@Path("devices/{deviceLibraryIdentifier}/registrations/{passTypeIdentifier}/{serialNumber}") @DELETE public Response unregisterDevice( @PathParam("deviceLibraryIdentifier") String deviceLibraryIdentifier, @PathParam("passTypeIdentifier") String passTypeIdentifier, @PathParam("serialNumber") String serialNumber, @HeaderParam("Authorization") @DefaultValue("") String authorization) { PassDAO pass = new PassDAO(passTypeIdentifier, serialNumber); if (!pass.retrieve()) { // pass not found // response is UNAUTHORIZED in order to prevent trial/error/guessing for passes log.warn("pass does not exist: {}", serialNumber); return Response.status(Response.Status.UNAUTHORIZED).build(); } if (!AuthUtil.isAuthorized(authorization, pass.getAuthenticationToken())) { log.warn("invalid authorization: {}", authorization); return Response.status(Response.Status.UNAUTHORIZED).build(); } DeviceDAO device = new DeviceDAO(deviceLibraryIdentifier); if (device.retrieve()) { device.removeRegistration(passTypeIdentifier, serialNumber); if (device.store()) { return Response.status(Response.Status.OK).build(); } else { return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build(); } } return Response.status(Response.Status.NOT_FOUND).build(); }