Quickstart: Azure Blob Storage client library for Java
Get started with the Azure Blob Storage client library for Java to manage blobs and containers.
In this article, you follow steps to install the package and try out example code for basic tasks.
Tip
If you're working with Azure Storage resources in a Spring application, we recommend that you consider Spring Cloud Azure as an alternative. Spring Cloud Azure is an open-source project that provides seamless Spring integration with Azure services. To learn more about Spring Cloud Azure, and to see an example using Blob Storage, see Upload a file to an Azure Storage Blob.
API reference documentation | Library source code | Package (Maven) | Samples
Prerequisites
- Azure account with an active subscription - create an trial account.
- Azure Storage account - create a storage account.
- Java Development Kit (JDK) version 8 or above.
- Apache Maven.
Setting up
This section walks you through preparing a project to work with the Azure Blob Storage client library for Java.
Create the project
Create a Java application named blob-quickstart.
In a console window (such as PowerShell or Bash), use Maven to create a new console app with the name blob-quickstart. Type the following mvn command to create a "Hello world!" Java project.
mvn archetype:generate ` --define interactiveMode=n ` --define groupId=com.blobs.quickstart ` --define artifactId=blob-quickstart ` --define archetypeArtifactId=maven-archetype-quickstart ` --define archetypeVersion=1.4
The output from generating the project should look something like this:
[INFO] Scanning for projects... [INFO] [INFO] ------------------< org.apache.maven:standalone-pom >------------------- [INFO] Building Maven Stub Project (No POM) 1 [INFO] --------------------------------[ pom ]--------------------------------- [INFO] [INFO] >>> maven-archetype-plugin:3.1.2:generate (default-cli) > generate-sources @ standalone-pom >>> [INFO] [INFO] <<< maven-archetype-plugin:3.1.2:generate (default-cli) < generate-sources @ standalone-pom <<< [INFO] [INFO] [INFO] --- maven-archetype-plugin:3.1.2:generate (default-cli) @ standalone-pom --- [INFO] Generating project in Batch mode [INFO] ---------------------------------------------------------------------------- [INFO] Using following parameters for creating project from Archetype: maven-archetype-quickstart:1.4 [INFO] ---------------------------------------------------------------------------- [INFO] Parameter: groupId, Value: com.blobs.quickstart [INFO] Parameter: artifactId, Value: blob-quickstart [INFO] Parameter: version, Value: 1.0-SNAPSHOT [INFO] Parameter: package, Value: com.blobs.quickstart [INFO] Parameter: packageInPathFormat, Value: com/blobs/quickstart [INFO] Parameter: version, Value: 1.0-SNAPSHOT [INFO] Parameter: package, Value: com.blobs.quickstart [INFO] Parameter: groupId, Value: com.blobs.quickstart [INFO] Parameter: artifactId, Value: blob-quickstart [INFO] Project created from Archetype in dir: C:\QuickStarts\blob-quickstart [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 7.056 s [INFO] Finished at: 2019-10-23T11:09:21-07:00 [INFO] ------------------------------------------------------------------------ ```
Switch to the newly created blob-quickstart folder.
cd blob-quickstart
In side the blob-quickstart directory, create another directory called data. This folder is where the blob data files will be created and stored.
mkdir data
Install the packages
Open the pom.xml
file in your text editor.
Add azure-sdk-bom to take a dependency on the latest version of the library. In the following snippet, replace the {bom_version_to_target}
placeholder with the version number. Using azure-sdk-bom keeps you from having to specify the version of each individual dependency. To learn more about the BOM, see the Azure SDK BOM README.
<dependencyManagement>
<dependencies>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-sdk-bom</artifactId>
<version>{bom_version_to_target}</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
Then add the following dependency elements to the group of dependencies. The azure-identity dependency is needed for passwordless connections to Azure services.
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-storage-blob</artifactId>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
</dependency>
Set up the app framework
From the project directory, follow steps to create the basic structure of the app:
- Navigate to the /src/main/java/com/blobs/quickstart directory
- Open the
App.java
file in your editor - Delete the line
System.out.println("Hello world!");
- Add the necessary
import
directives
The code should resemble this framework:
package com.blobs.quickstart;
/**
* Azure Blob Storage quickstart
*/
import com.azure.identity.*;
import com.azure.storage.blob.*;
import com.azure.storage.blob.models.*;
import java.io.*;
public class App
{
public static void main(String[] args) throws IOException
{
// Quickstart code goes here
}
}
Object model
Azure Blob Storage is optimized for storing massive amounts of unstructured data. Unstructured data doesn't adhere to a particular data model or definition, such as text or binary data. Blob storage offers three types of resources:
- The storage account
- A container in the storage account
- A blob in the container
The following diagram shows the relationship between these resources.
Use the following Java classes to interact with these resources:
- BlobServiceClient: The
BlobServiceClient
class allows you to manipulate Azure Storage resources and blob containers. The storage account provides the top-level namespace for the Blob service. - BlobServiceClientBuilder: The
BlobServiceClientBuilder
class provides a fluent builder API to help aid the configuration and instantiation ofBlobServiceClient
objects. - BlobContainerClient: The
BlobContainerClient
class allows you to manipulate Azure Storage containers and their blobs. - BlobClient: The
BlobClient
class allows you to manipulate Azure Storage blobs. - BlobItem: The
BlobItem
class represents individual blobs returned from a call to listBlobs.
Code examples
These example code snippets show you how to perform the following actions with the Azure Blob Storage client library for Java:
- Authenticate to Azure and authorize access to blob data
- Create a container
- Upload blobs to a container
- List the blobs in a container
- Download blobs
- Delete a container
Important
Make sure you have the correct dependencies in pom.xml and the necessary directives for the code samples to work, as described in the setting up section.
Authenticate to Azure and authorize access to blob data
Application requests to Azure Blob Storage must be authorized. Using the DefaultAzureCredential
class provided by the Azure Identity client library is the recommended approach for implementing passwordless connections to Azure services in your code, including Blob Storage.
You can also authorize requests to Azure Blob Storage by using the account access key. However, this approach should be used with caution. Developers must be diligent to never expose the access key in an unsecure location. Anyone who has the access key is able to authorize requests against the storage account, and effectively has access to all the data. DefaultAzureCredential
offers improved management and security benefits over the account key to allow passwordless authentication. Both options are demonstrated in the following example.
DefaultAzureCredential
is a class provided by the Azure Identity client library for Java. DefaultAzureCredential
supports multiple authentication methods and determines which method should be used at runtime. This approach enables your app to use different authentication methods in different environments (local vs. production) without implementing environment-specific code.
The order and locations in which DefaultAzureCredential
looks for credentials can be found in the Azure Identity library overview.
For example, your app can authenticate using your Visual Studio Code sign-in credentials with when developing locally. Your app can then use a managed identity once it has been deployed to Azure. No code changes are required for this transition.
Assign roles to your Microsoft Entra user account
When developing locally, make sure that the user account that is accessing blob data has the correct permissions. You'll need Storage Blob Data Contributor to read and write blob data. To assign yourself this role, you'll need to be assigned the User Access Administrator role, or another role that includes the Microsoft.Authorization/roleAssignments/write action. You can assign Azure RBAC roles to a user using the Azure portal, Azure CLI, or Azure PowerShell. You can learn more about the available scopes for role assignments on the scope overview page.
In this scenario, you'll assign permissions to your user account, scoped to the storage account, to follow the Principle of Least Privilege. This practice gives users only the minimum permissions needed and creates more secure production environments.
The following example will assign the Storage Blob Data Contributor role to your user account, which provides both read and write access to blob data in your storage account.
Important
In most cases it will take a minute or two for the role assignment to propagate in Azure, but in rare cases it may take up to eight minutes. If you receive authentication errors when you first run your code, wait a few moments and try again.
In the Azure portal, locate your storage account using the main search bar or left navigation.
On the storage account overview page, select Access control (IAM) from the left-hand menu.
On the Access control (IAM) page, select the Role assignments tab.
Select + Add from the top menu and then Add role assignment from the resulting drop-down menu.
Use the search box to filter the results to the desired role. For this example, search for Storage Blob Data Contributor and select the matching result and then choose Next.
Under Assign access to, select User, group, or service principal, and then choose + Select members.
In the dialog, search for your Microsoft Entra username (usually your user@domain email address) and then choose Select at the bottom of the dialog.
Select Review + assign to go to the final page, and then Review + assign again to complete the process.
Sign-in and connect your app code to Azure using DefaultAzureCredential
You can authorize access to data in your storage account using the following steps:
Make sure you're authenticated with the same Microsoft Entra account you assigned the role to on your storage account. You can authenticate via the Azure CLI, Visual Studio Code, or Azure PowerShell.
Sign-in to Azure through the Azure CLI using the following command:
az login
To use
DefaultAzureCredential
, make sure that the azure-identity dependency is added inpom.xml
:<dependency> <groupId>com.azure</groupId> <artifactId>azure-identity</artifactId> </dependency>
Add this code to the
Main
method. When the code runs on your local workstation, it will use the developer credentials of the prioritized tool you're logged into to authenticate to Azure, such as the Azure CLI or Visual Studio Code./* * The default credential first checks environment variables for configuration * If environment configuration is incomplete, it will try managed identity */ DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build(); // Azure SDK client builders accept the credential as a parameter // TODO: Replace <storage-account-name> with your actual storage account name BlobServiceClient blobServiceClient = new BlobServiceClientBuilder() .endpoint("https://<storage-account-name>.blob.core.chinacloudapi.cn/") .credential(defaultCredential) .buildClient();
Make sure to update the storage account name in the URI of your
BlobServiceClient
. The storage account name can be found on the overview page of the Azure portal.Note
When deployed to Azure, this same code can be used to authorize requests to Azure Storage from an application running in Azure. However, you'll need to enable managed identity on your app in Azure. Then configure your storage account to allow that managed identity to connect. For detailed instructions on configuring this connection between Azure services, see the Auth from Azure-hosted apps tutorial.
Create a container
Create a new container in your storage account by calling the createBlobContainer method on the blobServiceClient
object. In this example, the code appends a GUID value to the container name to ensure that it's unique.
Add this code to the end of the Main
method:
// Create a unique name for the container
String containerName = "quickstartblobs" + java.util.UUID.randomUUID();
// Create the container and return a container client object
BlobContainerClient blobContainerClient = blobServiceClient.createBlobContainer(containerName);
To learn more about creating a container, and to explore more code samples, see Create a blob container with Java.
Important
Container names must be lowercase. For more information about naming containers and blobs, see Naming and Referencing Containers, Blobs, and Metadata.
Upload blobs to a container
Upload a blob to a container by calling the uploadFromFile method. The example code creates a text file in the local data directory to upload to the container.
Add this code to the end of the Main
method:
// Create the ./data/ directory and a file for uploading and downloading
String localPath = "./data/";
new File(localPath).mkdirs();
String fileName = "quickstart" + java.util.UUID.randomUUID() + ".txt";
// Get a reference to a blob
BlobClient blobClient = blobContainerClient.getBlobClient(fileName);
// Write text to the file
FileWriter writer = null;
try
{
writer = new FileWriter(localPath + fileName, true);
writer.write("Hello, World!");
writer.close();
}
catch (IOException ex)
{
System.out.println(ex.getMessage());
}
System.out.println("\nUploading to Blob storage as blob:\n\t" + blobClient.getBlobUrl());
// Upload the blob
blobClient.uploadFromFile(localPath + fileName);
To learn more about uploading blobs, and to explore more code samples, see Upload a blob with Java.
List the blobs in a container
List the blobs in the container by calling the listBlobs method. In this case, only one blob has been added to the container, so the listing operation returns just that one blob.
Add this code to the end of the Main
method:
System.out.println("\nListing blobs...");
// List the blob(s) in the container.
for (BlobItem blobItem : blobContainerClient.listBlobs()) {
System.out.println("\t" + blobItem.getName());
}
To learn more about listing blobs, and to explore more code samples, see List blobs with Java.
Download blobs
Download the previously created blob by calling the downloadToFile method. The example code adds a suffix of "DOWNLOAD" to the file name so that you can see both files in local file system.
Add this code to the end of the Main
method:
// Download the blob to a local file
// Append the string "DOWNLOAD" before the .txt extension for comparison purposes
String downloadFileName = fileName.replace(".txt", "DOWNLOAD.txt");
System.out.println("\nDownloading blob to\n\t " + localPath + downloadFileName);
blobClient.downloadToFile(localPath + downloadFileName);
To learn more about downloading blobs, and to explore more code samples, see Download a blob with Java.
Delete a container
The following code cleans up the resources the app created by removing the entire container using the delete method. It also deletes the local files created by the app.
The app pauses for user input by calling System.console().readLine()
before it deletes the blob, container, and local files. This is a good chance to verify that the resources were created correctly, before they're deleted.
Add this code to the end of the Main
method:
File downloadedFile = new File(localPath + downloadFileName);
File localFile = new File(localPath + fileName);
// Clean up resources
System.out.println("\nPress the Enter key to begin clean up");
System.console().readLine();
System.out.println("Deleting blob container...");
blobContainerClient.delete();
System.out.println("Deleting the local source and downloaded files...");
localFile.delete();
downloadedFile.delete();
System.out.println("Done");
To learn more about deleting a container, and to explore more code samples, see Delete and restore a blob container with Java.
Run the code
This app creates a test file in your local folder and uploads it to Blob storage. The example then lists the blobs in the container and downloads the file with a new name so that you can compare the old and new files.
Follow steps to compile, package, and run the code
- Navigate to the directory containing the
pom.xml
file and compile the project by using the followingmvn
command:mvn compile
- Package the compiled code in its distributable format:
mvn package
- Run the following
mvn
command to execute the app:
To simplify the run step, you can addmvn exec:java -D exec.mainClass=com.blobs.quickstart.App -D exec.cleanupDaemonThreads=false
exec-maven-plugin
topom.xml
and configure as shown below:
With this configuration, you can execute the app with the following command:<plugin> <groupId>org.codehaus.mojo</groupId> <artifactId>exec-maven-plugin</artifactId> <version>1.4.0</version> <configuration> <mainClass>com.blobs.quickstart.App</mainClass> <cleanupDaemonThreads>false</cleanupDaemonThreads> </configuration> </plugin>
mvn exec:java
The output of the app is similar to the following example (UUID values omitted for readability):
Azure Blob Storage - Java quickstart sample
Uploading to Blob storage as blob:
https://mystorageacct.blob.core.chinacloudapi.cn/quickstartblobsUUID/quickstartUUID.txt
Listing blobs...
quickstartUUID.txt
Downloading blob to
./data/quickstartUUIDDOWNLOAD.txt
Press the Enter key to begin clean up
Deleting blob container...
Deleting the local source and downloaded files...
Done
Before you begin the cleanup process, check your data folder for the two files. You can compare them and observe that they're identical.
Clean up resources
After you've verified the files and finished testing, press the Enter key to delete the test files along with the container you created in the storage account. You can also use Azure CLI to delete resources.