@Path("passes/{passTypeIdentifier}/{serialNumber}") @GET public Response getLatestVersionOfPass( @PathParam("passTypeIdentifier") String passTypeIdentifier, @PathParam("serialNumber") String serialNumber, @HeaderParam("Authorization") @DefaultValue("") String authorization, @HeaderParam("If-Modified-Since") @DefaultValue("") String ifModifedSince) { PassDAO pass = new PassDAO(serialNumber); if (!pass.retrieve()) { // pass not found // response is UNAUTHORIZED in order to prevent trial/error/guessing for passes log.warn("pass does not exist: {}", serialNumber); return Response.status(Response.Status.UNAUTHORIZED).build(); } if (!AuthUtil.isAuthorized(authorization, pass.getAuthenticationToken())) { log.warn("invalid authorization: {}", authorization); return Response.status(Response.Status.UNAUTHORIZED).build(); } return Response.status(Response.Status.OK).entity(pass.toJson()).build(); }