TODO:  
* http utility:  
  1. add parameters to the ProcessHeaders to enable/disable token/role-access-rights checks