHA key but still I am getting error to enable Places Api 当我将图像存储在Google驱动器上时,如何在项目中显示缩略图 - How to show thumbnail image in my project when i am storing image on google drive 在 Google Sheet API 中使用我的 Google 帐户登录后出错 - Error after I log in with my Google Account in Google Sheet API
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM