I'm following this tutorial https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blob-java-get-started?tabs=sas-token#authorize-access-and-connect-to-blob-storage to use a generated token to access files within an azure container.
As a dependency I only use: implementation 'com.azure:azure-storage-blob:12.14.2'
My code to connect is as follows:
BlobContainerClient container = new BlobContainerClientBuilder()
.endpoint("https://mycontainername.blob.core.windows.net/subcontainer")
.sasToken("sv=2020-10-02&st=2024-03-11T13:58:42Z&se=2024-03-12T14:03:42Z&sr=c&sp=racwl&sig=HVoBAVRrDWaEY1KDr0oxUCFXS8R63L%2B7S5X8n457LTA%3D")
.buildClient();
If I use exactly this string like <endpoint>?<sasToken>
and append &restype=container&comp=list
in the browser, I get a representation of all elements within this subcontainer.
But in the code I can't get that to work. As soon as I call something like container.listBlobs().stream().count()
, so anything that would need to really use the connection, I get a BlobStorageException
:
Status code 403, "<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:f8b4f3b8-001e-0042-154c-74c44a000000
Time:2024-03-12T07:13:39.0826318Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was racwl
2024-03-11T13:58:42Z
2024-03-12T14:03:42Z
/blob/mycontainername/subcontainer
2020-10-02
c
</AuthenticationErrorDetail></Error>"
The error detail looks quite confusing, is there some encoding/decoding issue maybe?
As I read from the token, the permissions should not be a problem, because sr=c
(resource=container), sp=racwl
(permissions=read, access, create, write, list), right?