我正在使用 ClientCredentails 验证我的用户。我的客户确实有权生成 SaS 令牌。现在我想在短时间内从代码生成 SaS 令牌,以便客户可以直接下载文件。
String tenantId = "TenantId";
String clientSecret = "XXXX"
String clientId = "abc-123"
String authorityUrl = AzureAuthorityHosts.AZURE_PUBLIC_CLOUD + tenantId;
ClientSecretCredential credential = new ClientSecretCredentialBuilder()
.authorityHost(authorityUrl)
.tenantId(tenantId)
.clientSecret(clientSecret)
.clientId(clientId)
.build();
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
.credential(credential)
.endpoint(azureStorageEndPoint)
.buildClient();
// Upload a file
BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient(containerName);
BlobClient blobClient = blobContainerClient.getBlobClient("Test.txt");
BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File("<FILE_PATH>")));
blobClient.upload(bufferedInputStream, bufferedInputStream.available(),true);
BlobSasPermission blobSasPermission = new BlobSasPermission().setReadPermission(true);
OffsetDateTime expiryTime = OffsetDateTime.now().plusDays(1);
BlobServiceSasSignatureValues values = new BlobServiceSasSignatureValues(expiryTime, blobSasPermission)
.setStartTime(OffsetDateTime.now());
String generateSas = blobClient.generateSas(values);
Getting Error
java.lang.NullPointerException: The argument must not be null or an empty string. Argument name: storageSharedKeyCredentials.
试图找到一些天蓝色的文档,明确说明了这一点 “客户端必须通过 StorageSharedKeyCredential 进行身份验证”
问题是,如果您的代码使用不同方式进行身份验证,如何以编程方式生成 StorageSharedKeyCredential。
我终于找到了答案,当我们使用客户端凭据登录时,我们需要创建 UserDelegationKey ,然后使用该密钥来获取 SaS 令牌
String tenantId = "TenantId";
String clientSecret = "XXXX"
String clientId = "abc-123"
String authorityUrl = AzureAuthorityHosts.AZURE_PUBLIC_CLOUD + tenantId;
ClientSecretCredential credential = new ClientSecretCredentialBuilder()
.authorityHost(authorityUrl)
.tenantId(tenantId)
.clientSecret(clientSecret)
.clientId(clientId)
.build();
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
.credential(credential)
.endpoint(azureStorageEndPoint)
.buildClient();
// Upload a file
BlobContainerClient blobContainerClient = blobServiceClient.getBlobContainerClient(containerName);
BlobClient blobClient = blobContainerClient.getBlobClient("Test.txt");
BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File("<FILE_PATH>")));
blobClient.upload(bufferedInputStream, bufferedInputStream.available(),true);
OffsetDateTime keyStart = OffsetDateTime.now();
OffsetDateTime keyExpiry = OffsetDateTime.now().plusDays(7);
UserDelegationKey userDelegationKey = blobServiceClient.getUserDelegationKey(keyStart, keyExpiry);
BlobContainerSasPermission blobContainerSas = new BlobContainerSasPermission();
blobContainerSas.setReadPermission(true);
BlobServiceSasSignatureValues blobServiceSasSignatureValues = new BlobServiceSasSignatureValues(keyExpiry,
blobContainerSas);
String sas = blobClient.generateUserDelegationSas(blobServiceSasSignatureValues, userDelegationKey);
我从此链接找到了答案
酷!有一种简单的方法可以生成 Sas 令牌和带有过期时间的预签名 Url。
在这里,我尝试为天蓝色 blob 路径列表生成预签名 URL:
fun getPreSignedUrls(blobPaths: List<String>): List<String> {
var preSignedUrls: List<String> = emptyList()
blobPaths.forEach { blobPath ->
val blobServiceClient = BlobServiceClientBuilder()
.connectionString(connectionString)
.buildClient()
val containerClient = blobServiceClient.getBlobContainerClient(containerName)
val blobClient = containerClient.getBlobClient(blobPath)
val expirationTime = OffsetDateTime.now().plusMinutes(30)
val sasToken = blobClient.generateSas(
BlobServiceSasSignatureValues(
expirationTime,
BlobContainerSasPermission.parse("rl")
)
)
preSignedUrls += blobClient.blobUrl.toString() + "?" + sasToken
}
return preSignedUrls
}