[jira] [Commented] (JCLOUDS-1428) Support for SAS token based Authentication for Azure Blob Storage

Sun, 31 Mar 2019 23:50:24 -0700 


    [ 
https://issues.apache.org/jira/browse/JCLOUDS-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16806458#comment-16806458
 ] 

Alexandra Horuszko commented on JCLOUDS-1428:
---------------------------------------------

[~nacx] Thanks! I've found another place as well - 
[here|https://github.com/apache/jclouds/blob/c2670079fabe74f163f43fbade0866469f7a84ec/providers/azureblob/src/main/java/org/jclouds/azureblob/blobstore/config/AzureBlobStoreContextModule.java#L54].
 I am checking for the sasAuth, and in case it is true, I omit returning 
client.getPublicAccessForContainer(container), but proceed to setting the 
PublicAccess value to CONTAINER. Then getBlob and listBlobs work with SAS. 

However, it may be that someone has the actual access level set to BLOB (which 
would allow getBlob to work), but there will be an Authorisation error, when 
they call listBlobs, since one would need the CONTAINER access level to perform 
this. You can tell the level of access of 'traditional' service SAS strings - 
token " sr=c" for container and "sr=b" for blob, while all account SAS strings 
already mean container level of access. However, I don't see any possibility to 
tell from an SAS built with stored access policy which level of access it 
grants. I have to do some further investigation in this direction. 

 

> Support for SAS token based Authentication for Azure Blob Storage
> -----------------------------------------------------------------
>
>                 Key: JCLOUDS-1428
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1428
>             Project: jclouds
>          Issue Type: Improvement
>          Components: jclouds-blobstore
>            Reporter: Himanshu Jain
>            Priority: Major
>              Labels: azureblob
>             Fix For: 2.2.0, 2.1.3
>
>         Attachments: azure_stacktrace.txt
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Hi,
> We have one use case where we want to provide limited access to objects in 
> our storage accounts. We figured that the best way to do  this is by using 
> SAS token based authentication mechanism to upload/download objects to Azure 
> Blob Storage - [SAS based 
> Authentication|https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1]
> We found that JClouds client library provides support for Azure Blob Storage 
> using account keys which might not fit our use case because of security 
> reasons.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to