MessageDigest digest = MessageDigest.getInstance("MD5");
String hashPassword = Base64.encodeBytes(digest.digest(password.getBytes("UTF-8")));
String savedPassword = user.getCredentials().get("password-hash");
if (!hashPassword.equals(savedPassword)) throw new WebApplicationException(401);
Roles roles = projects.getUserRoles(projectId, userId);
if (roles == null || roles.getRoles().size() < 1) throw new WebApplicationException(403);
String tokenId = UUID.randomUUID().toString();
long expMillis = expirationUnit.toMillis(expiration);
Calendar expires = Calendar.getInstance();
expires.setTime(new Date(System.currentTimeMillis() + expMillis));
Access.Token token = new Access.Token(tokenId, expires, project);
Access.User userInfo = new Access.User(user.getId(), user.getName(), user.getUsername(), roles.getRoles());
Access access = new Access(token, null, userInfo, null);
cache.put("/tokens/" + tokenId, access, expiration, expirationUnit);
return access;
}