我在我的App Engine项目中实现了Cloud Endpoints框架,并且我希望从不赞成使用的API资源管理器迁移到新的Endpoints Portal,但是我遇到了身份验证问题。
我有一个通过Google ID token启用身份验证的端点。但是,当用户单击Endpoints Portal中的“尝试使用此API”时,他没有经过身份验证。这适用于旧的API Explorer。
我使用本教程中描述的项目:https://cloud.google.com/endpoints/docs/frameworks/java/get-started-frameworks-java。
[API管理已在documentation中进行了描述,我按照these steps进行了用户身份验证
我将下面的类添加到示例代码中,以通过身份验证来测试API:
package com.example.echo;
import com.google.api.server.spi.auth.common.User;
import com.google.api.server.spi.config.Api;
import com.google.api.server.spi.config.ApiMethod;
import com.google.api.server.spi.response.UnauthorizedException;
@Api(
name = "authenticatedApi",
title = "Authenticated API",
version = "v1",
description = "Use OAuth 2.0 to authenticate",
scopes = {"https://www.googleapis.com/auth/userinfo.email"},
clientIds = {"*"}
)
public class AuthenticatedApi {
@ApiMethod(name = "sayHello")
public Message sayHello(User user) throws UnauthorizedException {
if (user == null) {
throw new UnauthorizedException("Invalid credentials");
}
Message message = new Message();
message.setMessage("Hello " + user.getEmail());
return message;
}
}
关于如何配置门户网站以进行身份验证,但没有有关[O0]的documentation
我使用maven插件和gcloud生成并部署openapi.json文件:
$ mvn endpoints-framework:openApiDocs
$ gcloud endpoints services deploy target/openapi-docs/openapi.json
我想念的是什么?
所以我找到了一种方法,但是找不到有关它的任何文档。
此code sample建议Cloud Endpoints Portal需要ESP。但是与带有OpenApi的云端点不同,Cloud Endpoints Framework does not use ESP,但是:
一个内置的API网关,提供的API管理功能可与ESP为OpenAPI的端点提供的功能相提并论
因此,mvn endpoints-framework:openApiDocs
生成的openapi.json文件缺少一些信息。
这是我更改的内容:
在类级别,在@Api批注中:
在openapi.json文件中,用mvn endpoints-framework:openApiDocs
生成后,>
来源:
API
package com.example.echo; import com.google.api.server.spi.auth.common.User; import com.google.api.server.spi.config.Api; import com.google.api.server.spi.config.ApiMethod; import com.google.api.server.spi.response.UnauthorizedException; @Api( name = "authenticatedApi", title = "Authenticated API", version = "v1", description = "Use OAuth to authenticate", scopes = {"https://www.googleapis.com/auth/userinfo.email"}, clientIds = {"*"}, audiences = {"my-web-client-id.apps.googleusercontent.com"}, authenticators = {CustomAuthenticator.class} ) public class AuthenticatedApi { @ApiMethod(name = "sayHello") public Message sayHello(User user) throws UnauthorizedException { if (user == null) { throw new UnauthorizedException("Invalid credentials"); } Message message = new Message(); message.setMessage("Hello " + user.getEmail()); return message; } }
兴奋剂
package com.example.echo; import com.google.api.auth.UserInfo; import com.google.api.control.ConfigFilter; import com.google.api.control.model.MethodRegistry; import com.google.api.server.spi.auth.EndpointsAuthenticator; import com.google.api.server.spi.auth.common.User; import com.google.api.server.spi.response.ServiceUnavailableException; import javax.servlet.http.HttpServletRequest; public class CustomAuthenticator extends EndpointsAuthenticator { private final com.google.api.auth.Authenticator authenticator; public CustomAuthenticator() { // ESP needs another authenticator this.authenticator = com.google.api.auth.Authenticator.create(); } @Override public User authenticate(HttpServletRequest request) throws ServiceUnavailableException { User user = super.authenticate(request); // Testing the user is enough for the API Explorer, not for the Endpoints Portal if (user == null) { try { MethodRegistry.Info methodInfo = ConfigFilter.getMethodInfo(request); MethodRegistry.AuthInfo authInfo = methodInfo.getAuthInfo().get(); String serviceName = ConfigFilter.getService(request).getName(); UserInfo userInfo = this.authenticator.authenticate(request, authInfo, serviceName); user = new User(userInfo.getId(), userInfo.getEmail()); } catch (Exception e) { return null; } } return user; } }
openapi.json
{
"swagger": "2.0",
"info": {
"version": "1.0.0",
"title": "My Application"
},
"host": "my-application.appspot.com",
"basePath": "/_ah/api",
"schemes": [
"https"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"paths": {
"/authenticatedApi/v1/sayHello": {
"post": {
"operationId": "AuthenticatedApiSayHello",
"parameters": [],
"responses": {
"200": {
"description": "A successful response",
"schema": {
"$ref": "#/definitions/Message"
}
}
},
"security": [
{
"google_id_token_https": ["https://www.googleapis.com/auth/userinfo.email"]
}
],
"x-security": [
{
"google_id_token_https": {
"audiences": [
"my-web-client-id.apps.googleusercontent.com"
]
}
}
]
}
}
},
"securityDefinitions": {
"google_id_token_https": {
"type": "oauth2",
"authorizationUrl": "https://accounts.google.com/o/oauth2/v2/auth",
"flow": "implicit",
"x-google-issuer": "https://accounts.google.com",
"x-google-jwks_uri": "https://www.googleapis.com/oauth2/v1/certs"
}
},
"definitions": {
"Email": {
"properties": {
"email": {
"type": "string"
}
}
},
"Message": {
"properties": {
"message": {
"type": "string"
}
}
}
}
}
这是Google Cloud Endpoints团队当前的功能请求: