Azure - 如何使用 Entrant ID 模型下载 blob - Java Spring boot

Question

我是 Azure 安全新手，想知道如何在没有连接字符串的情况下访问 Key Vault 或存储帐户容器等资源。

模型 1 - 连接字符串

azure:
  storage:
    connection-string: efau;AccountName=sprin..ge;AccpointSuffix=core.windows.net
    container-name: files

代码：

//service
new BlobServiceClientBuilder().connectionString(azureStorageConnectionString).buildAsyncClient();
// client
return blobServiceClient().getBlobContainerAsyncClient(azureStorageContainerName);
//download
BlobAsyncClient blobAsyncClient = blobContainerAsyncClient.getBlobAsyncClient(fileName);
        return blobAsyncClient.downloadContent().block().toBytes();

这样就可以了。（conn String 模型）

我想使用 Entra ID。应用程序 -> Entra -> 存储帐户

我做了这些修改（门户上的配置已完成）

spring:
  cloud:
    azure:
      active-directory:
        enabled: true
        profile:
          tenant-id: fa33eae07d908b94f0
        credential:
          client-id: 41c1b67-078d9e3822be
          client-secret: Tuw8Q~4VuXt0q0VsLegtlc7L

我不知道要创建什么bean。

返回新的 DefaultAzureCredentialBuilder().build();

但我在资格方面受到挑战。这是正确的吗？

如何避免受到挑战并使用提供的属性进行连接并下载 blob？

Answer 1

要使用服务主体访问 Blob 存储，请更新

application.properties

文件夹下的

src=>main=>resources

中的客户端凭据，请参阅 @Devesh Kumar 撰写的文章。

spring.application.name=demo
spring.cloud.azure.storage.blob.credential.client-id=Client_ID
spring.cloud.azure.storage.blob.profile.tenant-id=Tenant_ID
spring.cloud.azure.storage.blob.credential.client-secret=Client_Secret
spring.cloud.azure.storage.blob.endpoint=blobendpoint
spring.cloud.azure.storage.blob.container-name=container

pom.xml：

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.azure</groupId>
            <artifactId>azure-storage-blob</artifactId>
            <version>12.18.0</version>
        </dependency>
        
        <dependency>
            <groupId>com.azure</groupId>
            <artifactId>azure-identity</artifactId>
            <version>1.6.1</version>
        </dependency>
    </dependencies>

DemoClass.java：

@RestController  
@Data
@Configuration
@Slf4j
public class Hellocontroller   
{  
    @Value("${spring.cloud.azure.storage.blob.credential.client-id}")
    private String clientId;
    @Value("${spring.cloud.azure.storage.blob.credential.client-secret}")
    private String clientSecret;
    @Value("${spring.cloud.azure.storage.blob.profile.tenant-id}")
    private String tenantId;
    @Value("${spring.cloud.azure.storage.blob.endpoint}")
    private String storageEndpoint;
    @Value("${spring.cloud.azure.storage.blob.container-name}")
    private String storageContainer;

    @Bean
    public BlobServiceClientBuilder blobServiceClientBuilder() {
      return new BlobServiceClientBuilder()
          .credential(getAzureClientCredentials())
          .endpoint(getStorageEndpoint());
    }
  
    private ClientSecretCredential getAzureClientCredentials() {
      return new ClientSecretCredentialBuilder()
          .clientId(clientId)
          .clientSecret(clientSecret)
          .tenantId(tenantId)
          .build();
    }

    public String getStorageEndpoint() {
      return storageEndpoint.replace("{STORAGE-ID}", <storageId>);
    }
  
    @Bean(name = "blobServiceAsyncClient")
    public BlobServiceAsyncClient blobServiceAsyncClient(
        BlobServiceClientBuilder blobServiceClientBuilder) {

      return blobServiceClientBuilder.retryOptions(
          new RequestRetryOptions(
              RetryPolicyType.EXPONENTIAL,
              5,
              200,
              null,
              null,
              null)).buildAsyncClient();
    }    
}

（或）

您还可以直接在 main() 中定义客户端凭据：

package com.example.demo;

import java.util.Locale;

import org.springframework.boot.autoconfigure.SpringBootApplication;

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.storage.blob.BlobClient;
import com.azure.storage.blob.BlobContainerClient;
import com.azure.storage.blob.BlobContainerClientBuilder;

@SpringBootApplication
public class DemoApplication {

    public static void main(String[] args) {
        String accountName = "<storage_account_name>";
        String containerName = "<container_name>";
        String blobName = "<blob_name>";
        String clientSecret = "<client_secret>";
        String clientId = "<client_id>";
        String tenantId = "<tenant_id>";

        TokenCredential credential = new ClientSecretCredentialBuilder()
                .tenantId(tenantId)
                .clientId(clientId)
                .clientSecret(clientSecret)
                .build();

        String endpoint = String.format(Locale.ROOT, "https://<storage_account>.blob.core.windows.net", accountName);
        BlobContainerClient containerClient = new BlobContainerClientBuilder()
                .endpoint(endpoint)
                .credential(credential)
                .containerName(containerName)
                .buildClient();

        // Download the blob
        String destinationPath = "C:\\Users\\XX\\sample.txt";
            BlobClient blobClient = containerClient.getBlobClient(blobName);
            blobClient.downloadToFile(destinationPath, true);
            System.out.println("Downloaded successfully");
    }
}

为您的应用程序分配

Storage Blob Data reader

和

Storage Blob Data Contributor

角色以执行 Blob 相关操作。

enter image description here

参考资料：

https://stackoverflow.com/a/77149410

Azure - 如何使用 Entrant ID 模型下载 blob - Java Spring boot

问题描述投票：0回答：1

1个回答

最新问题

Azure - 如何使用 Entrant ID 模型下载 blob - Java Spring boot

问题描述 投票：0回答：1

1个回答

最新问题

问题描述投票：0回答：1