Package com.azure.storage.blob.sas

Class BlobServiceSasSignatureValues

java.lang.Object
com.azure.storage.blob.sas.BlobServiceSasSignatureValues
public final class BlobServiceSasSignatureValues extends Object
Used to initialize parameters for a Shared Access Signature (SAS) for an Azure Blob Storage service. Once all the values here are set, use the appropriate SAS generation method on the desired container/blob client to obtain a representation of the SAS which can then be applied to a new client using the .sasToken(String) method on the desired client builder.
See Also:

  • Constructor Details

  • Method Details

    • getVersion

      public String getVersion()
      Returns:
      the version of the service this SAS will target. If not specified, it will default to the version targeted by the library.

    • setVersion

      @Deprecated public BlobServiceSasSignatureValues setVersion(String version)
      Deprecated.
      The version is set to the latest version of sas. Users should stop calling this API as it is now treated as a no-op.
      Sets the version of the service this SAS will target. If not specified, it will default to the version targeted by the library.
      Parameters:
      version - Version to target
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getProtocol

      public SasProtocol getProtocol()
      Returns:
      the SasProtocol which determines the protocols allowed by the SAS.

    • setProtocol

      public BlobServiceSasSignatureValues setProtocol(SasProtocol protocol)
      Sets the SasProtocol which determines the protocols allowed by the SAS.
      Parameters:
      protocol - Protocol for the SAS
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getStartTime

      public OffsetDateTime getStartTime()
      Returns:
      when the SAS will take effect.

    • setStartTime

      public BlobServiceSasSignatureValues setStartTime(OffsetDateTime startTime)
      Sets when the SAS will take effect.
      Parameters:
      startTime - When the SAS takes effect
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getExpiryTime

      public OffsetDateTime getExpiryTime()
      Returns:
      the time after which the SAS will no longer work.

    • setExpiryTime

      public BlobServiceSasSignatureValues setExpiryTime(OffsetDateTime expiryTime)
      Sets the time after which the SAS will no longer work.
      Parameters:
      expiryTime - When the SAS will no longer work
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getPermissions

      public String getPermissions()
      Returns:
      the permissions string allowed by the SAS. Please refer to either BlobContainerSasPermission or BlobSasPermission depending on the resource being accessed for help determining the permissions allowed.

    • setPermissions

      public BlobServiceSasSignatureValues setPermissions(BlobSasPermission permissions)
      Sets the Blob permissions allowed by the SAS.
      Parameters:
      permissions - BlobSasPermission
      Returns:
      the updated BlobServiceSASSignatureValues object
      Throws:
      NullPointerException - if permissions is null.

    • setPermissions

      public BlobServiceSasSignatureValues setPermissions(BlobContainerSasPermission permissions)
      Sets the Container permissions allowed by the SAS.
      Parameters:
      permissions - BlobContainerSasPermission
      Returns:
      the updated BlobServiceSASSignatureValues object
      Throws:
      NullPointerException - if permissions is null.

    • getSasIpRange

      public SasIpRange getSasIpRange()
      Returns:
      the SasIpRange which determines the IP ranges that are allowed to use the SAS.

    • setSasIpRange

      public BlobServiceSasSignatureValues setSasIpRange(SasIpRange sasIpRange)
      Sets the SasIpRange which determines the IP ranges that are allowed to use the SAS.
      Parameters:
      sasIpRange - Allowed IP range to set
      Returns:
      the updated BlobServiceSASSignatureValues object
      See Also:

    • getContainerName

      @Deprecated public String getContainerName()
      Deprecated.
      Container name is now auto-populated by the SAS generation methods provided on the desired container/blob client.
      Gets the name of the container the SAS user may access.
      Returns:
      The name of the container the SAS user may access.

    • setContainerName

      @Deprecated public BlobServiceSasSignatureValues setContainerName(String containerName)
      Deprecated.
      Please use the SAS generation methods provided on the desired container/blob client that will auto-populate the container name.
      Sets the container the SAS user may access.
      Parameters:
      containerName - The name of the container.
      Returns:
      The updated BlobServiceSASSignatureValues object.

    • getBlobName

      @Deprecated public String getBlobName()
      Deprecated.
      Blob name is now auto-populated by the SAS generation methods provided on the desired blob client.
      Decodes and gets the name of the blob the SAS user may access. null or an empty string is returned when a creating a container SAS.
      Returns:
      The decoded name of the blob the SAS user may access. null or an empty string is returned when a creating a container SAS.

    • setBlobName

      @Deprecated public BlobServiceSasSignatureValues setBlobName(String blobName)
      Deprecated.
      Please use the SAS generation methods provided on the desired blob client that will auto-populate the blob name.
      Sets the blob the SAS user may access. Use null or an empty string to create a container SAS.
      Parameters:
      blobName - The name of the blob. Use null or an empty string to create a container SAS.
      Returns:
      The updated BlobServiceSASSignatureValues object.

    • getSnapshotId

      @Deprecated public String getSnapshotId()
      Deprecated.
      Snapshot id is now auto-populated by the SAS generation methods provided on the desired (snapshot) blob client.
      Returns:
      the specific snapshot the SAS user may access.

    • setSnapshotId

      @Deprecated public BlobServiceSasSignatureValues setSnapshotId(String snapshotId)
      Deprecated.
      Please use the SAS generation methods provided on the desired (snapshot) blob client that will auto-populate the snapshot id.
      Sets the specific snapshot the SAS user may access.

      resource will be set to SAS_BLOB_SNAPSHOT_CONSTANT if the passed snapshotId isn't null amd resource is set to SAS_BLOB_CONSTANT.

      Parameters:
      snapshotId - Identifier of the snapshot
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getIdentifier

      public String getIdentifier()
      Returns:
      the name of the access policy on the container this SAS references if any. Please see here for more information.

    • setIdentifier

      public BlobServiceSasSignatureValues setIdentifier(String identifier)
      Sets the name of the access policy on the container this SAS references if any. Please see here for more information.
      Parameters:
      identifier - Name of the access policy
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getCacheControl

      public String getCacheControl()
      Returns:
      the cache-control header for the SAS.

    • setCacheControl

      public BlobServiceSasSignatureValues setCacheControl(String cacheControl)
      Sets the cache-control header for the SAS.
      Parameters:
      cacheControl - Cache-Control header value
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getContentDisposition

      public String getContentDisposition()
      Returns:
      the content-disposition header for the SAS.

    • setContentDisposition

      public BlobServiceSasSignatureValues setContentDisposition(String contentDisposition)
      Sets the content-disposition header for the SAS.
      Parameters:
      contentDisposition - Content-Disposition header value
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getContentEncoding

      public String getContentEncoding()
      Returns:
      the content-encoding header for the SAS.

    • setContentEncoding

      public BlobServiceSasSignatureValues setContentEncoding(String contentEncoding)
      Sets the content-encoding header for the SAS.
      Parameters:
      contentEncoding - Content-Encoding header value
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getContentLanguage

      public String getContentLanguage()
      Returns:
      the content-language header for the SAS.

    • setContentLanguage

      public BlobServiceSasSignatureValues setContentLanguage(String contentLanguage)
      Sets the content-language header for the SAS.
      Parameters:
      contentLanguage - Content-Language header value
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getContentType

      public String getContentType()
      Returns:
      the content-type header for the SAS.

    • setContentType

      public BlobServiceSasSignatureValues setContentType(String contentType)
      Sets the content-type header for the SAS.
      Parameters:
      contentType - Content-Type header value
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getPreauthorizedAgentObjectId

      public String getPreauthorizedAgentObjectId()
      Returns:
      The AAD object ID of a user assumed to be authorized by the owner of the user delegation key to perform the action granted by the SAS token. The service will validate the SAS token and ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the agent object id will be performed.

    • setPreauthorizedAgentObjectId

      public BlobServiceSasSignatureValues setPreauthorizedAgentObjectId(String preauthorizedAgentObjectId)
      Sets the AAD object ID of a user assumed to be authorized by the owner of the user delegation key to perform the action granted by the SAS token.
      Parameters:
      preauthorizedAgentObjectId - The AAD object ID of a user assumed to be authorized by the owner of the user delegation key to perform the action granted by the SAS token. The service will validate the SAS token and ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the agent object id will be performed.
      Returns:
      the updated BlobServiceSASSignatureValues object

    • getCorrelationId

      public String getCorrelationId()
      Returns:
      the correlation id value for the SAS.

    • setCorrelationId

      public BlobServiceSasSignatureValues setCorrelationId(String correlationId)
      Sets the correlation id value for the SAS.

      Note: This parameter is only valid for user delegation SAS.

      Parameters:
      correlationId - A correlation ID used to correlate the storage audit logs with the audit logs used by the principal generating and distributing SAS.
      Returns:
      the updated BlobServiceSasSignatureValues object

    • generateSasQueryParameters

      @Deprecated public BlobServiceSasQueryParameters generateSasQueryParameters(StorageSharedKeyCredential storageSharedKeyCredentials)
      Deprecated.
      Please use the generateSas(BlobServiceSasSignatureValues) method on the desired container/blob client after initializing BlobServiceSasSignatureValues.
      Uses an account's shared key credential to sign these signature values to produce the proper SAS query parameters.

      Notes on SAS generation

      The type of SAS query parameters returned depends on the following:

      1. If getBlobName() is not set, container SAS query parameters are returned.
      2. If getBlobName() and getSnapshotId() are set, blob snapshot SAS query parameters are returned.
      3. If only getBlobName() is set, blob SAS query parameters are returned.
      See class level JavaDocs for code snippets.
      Parameters:
      storageSharedKeyCredentials - A StorageSharedKeyCredential object used to sign the SAS values.
      Returns:
      BlobServiceSasQueryParameters
      Throws:
      IllegalStateException - If the HMAC-SHA256 algorithm isn't supported, if the key isn't a valid Base64 encoded string, or the UTF-8 charset isn't supported.
      IllegalArgumentException - if getPermissions() contains an invalid character for the SAS resource.
      NullPointerException - if storageSharedKeyCredentials is null.

    • generateSasQueryParameters

      @Deprecated public BlobServiceSasQueryParameters generateSasQueryParameters(UserDelegationKey delegationKey, String accountName)
      Deprecated.
      Please use the generateUserDelegationSas(BlobServiceSasSignatureValues, UserDelegationKey) method on the desired container/blob client after initializing BlobServiceSasSignatureValues.
      Uses a user delegation key to sign these signature values to produce the proper SAS query parameters.

      Notes on SAS generation

      The type of SAS query parameters returned depends on the following:

      1. If getBlobName() is not set, container SAS query parameters are returned.
      2. If getBlobName() and getSnapshotId() are set, blob snapshot SAS query parameters are returned.
      3. If only getBlobName() is set, blob SAS query parameters are returned.
      See class level JavaDocs for code snippets.
      Parameters:
      delegationKey - A UserDelegationKey object used to sign the SAS values.
      accountName - Azure Storage account name to generate SAS for.
      Returns:
      BlobServiceSasQueryParameters
      Throws:
      IllegalStateException - If the HMAC-SHA256 algorithm isn't supported, if the key isn't a valid Base64 encoded string, or the UTF-8 charset isn't supported.
      IllegalArgumentException - if getPermissions() contains an invalid character for the SAS resource.
      NullPointerException - if delegationKey or account is null.
      See Also: