Package com.azure.core.credential

Class AzureSasCredential

java.lang.Object
com.azure.core.credential.AzureSasCredential
public final class AzureSasCredential extends Object

Represents a credential that uses a shared access signature to authenticate to an Azure Service. It is used for authenticating and authorizing access to Azure services using a shared access signature.

A shared access signature is a string-based token that grants limited permissions and access to specific resources within an Azure service for a specified period. It allows you to provide time-limited access to your resources without sharing your account key or other sensitive credentials.

The AzureSasCredential enables you to authenticate and access Azure services that support shared access signatures. By creating an instance of the AzureSasCredential class and providing the SAS token as a parameter, you can use this credential to authenticate requests to Azure services.

To use the Credential, you typically pass it to the appropriate Azure client or service client builder during instantiation. The library internally handles the authentication process and includes the SAS token in the HTTP requests made to the Azure service, allowing you to access the resources specified in the SAS token.

The AzureSasCredential is particularly useful when you need to grant temporary and limited access to specific resources, such as Azure Storage containers, blobs, queues, or files, without exposing your account key.

It's important to note that the availability and usage of the AzureSasCredential may depend on the specific Azure service and its support for shared access signatures. Additionally, the format and content of the SAS token may vary depending on the service and resource you are targeting.

Sample: Azure SAS Authentication

The following code sample demonstrates the creation of a AzureSasCredential, using the sas token to configure it.

 AzureSasCredential azureSasCredential =
     new AzureSasCredential("AZURE-SERVICE-SAS-KEY");
See Also:

  • Constructor Details

    • AzureSasCredential

      public AzureSasCredential(String signature)
      Creates a credential that authorizes request with the given shared access signature.

      The signature passed is assumed to be encoded. This constructor is effectively the same as calling new AzureSasCredential(signature, null)).

      Parameters:
      signature - The shared access signature used to authorize requests.
      Throws:
      NullPointerException - If signature is null.
      IllegalArgumentException - If signature is an empty string.

    • AzureSasCredential

      public AzureSasCredential(String signature, Function<String,String> signatureEncoder)
      Creates a credential that authorizes request within the given shared access signature.

      If signatureEncoder is non-null the signature, and all updated signatures, will be encoded using the function. signatureEncoder should be as idempotent as possible to reduce the chance of double encoding errors.

      Parameters:
      signature - The shared access signature used to authorize requests.
      signatureEncoder - An optional function which encodes the signature.
      Throws:
      NullPointerException - If signature is null.
      IllegalArgumentException - If signature is an empty string.

  • Method Details

    • getSignature

      public String getSignature()
      Retrieves the shared access signature associated to this credential.
      Returns:
      The shared access signature being used to authorize requests.

    • update

      public AzureSasCredential update(String signature)
      Rotates the shared access signature associated to this credential.
      Parameters:
      signature - The new shared access signature to be associated with this credential.
      Returns:
      The updated AzureSasCredential object.
      Throws:
      NullPointerException - If signature is null.
      IllegalArgumentException - If signature is an empty string.