/** Checks the given member's pin */ private void checkCredentials(Member member, final Channel channel, final String credentials) { if (member == null) { return; } final ServiceClient client = WebServiceContext.getClient(); final Member restrictedMember = client.getMember(); if (restrictedMember == null) { // Non-restricted clients use the flag credentials required if (!client.isCredentialsRequired()) { // No credentials should be checked throw new InvalidCredentialsException(); } } else { // Restricted clients don't need check if is the same member if (restrictedMember.equals(member)) { throw new InvalidCredentialsException(); } } if (StringUtils.isEmpty(credentials)) { throw new InvalidCredentialsException(); } member = fetchService.fetch(member, Element.Relationships.USER); accessService.checkCredentials( channel, member.getMemberUser(), credentials, WebServiceContext.getRequest().getRemoteAddr(), WebServiceContext.getMember()); }