尝试通过 REST API 访问 Azure 数据湖存储 Gen 2 中的文件系统时出现 403 错误
[英]403 error when trying to access file system in Azure data lake storage Gen 2 via REST API
问题描述
I am trying to access file system in azure data lake storage gen 2 via REST API using java.
我正在尝试使用 REST API 访问 azure 数据湖存储 gen 2 中的文件系统。 this is how I am building my request:这就是我构建请求的方式:
public static void main(String[] args) throws Exception {
String urlString = "https://" + account + ".dfs.core.windows.net/sterisfiles?resource=filesystem";
HttpURLConnection connection = (HttpURLConnection)(new URL(urlString)).openConnection();
getFileRequest(connection, account, key);
connection.connect();
System.out.println("Response message : "+connection.getResponseMessage());
}
public static void getFileRequest(HttpURLConnection request, String account, String key) throws Exception{
SimpleDateFormat fmt = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss");
fmt.setTimeZone(TimeZone.getTimeZone("GMT"));
String date = fmt.format(Calendar.getInstance().getTime()) + " GMT";
String stringToSign = "GET\n"
+ "\n" // content encoding
+ "\n" // content language
+ "\n" // content length
+ "\n" // content md5
+ "\n" // content type
+ "\n" // date
+ "\n" // if modified since
+ "\n" // if match
+ "\n" // if none match
+ "\n" // if unmodified since
+ "\n" // range
+ "x-ms-date:" + date + "\n"
+ "x-ms-version:2014-02-14\n" //headers
+ "/"+account + request.getURL().getPath();
String auth = getAuthenticationString(stringToSign);
request.setRequestMethod("GET");
request.setRequestProperty("x-ms-date", date);
request.setRequestProperty("x-ms-version", "2014-02-14");
request.setRequestProperty("Authorization", auth);
}
private static String getAuthenticationString(String stringToSign) throws Exception{
Base64 base64 = new Base64();
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(base64.decode(key), "HmacSHA256"));
String authKey = new String(base64.encode(mac.doFinal(stringToSign.getBytes("UTF-8"))));
String auth = "SharedKey " + account + ":" + authKey;
return auth;
}
This is throwing 403 error with message: Server failed to authenticate the request.这是抛出403错误消息:服务器无法验证请求。 Make sure the value of Authorization header is formed correctly including the signature.确保 Authorization header 的值格式正确,包括签名。
are my request headers not correct?我的请求标头不正确吗?
1 个解决方案
解决方案1
1 已采纳 2019-09-27 03:44:19
According to my test, we can use Azure AD authentication to call Azure data lake storage Gen2 REST API.根据我的测试,我们可以使用Azure AD认证来调用Azure数据湖存储Gen2 RESTA18474238D0184A。 For more details, please refer to https://social.msdn.microsoft.com/Forums/en-US/45be0931-379d-4252-9d20-164261cc64c5/error-while-calling-adls-gen-2-rest-api-to-create-file?forum=AzureDataLake .更多详情请参考https://social.msdn.microsoft.com/Forums/en-US/45be0931-379d-4252-9d20-164261cc64c5/error-while-calling-adls-gen-2-rest-api -to-create-file?forum=AzureDataLake 。
- Create Azure AD service principal and assign a RABC role to it.创建 Azure AD 服务主体并为其分配 RABC 角色。 For futher information, please refer to https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad .有关更多信息,请参阅https://docs.microsoft.com/en-us/azure/storage/common/storage-auth-aad 。
az ad sp create-for-rbac -n 'your sp name' --role 'Storage Blob Data Owner' --scope 'your scope such as your storage account scope'
- Get access token获取访问令牌
Method : POST
URL: https://login.microsoftonline.com/<your Azure AD tenant domain>/oauth2/token
Body:
grant_type =client_credentials
client_id=<the appid you copy>
client_secret=<the password you copy>
resource=https://storage.azure.com
Call rest api a.
致电 rest api 一个。 Create File system创建文件系统PUT https://{accountName}.{dnsSuffix}/{filesystem}?resource=filesystemb.
湾。 List File system列表文件系统GET https://{accountName}.{dnsSuffix}/?resource=account
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.