使用 json 凭据文件模拟
Impersonate using json credentials file
我有一个服务帐户设置了全域委托给 Gsuite 域。
我想冒充其中一位用户成为已创建活动的组织者。
我的代码是:
List<String> scopes = new ArrayList<>();
scopes.add(CalendarScopes.CALENDAR);
scopes.add(CalendarScopes.CALENDAR_EVENTS);
InputStream credentialsJSON = Service5.class.getClassLoader()
.getResourceAsStream("credentials.json");
GoogleCredential gcFromJson = GoogleCredential.fromStream(credentialsJSON, HTTP_TRANSPORT, JSON_FACTORY).createScoped(scopes);
GoogleCredential cred = new GoogleCredential.Builder()
.setTransport(gcFromJson.getTransport())
.setJsonFactory(gcFromJson.getJsonFactory())
.setServiceAccountId(gcFromJson.getServiceAccountId())
.setServiceAccountUser("edt@company.tn")
.setServiceAccountPrivateKey(gcFromJson.getServiceAccountPrivateKey())
.setServiceAccountScopes(gcFromJson.getServiceAccountScopes())
.build();
Calendar service = new Calendar.Builder(HTTP_TRANSPORT, JSON_FACTORY, cred).setApplicationName(APPLICATION_NAME).build();
Event event = new Event().setSummary("Test");
DateTime startDateTime = new DateTime("2020-04-27T09:00:00.000Z");
EventDateTime start = new EventDateTime()
.setDateTime(startDateTime)
.setTimeZone("Africa/Tunis");
event.setStart(start);
DateTime endDateTime = new DateTime("2020-04-27T10:30:00.000Z");
EventDateTime end = new EventDateTime()
.setDateTime(endDateTime)
.setTimeZone("Africa/Tunis");
event.setEnd(end);
List<EventAttendee> attendees = new ArrayList<EventAttendee>();
EventAttendee ens = new EventAttendee().setEmail("user@company.tn");
attendees.add(ens);
event.setAttendees(attendees);
String calendarId = "primary";
event = service.events().insert(calendarId, event).execute();
但我得到了那个例外:
编辑 - 1
我下载了由 CREATE KEY
生成的 json 文件
遇到异常:
Exception in thread "main"
com.google.api.client.auth.oauth2.TokenResponseException: 401
Unauthorized at
com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105)
at
com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
at
com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
at
com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:394)
at
com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:493)
at
com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
at
com.google.api.client.http.HttpRequest.execute(HttpRequest.java:880)
at
com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at
com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at
com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at tn.esprit.spring.google.calendar.Service5.main(Service5.java:183)
你能告诉我我错过了什么吗?
非常感谢
要使用服务帐户,您需要创建专用服务帐户凭据
- 转到GCP console
- 选择项目
- 继续
APIs & Services -> Credentials
- 选择
+ CREATE CREDENTIALS -> Service Account
- 选择
Service account name 然后点击 Create
- 如果需要,您可以select一个角色(可选)
- 单击
Create key 和 select JSON(p12 也可以,但您需要以不同方式构建 GoogleCredential
- 正确
json 文件将下载到您的计算机
它将如下所示:
{
"type": "service_account",
...
您使用的 json 文件不是服务帐户的正确文件,它没有指定字段 type - 因此出现错误 'type' field not specified.
我有一个服务帐户设置了全域委托给 Gsuite 域。 我想冒充其中一位用户成为已创建活动的组织者。
我的代码是:
List<String> scopes = new ArrayList<>();
scopes.add(CalendarScopes.CALENDAR);
scopes.add(CalendarScopes.CALENDAR_EVENTS);
InputStream credentialsJSON = Service5.class.getClassLoader()
.getResourceAsStream("credentials.json");
GoogleCredential gcFromJson = GoogleCredential.fromStream(credentialsJSON, HTTP_TRANSPORT, JSON_FACTORY).createScoped(scopes);
GoogleCredential cred = new GoogleCredential.Builder()
.setTransport(gcFromJson.getTransport())
.setJsonFactory(gcFromJson.getJsonFactory())
.setServiceAccountId(gcFromJson.getServiceAccountId())
.setServiceAccountUser("edt@company.tn")
.setServiceAccountPrivateKey(gcFromJson.getServiceAccountPrivateKey())
.setServiceAccountScopes(gcFromJson.getServiceAccountScopes())
.build();
Calendar service = new Calendar.Builder(HTTP_TRANSPORT, JSON_FACTORY, cred).setApplicationName(APPLICATION_NAME).build();
Event event = new Event().setSummary("Test");
DateTime startDateTime = new DateTime("2020-04-27T09:00:00.000Z");
EventDateTime start = new EventDateTime()
.setDateTime(startDateTime)
.setTimeZone("Africa/Tunis");
event.setStart(start);
DateTime endDateTime = new DateTime("2020-04-27T10:30:00.000Z");
EventDateTime end = new EventDateTime()
.setDateTime(endDateTime)
.setTimeZone("Africa/Tunis");
event.setEnd(end);
List<EventAttendee> attendees = new ArrayList<EventAttendee>();
EventAttendee ens = new EventAttendee().setEmail("user@company.tn");
attendees.add(ens);
event.setAttendees(attendees);
String calendarId = "primary";
event = service.events().insert(calendarId, event).execute();
但我得到了那个例外:
编辑 - 1
我下载了由 CREATE KEY
遇到异常:
Exception in thread "main" com.google.api.client.auth.oauth2.TokenResponseException: 401 Unauthorized at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105) at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287) at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307) at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:394) at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:493) at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217) at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:880) at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419) at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352) at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469) at tn.esprit.spring.google.calendar.Service5.main(Service5.java:183)
你能告诉我我错过了什么吗?
非常感谢
要使用服务帐户,您需要创建专用服务帐户凭据
- 转到GCP console
- 选择项目
- 继续
APIs & Services->Credentials - 选择
+ CREATE CREDENTIALS->Service Account - 选择
Service account name然后点击Create - 如果需要,您可以select一个角色(可选)
- 单击
Create key和 selectJSON(p12 也可以,但您需要以不同方式构建GoogleCredential - 正确
json文件将下载到您的计算机
它将如下所示:
{
"type": "service_account",
...
您使用的 json 文件不是服务帐户的正确文件,它没有指定字段 type - 因此出现错误 'type' field not specified.