我正在尝试使用 ClientID 、 TennantID 和 ClientSecret 从 Java 代码 m 从 Azure 存储下载 blob
这是获取客户端的代码:
private BlobContainerClient getContainerClient_SP(String containerName) {
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net/%s", accountName, containerName);
BlobContainerClient containerClient = new BlobContainerClientBuilder()
.endpoint(endpoint)
.credential(clientSecretCredential)
.buildClient();
return containerClient;
}
这里是下载代码片段:
try {
BlobContainerClient containerClient = getContainerClient_SP(containerName);
BlobClient blobClient = containerClient.getBlobClient(blobName);
String destinationPath = "C:\\MyFolder\\MyFileName";
blobClient.downloadToFile(destinationPath,true); //Exception thrown here
System.out.println("Download OK");
}
catch (Exception ex) {
System.out.println("APP exception: "+ex.getMessage());
throw ex;
}
异常(exception)是:
Exception in thread "main"
com.azure.storage.blob.models.BlobStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:57625f26-801e-0036-206a-ec1d2e000000
Time:2023-09-21T09:07:08.3082584Z</Message></Error>"
at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
at com.azure.core.implementation.http.rest.ResponseExceptionConstructorCache.invoke(ResponseExceptionConstructorCache.java:56)
问题:代码中是否缺少/错误或只是权限问题?
提前致谢
定义的角色:
最佳答案
最初,我在我的环境中尝试并得到了相同的错误。
The question : Is there something missing / wrong in code or it is ONLY permission issue ?
我同意 Junna 的评论,将存储 blob 数据读取器角色分配给我的应用程序后。我可以下载该文件。
门户:
代码:
import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.storage.blob.BlobClient;
import com.azure.storage.blob.BlobContainerClient;
import com.azure.storage.blob.BlobContainerClientBuilder;
import java.util.Locale;
public class App {
public static void main(String[] args) {
// Set the values for your Azure Blob Storage account
String accountName = "venkat123";
String containerName = "test1";
String blobName = "file2.txt";
String tenantId = "xxxx";
String clientId = "xxxxx";
String clientSecret = "xxxxx";
// Create a token credential using the client secret
TokenCredential credential = new ClientSecretCredentialBuilder()
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(clientSecret)
.build();
// Create a BlobContainerClient using the token credential
String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net", accountName);
BlobContainerClient containerClient = new BlobContainerClientBuilder()
.endpoint(endpoint)
.credential(credential)
.containerName(containerName)
.buildClient();
// Download the blob to a file
String destinationPath = "C:\\Users\\xxx\\xxx\\Documents\\xx\\sample.txt";
BlobClient blobClient = containerClient.getBlobClient(blobName);
blobClient.downloadToFile(destinationPath, true);
System.out.println("Download OK");
}
}
输出:
文件:
关于java - 使用 ClientID 、 TennantID 和 ClientSecret 从 Azure 下载时出现问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/77148810/