Java 的 Azure sdk 如何设置用户委托密钥和共享身份验证签名 SAS
Azure sdk for Java How to Setup User Delegation Key and Shared Authentication Signatures SAS
以下代码在最后一行抛出异常:
// Create a BlobServiceClient object which will be used to create a container client
System.out.println(String.format("Connection String %s", connectStr));
blobServiceClient = new BlobServiceClientBuilder().connectionString(connectStr).buildClient();
// Get a user delegation key for the Blob service that's valid for seven days.
// You can use the key to generate any number of shared access signatures over the lifetime of the key.
keyStart = OffsetDateTime.now();
keyExpiry = OffsetDateTime.now().plusHours(7);
error -> userDelegationKey = blobServiceClient.getUserDelegationKey(keyStart, keyExpiry);
异常:
</Message><AuthenticationErrorDetail>Only authentication scheme Bearer is supported</AuthenticationErrorDetail></Error>"
Caused by: com.azure.storage.blob.models.BlobStorageException: Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:d375b3bf-b01e-0044-1191-9c75a8000000
我尝试将 .NET 教程改编为 Java,但到目前为止没有成功。
这个错误似乎与 REST API 调用有关,有什么想法吗?
所以经过多次尝试,使用存储帐户的连接字符串来使用用户委派密钥是行不通的。我必须注册一个应用程序并添加新的应用程序环境变量。最后,在 IAM 仪表板中检查正确的权限。
就我而言,我将 Azure 与 Spring、
一起使用
- 仅添加了以下依赖项:
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-storage-blob</artifactId>
<version>12.8.0</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.1.2</version>
</dependency>
- Create/Register Azure 上的一个应用程序
- 使用证书和机密创建应用程序的客户端机密。
- 在环境变量中存储app-客户端id、租户id和客户端密码
即在 macOS 上:
export AZURE_CLIENT_ID="xxxxxxx"
launchctl setenv AZURE_CLIENT_ID $AZURE_CLIENT_ID
export AZURE_TENANT_ID="xxxxxxx"
launchctl setenv AZURE_TENANT_ID $AZURE_TENANT_ID
export AZURE_CLIENT_SECRET="xxxxxxx"
launchctl setenv AZURE_CLIENT_SECRET $AZURE_CLIENT_SECRET
为存储帐户的用户和应用添加 Storage Blob Data Contributor 的正确角色分配。 see this
现在可以使用以下代码生成用户委托密钥和示例容器 SAS:
String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net", "accountName");
// Create a BlobServiceClient object which will be used to create a container client
blobServiceClient = new BlobServiceClientBuilder().endpoint(endpoint)
.credential(new DefaultAzureCredentialBuilder().build()).buildClient();
// Get a user delegation key for the Blob service that's valid for seven days.
// You can use the key to generate any number of shared access signatures over the lifetime of the key.
keyStart = OffsetDateTime.now();
keyExpiry = OffsetDateTime.now().plusDays(7);
userDelegationKey = blobServiceClient.getUserDelegationKey(keyStart, keyExpiry);
BlobContainerSasPermission blobContainerSas = new BlobContainerSasPermission();
blobContainerSas.setReadPermission(true);
BlobServiceSasSignatureValues blobServiceSasSignatureValues = new BlobServiceSasSignatureValues(keyExpiry,
blobContainerSas);
BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient("containerName");
if (!blobContainerClient.exists())
blobContainerClient.create();
String sas = blobContainerClient
.generateUserDelegationSas(blobServiceSasSignatureValues, userDelegationKey);
希望这对其他人有帮助!
以下代码在最后一行抛出异常:
// Create a BlobServiceClient object which will be used to create a container client
System.out.println(String.format("Connection String %s", connectStr));
blobServiceClient = new BlobServiceClientBuilder().connectionString(connectStr).buildClient();
// Get a user delegation key for the Blob service that's valid for seven days.
// You can use the key to generate any number of shared access signatures over the lifetime of the key.
keyStart = OffsetDateTime.now();
keyExpiry = OffsetDateTime.now().plusHours(7);
error -> userDelegationKey = blobServiceClient.getUserDelegationKey(keyStart, keyExpiry);
异常:
</Message><AuthenticationErrorDetail>Only authentication scheme Bearer is supported</AuthenticationErrorDetail></Error>"
Caused by: com.azure.storage.blob.models.BlobStorageException: Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:d375b3bf-b01e-0044-1191-9c75a8000000
我尝试将 .NET 教程改编为 Java,但到目前为止没有成功。
这个错误似乎与 REST API 调用有关,有什么想法吗?
所以经过多次尝试,使用存储帐户的连接字符串来使用用户委派密钥是行不通的。我必须注册一个应用程序并添加新的应用程序环境变量。最后,在 IAM 仪表板中检查正确的权限。
就我而言,我将 Azure 与 Spring、
一起使用- 仅添加了以下依赖项:
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-storage-blob</artifactId>
<version>12.8.0</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.1.2</version>
</dependency>
- Create/Register Azure 上的一个应用程序
- 使用证书和机密创建应用程序的客户端机密。
- 在环境变量中存储app-客户端id、租户id和客户端密码 即在 macOS 上:
export AZURE_CLIENT_ID="xxxxxxx"
launchctl setenv AZURE_CLIENT_ID $AZURE_CLIENT_ID
export AZURE_TENANT_ID="xxxxxxx"
launchctl setenv AZURE_TENANT_ID $AZURE_TENANT_ID
export AZURE_CLIENT_SECRET="xxxxxxx"
launchctl setenv AZURE_CLIENT_SECRET $AZURE_CLIENT_SECRET
为存储帐户的用户和应用添加
Storage Blob Data Contributor的正确角色分配。 see this现在可以使用以下代码生成用户委托密钥和示例容器 SAS:
String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net", "accountName");
// Create a BlobServiceClient object which will be used to create a container client
blobServiceClient = new BlobServiceClientBuilder().endpoint(endpoint)
.credential(new DefaultAzureCredentialBuilder().build()).buildClient();
// Get a user delegation key for the Blob service that's valid for seven days.
// You can use the key to generate any number of shared access signatures over the lifetime of the key.
keyStart = OffsetDateTime.now();
keyExpiry = OffsetDateTime.now().plusDays(7);
userDelegationKey = blobServiceClient.getUserDelegationKey(keyStart, keyExpiry);
BlobContainerSasPermission blobContainerSas = new BlobContainerSasPermission();
blobContainerSas.setReadPermission(true);
BlobServiceSasSignatureValues blobServiceSasSignatureValues = new BlobServiceSasSignatureValues(keyExpiry,
blobContainerSas);
BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient("containerName");
if (!blobContainerClient.exists())
blobContainerClient.create();
String sas = blobContainerClient
.generateUserDelegationSas(blobServiceSasSignatureValues, userDelegationKey);
希望这对其他人有帮助!