Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Anonymous Authentication in Java #283

Closed
paualarco opened this issue Jul 8, 2020 · 9 comments
Closed

Anonymous Authentication in Java #283

paualarco opened this issue Jul 8, 2020 · 9 comments
Labels

Comments

@paualarco
Copy link

Hello!

There is no examples on how to use this emulator with a Java Application, do you know if it is even possible?
I have not found anything related with Google Anonymous Credentials from the Java api...

@saintflow47
Copy link

I second this. Spend the better part of the day trying to get this fake-gcs-server to run with the Java Library. Always end up with

Caused by: com.google.api.client.googleapis.json.GoogleJsonResponseException: 401 Unauthorized
Anonymous caller does not have storage.objects.get access to the Google Cloud Storage object.

when I try to access a file.

I tried a bunch of different configurations like
StorageOptions.newBuilder().setCredentials(NoCredentials.getInstance()).setProjectId("test").build().getService();

@fsouza
Copy link
Owner

fsouza commented Jul 9, 2020

Hi there, I'm not very familiar with the Java sdk, but from previous issues it seems that the Java SDK uses gRPC? Also, that error indicates that the SDK is likely trying to authenticate directly with Google API, as fake-gcs-server doesn't handle any authentication and never returns a 401.

See #146, #84 and #142.

@saintflow47
Copy link

Yeah you are right, google sadly didn't lead me to the issues you mentioned, thank you very much for the clarification. Might be that same issue. I use the docker version of the fake-gcs-server, the fix described in #146 will most likely not be feasible in our current setup. bummer! Thank you anyways for developing the fake server in the first place, doing gods work there.

@rcastagno
Copy link

rcastagno commented Jul 27, 2020

Been able to do it with something like this:

StorageOptions.newBuilder().setHost("https://127.0.0.1:4443").setProjectId(projectId).build().getService()

to point the service on localhost, plus:

    public CloudStorageExamples() throws MalformedURLException
    {
        // Create a trust manager that does not validate certificate chains
        TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager()
                {
                    public java.security.cert.X509Certificate[] getAcceptedIssuers()
                    {
                        return new X509Certificate[0];
                    }

                    public void checkClientTrusted(
                            java.security.cert.X509Certificate[] certs, String authType)
                    {
                    }

                    public void checkServerTrusted(
                            java.security.cert.X509Certificate[] certs, String authType)
                    {
                    }
                }
        };

        // Install the all-trusting trust manager
        try
        {
            SSLContext sc = SSLContext.getInstance("SSL");
            sc.init(null, trustAllCerts, new java.security.SecureRandom());
            HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
        } catch (GeneralSecurityException e)
        {
        }
    }

Still having some problems with upload, but that's a different issue I suppose.

@paualarco
Copy link
Author

Indirectly related to this issue:
The java library java-storage-nio provides an emulator for the GCS, in case you are interested on using it, there is some documentation on how to get started with it in the monix-connect google cloud storage documentation page: https://connect.monix.io/docs/gcs#local-testing

@lapep
Copy link

lapep commented Oct 2, 2020

There is an easier way (I believe) to set up the Java client in order not to use SSL authentication: a custom instance of HttpTransportFactory needs to be created where Http transport without authentication is built.

Code bellow is in Scala, but in Java it would look almost the same:

class InsecureHttpTransportFactory extends HttpTransportFactory {
  val httpTransportBuilder           = new NetHttpTransport.Builder
  val netTransport: NetHttpTransport = httpTransportBuilder.doNotValidateCertificate().build()

  override def create: HttpTransport = netTransport
}

And then it can be supplied to HttpTransportOptions builder:

StorageOptions.getUnauthenticatedInstance
                .toBuilder()
                .setHost(s"$host:$port")
                .setTransportOptions(
                  HttpTransportOptions
                    .newBuilder()
                    .setHttpTransportFactory(new InsecureHttpTransportFactory())
                    .build()
                )
                .build()
                .getService

@paualarco
Copy link
Author

@lapep awesome, have you tried if it is compatible with the fake-gcs-server?

@lapep
Copy link

lapep commented Oct 5, 2020

@paualarco Unfortunately, It looks like the Java client is not supported by fake-gcs-server.

Found the same error I am getting with Java client when browsing Github Issue page: #142

@fsouza
Copy link
Owner

fsouza commented Feb 15, 2021

Java should be working now that #142 is closed. Authentication is not something fake-gcs-server can handle though, you need the anonymous clients. Closing this, but feel free to reopen this or a new issue in case of questions or issues!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants