java - 使用 ClientID 、 TennantID 和 ClientSecret 从 Azure 下载时出现问题

标签 java azure

我正在尝试使用 ClientID 、 TennantID 和 ClientSecret 从 Java 代码 m 从 Azure 存储下载 blob

这是获取客户端的代码:

private BlobContainerClient getContainerClient_SP(String containerName) {
    ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
            .tenantId(tenantId)
            .clientId(clientId)
            .clientSecret(clientSecret)
            .build();

    String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net/%s", accountName, containerName);
    BlobContainerClient containerClient = new BlobContainerClientBuilder()
            .endpoint(endpoint)
            .credential(clientSecretCredential)
            .buildClient();

    return containerClient;

}

这里是下载代码片段:

try {
    BlobContainerClient containerClient = getContainerClient_SP(containerName);
    BlobClient blobClient = containerClient.getBlobClient(blobName);        
    String destinationPath = "C:\\MyFolder\\MyFileName";
    blobClient.downloadToFile(destinationPath,true); //Exception thrown here 
    System.out.println("Download OK");
}
catch (Exception ex) {
    System.out.println("APP exception: "+ex.getMessage());
    throw ex;
}

异常(exception)是:

    Exception in thread "main" 
com.azure.storage.blob.models.BlobStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
    If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
    Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
    Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
    RequestId:57625f26-801e-0036-206a-ec1d2e000000
    Time:2023-09-21T09:07:08.3082584Z</Message></Error>"
        at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
        at com.azure.core.implementation.http.rest.ResponseExceptionConstructorCache.invoke(ResponseExceptionConstructorCache.java:56)

问题:代码中是否缺少/错误或只是权限问题? 提前致谢 定义的角色:enter image description here

最佳答案

最初,我在我的环境中尝试并得到了相同的错误。

enter image description here

The question : Is there something missing / wrong in code or it is ONLY permission issue ?

我同意 Junna 的评论,将存储 blob 数据读取器角色分配给我的应用程序后。我可以下载该文件。

门户: enter image description here

代码:

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.storage.blob.BlobClient;
import com.azure.storage.blob.BlobContainerClient;
import com.azure.storage.blob.BlobContainerClientBuilder;

import java.util.Locale;

public class App {
    public static void main(String[] args) {
        // Set the values for your Azure Blob Storage account
        String accountName = "venkat123";
        String containerName = "test1";
        String blobName = "file2.txt";
        String tenantId = "xxxx";
        String clientId = "xxxxx";
        String clientSecret = "xxxxx";

        // Create a token credential using the client secret
        TokenCredential credential = new ClientSecretCredentialBuilder()
                .tenantId(tenantId)
                .clientId(clientId)
                .clientSecret(clientSecret)
                .build();

        // Create a BlobContainerClient using the token credential
        String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net", accountName);
        BlobContainerClient containerClient = new BlobContainerClientBuilder()
                .endpoint(endpoint)
                .credential(credential)
                .containerName(containerName)
                .buildClient();

        // Download the blob to a file
        String destinationPath = "C:\\Users\\xxx\\xxx\\Documents\\xx\\sample.txt";
            BlobClient blobClient = containerClient.getBlobClient(blobName);
            blobClient.downloadToFile(destinationPath, true);
            System.out.println("Download OK");
    }
}

输出:

enter image description here

文件:

enter image description here

关于java - 使用 ClientID 、 TennantID 和 ClientSecret 从 Azure 下载时出现问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/77148810/

相关文章:

java - ClassLoader 似乎没有正确返回对象

java - Android Studio 4.2 无法识别 KotlinScript Gradle build.gradle.kts 中的任何语法,尽管 4.1.3 可以与 Gradle 7.0 一起正常工作

Azure AD 租户名称

azure - 使用 Azure 媒体服务通过 shaka packager 提供 DRM 许可证?

Azure docker容器给出 'Container use unauthorized'

azure - Windows Azure Web 角色 - RoleEnvironment.Changing 去了哪里?

javascript - 需要帮助将我的处理代码转换为 p5.js(ArrayList +其他!)

java - cassandra cql查询,从方法读取WHERE条件

java - Eclipse RCP浏览器加载本地html

c# - SQL 写入 ASP.NET 用户表不保存