Home/ Questions/Q 8931865
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T09:12:30+00:00

I would like to ADD a ACL to a Google Storage object using the

  • 0

I would like to ADD a ACL to a Google Storage object using the Json API from appengine. I have tried the following code, however I get a 400 response with no details. I am not using the java-client-libraries, however I am willing to try. Below is my code:

public static void updateACL(String bucket, String object,
        List<String> emails) {

    try {
        ArrayList scopes = new ArrayList();
        scopes.add("https://www.googleapis.com/auth/devstorage.full_control");
        AppIdentityService appIdentity = AppIdentityServiceFactory
                .getAppIdentityService();
        AppIdentityService.GetAccessTokenResult accessToken = appIdentity
                .getAccessToken(scopes);
        // The token asserts the identity reported by
        // appIdentity.getServiceAccountName()
        logger.log(Level.WARNING, "bucket: "+bucket+" object: "+object+ " email: "+emails.get(0));
        JSONObject request = new JSONObject();
        request.put("entity", "user-" + emails.get(0));
        request.put("roles", "READER");

        URL url = new URL("https://www.googleapis.com/storage/v1beta1/b/"
                + bucket + "/o/"+object+"/acl?key=" + API_KEY);
        HttpURLConnection connection = (HttpURLConnection) url
                .openConnection();
        connection.setDoOutput(true);
        connection.setRequestMethod("POST");
        connection.addRequestProperty("Content-Type", "application/json");
        connection.addRequestProperty("Authorization", "OAuth "
                + accessToken.getAccessToken());
        String urlParameters = "bucket=" + bucket + "&object=" + object;
        OutputStreamWriter writer = new OutputStreamWriter(
                connection.getOutputStream());
        request.write(writer);
        writer.close();
        logger.log(Level.WARNING, connection.getResponseMessage());
        logger.log(Level.WARNING,
                String.valueOf(connection.getResponseCode()));
        if (connection.getResponseCode() == HttpURLConnection.HTTP_OK) {
            // Note: Should check the content-encoding.
            // JSONTokener response_tokens = new
            // JSONTokener(connection.getInputStream());
            // JSONObject response = new JSONObject(response_tokens);
            // return (String) response.get("id");
            return;
        } else {

        Scanner s;
        s = new Scanner(connection.getErrorStream());
        s.useDelimiter("\\Z");
        String response = s.next();
        s.close();
            throw new Exception(connection.getResponseCode()+" "+connection.getResponseMessage()+
                    response);
        }
    } catch (Exception e) {

        logger.log(Level.WARNING, "exception: "+e.getMessage());

    }
}

The response I get is a 400, but the details are not helpful at all.

“error”: {
“errors”: [
{
“domain”: “global”,
“reason”: “required”,
“message”: “Required”
}
],
“code”: 400,
“message”: “Required”
}
}

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I suspect there’s a tiny bug or two in your code. In this particular instance it looks like you are sending roles when the JSON api expects role.

    One thing I find helpful for debugging is to compare what my code is sending over the wire with the HTTP request the Google APIs explorer generates.

    1. Navigate to https://developers.google.com/storage/docs/json_api/v1/objectAccessControls/insert
    2. Turn on the Authorize requests using OAuth 2.0 button.
    3. Set the bucket, object, entity and role fields.
    4. Click execute.

    You should see the resulting HTTP request and response.

    Request:

    POST https://www.googleapis.com/storage/v1beta1/b/bucket/o/obj/acl?key={YOUR_API_KEY}

Content-Type:  application/json
Authorization:  Bearer ya29.1111111111111111111111111111111111-aaaaaaaaaaaaa
X-JavaScript-User-Agent:  Google APIs Explorer

{
 "entity": "user-person@example.com",
 "role": "READER"
}

    Response:

    200 OK

- Hide headers -

cache-control:  no-cache, no-store, max-age=0, must-revalidate
content-type:  application/json; charset=UTF-8
date:  Fri, 30 Nov 2012 02:16:57 GMT
etag:  "fP_WVz7o95h5w16zKezUFJzMmHg/6CyL8wOk_60IJhaxNewPk1fHpQo"
expires:  Fri, 01 Jan 1990 00:00:00 GMT
server:  GSE

{

 "kind": "storage#objectAccessControl",
 "id": "bucket/obj/user-person@example.com",
 "selfLink": "https://www.googleapis.com/storage/v1beta1/b/bucket/o/obj/acl/user-person@example.com",
 "bucket": "bucket",
 "object": "obj",
 "entity": "user-person@example.com",
 "role": "READER",
 "email": "person@example.com"
}

    Now make sure the request you are sending over the wire looks the same as this one.

    • 0