Is there a way to programmatically generate Azure SaS token for Blob container even when the user is not authenticated with SaS token java

Rajan Shah 21 Reputation points
2022-04-12T01:14:51.36+00:00

I am authenticating my user using ClientCredentails. My client does have the permission to generate SaS token. Now I want to generate SaS token from code for a short period of time so that the customer can directly download the file. 

  String tenantId = "TenantId";  
        String clientSecret = "XXXX"  
        String clientId = "abc-123"  
  
        String authorityUrl = AzureAuthorityHosts.AZURE_PUBLIC_CLOUD +  tenantId;  
  
        ClientSecretCredential credential = new ClientSecretCredentialBuilder()  
                .authorityHost(authorityUrl)  
                .tenantId(tenantId)  
                .clientSecret(clientSecret)  
                .clientId(clientId)  
                .build();  
  
  
         BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()  
                    .credential(credential)  
                    .endpoint(azureStorageEndPoint)  
                    .buildClient();   
  
  
        // Upload a file              
        BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient(containerName);              
        BlobClient blobClient = blobContainerClient.getBlobClient("Test.txt");  
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File("<FILE_PATH>")));  
        blobClient.upload(bufferedInputStream, bufferedInputStream.available(),true);       
  
  
        BlobSasPermission blobSasPermission = new BlobSasPermission().setReadPermission(true);  
        OffsetDateTime expiryTime = OffsetDateTime.now().plusDays(1);  
        BlobServiceSasSignatureValues values = new BlobServiceSasSignatureValues(expiryTime, blobSasPermission)  
                    .setStartTime(OffsetDateTime.now());  
  
        String generateSas = blobClient.generateSas(values);  
  
  
  
        Getting Error   
  
        java.lang.NullPointerException: The argument must not be null or an empty string. Argument name: storageSharedKeyCredentials.

Tried to find some azure docs which clearly says that "Client must be authenticated via StorageSharedKeyCredential"

https://learn.microsoft.com/en-us/java/api/com.azure.storage.blob.blobserviceclient.generateaccountsas?view=azure-java-stable

Question is how to generate StorageSharedKeyCredential programmatically if your code is authenticating with different ways.

Azure Blob Storage
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
1,705 questions
0 comments
Accepted answer
  1. Sumarigo-MSFT 35,036 Reputation points Microsoft Employee
    2022-04-13T05:11:59.04+00:00

    @Rajan Shah Welcome to Microsoft Q&A Forum, Thank you for posting your query here!

    We don't yet have a Java example, but they should be able to follow the guidance for .NET to create a user delegation SAS, which is signed with Azure AD credentials (instead of the account key):
    https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-user-delegation-sas-create-dotnet

    If you wish you can leave your Feedback/UserVoice here. All the feedback you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Azure.

    Please let us know if you have any further queries. I’m happy to assist you further.

    ----------

    Please do not forget to 192439-screenshot-2021-12-10-121802.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rajan Shah 21 Reputation points
    2022-04-13T17:37:44.853+00:00
    0 comments