Merge pull request #286282 from pauljewellmsft/java-sas

[Dev guide] Combine SAS articles for containers and blobs - Java

Author: v-shils

articles/storage/.openpublishing.redirection.storage.json

@@ -500,6 +500,16 @@
             "redirect_url": "/azure/storage/blobs/storage-blob-user-delegation-sas-create-dotnet",
             "redirect_document_id": false
         },
+        {
+            "source_path_from_root": "/articles/storage/blobs/sas-service-create-java-container.md",
+            "redirect_url": "/azure/storage/blobs/sas-service-create-java",
+            "redirect_document_id": false
+        },
+        {
+            "source_path_from_root": "/articles/storage/blobs/storage-blob-container-user-delegation-sas-create-java.md",
+            "redirect_url": "/azure/storage/blobs/storage-blob-user-delegation-sas-create-java",
+            "redirect_document_id": false
+        },
         {
             "source_path_from_root": "/articles/storage/common/authorize-active-directory-cli.md",
             "redirect_url": "/azure/storage/common/authorize-data-operations-cli",

articles/storage/blobs/TOC.yml

@@ -671,6 +671,14 @@ items:
               href: /azure/developer/java/sdk/identity-service-principal-auth?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
             - name: Auth in Azure hosted applications
               href: /azure/developer/java/sdk/identity-azure-hosted-auth?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
+          - name: Shared access signature (SAS)
+            items:
+            - name: Authorize using a user delegation SAS
+              href: storage-blob-user-delegation-sas-create-java.md
+            - name: Authorize using a service SAS
+              href: sas-service-create-java.md
+            - name: Authorize using an account SAS
+              href: ../common/storage-account-sas-create-java.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
         - name: Container actions
           items:
           - name: Create a container
@@ -683,14 +691,6 @@ items:
             href: storage-blob-container-lease-java.md
           - name: Manage properties and metadata
             href: storage-blob-container-properties-metadata-java.md
-          - name: Generate a shared access signature (SAS)
-            items:
-            - name: Create a user delegation SAS for a container
-              href: storage-blob-container-user-delegation-sas-create-java.md
-            - name: Create a service SAS for a container
-              href: sas-service-create-java-container.md
-            - name: Create an account SAS
-              href: ../common/storage-account-sas-create-java.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
         - name: Blob actions
           items:
           - name: Upload blobs
@@ -717,14 +717,6 @@ items:
             href: storage-blob-properties-metadata-java.md
           - name: Set or change a blob's access tier
             href: storage-blob-use-access-tier-java.md
-          - name: Generate a shared access signature (SAS)
-            items:
-            - name: Create a user delegation SAS for a blob
-              href: storage-blob-user-delegation-sas-create-java.md
-            - name: Create a service SAS for a blob
-              href: sas-service-create-java.md
-            - name: Create an account SAS
-              href: ../common/storage-account-sas-create-java.md?toc=/azure/storage/blobs/toc.json&bc=/azure/storage/blobs/breadcrumb/toc.json
         - name: Client library configuration options
           items:
           - name: Performance tuning for uploads and downloads

articles/storage/blobs/sas-service-create-java-container.md

@@ -1,33 +1,49 @@
 ---
 title: Create a service SAS for a blob with Java
 titleSuffix: Azure Storage
-description: Learn how to create a service shared access signature (SAS) for a blob using the Azure Blob Storage client library for Java.
+description: Learn how to create a service shared access signature (SAS) for a container or blob using the Azure Blob Storage client library for Java.
 author: pauljewellmsft
 
 ms.service: azure-blob-storage
 ms.topic: how-to
-ms.date: 08/05/2024
+ms.date: 09/06/2024
 ms.author: pauljewell
 ms.reviewer: nachakra
 ms.devlang: java
 ms.custom: devx-track-java, devguide-java, engagement-fy23, devx-track-java, devx-track-extended-java
 ---
 
-# Create a service SAS for a blob with Java
+# Create a service SAS for a container or blob with Java
 
 [!INCLUDE [storage-dev-guide-selector-service-sas](../../../includes/storage-dev-guides/storage-dev-guide-selector-service-sas.md)]
 
 [!INCLUDE [storage-auth-sas-intro-include](../../../includes/storage-auth-sas-intro-include.md)]
 
-This article shows how to use the storage account key to create a service SAS for a blob with the Blob Storage client library for Java.
+This article shows how to use the storage account key to create a service SAS for a container or blob with the Blob Storage client library for Java.
 
 ## About the service SAS
 
 A service SAS is signed with the account access key. You can use the [StorageSharedKeyCredential](/java/api/com.azure.storage.common.storagesharedkeycredential) class to create the credential that is used to sign the service SAS.
 
 You can also use a stored access policy to define the permissions and duration of the SAS. If the name of an existing stored access policy is provided, that policy is associated with the SAS. To learn more about stored access policies, see [Define a stored access policy](/rest/api/storageservices/define-stored-access-policy). If no stored access policy is provided, the code examples in this article show how to define permissions and duration for the SAS.
 
-## Create a service SAS for a blob
+## Create a service SAS
+
+You can create a service SAS for a container or blob, based on the needs of your app.
+
+### [Container](#tab/container)
+
+You can create a service SAS to delegate limited access to a container resource using the following method:
+
+- [generateSas](/java/api/com.azure.storage.blob.specialized.blobclientbase#method-details)
+
+SAS signature values, such as expiry time and signed permissions, are passed to the method as part of a [BlobServiceSasSignatureValues](/java/api/com.azure.storage.blob.sas.blobservicesassignaturevalues) instance. Permissions are specified as a [BlobContainerSasPermission](/java/api/com.azure.storage.blob.sas.blobcontainersaspermission) instance.
+
+The following code example shows how to create a service SAS with read permissions for a container resource:
+
+:::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_CreateServiceSASContainer":::
+
+### [Blob](#tab/blob)
 
 You can create a service SAS to delegate limited access to a blob resource using the following method:
 
@@ -39,8 +55,35 @@ The following code example shows how to create a service SAS with read permissio
 
 :::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_CreateServiceSASBlob":::
 
+---
+
 ## Use a service SAS to authorize a client object
 
+You can use a service SAS to authorize a client object to perform operations on a container or blob based on the permissions granted by the SAS.
+
+### [Container](#tab/container)
+
+The following code examples show how to use the service SAS to authorize a [BlobContainerClient](/java/api/com.azure.storage.blob.blobcontainerclient) object. This client object can be used to perform operations on the container resource based on the permissions granted by the SAS.
+
+First, create a [BlobServiceClient](/java/api/com.azure.storage.blob.blobserviceclient) object signed with the account access key:
+
+```java
+String accountName = "<account-name>";
+String accountKey = "<account-key>";
+StorageSharedKeyCredential credential = new StorageSharedKeyCredential(accountName, accountKey);
+        
+BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
+        .endpoint(String.format("https://%s.blob.core.windows.net/", accountName))
+        .credential(credential)
+        .buildClient();
+```
+
+Then, generate the service SAS as shown in the earlier example and use the SAS to authorize a [BlobContainerClient](/java/api/com.azure.storage.blob.blobcontainerclient) object:
+
+:::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_UseServiceSASContainer":::
+
+### [Blob](#tab/blob)
+
 The following code example shows how to use the service SAS created in the earlier example to authorize a [BlobClient](/java/api/com.azure.storage.blob.blobclient) object. This client object can be used to perform operations on the blob resource based on the permissions granted by the SAS.
 
 First, create a [BlobServiceClient](/java/api/com.azure.storage.blob.blobserviceclient) object signed with the account access key:
@@ -60,10 +103,16 @@ Then, generate the service SAS as shown in the earlier example and use the SAS t
 
 :::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_UseServiceSASBlob":::
 
+---
+
 ## Resources
 
 To learn more about using the Azure Blob Storage client library for Java, see the following resources.
 
+### Code samples
+
+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java)
+
 [!INCLUDE [storage-dev-guide-resources-java](../../../includes/storage-dev-guides/storage-dev-guide-resources-java.md)]
 
 ### See also