Google Cloud Storage - Bucket permission within application

0
votes

I am developing a web application using GAE Java and using Google Cloud Storage to store images. The requirements are:

  1. Facebook authentication. When a user is authenticated I want his profile picture to be uploaded to GCS.
  2. The bucket where I store such images should obviously not allow full user access, but just read-access

I managed to get FB profile picture using Spring Social and upload to GCS but only if I set all users to owners or writers for that bucket. How can I only give write access within the application to upload images, but keep bucket ACL to READ_ONLY for all users?

2
facebookgoogle-app-enginegoogle-cloud-storage

2 Answers

1
votes

Consider using signed URLs. Rather than granting anonymous users permission to write to the bucket, instead give them a signed URL that allows them to write one specific object to the bucket.

0
votes

I managed to fix that. I just copied the application Service Account Name in App Engine Console under Application Settings, and added it to bucket (bucket permissions) as a new "owner" user. All other users are just "read-only"