[jira] [Commented] (HADOOP-19736) ABFS: Support for new auth type: User-bound SAS

Thu, 27 Nov 2025 05:42:10 -0800 


    [ 
https://issues.apache.org/jira/browse/HADOOP-19736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18041081#comment-18041081
 ] 

ASF GitHub Bot commented on HADOOP-19736:
-----------------------------------------

manika137 commented on code in PR #8051:
URL: https://github.com/apache/hadoop/pull/8051#discussion_r2568726303


##########
hadoop-tools/hadoop-azure/src/main/java/org/apache/hadoop/fs/azurebfs/AbfsConfiguration.java:
##########
@@ -1240,9 +1240,11 @@ public int getNumLeaseThreads() {
   }
 
   public boolean getCreateRemoteFileSystemDuringInitialization() {
-    // we do not support creating the filesystem when AuthType is SAS
+    // we do not support creating the filesystem when AuthType is SAS or 
UserboundSASWithOAuth
     return this.createRemoteFileSystemDuringInitialization
-        && this.getAuthType(this.accountName) != AuthType.SAS;
+        && this.getAuthType(this.accountName) != AuthType.SAS

Review Comment:
   taken. added a separate method for it





> ABFS: Support for new auth type: User-bound SAS
> -----------------------------------------------
>
>                 Key: HADOOP-19736
>                 URL: https://issues.apache.org/jira/browse/HADOOP-19736
>             Project: Hadoop Common
>          Issue Type: Task
>          Components: fs/azure
>    Affects Versions: 3.4.1, 3.4.2
>            Reporter: Manika Joshi
>            Assignee: Manika Joshi
>            Priority: Major
>              Labels: pull-request-available
>
> Adding support for new authentication type: user bound SAS
> User-bound SAS (Shared Access Signature) binds a SAS token to a specific user 
> identity rather than just granting access based on possession of the token. 
> This approach addresses key vulnerabilities in previous SAS mechanisms.
> The SAS token for it includes identity-binding parameters (e.g., skdutid, 
> sduoid) that correspond to the user’s Entra tenant and object ID.
> When accessing storage, the user must present a valid Entra access token 
> matching these parameters.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to