I have a simple web application hosted on tomcat-7 with single servlet. The aim of servlet is to create google channel and then request for a token on opened channel for a user. I have following configuration...
WEB-INF
-- lib
-- appengine-api-1.0-sdk-1.4.3.jar
-- classes
-- Gc.class
The source of Gc.java is...
import com.google.appengine.api.channel.*;
public class Gc extends HttpServlet {
protected void doGetPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
response.getWriter().write("Creating channel...<br>");
ChannelService channelService = ChannelServiceFactory.getChannelService();
response.getWriter().write("Channel created!<br>");
response.getWriter().write("Getting token for user 'user1'...<br>");
String token = channelService.createChannel("user1");
response.getWriter().write("toekn => "+token);
}
}
But it gives me an following error...
type Exception report
*message* **The API package 'channel' or call 'CreateChannel()' was not found.**
*description* **The server encountered an internal error (The API package 'channel' or call 'CreateChannel()' was not found.) that prevented it from fulfilling this request.**
exception
com.google.apphosting.api.ApiProxy$CallNotFoundException: The API package 'channel' or call 'CreateChannel()' was not found.
com.google.apphosting.api.ApiProxy.makeSyncCall(ApiProxy.java:98)
com.google.apphosting.api.ApiProxy.makeSyncCall(ApiProxy.java:50)
com.google.appengine.api.channel.ChannelServiceImpl.createChannel(ChannelServiceImpl.java:40)
webRtc.Gc.doGetOrPost(Gc.java:46)
webRtc.Gc.doGet(Gc.java:31)
javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
javax.servlet.http.HttpServlet.service(HttpServlet.java:722)
** Am I missing some libraries? If yes then which and where can I found those.**
Any help is really appreciated.
I got it!!!
The goal of my application is to create google channels and send messages on these channels.
I was under impression that, google channel API is an independent library and was tried to place relevant .jar in lib of my tomcat application.
But I was wrong. Google channel API libraries only works on Google AppEngine Server. And thus, any application needs to leverage these Google APIs must be hosted on Google AppEngine Server.
I am open to listen from experts, if I am wrong.
Related
I have created a Springboot Restful Application for my organization.
I have a requirement to,
Implement SAML/SSO with IdP (ADFS2.0),
Deploy the application on Google's App Engine (GAE).
I have managed to deploy the Springboot Application on GAE (with SAML) successfully.
And I have tested the SAML/SSO with a Mock version of IdP (something similar to SSO-Circle) on localhost and it works smoothly.
But, When I deploy the Application on GAE (with either Mock version of IdP or a QA version of IdP), I started getting
InResponseToField doesn't correspond to sent message
, and I did find a fix for it in the Spring docs here.
But,
I fail to understand, even after intense debugging, why I get that error in the first place (although I get a different error later after applying the fix, which I will describe later further).
Much confusing part is when I had a look at the App Engine Logs, I found out,
that on making /saml/login call, the log trace shows
HttpSessionStorage : Storing message a3bbxxxx6c17 to
session BXtxxxx1CCw
and then when IdP redirects back to the Application on the endpoint /saml/SSO, the log throws an error,
HttpSessionStorage : Message a3bbxxxx6c17 not found in
session BXtxxxx1CCw
along with the exception
SAMLException: InResponseToField of the Response doesn't correspond to
sent message a3bbxxxx6c17
I also cross verified the SAML request(XML) that goes out from Application to the IdP and SAML response(XML) which comes back from the IdP to the Application and both of them have the a3bbxxxx6c17 message.
So, why Springboot is confused on GAE and works fine with localhost.
Also, when I do what the spring docs says, "checking of the InResponseToField can be disabled by re-configuring the context provider", I notice a loop happening, i.e.,
/saml/login -> 2. /saml/SSO -> /landing -> 3. /saml/SSO -> /landing -> 4. /saml/SSO -> /landing -> 5. /saml/SSO -> /landing .... and so on, until the IdP rejects the request saying too many request in fraction of time.
I don't understand why this is happening either, but my hypothesis is this can be due to the above issue.
Any thoughts?
Solved the issue by adding an extra configuration.
The fact that this happens is Spring is not aware of the sessions on App Engine (GAE), and all we need to do is tell spring about it.
#Configuration
#EnableWebSecurity
//Needed for Spring to know about the HttpSession
#EnableSpringHttpSession
#EnableGlobalMethodSecurity(securedEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//And this bean
#Bean
public MapSessionRepository sessionRepository() {
return new MapSessionRepository();
}
// all other configurations
}
I am working on a GAE web app which shows movie related data.To get the movie data I am using API from OMDB (http://www.omdbapi.com/) .Below is the code snippet I use to connect to the API.
When i run it locally it works perfectly fine, but doesn't work when deployed on GAE. It throws connection timeout exception, i tried increasing connection timeout period but that didn't work.
String URLstr = "http://www.omdbapi.com/?t="+URLEncoder.encode(Request,"utf-8");
URL url=null;
URLConnection uc = null;
BufferedReader bf = null;
try {
url= new URL(URLstr);
uc = url.openConnection();
uc.setConnectTimeout(15* 1000);
bf = new BufferedReader(new InputStreamReader(uc.getInputStream()));
} catch (IOException e) {
throw new IllegalArgumentException(e.getMessage());
}
Is my code incorrect? are there some restrictions with GAE that i missed?
Your code looks correct. I am having the exact same issue with OMDB API and Google App Engine as of a few weeks ago. I reached out to Brian who runs OMDB API regarding this and I think it had to do with the App Engine IP range being blocked because of abuse a few weeks ago.
I created the following webapp to figure out what external IP address the url fetch from my app was showing up as to the OMDB servers. I deployed the following to GAE to get the public IP.
import webapp2
import logging
from google.appengine.api import urlfetch
class ifconfig(webapp2.RequestHandler):
def get(self):
url="http://ipecho.net/plain"
urlfetch.set_default_fetch_deadline(60)
result = urlfetch.fetch(url)
logging.debug("I think my external IP is %s " % result.content)
self.response.write(result.content)
app = webapp2.WSGIApplication([
('/ifconfig', ifconfig)
])
In Google App Engine, I went to the instances tab and shutdown the instance, and checked what external IP the new instance had. I did this several times, and in my case it seemed like the external IPs were all coming from 107.178.195.0/24, so I provided this information to OMDB API.
I guess this was in the banned IP block, and Brian was able to unblock that range. This fixed my issue and requests to the API started working again.
This possibly might have resolved the issue for you as well, but if it didn't, you might want to figure out what your public IP is and reach out to Brian to see if it's in an IP range that's being blocked
My goal is to test out google's orchestrator and the compute engine api by first retrieving a list of active instances. The orchestrator project including the servlet file is stored in a jar.
I'm trying to test out the java google compute engine client api. I have a cron job which calls on the orchestrator servlet. The target for the cron is a backend. From which I try to get the list of instances:
...
AppIdentityCredential credential = getCredential(computeScope);
String appName = ConfigProperties.getInstance().getGceConfigProperties().get("projectId");
try {
httpTransport = GoogleNetHttpTransport.newTrustedTransport();
final Compute compute = new Compute.Builder(
httpTransport, JSON_FACTORY, credential).setApplicationName(appName)
.build();
logger.info("================== Listing Compute Engine Instances ==================");
Compute.Instances.List instances = compute.instances().list(projectId, zone);
InstanceList list = instances.execute();
if (list.getItems() == null) {
logger.info("No instances found. Sign in to the Google APIs Console and create "
+ "an instance at: code.google.com/apis/console");
} else {
for (Instance instance : list.getItems()) {
logger.info(instance.toPrettyString());
}
}
...
There error response I get is(I omitted my project name from the response, I confirmed that I'm using the correct project id in my code):
com.google.cloud.solutions.sampleapps.orchestration.orchestrator.server.GceClientApiUtils
getInstances: com.google.api.client.googleapis.json.GoogleJsonResponseException: 404 OK
{
"code" : 404,
"errors" : [ {
"domain" : "global",
"message" : "The resource 'projects/<project-name-here>' was not found",
"reason" : "notFound"
} ],
"message" : "The resource 'projects/<project-name_here>' was not found"
}
I've also attempted this by retrieving an access token and making a RESTful call to get the list of instances and i received the exact same response. I confirmed the Url constructed was correct by comparing it against a successful query of the instances using the api explorer.
EDIT: I determined the solution to the issue with help of another post:
I was finally able to find the solution in the post Compute Engine API call fails with http 404
I needed to add my app engine service account as a team member with edit capabilities, which it does not have by default. Once I did this, the code worked as expected. I had to do this through cloud.google.com/console, as if done through appengine.google.com, a pending status will be given to the service account and will not have access.
For me i had to make sure i had authorization. Try this in the terminal gcloud auth login
Make sure you are in the right project, you can run this command on your vm to see if you are in the right project:
gcloud config list
Take a look at this post in Google Groups
Do you have access to the developers console https://console.developers.google.com?
It seems that the user account #appspot.gserviceaccount.com has not access to compute engine. In my case I see #developer.gserviceaccount.com.
If you don't have one, visit https://developers.google.com/console/help/new/#generatingoauth2 to create a new Client ID
The API is a backend to a mobile app. I don't need user authentication. I simply need a way to secure access to this API. Currently, my backend is exposed.
The documentation seems to only talk about user authentication and authorization, which is not what I need here. I just need to ensure only my mobile app can talk to this backend and no one else.
Yes, you can do that: use authentication to secure your endpoints without doing user authentication.
I have found that this way of doing it is not well documented, and I haven't actually done it myself, but I intend to so I paid attention when I saw it being discussed on some of the IO13 videos (I think that's where I saw it):
Here's my understanding of what's involved:
Create a Google API project (though this doesn't really involve their API's, other than authentication itself).
Create OATH client ID's that are tied to your app via its package name and the SHA1 fingerprint of the certificate that you will sign the app with.
You will add these client ID's to the list of acceptable ID's for your endpoints. You will add the User parameter to your endpoints, but it will be null since no user is specified.
#ApiMethod(
name = "sendInfo",
clientIds = { Config.WEB_CLIENT_ID, Config.MY_APP_CLIENT_ID, Config.MY_DEBUG_CLIENT_ID },
audiences = { Config.WEB_CLIENT_ID }
// Yes, you specify a 'web' ID even if this isn't a Web client.
)
public void sendInfo(User user, Info greeting) {
There is some decent documentation about the above, here:
https://developers.google.com/appengine/docs/java/endpoints/auth
Your client app will specify these client ID's when formulating the endpoint service call. All the OATH details will get taken care of behind the scenes on your client device such that your client ID's are translated into authentication tokens.
HttpTransport transport = AndroidHttp.newCompatibleTransport();
JsonFactory jsonFactory = new JacksonFactory();
GoogleAccountCredential credential = GoogleAccountCredential.usingAudience( ctx, Config.WEB_CLIENT_ID );
//credential.setSelectedAccountName( user ); // not specify a user
Myendpoint.Builder builder = new Myendpoint.Builder( transport, jsonFactory, credential );
This client code is just my best guess - sorry. If anyone else has a reference for exactly what the client code should look like then I too would be interested.
I'm sorry to say that Google doesn't provide a solution for your problem (which is my problem too).
You can use their API key mechanism (see https://developers.google.com/console/help/new/#usingkeys), but there is a huge hole in this strategy courtesy of Google's own API explorer (see https://developers.google.com/apis-explorer/#p/), which is a great development tool to test API's, but exposes all Cloud Endpoint API's, not just Google's services API's. This means anyone with the name of your project can browse and call your API at their leisure since the API explorer circumvents the API key security.
I found a workaround (based on bossylobster's great response to this post: Simple Access API (Developer Key) with Google Cloud Endpoint (Python) ), which is to pass a request field that is not part of the message request definition in your client API, and then read it in your API server. If you don't find the undocumented field, you raise an unauthorized exception. This will plug the hole created by the API explorer.
In iOS (which I'm using for my app), you add a property to each request class (the ones created by Google's API generator tool) like so:
#property (copy) NSString *hiddenProperty;
and set its value to a key that you choose. In your server code (python in my case) you check for its existence and barf if you don't see it or its not set to the value that your server and client will agree on:
mykey,keytype = request.get_unrecognized_field_info('hiddenProperty')
if mykey != 'my_supersecret_key':
raise endpoints.UnauthorizedException('No, you dont!')
Hope this puts you on the right track
The documentation is only for the client. What I need is documentation
on how to provide Service Account functionality on the server side.
This could mean a couple of different things, but I'd like to address what I think the question is asking. If you only want your service account to access your service, then you can just add the service account's clientId to your #Api/#ApiMethod annotations, build a GoogleCredential, and invoke your service as you normally would. Specifically...
In the google developer's console, create a new service account. This will create a .p12 file which is automatically downloaded. This is used by the client in the documentation you linked to. If you can't keep the .p12 secure, then this isn't much more secure than a password. I'm guessing that's why this isn't explicitly laid out in the Cloud Endpoints documentation.
You add the CLIENT ID displayed in the google developer's console to the clientIds in your #Api or #ApiMethod annotation
import com.google.appengine.api.users.User
#ApiMethod(name = "doIt", scopes = { Constants.EMAIL_SCOPE },
clientIds = { "12345678901-12acg1ez8lf51spfl06lznd1dsasdfj.apps.googleusercontent.com" })
public void doIt(User user){ //by convention, add User parameter to existing params
// if no client id is passed or the oauth2 token doesn't
// match your clientId then user will be null and the dev server
// will print a warning message like this:
// WARNING: getCurrentUser: clientId 1234654321.apps.googleusercontent.com not allowed
//..
}
You build a client the same way you would with the unsecured version, the only difference being you create a GoogleCredential object to pass to your service's MyService.Builder.
HttpTransport httpTransport = new NetHttpTransport(); // or build AndroidHttpClient on Android however you wish
JsonFactory jsonFactory = new JacksonFactory();
// assuming you put the .p12 for your service acccount
// (from the developer's console) on the classpath;
// when you deploy you'll have to figure out where you are really
// going to put this and load it in the appropriate manner
URL url = getClass().class.getResource("/YOURAPP-b12345677654.p12");
File p12file = new File(url.toURI());
GoogleCredential.Builder credentialBuilder = new GoogleCredential.Builder();
credentialBuilder.setTransport(httpTransport);
credentialBuilder.setJsonFactory(jsonFactory);
//NOTE: use service account EMAIL (not client id)
credentialBuilder.setServiceAccountId("12345678901-12acg1ez8lf51spfl06lznd1dsasdfj#developer.gserviceaccount.com"); credentialBuilder.setServiceAccountScopes(Collections.singleton("https://www.googleapis.com/auth/userinfo.email"));
credentialBuilder.setServiceAccountPrivateKeyFromP12File(p12file);
GoogleCredential credential = credentialBuilder.build();
Now invoke your generated client the same way
you would the unsecured version, except the builder takes
our google credential from above as the last argument
MyService.Builder builder = new MyService.Builder(httpTransport, jsonFactory, credential);
builder.setApplicationName("APP NAME");
builder.setRootUrl("http://localhost:8080/_ah/api");
final MyService service = builder.build();
// invoke service same as unsecured version
I was trying to use Twilio's official Java library in my GWT application to send text messages.
Here is the Twilio code I used in my application:
public class TwilioSMS{
/** The Constant ACCOUNT_SID. */
public static final String ACCOUNT_SID = "xxxxxxxxxxxxxxxxxxxxxxxxxx";
public static final String AUTH_TOKEN = "xxxxxxxxxxxxxxxxxxxxxxxxx";
// Create a rest client
TwilioRestClient client = new TwilioRestClient(ACCOUNT_SID, AUTH_TOKEN);
/**
* The main method.
*
* #param args
* the arguments
* #throws TwilioRestException
* the twilio rest exception
*/
public String sendMessage(String _to, String _message) throws TwilioRestException
{
// Get the main account (The one we used to authenticate the client
Account mainAccount = client.getAccount();
// Send an sms
SmsFactory smsFactory = mainAccount.getSmsFactory();
Map<String, String> smsParams = new HashMap<String, String>();
smsParams.put("To", _to); // Replace with a valid phone number
smsParams.put("From", "(646) 755-7665"); // Replace with a valid phone // number in your account
smsParams.put("Body", _message);
smsFactory.create(smsParams);
// Make a raw request to the api.
TwilioRestResponse resp = client.request("/2010-04-01/Accounts", "GET",
null);
if (!resp.isError()) {
return resp.getResponseText();
}
else
{
return "Failed to send the message.";
}
}
}
When I ran the code in GAE, I got the following exception:
java.lang.NoClassDefFoundError: javax.net.ssl.KeyManagerFactory is a restricted class. Please see the Google App Engine developer's guide for more details.
I did realize that there is a gwt-twilio http://code.google.com/p/gwt-twilio/ but this is a wrapper for twilio client (which does not handle sending text message)
Any examples that send text messages using twilio in GAE+GWT are helpful!
Thanks
Kun
Twilio Java client library does not on GAE as it obviously uses some Java classes that are not present on GAE.
Since you can not use the Twilio client, your only option is to use GWT-RPC to call your method on server and this method further calls Twilio REST API.
I know this is an old one, but I'd like to share a bit more information if I can. As of January 2014, you can use the Twilio helper library for Java on App Engine if you choose. The Twilio Java library's underlying HTTP client implementation has been modified to run on App Engine.
Also, just to be clear, you should not attempt to use the Twilio helper library on the client side with GWT. The Twilio helper library will only work when the code is executed on the server.
If you want to send an SMS from an App Engine Java app, you will first need to sign up for a Twilio account. Once you have signed up for an account and have your Account SID and Auth Token (found on your dashboard), you can follow this guide in the Google App Engine documentation to set up and configure your environment to send a message.
If you run into any problems, please contact our support squad by e-mailing help#twilio.com.