我知道之前已经问过这个问题
Google Admin sdk directory 403
Getting a 403 - Forbidden for Google Service Account
但是我已经尝试了所有建议的解决方案,这仍然不适合我。
因此。我的代码如下所示:
public static Directory getDirectoryService(String userEmail)
throws GeneralSecurityException, IOException, TokenResponseException {
HttpTransport httpTransport = new NetHttpTransport();
JacksonFactory jsonFactory = new JacksonFactory();
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(jsonFactory)
.setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
.setServiceAccountScopes(Arrays.asList(DirectoryScopes.ADMIN_DIRECTORY_GROUP,
DirectoryScopes.ADMIN_DIRECTORY_USER,
DirectoryScopes.ADMIN_DIRECTORY_DOMAIN))
.setServiceAccountUser(userEmail)
.setServiceAccountPrivateKeyFromP12File(
new java.io.File(SERVICE_ACCOUNT_PKCS12_FILE_PATH))
.build();
Directory service = new Directory.Builder(httpTransport, jsonFactory, null)
.setHttpRequestInitializer(credential).build();
return service;
}
当我调用此例程,将超级管理员电子邮件地址传递给它时,它似乎成功运行。但是,如果我在从此调用返回之前进行调试,则可以看到AccessToken为null。我知道凭据是合理的,因为相同的应用程序已经使用此服务帐户和P12文件成功使用了Drive API。
然后,我对API的实际调用如下所示:
Directory directory = getDirectoryService("my super user email");
// Print the first 10 users in the domain.
Directory.Users.List list = directory.users().list();
list.setDomain("integrity.co.uk");
list.setMaxResults(10);
list.setOrderBy("email");
Users result = list.execute();
List<User> users = result.getUsers();
但是当我到达list.execute()行时,应用程序崩溃了:
Exception in thread "main" java.lang.NullPointerException
at com.google.api.client.repackaged.com.google.common.base.Preconditions.checkNotNull(Preconditions.java:191)
at com.google.api.client.util.Preconditions.checkNotNull(Preconditions.java:127)
at com.google.api.client.json.jackson2.JacksonFactory.createJsonParser(JacksonFactory.java:96)
at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:85)
at com.google.api.client.json.JsonObjectParser.parseAndClose(JsonObjectParser.java:81)
at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:88)
at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287)
at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307)
at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:268)
at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489)
at com.google.api.client.auth.oauth2.Credential.intercept(Credential.java:217)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:859)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:410)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:343)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:460)
at googleImageUploader.googleImageUploader.main(googleImageUploader.java:162)
其他主题建议:
确保在管理控制台中将组织范围的管理员访问权委托给此服务帐户 - 这绝对与范围有关:
https://www.googleapis.com/auth/admin.directory https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/drive
确保指定了服务帐户用户(就是这样,并且该用户肯定是超级管理员)。
我把头发撕掉了 - 有人可以帮忙吗?!
感谢。