jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alexandra Horuszko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCLOUDS-1428) Support for SAS token based Authentication for Azure Blob Storage
Date Thu, 21 Mar 2019 07:40:00 GMT

    [ https://issues.apache.org/jira/browse/JCLOUDS-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16797893#comment-16797893

Alexandra Horuszko commented on JCLOUDS-1428:

Hi [~swatijain1101], thanks for feedback! 

I guess that while executing getBlob and listBlob operations the http request  HEAD with
restype=container and comp=acl is called. This stands for [https://docs.microsoft.com/en-us/rest/api/storageservices/get-container-acl#authorization] -
getting the container ACL -  and seems to work with the Shared Key only. 

There is the following comment in AzureBlobClient.java for the listBlobs method: "If the
container's access control list (ACL) is set to allow anonymous access, any client may call
this operation."

I would reckon, that getPublicAccessForContainer() is called to check whether the container
has public access before executing the listBlobs. 



> Support for SAS token based Authentication for Azure Blob Storage
> -----------------------------------------------------------------
>                 Key: JCLOUDS-1428
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1428
>             Project: jclouds
>          Issue Type: Improvement
>          Components: jclouds-blobstore
>            Reporter: Himanshu Jain
>            Priority: Major
>              Labels: azureblob
>             Fix For: 2.2.0, 2.1.3
>         Attachments: azure_stacktrace.txt
>          Time Spent: 40m
>  Remaining Estimate: 0h
> Hi,
> We have one use case where we want to provide limited access to objects in our storage
accounts. We figured that the best way to do  this is by using SAS token based authentication
mechanism to upload/download objects to Azure Blob Storage - [SAS based Authentication|https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1]
> We found that JClouds client library provides support for Azure Blob Storage using account
keys which might not fit our use case because of security reasons.

This message was sent by Atlassian JIRA

View raw message