Service-to-service authentication with Azure Data Lake Storage Gen2 using Java

  • Article

In this article, you learn about how to use the Java SDK to do service-to-service authentication with Azure Data Lake Storage Gen2. End-user authentication with Data Lake Storage Gen2 using the Java SDK isn't supported.

Prerequisites

Service-to-service authentication

  1. Create a Maven project using mvn archetype from the command line or using an IDE. For instructions on how to create a Java project using IntelliJ, see here. For instructions on how to create a project using Eclipse, see here.

  2. Add the following dependencies to your Maven pom.xml file. Add the following snippet before the </project> tag:

    <dependencies>
  <dependency>
      <groupId>com.azure</groupId>
      <artifactId>azure-storage-file-datalake</artifactId>
      <version>12.6.0</version>
  </dependency>
  <dependency>
      <groupId>com.azure</groupId>
      <artifactId>azure-identity</artifactId>
      <version>1.3.3</version>
  </dependency>
  <dependency>
    <groupId>org.slf4j</groupId>
    <artifactId>slf4j-nop</artifactId>
    <version>1.7.21</version>
  </dependency>
</dependencies>

    The first dependency is to use the Data Lake Storage Gen2 SDK (azure-storage-file-datalake) from the Maven repository. The second dependency is to specify the logging framework (slf4j-nop) to use for this app. The Data Lake Storage Gen2 SDK uses the slf4j logging façade, which lets you choose from a number of popular logging frameworks, like log4j, Java logging, logback, or no logging. For this example, we disable logging, hence we use the slf4j-nop binding. To use other logging options in your app, see Declaring project dependencies for logging.

  3. Add the following import statements to your application.

    import com.azure.identity.ClientSecretCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.storage.file.datalake.DataLakeDirectoryClient;
import com.azure.storage.file.datalake.DataLakeFileClient;
import com.azure.storage.file.datalake.DataLakeServiceClient;
import com.azure.storage.file.datalake.DataLakeServiceClientBuilder;
import com.azure.storage.file.datalake.DataLakeFileSystemClient;
import com.azure.storage.file.datalake.models.ListPathsOptions;
import com.azure.storage.file.datalake.models.PathAccessControl;
import com.azure.storage.file.datalake.models.PathPermissions;

  4. Use the following snippet in your Java app to obtain a token for the Active Directory web app you created earlier using one of the class of StorageSharedKeyCredential (the following example uses credential). The token provider caches the credentials used to obtain the token in memory, and automatically renews the token if it's about to expire. It's possible to create your own subclasses of StorageSharedKeyCredential so tokens are obtained by your customer code. For now, let's just use the one provided in the SDK.

    Replace FILL-IN-HERE with the actual values for the Microsoft Entra Web application.

    private static String clientId = "FILL-IN-HERE";
private static String tenantId = "FILL-IN-HERE";
private static String clientSecret = "FILL-IN-HERE";

ClientSecretCredential credential = new ClientSecretCredentialBuilder().clientId(clientId).tenantId(tenantId).clientSecret(clientSecret).build();

The Data Lake Storage Gen2 SDK provides convenient methods that let you manage the security tokens needed to talk to the Data Lake Storage Gen2 account. However, the SDK doesn't mandate that only these methods be used. You can use any other means of obtaining token as well, like using the Azure Identity client library or your own custom code.

Next steps

In this article, you learned how to use end-user authentication to authenticate with Data Lake Storage Gen2 using Java SDK. You can now look at the following articles that talk about how to use the Java SDK to work with Data Lake Storage Gen2.