| title | Create an account SAS with Java |
|---|---|
| titleSuffix | Azure Storage |
| description | Learn how to create an account shared access signature (SAS) using the Java client library. |
| services | storage |
| author | stevenmatthew |
| ms.service | azure-storage |
| ms.topic | how-to |
| ms.date | 08/05/2024 |
| ms.author | shaas |
| ms.reviewer | dineshm |
| ms.subservice | storage-common-concepts |
| ms.devlang | java |
| ms.custom | devx-track-java, devguide-java, devx-track-extended-java |
[!INCLUDE storage-dev-guide-selector-account-sas]
[!INCLUDE storage-auth-sas-intro-include]
This article shows how to use the storage account key to create an account SAS with the Azure Storage client library for Java.
An account SAS is created at the level of the storage account, and is signed with the account access key. By creating an account SAS, you can:
- Delegate access to service-level operations that aren't currently available with a service-specific SAS, such as Get Blob Service Properties, Set Blob Service Properties and Get Blob Service Stats.
- Delegate access to more than one service in a storage account at a time. For example, you can delegate access to resources in both Azure Blob Storage and Azure Files by using an account SAS.
Stored access policies aren't supported for an account SAS.
To work with the code examples in this article, add the following import directives:
import com.azure.storage.blob.*;
import com.azure.storage.blob.models.*;
import com.azure.storage.blob.sas.*;
import com.azure.storage.common.sas.AccountSasPermission;
import com.azure.storage.common.sas.AccountSasResourceType;
import com.azure.storage.common.sas.AccountSasService;
import com.azure.storage.common.sas.AccountSasSignatureValues;You can create an account SAS to delegate limited access to storage account resources using the following method:
To configure the signature values for the account SAS, use the following helper classes:
- AccountSasPermission: Represents the permissions allowed by the SAS. In our example, we set the read permission to
true. - AccountSasService: Represents the services accessible by the SAS. In our example, we allow access to the Blob service.
- AccountSasResourceType: Represents the resource types accessible by the SAS. In our example, we allow access to service-level APIs.
Once the helper classes are configured, you can initialize parameters for the SAS with an AccountSasSignatureValues instance.
The following code example shows how to configure SAS parameters and call the generateAccountSas method to get the account SAS:
:::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_CreateAccountSAS":::
The following code example shows how to use the account SAS created in the earlier example to authorize a BlobServiceClient object. This client object can then be used to access service-level APIs based on the permissions granted by the SAS.
First, create a BlobServiceClient object signed with the account access key:
String accountName = "<account-name>";
String accountKey = "<account-key>";
StorageSharedKeyCredential credential = new StorageSharedKeyCredential(accountName, accountKey);
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
.endpoint(String.format("https://%s.blob.core.windows.net/", accountName))
.credential(credential)
.buildClient();Then, generate the account SAS as shown in the earlier example and use the SAS to authorize a BlobServiceClient object:
:::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_UseAccountSAS":::
You can also use an account SAS to authorize and work with a BlobContainerClient object or BlobClient object, if those resource types are granted access as part of the signature values.
To learn more about creating an account SAS using the Azure Blob Storage client library for Java, see the following resources.
[!INCLUDE storage-dev-guide-resources-java]