public static Principal authorize(Authorizer authorizer, Principal principal, String action, String resource, String otherDomain) { if (action == null || resource == null) { throw new ResourceException(ResourceException.BAD_REQUEST, "Missing 'action' and/or 'resource' parameters"); } if (authorizer != null) { if (!authorizer.access(action, resource, principal, otherDomain)) { throw new ResourceException(ResourceException.FORBIDDEN, "Forbidden"); } } else { throw new ResourceException(ResourceException.INTERNAL_SERVER_ERROR, "No authorizer configured in service"); } return principal; } }