私人Blob存储网址的格式，获取文件。 REST API [英] Format of private blob storage url, for GET file. Rest API

问题描述

微软表示得到一个斑点只是一个普通的HTTP GET https://myaccount.blob.core.windows.net/mycontainer/myblob 。但我怎么格式化字符串时，我有一个帐户+共享密钥？

Microsoft states that getting a Blob is just a normal http get https://myaccount.blob.core.windows.net/mycontainer/myblob. But how do I format the string when I have an account + shared key?

我知道有一个的Azure SDK，但我创造一个附加到现有的Java EE系统，并且不能在Azure上运行，所以我使用REST API。这是我试过到目前为止：

I know there is an Azure SDK, but i'm creating an "add-on" to an existing java ee system, and cannot run in Azure, so I'm using REST Api. This is what i've tried so far:

String account = "myaccount";
    String key = "243fedfsdf23f4f";
    String protocol = "http";
    String storageConnectionString = String.format("DefaultEndpointsProtocol=%s;AccountName=%s;AccountKey=%s", protocol, account, key);
    System.out.println(storageConnectionString);        

    URL url = new URL("https://mysite.azureweb.com/myfile.txt");
    HttpURLConnection conn = (HttpURLConnection) url.openConnection();

    if (conn.getResponseCode() != 200) {
        throw new IOException(conn.getResponseMessage());
    }

    // Buffer the result into a string
    BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
    StringBuilder sb = new StringBuilder();
    String line;
    while ((line = rd.readLine()) != null) {
        sb.append(line);
    }
    rd.close();
    conn.disconnect();

该字符串可能需要一些的Base64 编码？

更新

HTTP请求看起来像 GET https://myAccount.blob.core.windows.net/myDir/myfile.txt HTTP / 1.1
X-MS-日期：周四，2015年10月1日12点56分11秒GMT
X-MS-版本：2015年2月21日
授权：SharedKey我的帐户：asdfkjsladjfsdf827fhwf298f924f92723dfh23f273f2h7h4f
主持人：myAccount.blob.core.windows.net

The Http request looks like GET https://myAccount.blob.core.windows.net/myDir/myfile.txt HTTP/1.1 x-ms-date: Thu, 01 Oct 2015 12:56:11 GMT x-ms-version: 2015-02-21 Authorization: SharedKey myAccount:asdfkjsladjfsdf827fhwf298f924f92723dfh23f273f2h7h4f Host: myAccount.blob.core.windows.net

我只是需要打包到这一请求获得在一个文件中的 /mydir/myfile.txt

I "just" need to package this into a request to get a file in /mydir/myfile.txt

推荐答案

有两种接入类型作为Azure存储。其中通过的共享密钥通过等另一种的共享访问签名

There are two access types for Azure Storage. One via Shared Keys and other other one via Shared Access Signatures.

共享密钥给访问整个存储帐户。每个存储帐户，您有两个共享密钥，他们都是平等的。通常你永远不会给你的共享密钥了。通常只在服务器端使用它们不应用在客户端。

Shared Keys give access to the whole storage account. Per storage account you have two shared keys and they are both equal. Usually you never give your shared keys away. Typically you only use them on the server side not in apps on the client side.

您只想给一个单一的文件访问权限的人。为此使用共享密钥将是一个错误的解决方案。

You only want to give someone access to a single file. Therefor using shared keys would be the wrong solution.

共享访问签名给你创造一个（REST）请求的可能性，这是仅限于某些文件或容器。您可以选择的特权，如写入，读取，删除等你定义一个时间表，其中接入是有效的。对于共享访问签名你有两个选项：a）特设和b）基于策略。特设共享访问签名不能轻易撤销（你可以删除的文件或无效，你用来创建共享访问签名的共享密钥）。基于策略的共享访问签名很容易被删除策略进行撤销。

Shared Access Signatures give you the possibility to create a (REST) request, that is limited to certain files or containers. You can choose the privileges like write, read, delete etc. And you define a timeframe where the access is valid. For Shared Access Signatures you have two options: a) ad-hoc and b) policy-based. Ad-hoc Shared Access Signatures cannot be easily revoked (you could delete the file or invalidate the shared key which you used to create the Shared Access Signature). Policy-based Shared Access Signatures can easily be revoked by deleting the policy.

如果你不想使用Azure的SDK，你可以创建自己的共享访问签名。 如何构建他们在下面的链接解释：

If you do not want to use the Azure SDK, you can create your own Shared Access Signatures. How to construct them is explained in the following link:

建设服务SAS

也有样。

服务SAS例子

您文件存储在一个BLOB。所以，你必须使用该服务BLOB。在样本页面可以找到以下BLOB样本。

Your file is stored in a BLOB. So you have to use the service BLOB. On the samples page you find the following BLOB sample.

signedstart=2013-08-16
signedexpiry=2013-08-17
signedresource=c
signedpermissions=r
signature=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN/RnbI=
signedidentifier=YWJjZGVmZw==
signedversion=2013-08-15
responsecontent-disposition=file; attachment
responsecontent-type=binary


StringToSign = r + \n 
               2013-08-16 + \n
               2013-08-17 + \n
               /myaccount/pictures + \n
               YWJjZGVmZw== + \n
               2013-08-15 + \n
               + \n  
               file; attachment + \n
               + \n
               + \n
               binary


HMAC-SHA256(URL.Decode(UTF8.Encode(StringToSign))) = a39+YozJhGp6miujGymjRpN8tsrQfLo9Z3i8IRyIpnQ=

最后你得到一个网址为您的休息要求。

Finally you get a URL for your REST request.

GET https://myaccount.blob.core.windows.net/pictures/profile.jpg?sv=2013-08-15&st=2013-08-16&se=2013-08-17&sr=c&sp=r&rscd=file;%20attachment&rsct=binary &sig=YWJjZGVmZw%3d%3d&sig=a39%2BYozJhGp6miujGymjRpN8tsrQfLo9Z3i8IRyIpnQ%3d HTTP/1.1

有两页为完整的解释上看看。

Have a look on the two pages for the full explanation.

这篇关于私人Blob存储网址的格式，获取文件。 REST API的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！