// remove photo api
  @Override
  @DELETE
  @Path("/remove")
  @Produces(MediaType.APPLICATION_XML)
  @Transactional(propagation = Propagation.NESTED)
  public Response removePhoto(Integer photoId, @Context HttpServletRequest request) {

    try {

      Photo photo = photoDao.load(photoId);
      Token tokenObj = (Token) request.getAttribute("token");
      User user = tokenObj.getUser();
      if (user.equals(photo.getUser())) {

        new File(photo.getPath()).delete(); // delete the file
        photoDao.delete(photo);
      }
      GetPhotoResponseDTO dto = buildDTO(200, null);
      dto.setImageId(photoId);
      return Response.status(200).entity(dto).build();
    } catch (HibernateException e) {

      e.printStackTrace();
      return Response.status(500).entity(buildDTO(500, null)).build();
    }
  }
  /**
   * build the list of photo id to send back to client
   *
   * @param photos the photos retrieved from database
   * @return list contains ids of the photos
   * @throws IOException
   */
  private List<String> buildImageStringList(List<Photo> photos) throws IOException {

    List<String> URIs = new ArrayList<String>();
    for (Photo photo : photos) {

      URIs.add(String.valueOf(photo.getId()));
    }
    return URIs;
  }
  private String getPath(Photo photo) throws IOException {

    InputStream is = new FileInputStream(servletContext.getRealPath("/WEB_INF/config.properties"));
    Properties properties = new Properties();
    properties.load(is);
    String rootPath = properties.getProperty("path");
    is.close();
    return rootPath + photo.getPath();
  }
  // uplaod api
  @Override
  @POST
  @Path("/upload")
  @Consumes(MediaType.MULTIPART_FORM_DATA)
  @Produces(MediaType.APPLICATION_XML)
  @Transactional(propagation = Propagation.NESTED)
  public Response saveImage(@Context HttpServletRequest request) {

    String comment = null;
    // Token tokenObj = (Token) request.getAttribute("token");
    // byte[] image = null;
    InputStream is = null;
    BufferedOutputStream out = null;
    String path = null;

    try {

      ServletFileUpload servletFileUpload = new ServletFileUpload();
      FileItemIterator fileItemIterator = servletFileUpload.getItemIterator(request);
      while (fileItemIterator.hasNext()) {

        FileItemStream fileItemStream = fileItemIterator.next();
        if ("comment".equals(fileItemStream.getFieldName())) {

          StringWriter stringWriter = new StringWriter();
          IOUtils.copy(fileItemStream.openStream(), stringWriter, "utf-8");
          comment = stringWriter.toString();
        } else if ("content".equals(fileItemStream.getFieldName())) {

          path = createPath();

          // save image content
          // path = ("/Users/aoden/Desktop/aaaaaa.jpg");
          is = fileItemStream.openStream();
          out = new BufferedOutputStream(new FileOutputStream(path));
          int data = -1;
          while ((data = is.read()) != -1) {

            out.write(data);
          }
        }
      }

      Token tokenObj = (Token) request.getAttribute("token");
      Photo photo = new Photo();
      photo.setComment(comment);
      photo.setPath(path);
      photo.setUser(tokenObj.getUser());
      photoDao.save(photo);
      return Response.status(500).entity(buildDTO(200, null)).build();
      // User user = tokenObj.getUser();

    } catch (HibernateException e) {

      e.printStackTrace();
      return Response.status(500).entity(buildDTO(500, null)).build();
    } catch (FileUploadException e) {

      e.printStackTrace();
      return Response.status(500).entity(buildDTO(500, null)).build();
    } catch (IOException e) {

      e.printStackTrace();
      return Response.status(500).entity(buildDTO(500, null)).build();
    } catch (NoSuchAlgorithmException e) {

      e.printStackTrace();
      return Response.status(500).entity(buildDTO(500, null)).build();
    } finally {
      // close the streams
      if (is != null)
        try {
          is.close();
        } catch (IOException e) {

          e.printStackTrace();
        }
      if (out != null)
        try {
          out.close();
        } catch (IOException e) {

          e.printStackTrace();
        }
    }
  }