To enable authorization support in WASB, set the following property in core-site.xml:

<property>
   <name>fs.azure.authorization</name>
   <value>true</value>
</property>

The current implementation of authorization relies on the presence of an external service that can enforce the authorization. The service is expected to be running on a URL provided by the following configuration, which should also be set in core-site.xml:

<property>
   <name>fs.azure.authorization.remote.service.url</name>
   <value>{URL}</value>
</property>

The remote service is expected to provide support for the following REST call: {URL}/CHECK_AUTHORIZATION

An example request: {URL}/CHECK_AUTHORIZATION?wasb_absolute_path=<absolute_path>&operation_type=<operation type>&delegation_token=<delegation token>

The service is expected to return a response in JSON format:

{
  "responseCode" : 0 or non-zero <int>,
  "responseMessage" : relevant message on failure <String>,
  "authorizationResult" : true/false <boolean>
}