Is there a way to programmatically generate Azure SaS token for Blob container even when the user is not authenticated with SaS token java

Rajan Shah 21 Reputation points

I am authenticating my user using ClientCredentails. My client does have the permission to generate SaS token. Now I want to generate SaS token from code for a short period of time so that the customer can directly download the file.

  String tenantId = "TenantId";  
        String clientSecret = "XXXX"  
        String clientId = "abc-123"  
        String authorityUrl = AzureAuthorityHosts.AZURE_PUBLIC_CLOUD +  tenantId;  
        ClientSecretCredential credential = new ClientSecretCredentialBuilder()  
         BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()  
        // Upload a file              
        BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient(containerName);              
        BlobClient blobClient = blobContainerClient.getBlobClient("Test.txt");  
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File("<FILE_PATH>")));  
        blobClient.upload(bufferedInputStream, bufferedInputStream.available(),true);       
        BlobSasPermission blobSasPermission = new BlobSasPermission().setReadPermission(true);  
        OffsetDateTime expiryTime =;  
        BlobServiceSasSignatureValues values = new BlobServiceSasSignatureValues(expiryTime, blobSasPermission)  
        String generateSas = blobClient.generateSas(values);  
        Getting Error   
        java.lang.NullPointerException: The argument must not be null or an empty string. Argument name: storageSharedKeyCredentials.  


Tried to find some azure docs which clearly says that "Client must be authenticated via StorageSharedKeyCredential"

Question is how to generate StorageSharedKeyCredential programmatically if your code is authenticating with different ways.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
2,599 questions
0 comments No comments
{count} votes

Accepted answer
  1. Sumarigo-MSFT 45,321 Reputation points Microsoft Employee

    @Rajan Shah Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    We don't yet have a Java example, but they should be able to follow the guidance for .NET to create a user delegation SAS, which is signed with Azure AD credentials (instead of the account key):

    If you wish you can leave your Feedback/UserVoice here. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    Please let us know if you have any further queries. I’m happy to assist you further.


    Please do not forget to 192439-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments No comments

1 additional answer

Sort by: Most helpful