0

I have an app engine app which imports a jar. In that jar I am using GoogleClientSecrets.load() to load client_secrets.json file for authentication with BigQuery. Apparently, App Engine does not like me reading a file from some location on my disk when I deploy the app on localhost. I am assuming if I put the credentials in WEBINF folder it will work but haven't tested it but then it would be easy for anyone to access the file. Where is the best place to put credentials and how would one access them from App Engine app?

Thank you for your help!

The suggestions helped to solve the problem when it comes to reading a file. What about writing to a file? I am using FileCredentialStore which stores credential file.

I believe this line is causing a problem: FileCredentialStore variantStoreCredentialManager = new FileCredentialStore(expectedClientFile,jsonFactory); and the error is java.security.AccessControlException: access denied ("java.io.FilePermission" file path "write")

    public Bigquery createAuthorizedClient() throws IOException {
    Credential authorization = new GoogleCredential();
    if ( clientID == null ) {
        authorization = createWebAuthenticatedClientCredential();
    } else {
        String expectedFileLocation = CREDENTIAL_FILE_PATH;
        File expectedClientFile = new File(expectedFileLocation);
        if ( ! expectedClientFile.exists() ) {
            // this is a known issue, the credential store will blow up if the file doesn't exist. So create it with an
            // empty json ( {  } )
            createClientFile(expectedClientFile);
        }
        FileCredentialStore variantStoreCredentialManager = new FileCredentialStore(expectedClientFile,jsonFactory);
        GoogleCredential.Builder credentialBuilder = new GoogleCredential.Builder();
        credentialBuilder.setJsonFactory(jsonFactory);
        credentialBuilder.setClientSecrets(clientSecrets);
        credentialBuilder.setTransport(transport);
        authorization = credentialBuilder.build();
        boolean loadedSuccessfully = variantStoreCredentialManager.load(clientID,authorization);
        if ( ! loadedSuccessfully  ) {
            authorization = createWebAuthenticatedClientCredential();
            variantStoreCredentialManager.store(clientID, authorization);
        }
    }

    return new Bigquery(transport, jsonFactory, authorization);
}
Tad
  • 838
  • 2
  • 11
  • 22
  • 1
    `/WEB-INF` is the right place to put such data. Access it as a resource, not a file: http://stackoverflow.com/questions/4340653/file-path-to-resource-in-our-war-web-inf-folder – Philipp Reichart Oct 09 '13 at 19:21

1 Answers1

1

No, contents of /WEB-INF folder is private to application code and is not accessible via HTTP (= servlet container does not honour requests that try to access data in WEB-INF folder).

Use this snippet to read contents of a file inside a /WEB-INF folder:

InputStream is = getServletContext().getResourceAsStream("/WEB-INF/"+filename);

Then read a stream using one of the methods for reading InputStreams.

Community
  • 1
  • 1
Peter Knego
  • 79,991
  • 11
  • 123
  • 154
  • I see. Is there any way to do it without making that file a resource in my app engine project? Since it is my jar which is doing the authentication and not the app engine app, I think the app engine app should not know about this file. Is that possible? – Tad Oct 09 '13 at 19:58
  • uh, https://developers.google.com/appengine/kb/java#writefile does that mean it is impossible to write to a file? – Tad Oct 10 '13 at 03:40
  • yea, I spent long time and just learned it recently. Is this a chicken/egg problem then? If my jar needs to connect to bigquery and needs to store credential file does it mean I need to store it in google cloud storage or google app engine datastore but to access those I need to access the credentials which would be stored there? Am I missing something? Thank you for your help! – Tad Oct 10 '13 at 15:23
  • 1
    No, to access BQ from GAE you can use Google service accounts: https://developers.google.com/bigquery/authorization#service-accounts-appengine – Peter Knego Oct 10 '13 at 18:11
  • Thank you! I have ended up using AppEngineDataStoreFactory – Tad Oct 10 '13 at 23:52