如何从应用引擎访问云存储桶而不会出现 403 FORBIDDEN 错误?
[英]How to access a cloud storage bucket from app engine without getting the 403 FORBIDDEN error?
问题描述
我想简单地从应用引擎中提取我的存储桶内容列表并显示它们。
当我在本地开发服务器上运行它时,这很好用。
但是,当我部署相同的代码应用引擎时,出现 403 FORBIDDEN 错误。
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 FORBIDDEN
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Forbidden",
"reason" : "forbidden"
} ],
"message" : "Forbidden"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:145)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:321)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1056)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.alpine.servlets.TempServlet.getBucket(TempServlet.java:67)
at com.alpine.servlets.TempServlet.doGet(TempServlet.java:79)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.mortbay.jetty.servlet.ServletHolder.handle(ServletHolder.java:511)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1166)
at com.google.apphosting.utils.servlet.ParseBlobUploadFilter.doFilter(ParseBlobUploadFilter.java:125)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.runtime.jetty.SaveSessionFilter.doFilter(SaveSessionFilter.java:37)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.JdbcMySqlConnectionCleanupFilter.doFilter(JdbcMySqlConnectionCleanupFilter.java:60)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at com.google.apphosting.utils.servlet.TransactionCleanupFilter.doFilter(TransactionCleanupFilter.java:50)
at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1157)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:388)
at org.mortbay.jetty.security.SecurityHandler.handle(SecurityHandler.java:216)
at org.mortbay.jetty.servlet.SessionHandler.handle(SessionHandler.java:182)
at org.mortbay.jetty.handler.ContextHandler.handle(ContextHandler.java:765)
at org.mortbay.jetty.webapp.WebAppContext.handle(WebAppContext.java:418)
at com.google.apphosting.runtime.jetty.AppVersionHandlerMap.handle(AppVersionHandlerMap.java:260)
at org.mortbay.jetty.handler.HandlerWrapper.handle(HandlerWrapper.java:152)
at org.mortbay.jetty.Server.handle(Server.java:326)
at org.mortbay.jetty.HttpConnection.handleRequest(HttpConnection.java:542)
at org.mortbay.jetty.HttpConnection$RequestHandler.headerComplete(HttpConnection.java:923)
at com.google.apphosting.runtime.jetty.RpcRequestParser.parseAvailable(RpcRequestParser.java:78)
at org.mortbay.jetty.HttpConnection.handle(HttpConnection.java:404)
at com.google.apphosting.runtime.jetty.JettyServletEngineAdapter.serviceRequest(JettyServletEngineAdapter.java:148)
at com.google.apphosting.runtime.JavaRuntime$RequestRunnable.run(JavaRuntime.java:468)
at com.google.tracing.TraceContext$TraceContextRunnable.runInContext(TraceContext.java:439)
at com.google.tracing.TraceContext$TraceContextRunnable$1.run(TraceContext.java:446)
at com.google.tracing.CurrentContext.runInContext(CurrentContext.java:256)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContextNoUnref(TraceContext.java:310)
at com.google.tracing.TraceContext$AbstractTraceContextCallback.runInInheritedContext(TraceContext.java:302)
at com.google.tracing.TraceContext$TraceContextRunnable.run(TraceContext.java:443)
at com.google.apphosting.runtime.ThreadGroupPool$PoolEntry.run(ThreadGroupPool.java:235)
at java.lang.Thread.run(Thread.java:745)
根据我的研究,我确定此错误有许多潜在原因。
- 拒绝访问
- 账户问题
- 另一个用户拥有域
- 桶已经存在
- CrossLocationLoggingProhibited
- 需要域验证
- 配额不足
- 无效的访问密钥 ID
- 无效付款人
- 无效安全
- RequestTimeTooSkewed
- 签名不匹配
但是,我无法从堆栈跟踪中确定哪些适用于我的情况。
关于这个主题的谷歌文档建议我不需要做任何特别的事情来让它工作:
如果您在 Google App Engine 或 Google Compute Engine 上运行您的应用程序,环境已经提供了服务帐户的身份验证信息,因此无需进一步设置。 对于 Compute Engine,服务帐号范围取决于您创建实例的方式。 请参阅设置实例的服务帐户访问范围。 对于 App Engine,使用云平台范围。
应用引擎实例和云存储桶在不同的项目中,但我认为这应该不是问题,因为范围设置为云平台。
该文档将云平台范围描述为:
查看和管理所有 Google Cloud Platform 服务中的数据。 对于 Google Cloud Storage,这与 devstorage.full-control 相同。
我用来获取连接的代码是直接从 Google 的java-doc-samples借用的:
public class StorageFactory {
private static Storage instance = null;
public static synchronized Storage getService() throws IOException, GeneralSecurityException {
if (instance == null) {
instance = buildService();
}
return instance;
}
private static Storage buildService() throws IOException, GeneralSecurityException {
HttpTransport transport = GoogleNetHttpTransport.newTrustedTransport();
JsonFactory jsonFactory = new JacksonFactory();
GoogleCredential credential = GoogleCredential.getApplicationDefault(transport, jsonFactory);
if (credential.createScopedRequired()) {
Collection<String> bigqueryScopes = StorageScopes.all();
credential = credential.createScoped(bigqueryScopes);
}
return new Storage.Builder(transport, jsonFactory, credential)
.setApplicationName("GCS Samples")
.build();
}
}
我对如何调试这个问题有些困惑。
1 个解决方案
解决方案1
1 2016-04-29 00:14:56
使用专为 App Engine 构建的库。 使用起来要容易得多。
Google App Engine应用无法访问Google云端存储分区
[英]Google App Engine App failed to access Google Cloud Storage bucket
一个授权身份验证的网站用户(App Engine标准)如何授予对Google Cloud Storage存储桶的访问权限?
[英]How does one grant authenticated website users (App Engine standard) access to Google Cloud Storage bucket?
如何让我的Google Cloud App Engine访问我的Firebase存储桶
[英]How can I give my Google Cloud App Engine access to my Firebase Storage bucket
如何从 Cloud Storage 存储桶提供 App Engine 网站的 /static/ 目录内容?
[英]How to serve an App Engine website's /static/ directory content from Cloud Storage bucket?
通过App Engine访问云存储对象,而无需公开读取存储区
[英]Accessing Cloud Storage Objects via App Engine without making bucket publicly readable
为App-Engine网站(无自定义域)设置CNAME,以将Google Cloud Storage Bucket配置为网站
[英]Setting CNAME for App-Engine Website (without a custom Domain) for Configuring a Google Cloud Storage Bucket as a Website
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
GCS-从App Engine创建存储桶-403:禁止的错误
Google App Engine应用无法访问Google云端存储分区
一个授权身份验证的网站用户(App Engine标准)如何授予对Google Cloud Storage存储桶的访问权限?
如何让我的Google Cloud App Engine访问我的Firebase存储桶
Google App Engine:HTTP错误403:禁止
App Engine + HTTPS + PageSpeed = 403禁止的错误
如何从 Cloud Storage 存储桶提供 App Engine 网站的 /static/ 目录内容?
通过App Engine访问云存储对象,而无需公开读取存储区
为App-Engine网站(无自定义域)设置CNAME,以将Google Cloud Storage Bucket配置为网站
如何从 C# 访问谷歌云存储桶
相关标签