Accessing Cloud Storage from Android

Question

I've been unable to find any concrete documentation on how to use Cloud Storage from an Android application.

I did come across this client library from the Google Cloud SDK, however have run into many, many issues and have yet to get it working.

I added the following code as recommended in the above link:

build.gradle :

compile group: 'com.google.cloud', name: 'google-cloud-storage', version: '0.9.3-beta'

I then added some simple code, though this isn't really relevant to this question as I have yet been able to run my application with the above dependency added:

In an Activity:

Storage storage = StorageOptions.getDefaultInstance().getService();
Page<Bucket> buckets = storage.list();
Iterator<Bucket> bucketIterator = buckets.iterateAll();
while (bucketIterator.hasNext()) {
    Bucket bucket = bucketIterator.next();
    Log.d(TAG, "Bucket name: " + bucket.getName());
}

After solving a myriad of dependency issues (Conflicts with Joda, Netty, DuplicateFileException 's from gradle, etc.) I was able to build the project, albeit with the below errors:

Warning:WARNING: Dependency org.apache.httpcomponents:httpclient:4.0.1 is ignored for debug as it may be conflicting with the internal version provided by Android. Warning:WARNING: Dependency org.json:json:20151123 is ignored for debug as it may be conflicting with the internal version provided by Android.

I can then try running, which will fail with a few hundred errors, most of which look something like the following:

Error:warning: Ignoring InnerClasses attribute for an anonymous inner class
Error:(com.google.inject.internal.cglib.reflect.$FastClassEmitter$3) that doesn't come with an
Error:associated EnclosingMethod attribute. This class was probably produced by a
Error:compiler that did not target the modern .class file format. The recommended
Error:solution is to recompile the class from source, using an up-to-date compiler
Error:and without specifying any "-target" type options. The consequence of ignoring
Error:this warning is that reflective operations on this class will incorrectly
Error:indicate that it is *not* an inner class.

After quite a few of those, with varying classnames, the end of the error contains this:

trouble processing "javax/transaction/HeuristicCommitException.class":

Ill-advised or mistaken usage of a core class (java.* or javax.*) when not building a core library.

This is often due to inadvertently including a core library file in your application's project, when using an IDE (such as Eclipse). If you are sure you're not intentionally defining a core class, then this is the most likely explanation of what's going on.

However, you might actually be trying to define a class in a core namespace, the source of which you may have taken, for example, from a non-Android virtual machine project. This will most assuredly not work. At a minimum, it jeopardizes the compatibility of your app with future versions of the platform. It is also often of questionable legality.

If you really intend to build a core library -- which is only appropriate as part of creating a full virtual machine distribution, as opposed to compiling an application -- then use the "--core-library" option to suppress this error message.

If you go ahead and use "--core-library" but are in fact building an application, then be forewarned that your application will still fail to build or run, at some point. Please be prepared for angry customers who find, for example, that your application ceases to function once they upgrade their operating system. You will be to blame for this problem.

If you are legitimately using some code that happens to be in a core package, then the easiest safe alternative you have is to repackage that code. That is, move the classes in question into your own package namespace. This means that they will never be in conflict with core system classes. JarJar is a tool that may help you in this endeavor. If you find that you cannot do this, then that is an indication that the path you are on will ultimately lead to pain, suffering, grief, and lamentation.

A few questions:

1. Is this client library the correct way to access my Google Cloud Storage from my Android application?
2. Is there a reason I shouldn't try to access Cloud Storage from the mobile application? For example, would a better architecture be to make a REST API call to my App Engine application (using Cloud Enpoints) and pass it media objects, then have the App Engine app access and store the media in Cloud Storage, before finally returning the result to the mobile app?
3. If I am accessing Cloud Storage correctly, using the mentioned client library, what do these errors mean, and what it the fix?

Answer 1

You shouldn't write directly to Cloud Storage from client applications that can't be trusted with your security tokens. It sounds like you are not planning on authenticating directly as the user, but rather generally with your own project.

If you are not planning on doing a user-based OAuth2 flow (user must have their own Cloud Console project already with Storage enabled), then you're looking instead at proxying the requests through your own backend such as App Engine.

This approach keeps your storage credentials stored safely on the server side rather than in the client app's APK, which could be torn down, extracted, and then malicious actors could use those credentials to write to your buckets in whatever manner they chose. Oh and buckets and storage are a billable resource so exposing those credentials could cost you.

This is a common pattern for many cloud services from mobile that you're going to want to instead route requests through your own backend or API.

Answer 2

我猜，但我认为 Firebase存储API是您应该这样做的方式： https ： //firebase.google.com/docs/storage/