}
@Override
public void handleRequest(final HttpServerExchange exchange) throws Exception {
List<Set<String>> roles = exchange.getAttachmentList(ServletAttachments.REQUIRED_ROLES);
SecurityContext sc = exchange.getAttachment(SecurityContext.ATTACHMENT_KEY);
HttpServletRequest request = HttpServletRequestImpl.getRequestImpl(exchange.getAttachment(HttpServletRequestImpl.ATTACHMENT_KEY));
if (request.getDispatcherType() != DispatcherType.REQUEST) {
next.handleRequest(exchange);
} else if (roles == null || roles.isEmpty()) {
next.handleRequest(exchange);
} else {
for (final Set<String> roleSet : roles) {
boolean found = false;
Account account = sc.getAuthenticatedAccount();
for (String role : roleSet) {
if (account.isUserInRole(role)) {
found = true;
break;
}