使用 Java SDK 为 Azure Blob 存储生成签名 URL
Generate Signed URL for Azure Blob Storage using Java SDK
我正在尝试使用 Java SDK 为 Azure Blob 中的文件创建签名 URL。
这是使用的片段 -
String container = "test";
String path = "hello/world.json";
long expiry = 2000;
SharedKeyCredentials creds = new SharedKeyCredentials(accountName, accountKey);
BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(true).withWrite(true);
AccountSASSignatureValues signatureValues = new AccountSASSignatureValues()
.withResourceTypes(new AccountSASResourceType().withService(true).withContainer(true).withObject(true).toString())
.withServices(new AccountSASService().withBlob(true).toString())
.withPermissions(blobSASPermission.toString())
.withProtocol(SASProtocol.HTTPS_ONLY)
.withStartTime(OffsetDateTime.now())
.withExpiryTime(OffsetDateTime.now().plusSeconds(expiry));
URL blobURL = new BlobURLParts()
.withScheme("https://")
.withHost(accountName + ".blob.core.windows.net")
.withContainerName(container)
.withBlobName(path)
.withSasQueryParameters(signatureValues.generateSASQueryParameters(creds))
.toURL();
当我在 blobURL 上发出 GET/PUT/POST curl 请求时,出现以下错误
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:c8192b20-c01e-0056-23ca-5e06e8000000
Time:2019-08-30T00:30:03.2903571Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was playmentdiag
rcw
b
sco
2019-08-30T00:27:42Z
2019-08-30T01:01:02Z
https
2018-03-28
</AuthenticationErrorDetail></Error>
我做错了什么?我尝试使用相同的凭据上传文件,但效果非常好。 Java SDK- com.microsoft.azure:azure-storage-blob:10.1.0
似乎与 blob SAS 权限创建和写入有冲突,禁用它们中的任何一个,你的代码在我这边运行良好,环境与你相似:
BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(false).withWrite(true);
或
BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(true).withWrite(false);
顺便说一句,这是我能找到的唯一文档:https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas#constructing-the-account-sas-uri,正如您在 "SignedPermission" 部分看到的那样,创建权限不能覆盖现有的 blob 或文件,但写入权限是用于写入现有的objs,我认为这是这里的冲突。
我正在尝试使用 Java SDK 为 Azure Blob 中的文件创建签名 URL。 这是使用的片段 -
String container = "test";
String path = "hello/world.json";
long expiry = 2000;
SharedKeyCredentials creds = new SharedKeyCredentials(accountName, accountKey);
BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(true).withWrite(true);
AccountSASSignatureValues signatureValues = new AccountSASSignatureValues()
.withResourceTypes(new AccountSASResourceType().withService(true).withContainer(true).withObject(true).toString())
.withServices(new AccountSASService().withBlob(true).toString())
.withPermissions(blobSASPermission.toString())
.withProtocol(SASProtocol.HTTPS_ONLY)
.withStartTime(OffsetDateTime.now())
.withExpiryTime(OffsetDateTime.now().plusSeconds(expiry));
URL blobURL = new BlobURLParts()
.withScheme("https://")
.withHost(accountName + ".blob.core.windows.net")
.withContainerName(container)
.withBlobName(path)
.withSasQueryParameters(signatureValues.generateSASQueryParameters(creds))
.toURL();
当我在 blobURL 上发出 GET/PUT/POST curl 请求时,出现以下错误
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:c8192b20-c01e-0056-23ca-5e06e8000000
Time:2019-08-30T00:30:03.2903571Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was playmentdiag
rcw
b
sco
2019-08-30T00:27:42Z
2019-08-30T01:01:02Z
https
2018-03-28
</AuthenticationErrorDetail></Error>
我做错了什么?我尝试使用相同的凭据上传文件,但效果非常好。 Java SDK- com.microsoft.azure:azure-storage-blob:10.1.0
似乎与 blob SAS 权限创建和写入有冲突,禁用它们中的任何一个,你的代码在我这边运行良好,环境与你相似:
BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(false).withWrite(true);
或
BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(true).withWrite(false);
顺便说一句,这是我能找到的唯一文档:https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas#constructing-the-account-sas-uri,正如您在 "SignedPermission" 部分看到的那样,创建权限不能覆盖现有的 blob 或文件,但写入权限是用于写入现有的objs,我认为这是这里的冲突。