Amazon AppStream
Developer Guide

This documentation is for an older version of Amazon AppStream. For information about the latest version, see the Amazon AppStream 2.0 Developer Guide.

Authenticating the Client

The sample entitlement service stores user credentials and entitlement mappings of users to applications in DynamoDB, a fast, fully managed NoSQL database service. For more information, see the DynamoDB Developer Guide.

The following excerpt from /rs/ illustrates how the JaxRsEntitlementService.requestEntitlement method authenticates a user. This code resides in a try-catch block and throws an exception if a method call fails.

//look up the user credentials in DynamoDB User user = entitlementService.getUserFromAuthorization(authorization);

The following excerpt from /services/ shows the implementation of the EntitlementService.getUserFromAuthorization method.

The getUserFromAuthorization method looks up user credentials in an DynamoDB data store. If the user is not found, and the createUserWhenNew flag is not set, the method throws an exception. If the createUserWhenNew flag is set, the method creates a new user in the DynamoDB data store and populates it with the user credentials passed into the method. By default, createUserWhenNew is set to true.

public User getUserFromAuthorization(String authorization) throws AuthorizationException { if (authorization == null) { throw new AuthorizationException("Missing Authorization header."); } Identity identity = authorizationHandler.processAuthorization(authorization); User user = dynamoDBMapper.load(User.class, identity.getId()); if (user == null) { if (!createUserWhenNew) { log.warn("No such user: " + identity.getId()); throw new UserNotFoundException(); } user = new User(); user.setId(identity.getId()); user.setName(identity.getName()); // May be null user.setEmail(identity.getEmail()); // May be null user.setEntitleAll(entitleAllWhenNew); user.setSessionCount(0);; } return user; }