Generate Presigned Url for Azure Blob throws Null pointer exception

0
votes

I want to generate a Presigned URL /SAS so that anyone with that url can access my file.

SDK Version : 12.8.0

I wrote the foll code :

BlockBlobClient blockBlobClient = objectStoreService.getBlobContainerClient().getBlobClient(fileName).getBlockBlobClient();

        String blobUrl = Utility.urlDecode(blockBlobClient.getBlobUrl());
        BlobSasPermission blobPermission = new BlobSasPermission()
                .setReadPermission(true);

        BlobServiceSasSignatureValues blobServiceSasSignatureValues = new BlobServiceSasSignatureValues(
                OffsetDateTime.now(ZoneOffset.UTC).plusSeconds(1000 * 60 * 60),
                blobPermission
        );
  
        blobUrl = blobUrl + "?" + blockBlobClient.generateSas(blobServiceSasSignatureValues);

But the code throws error as

java.lang.NullPointerException: The argument must not be null or an empty string. Argument name: storageSharedKeyCredentials.

Edit 1 : Tried with :

UserDelegationKey userDelegationKey = blobServiceClient.getUserDelegationKey(keyStart,keyExpiry);

String blobUrl = Utility.urlDecode(blobClient.getBlobUrl());

blobUrl = blobUrl + "?" + blobClient.generateUserDelegationSas(blobServiceSasSignatureValues,userDelegationKey);

But now getting :

"Status code 403, "AuthenticationFailedServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\nRequestId:7b0f0d75-d01e-00a8-4d84-7c9aa3000000\nTime:2021-07-19T09:54:31.1312999ZThe specified signed resource is not allowed for the this resource level"",

1
azureazure-storage-blobsazure-sas
Error is pretty straightforward - You will need to create storageSharedKeyCredentials to sign your SAS.Gaurav Mantri
@GauravMantri , I dont have the account key to create the credentials. In my organization, we get access to blob store via service which only provides a sasToken, container name and container uriAtharva Karanje
To generate a SAS token you will need either the account key or use Azure AD access token. You cannot generate a SAS token using another SAS token.Gaurav Mantri
Oh ok. @GauravMantri, is there any other way wherein I can generate a presigned url for my file using these credentials ( Sas Token, Account name, Container URI, Container Name) ?Atharva Karanje
Sure you can. I thought you wanted to create a new SAS token. Do you want to create a SAS URL for a blob given all these parameters. Correct?Gaurav Mantri

1 Answers

0
votes

Assuming you have a SAS token with valid permissions, blob container URL and the name of the blob, you can generate the SAS URL for the blob using this simple logic:

{blob-container-url}/{blob-name}?{sas-token}

If you want to use the SDK, first you will create a BlobContainerClient using your blob container URL and SAS token and then create a BlockBlobClient using that blob container client:

BlobContainerClient blobContainerClient = new BlobContainerClientBuilder()
    .endpoint("{blob-container-url}?{sas-token}")
    .buildClient();

BlockBlobClient blockBlobClient = blobContainerClient.getBlobClient("{blob-name}").getBlockBlobClient();

You can then use this blockBlobClient to perform operations on your blob. You can use getUrl() method to get the URL of the blob.