[
https://issues.apache.org/jira/browse/JCLOUDS-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16797893#comment-16797893
]
Alexandra Horuszko commented on JCLOUDS-1428:
---------------------------------------------
Hi [~swatijain1101], thanks for feedback!
I guess that while executing getBlob and listBlob operations the http request
HEAD with restype=container and comp=acl is called. This stands for
[https://docs.microsoft.com/en-us/rest/api/storageservices/get-container-acl#authorization]
- getting the container ACL - and seems to work with the Shared Key only.
There is the following comment in AzureBlobClient.java for the listBlobs
method: "If the container's access control list (ACL) is set to allow anonymous
access, any client may call this operation."
I would reckon, that getPublicAccessForContainer() is called to check whether
the container has public access before executing the listBlobs.
> Support for SAS token based Authentication for Azure Blob Storage
> -----------------------------------------------------------------
>
> Key: JCLOUDS-1428
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1428
> Project: jclouds
> Issue Type: Improvement
> Components: jclouds-blobstore
> Reporter: Himanshu Jain
> Priority: Major
> Labels: azureblob
> Fix For: 2.2.0, 2.1.3
>
> Attachments: azure_stacktrace.txt
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Hi,
> We have one use case where we want to provide limited access to objects in
> our storage accounts. We figured that the best way to do this is by using
> SAS token based authentication mechanism to upload/download objects to Azure
> Blob Storage - [SAS based
> Authentication|https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1]
> We found that JClouds client library provides support for Azure Blob Storage
> using account keys which might not fit our use case because of security
> reasons.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
