@AroundInvoke
public Object aroundInvoke(InvocationContext context) throws Exception {
final User user = authenticationService.getUser();
final RestrictedAccess annotation = getRestrictedAccessAnnotation(context.getTarget().getClass(), context.getMethod());
if (user == null) {
throw new UnauthenticatedException();
}
else if (!hasAllRoles(user.getRoles(), annotation.roles())) {
throw new UnauthorizedException();
} else {
return context.proceed();