[jira] [Commented] (JCLOUDS-1428) Support for SAS token based Authentication for Azure Blob Storage

Mon, 11 Mar 2019 23:43:40 -0700 


    [ 
https://issues.apache.org/jira/browse/JCLOUDS-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16790281#comment-16790281
 ] 

Alexandra Horuszko commented on JCLOUDS-1428:
---------------------------------------------

[~roy.biswa] So, there is a check in the code, which defines, whether you use 
SAS or SharedKey in the following manner: it checks for the presence of four 
'tokens': "sig", "se", "sv", "sp". In order to be classified as a SAS string, 
it needs to contain ALL tokens from this list. Your SAS string does not include 
"se" and "sp", that is why the code classifies it as a SharedKey, and then 
proceeds as if it was a SharedKey. And then it bumps into error, because it 
tries to decode it, as if it was a SharedKey, but it is actually not, it's too 
long, it contains wrong characters... 

Are you sure that such format of SAS will actually work on AzureBlobStorage? I 
can see that you're using Service SAS. And for Service SAS not only "sv" and 
"sig" are required, but also "se" and "sp". Please, take a look at the 
documentation here: 
[https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-a-Service-SAS?redirectedfrom=MSDN]
 . 

> Support for SAS token based Authentication for Azure Blob Storage
> -----------------------------------------------------------------
>
>                 Key: JCLOUDS-1428
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1428
>             Project: jclouds
>          Issue Type: Improvement
>          Components: jclouds-blobstore
>            Reporter: Himanshu Jain
>            Priority: Major
>              Labels: azureblob
>             Fix For: 2.2.0, 2.1.3
>
>         Attachments: azure_stacktrace.txt
>
>
> Hi,
> We have one use case where we want to provide limited access to objects in 
> our storage accounts. We figured that the best way to do  this is by using 
> SAS token based authentication mechanism to upload/download objects to Azure 
> Blob Storage - [SAS based 
> Authentication|https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1]
> We found that JClouds client library provides support for Azure Blob Storage 
> using account keys which might not fit our use case because of security 
> reasons.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to