TODO:  
* http utility:  
1. add parameters to the ProcessHeaders to enable/disable token/role-access-rights checks
2. check for Content-Type header, if clients expects something other than JSON respond with appropriate HTTP code