2

I am trying to create signed URLs for a file in Azure Blob using Java SDK. Here is the snippet that is used - 

String container = "test";
String path = "hello/world.json";
long expiry = 2000;
SharedKeyCredentials creds = new SharedKeyCredentials(accountName, accountKey);

BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(true).withWrite(true);

AccountSASSignatureValues signatureValues = new AccountSASSignatureValues()
        .withResourceTypes(new AccountSASResourceType().withService(true).withContainer(true).withObject(true).toString())
        .withServices(new AccountSASService().withBlob(true).toString())
        .withPermissions(blobSASPermission.toString())
        .withProtocol(SASProtocol.HTTPS_ONLY)
        .withStartTime(OffsetDateTime.now())
        .withExpiryTime(OffsetDateTime.now().plusSeconds(expiry));


URL blobURL = new BlobURLParts()
        .withScheme("https://")
        .withHost(accountName + ".blob.core.windows.net")
        .withContainerName(container)
        .withBlobName(path)
        .withSasQueryParameters(signatureValues.generateSASQueryParameters(creds))
        .toURL();

When I send out a GET/PUT/POST curl request on the blobURL I get the following error

<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:c8192b20-c01e-0056-23ca-5e06e8000000
Time:2019-08-30T00:30:03.2903571Z</Message><AuthenticationErrorDetail>Signature did not match. String to sign used was playmentdiag
rcw
b
sco
2019-08-30T00:27:42Z
2019-08-30T01:01:02Z

https
2018-03-28
</AuthenticationErrorDetail></Error>

What am I doing wrong? I tried to upload files with the same credentials and it worked perfectly fine. Java SDK- com.microsoft.azure:azure-storage-blob:10.1.0

Improve this question
4
  • Can you share the SAS token? Just obfuscate the sig portion of the SAS token. Commented Aug 30, 2019 at 2:03
  • You mean this - ?sv=2018-03-28&ss=b&srt=sco&spr=https&st=2019-08-30T00%3A27%3A42Z&se=2019-08-30T01%3A01%3A02Z&sp=rcw&sig=XXX Commented Aug 30, 2019 at 3:46
  • Yep, that’s it. Can you tell me what version of SDK you’re using? Commented Aug 30, 2019 at 3:55
  • It is already mentioned in the post. Mentioning it again - com.microsoft.azure:azure-storage-blob:10.1.0 Commented Aug 30, 2019 at 6:26

1 Answer 1

Reset to default
2
+50

Seems there is something conflicts with blob SAS permission create and write, disable either of them , your code works well on my side with the similar env as you: 

BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(false).withWrite(true);

or 

BlobSASPermission blobSASPermission = new BlobSASPermission().withRead(true).withCreate(true).withWrite(false);

Btw, this is the only doc I can find: https://learn.microsoft.com/en-us/rest/api/storageservices/create-account-sas#constructing-the-account-sas-uri , as you can see under "SignedPermission" section indicated that the create permission can not overwrite existing blobs or files , but write permission is used for writing to existing objs , I think this is the conflict here .

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Is this documented somewhere? Please update the answer if you know a source. I need to wait for 6 hours to reward the bounty. Thanks for the answer.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.