Combine SAS articles for containers and blobs

pauljewellmsft · pauljewellmsft · commit 985ebfe58c36 · 2024-09-06T13:13:40.000-04:00
diff --git a/articles/storage/blobs/sas-service-create-java.md b/articles/storage/blobs/sas-service-create-java.md
@@ -1,33 +1,49 @@
 ---
 title: Create a service SAS for a blob with Java
 titleSuffix: Azure Storage
-description: Learn how to create a service shared access signature (SAS) for a blob using the Azure Blob Storage client library for Java.
+description: Learn how to create a service shared access signature (SAS) for a container or blob using the Azure Blob Storage client library for Java.
 author: pauljewellmsft
 
 ms.service: azure-blob-storage
 ms.topic: how-to
-ms.date: 08/05/2024
+ms.date: 09/06/2024
 ms.author: pauljewell
 ms.reviewer: nachakra
 ms.devlang: java
 ms.custom: devx-track-java, devguide-java, engagement-fy23, devx-track-java, devx-track-extended-java
 ---
 
-# Create a service SAS for a blob with Java
+# Create a service SAS for a container or blob with Java
 
 [!INCLUDE [storage-dev-guide-selector-service-sas](../../../includes/storage-dev-guides/storage-dev-guide-selector-service-sas.md)]
 
 [!INCLUDE [storage-auth-sas-intro-include](../../../includes/storage-auth-sas-intro-include.md)]
 
-This article shows how to use the storage account key to create a service SAS for a blob with the Blob Storage client library for Java.
+This article shows how to use the storage account key to create a service SAS for a container or blob with the Blob Storage client library for Java.
 
 ## About the service SAS
 
 A service SAS is signed with the account access key. You can use the [StorageSharedKeyCredential](/java/api/com.azure.storage.common.storagesharedkeycredential) class to create the credential that is used to sign the service SAS.
 
 You can also use a stored access policy to define the permissions and duration of the SAS. If the name of an existing stored access policy is provided, that policy is associated with the SAS. To learn more about stored access policies, see [Define a stored access policy](/rest/api/storageservices/define-stored-access-policy). If no stored access policy is provided, the code examples in this article show how to define permissions and duration for the SAS.
 
-## Create a service SAS for a blob
+## Create a service SAS
+
+You can create a service SAS for a container or blob, based on the needs of your app.
+
+### [Container](#tab/container)
+
+You can create a service SAS to delegate limited access to a container resource using the following method:
+
+- [generateSas](/java/api/com.azure.storage.blob.specialized.blobclientbase#method-details)
+
+SAS signature values, such as expiry time and signed permissions, are passed to the method as part of a [BlobServiceSasSignatureValues](/java/api/com.azure.storage.blob.sas.blobservicesassignaturevalues) instance. Permissions are specified as a [BlobContainerSasPermission](/java/api/com.azure.storage.blob.sas.blobcontainersaspermission) instance.
+
+The following code example shows how to create a service SAS with read permissions for a container resource:
+
+:::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_CreateServiceSASContainer":::
+
+### [Blob](#tab/blob)
 
 You can create a service SAS to delegate limited access to a blob resource using the following method:
 
@@ -39,8 +55,35 @@ The following code example shows how to create a service SAS with read permissio
 
 :::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_CreateServiceSASBlob":::
 
+---
+
 ## Use a service SAS to authorize a client object
 
+You can use a service SAS to authorize a client object to perform operations on a container or blob based on the permissions granted by the SAS.
+
+### [Container](#tab/container)
+
+The following code examples show how to use the service SAS to authorize a [BlobContainerClient](/java/api/com.azure.storage.blob.blobcontainerclient) object. This client object can be used to perform operations on the container resource based on the permissions granted by the SAS.
+
+First, create a [BlobServiceClient](/java/api/com.azure.storage.blob.blobserviceclient) object signed with the account access key:
+
+```java
+String accountName = "<account-name>";
+String accountKey = "<account-key>";
+StorageSharedKeyCredential credential = new StorageSharedKeyCredential(accountName, accountKey);
+        
+BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
+        .endpoint(String.format("https://%s.blob.core.windows.net/", accountName))
+        .credential(credential)
+        .buildClient();
+```
+
+Then, generate the service SAS as shown in the earlier example and use the SAS to authorize a [BlobContainerClient](/java/api/com.azure.storage.blob.blobcontainerclient) object:
+
+:::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_UseServiceSASContainer":::
+
+### [Blob](#tab/blob)
+
 The following code example shows how to use the service SAS created in the earlier example to authorize a [BlobClient](/java/api/com.azure.storage.blob.blobclient) object. This client object can be used to perform operations on the blob resource based on the permissions granted by the SAS.
 
 First, create a [BlobServiceClient](/java/api/com.azure.storage.blob.blobserviceclient) object signed with the account access key:
@@ -60,10 +103,16 @@ Then, generate the service SAS as shown in the earlier example and use the SAS t
 
 :::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_UseServiceSASBlob":::
 
+---
+
 ## Resources
 
 To learn more about using the Azure Blob Storage client library for Java, see the following resources.
 
+### Code samples
+
+- [View code samples from this article (GitHub)](https://github.com/Azure-Samples/AzureStorageSnippets/blob/master/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java)
+
 [!INCLUDE [storage-dev-guide-resources-java](../../../includes/storage-dev-guides/storage-dev-guide-resources-java.md)]
 
 ### See also
diff --git a/articles/storage/blobs/storage-blob-user-delegation-sas-create-java.md b/articles/storage/blobs/storage-blob-user-delegation-sas-create-java.md
@@ -1,37 +1,53 @@
 ---
 title: Create a user delegation SAS for a blob with Java
 titleSuffix: Azure Storage
-description: Learn how to create a user delegation SAS for a blob with Microsoft Entra credentials by using the Azure Storage client library for Java.
+description: Learn how to create a user delegation SAS for a container or blob with Microsoft Entra credentials by using the Azure Storage client library for Java.
 services: storage
 author: pauljewellmsft
 ms.author: pauljewell
 ms.service: azure-blob-storage
 ms.topic: how-to
-ms.date: 08/05/2024
+ms.date: 09/06/2024
 ms.reviewer: dineshm
 ms.devlang: java
 ms.custom: devx-track-java, devguide-java, devx-track-extended-java
 ---
 
-# Create a user delegation SAS for a blob with Java
+# Create a user delegation SAS for a container or blob with Java
 
 [!INCLUDE [storage-dev-guide-selector-user-delegation-sas](../../../includes/storage-dev-guides/storage-dev-guide-selector-user-delegation-sas.md)]
 
 [!INCLUDE [storage-auth-sas-intro-include](../../../includes/storage-auth-sas-intro-include.md)]
 
-This article shows how to use Microsoft Entra credentials to create a user delegation SAS for a blob using the [Azure Storage client library for Java](/java/api/overview/azure/storage-blob-readme).
+This article shows how to use Microsoft Entra credentials to create a user delegation SAS for a container or blob using the [Azure Storage client library for Java](/java/api/overview/azure/storage-blob-readme).
 
 [!INCLUDE [storage-auth-user-delegation-include](../../../includes/storage-auth-user-delegation-include.md)]
 
 ## Assign Azure roles for access to data
 
-When a Microsoft Entra security principal attempts to access blob data, that security principal must have permissions to the resource. Whether the security principal is a managed identity in Azure or a Microsoft Entra user account running code in the development environment, the security principal must be assigned an Azure role that grants access to blob data. For information about assigning permissions via Azure RBAC, see [Assign an Azure role for access to blob data](assign-azure-role-data-access.md).
+When a Microsoft Entra security principal attempts to access data, that security principal must have permissions to the resource. Whether the security principal is a managed identity in Azure or a Microsoft Entra user account running code in the development environment, the security principal must be assigned an Azure role that grants access to data. For information about assigning permissions via Azure RBAC, see [Assign an Azure role for access to blob data](assign-azure-role-data-access.md).
 
 [!INCLUDE [storage-dev-guide-user-delegation-sas-java](../../../includes/storage-dev-guides/storage-dev-guide-user-delegation-sas-java.md)]
 
-## Create a user delegation SAS for a blob
+## Create a user delegation SAS
 
-Once you've obtained the user delegation key, you can create a user delegation SAS. You can create a user delegation SAS to delegate limited access to a blob resource using the following method from a [BlobClient](/java/api/com.azure.storage.blob.blobclient) instance:
+You can create a user delegation SAS for a container or blob, based on the needs of your app.
+
+### [Container](#tab/container)
+
+Once you've obtained the user delegation key, you can create a user delegation SAS. You can create a user delegation SAS to delegate limited access to a container resource using the following method from a [BlobContainerClient](/java/api/com.azure.storage.blob.blobcontainerclient) instance:
+
+- [generateUserDelegationSas](/java/api/com.azure.storage.blob.specialized.blobclientbase#method-details)
+
+The user delegation key to sign the SAS is passed to this method along with specified values for [BlobServiceSasSignatureValues](/java/api/com.azure.storage.blob.sas.blobservicesassignaturevalues). Permissions are specified as a [BlobContainerSasPermission](/java/api/com.azure.storage.blob.sas.blobcontainersaspermission) instance.
+
+The following code example shows how to create a user delegation SAS for a container:
+
+:::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_CreateUserDelegationSASContainer":::
+
+### [Blob](#tab/blob)
+
+Once you've obtained the user delegation key, you can create a user delegation SAS. You can create a user delegation SAS to delegate limited access to a blob using the following method from a [BlobClient](/java/api/com.azure.storage.blob.blobclient) instance:
 
 - [generateUserDelegationSas](/java/api/com.azure.storage.blob.specialized.blobclientbase#method-details)
 
@@ -41,12 +57,26 @@ The following code example shows how to create a user delegation SAS for a blob:
 
 :::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_CreateUserDelegationSASBlob":::
 
+---
+
 ## Use a user delegation SAS to authorize a client object
 
+You can use a user delegation SAS to authorize a client object to perform operations on a container or blob based on the permissions granted by the SAS.
+
+### [Container](#tab/container)
+
+The following code example shows how to use the user delegation SAS created in the earlier example to authorize a [BlobContainerClient](/java/api/com.azure.storage.blob.blobcontainerclient) object. This client object can be used to perform operations on the container resource based on the permissions granted by the SAS.
+
+:::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_UseUserDelegationSASContainer":::
+
+### [Blob](#tab/blob)
+
 The following code example shows how to use the user delegation SAS created in the earlier example to authorize a [BlobClient](/java/api/com.azure.storage.blob.blobclient) object. This client object can be used to perform operations on the blob resource based on the permissions granted by the SAS.
 
 :::code language="java" source="~/azure-storage-snippets/blobs/howto/Java/blob-devguide/blob-devguide-blobs/src/main/java/com/blobs/devguide/blobs/BlobSAS.java" id="Snippet_UseUserDelegationSASBlob":::
 
+---
+
 ## Resources
 
 To learn more about creating a user delegation SAS using the Azure Blob Storage client library for Java, see the following resources.
