[英]403 error when trying to access file system in Azure data lake storage Gen 2 via REST API
I am trying to access file system in azure data lake storage gen 2 via REST API using java.我正在尝试使用 REST API 访问 azure 数据湖存储 gen 2 中的文件系统。 this is how I am building my request:
这就是我构建请求的方式:
public static void main(String[] args) throws Exception {
String urlString = "https://" + account + ".dfs.core.windows.net/sterisfiles?resource=filesystem";
HttpURLConnection connection = (HttpURLConnection)(new URL(urlString)).openConnection();
getFileRequest(connection, account, key);
connection.connect();
System.out.println("Response message : "+connection.getResponseMessage());
}
public static void getFileRequest(HttpURLConnection request, String account, String key) throws Exception{
SimpleDateFormat fmt = new SimpleDateFormat("EEE, dd MMM yyyy HH:mm:ss");
fmt.setTimeZone(TimeZone.getTimeZone("GMT"));
String date = fmt.format(Calendar.getInstance().getTime()) + " GMT";
String stringToSign = "GET\n"
+ "\n" // content encoding
+ "\n" // content language
+ "\n" // content length
+ "\n" // content md5
+ "\n" // content type
+ "\n" // date
+ "\n" // if modified since
+ "\n" // if match
+ "\n" // if none match
+ "\n" // if unmodified since
+ "\n" // range
+ "x-ms-date:" + date + "\n"
+ "x-ms-version:2014-02-14\n" //headers
+ "/"+account + request.getURL().getPath();
String auth = getAuthenticationString(stringToSign);
request.setRequestMethod("GET");
request.setRequestProperty("x-ms-date", date);
request.setRequestProperty("x-ms-version", "2014-02-14");
request.setRequestProperty("Authorization", auth);
}
private static String getAuthenticationString(String stringToSign) throws Exception{
Base64 base64 = new Base64();
Mac mac = Mac.getInstance("HmacSHA256");
mac.init(new SecretKeySpec(base64.decode(key), "HmacSHA256"));
String authKey = new String(base64.encode(mac.doFinal(stringToSign.getBytes("UTF-8"))));
String auth = "SharedKey " + account + ":" + authKey;
return auth;
}
This is throwing 403 error with message: Server failed to authenticate the request.这是抛出403错误消息:服务器无法验证请求。 Make sure the value of Authorization header is formed correctly including the signature.
确保 Authorization header 的值格式正确,包括签名。
are my request headers not correct?我的请求标头不正确吗?
According to my test, we can use Azure AD authentication to call Azure data lake storage Gen2 REST API.根据我的测试,我们可以使用Azure AD认证来调用Azure数据湖存储Gen2 RESTA18474238D0184A。 For more details, please refer to https://social.msdn.microsoft.com/Forums/en-US/45be0931-379d-4252-9d20-164261cc64c5/error-while-calling-adls-gen-2-rest-api-to-create-file?forum=AzureDataLake .
更多详情请参考https://social.msdn.microsoft.com/Forums/en-US/45be0931-379d-4252-9d20-164261cc64c5/error-while-calling-adls-gen-2-rest-api -to-create-file?forum=AzureDataLake 。
az ad sp create-for-rbac -n 'your sp name' --role 'Storage Blob Data Owner' --scope 'your scope such as your storage account scope'
Method : POST
URL: https://login.microsoftonline.com/<your Azure AD tenant domain>/oauth2/token
Body:
grant_type =client_credentials
client_id=<the appid you copy>
client_secret=<the password you copy>
resource=https://storage.azure.com
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.