Menu
Amazon AppStream
Developer Guide

This documentation is for an older version of Amazon AppStream. For information about the latest version, see the Amazon AppStream 2.0 Developer Guide.

Checking Client Authorization for the Application

After your entitlement service has verified that the user credentials are valid, it should check whether the user holding those credentials is authorized to connect to the application.

The following excerpt from /rs/JaxRsEntitlementService.java illustrates how the JaxRsEntitlementService.requestEntitlement method checks whether a user is authorized to access an application. The User object passed into the checkIfEntitled method was created in the previous step, Authenticating the Client.

Copy
//call Amazon AppStream to look up the application from its ID Application application = entitlementService.getApplication(applicationId); //check to see whether the user is entitled to access the application by looking up entitlement mappings in DynamoDB entitlementService.checkIfEntitled(user, application);

The following excerpts from /services/EntitlementService.java shows the implementation of the EntitlementService.getApplication and EntitlementService.checkIfEntitled methods.

The getApplication method calls Amazon AppStream to retrieve information about an application based on an application identifier. If the application is found, the method returns an Application object populated with metadata about the application. If the application does not exist in Amazon AppStream, the method throws an exception.

Copy
public Application getApplication(String applicationId) throws ApplicationNotFoundException { try { return appstream.getApplications().getById(applicationId); } catch (Exception e) { log.error(e); throw new ApplicationNotFoundException("The application identified by " + applicationId + " was not found."); } }

The checkIfEntitled method checks the DynamoDB data store to see whether the user is entitled to access the application. Adding user-application mappings in the sample entitlement service is handled through a web-based interface. .

Copy
public void checkIfEntitled(User user, Application application) throws UserNotEntitledException { if (user == null || !user.isEntitled(application.getId())) { throw new UserNotEntitledException("You are not currently allowed to use this application. Please ask the developer for access."); } }

The implementation of the isEntitled method of the User class is located in /model/User.java.