kctang kctang - 1 year ago 356
Java Question

PUT files to Google Cloud Storage (GCS) via Signed URLs

I am trying to use "signed URLs" to access/upload files to Google Cloud Storage (GCS).

Followed the instructions at https://developers.google.com/storage/docs/accesscontrol#Signing-Strings

What I did:

  • Registered a "Web Application" at Google Cloud Console.

  • Generated new private key using the "Generate New Key" at the "Certificate" section of the registered web application screen.

  • Created my string to be signed and sign it using the sample code provided by "How to Sign" section of the page (just minor tweaks to hardcode values for the Java main program). Update: Created a gist for GcsSigner.java.

  • Ensure that the signed string is URL encoded.

  • HTTP headers specified: x-goog-api-version, x-goog-project-id, Content-Type.

  • URL Parameters specified: GoogleAccessId, Signature, Expires.

  • Use Postman (a Chrome extension) to simulate PUT request.

However, I am still getting this (Status: 403 Forbidden):

<?xml version='1.0' encoding='UTF-8'?>
<Message>The request signature we calculated does not match the signature you provided. Check your Google secret key and signing method.</Message>


Even when I retry by signing the string based on values in "StringToSign", I still get the same error.

Read various related postings here but could not find any solution and most of it refers to
while i am using version 2.

What am i missing? Any help would be greatly appreciated.

Answer Source

Finally managed to PUT files to Google Cloud Storage using signed URLs. This was done by creating a simple Java program to simulate:

  • Server to sign & encode a string as signature.
  • Uploader as an unauthenticated user submitting the PUT request using only the signature provided by Server. Browser is simulated using Apache's HTTP Client library.

You can see the demo app here.

I do not really understand why it did not work when I submitted through Chrome's Postman extension.