java - 使用 ClientID 、 TennantID 和 ClientSecret 从 Azure 下载时出现问题

标签 java azure

我正在尝试使用 ClientID 、 TennantID 和 ClientSecret 从 Java 代码 m 从 Azure 存储下载 blob

这是获取客户端的代码:

private BlobContainerClient getContainerClient_SP(String containerName) {
    ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
            .tenantId(tenantId)
            .clientId(clientId)
            .clientSecret(clientSecret)
            .build();

    String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net/%s", accountName, containerName);
    BlobContainerClient containerClient = new BlobContainerClientBuilder()
            .endpoint(endpoint)
            .credential(clientSecretCredential)
            .buildClient();

    return containerClient;

}

这里是下载代码片段:

try {
    BlobContainerClient containerClient = getContainerClient_SP(containerName);
    BlobClient blobClient = containerClient.getBlobClient(blobName);        
    String destinationPath = "C:\\MyFolder\\MyFileName";
    blobClient.downloadToFile(destinationPath,true); //Exception thrown here 
    System.out.println("Download OK");
}
catch (Exception ex) {
    System.out.println("APP exception: "+ex.getMessage());
    throw ex;
}

异常(exception)是:

    Exception in thread "main" 
com.azure.storage.blob.models.BlobStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call.
    If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call.
    Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII.
    Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
    RequestId:57625f26-801e-0036-206a-ec1d2e000000
    Time:2023-09-21T09:07:08.3082584Z</Message></Error>"
        at java.lang.invoke.MethodHandle.invokeWithArguments(MethodHandle.java:627)
        at com.azure.core.implementation.http.rest.ResponseExceptionConstructorCache.invoke(ResponseExceptionConstructorCache.java:56)

问题:代码中是否缺少/错误或只是权限问题? 提前致谢 定义的角色:enter image description here

最佳答案

最初,我在我的环境中尝试并得到了相同的错误。

enter image description here

The question : Is there something missing / wrong in code or it is ONLY permission issue ?

我同意 Junna 的评论,将存储 blob 数据读取器角色分配给我的应用程序后。我可以下载该文件。

门户: enter image description here

代码:

import com.azure.core.credential.TokenCredential;
import com.azure.identity.ClientSecretCredentialBuilder;
import com.azure.storage.blob.BlobClient;
import com.azure.storage.blob.BlobContainerClient;
import com.azure.storage.blob.BlobContainerClientBuilder;

import java.util.Locale;

public class App {
    public static void main(String[] args) {
        // Set the values for your Azure Blob Storage account
        String accountName = "venkat123";
        String containerName = "test1";
        String blobName = "file2.txt";
        String tenantId = "xxxx";
        String clientId = "xxxxx";
        String clientSecret = "xxxxx";

        // Create a token credential using the client secret
        TokenCredential credential = new ClientSecretCredentialBuilder()
                .tenantId(tenantId)
                .clientId(clientId)
                .clientSecret(clientSecret)
                .build();

        // Create a BlobContainerClient using the token credential
        String endpoint = String.format(Locale.ROOT, "https://%s.blob.core.windows.net", accountName);
        BlobContainerClient containerClient = new BlobContainerClientBuilder()
                .endpoint(endpoint)
                .credential(credential)
                .containerName(containerName)
                .buildClient();

        // Download the blob to a file
        String destinationPath = "C:\\Users\\xxx\\xxx\\Documents\\xx\\sample.txt";
            BlobClient blobClient = containerClient.getBlobClient(blobName);
            blobClient.downloadToFile(destinationPath, true);
            System.out.println("Download OK");
    }
}

输出:

enter image description here

文件:

enter image description here

关于java - 使用 ClientID 、 TennantID 和 ClientSecret 从 Azure 下载时出现问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/77148810/

相关文章:

java - Log4j.xml动态文件属性

azure - 检查 HTTP 响应正文是否为空

linux - 是否可以通过 Azure TFS 通过发布管道在 Linux 计算机上运行 vstest

sql-server - Azure SQL 数据库(S0 层)-如何成功终止进程

asp.net-mvc - 将多个项目解决方案部署到azure

angular - Azure AD B2C 登录问题

javascript - 将自定义消息身份验证代码从 Java 转换为 JavaScript

java - Dozer - 在转换器之后调用映射器

Java进程无法获取ErrorStream消息

java - 如何在不反编译的情况下更改已编译的 .class 文件?