@POST
 @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
 @Produces(BeeterMediaType.BEETER_AUTH_TOKEN)
 public Response registerUser(
     @FormParam("loginid") String loginid,
     @FormParam("password") String password,
     @FormParam("email") String email,
     @FormParam("fullname") String fullname,
     @Context UriInfo uriInfo)
     throws URISyntaxException {
   if (loginid == null || password == null || email == null || fullname == null)
     throw new BadRequestException("all parameters are mandatory");
   UserDAO userDAO = new UserDAOImpl();
   User user = null;
   AuthToken authToken = null;
   try {
     user = userDAO.createUser(loginid, password, email, fullname);
     authToken = (new AuthTokenDAOImpl()).createAuthToken(user.getId());
   } catch (UserAlreadyExistsException e) {
     throw new WebApplicationException("loginid already exists", Response.Status.CONFLICT);
   } catch (SQLException e) {
     throw new InternalServerErrorException();
   }
   URI uri = new URI(uriInfo.getAbsolutePath().toString() + "/" + user.getId());
   return Response.created(uri).type(BeeterMediaType.BEETER_AUTH_TOKEN).entity(authToken).build();
 }
 @Path("/{id}")
 @DELETE
 public void deleteUser(@PathParam("id") String id) {
   String userid = securityContext.getUserPrincipal().getName();
   if (!userid.equals(id)) throw new ForbiddenException("operation not allowed");
   UserDAO userDAO = new UserDAOImpl();
   try {
     if (!userDAO.deleteUser(id))
       throw new NotFoundException("User with id = " + id + " doesn't exist");
   } catch (SQLException e) {
     throw new InternalServerErrorException();
   }
 }
  @Path("/{id}")
  @PUT
  @Consumes(BeeterMediaType.BEETER_USER)
  @Produces(BeeterMediaType.BEETER_USER)
  public User updateUser(@PathParam("id") String id, User user) {
    if (user == null) throw new BadRequestException("entity is null");
    if (!id.equals(user.getId()))
      throw new BadRequestException("path parameter id and entity parameter id doesn't match");

    String userid = securityContext.getUserPrincipal().getName();
    if (!userid.equals(id)) throw new ForbiddenException("operation not allowed");

    UserDAO userDAO = new UserDAOImpl();
    try {
      user = userDAO.updateProfile(userid, user.getEmail(), user.getFullname());
      if (user == null) throw new NotFoundException("User with id = " + id + " doesn't exist");
    } catch (SQLException e) {
      throw new InternalServerErrorException();
    }
    return user;
  }