private Response launch(String yaml, EntitySpec<? extends Application> spec) {
    try {
      Application app = EntityManagementUtils.createUnstarted(mgmt(), spec);
      CreationResult<Application, Void> result = EntityManagementUtils.start(app);

      boolean isEntitled =
          Entitlements.isEntitled(
              mgmt().getEntitlementManager(),
              Entitlements.INVOKE_EFFECTOR,
              EntityAndItem.of(app, StringAndArgument.of(Startable.START.getName(), null)));

      if (!isEntitled) {
        throw WebResourceUtils.unauthorized(
            "User '%s' is not authorized to start application %s",
            Entitlements.getEntitlementContext().user(), spec.getType());
      }

      log.info("Launched from YAML: " + yaml + " -> " + app + " (" + result.task() + ")");

      URI ref = URI.create(app.getApplicationId());
      ResponseBuilder response = created(ref);
      if (result.task() != null) response.entity(TaskTransformer.FROM_TASK.apply(result.task()));
      return response.build();
    } catch (ConstraintViolationException e) {
      throw new UserFacingException(e);
    } catch (Exception e) {
      throw Exceptions.propagate(e);
    }
  }
 @Override
 public Response delete(String application) {
   Application app = brooklyn().getApplication(application);
   if (!Entitlements.isEntitled(
       mgmt().getEntitlementManager(),
       Entitlements.INVOKE_EFFECTOR,
       Entitlements.EntityAndItem.of(
           app, StringAndArgument.of(Entitlements.LifecycleEffectors.DELETE, null)))) {
     throw WebResourceUtils.unauthorized(
         "User '%s' is not authorized to delete application %s",
         Entitlements.getEntitlementContext().user(), app);
   }
   Task<?> t = brooklyn().destroy(app);
   TaskSummary ts = TaskTransformer.FROM_TASK.apply(t);
   return status(ACCEPTED).entity(ts).build();
 }