diff --git a/src/server/route.go b/src/server/route.go
index bc14d99d..3a0be540 100644
--- a/src/server/route.go
+++ b/src/server/route.go
@@ -40,178 +40,365 @@ func (a *App) AppRoute() *mux.Router {
 
 func newVersionService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/version").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, versionHandler)))
+	webService.Path("/v1/version").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
+	webService.Route(webService.GET("/").
+		To(handler.RESTfulServiceHandler(sp, versionHandler)))
 	return webService
 }
 
 func newRegistryService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/registry").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
-	webService.Route(webService.POST("/auth").To(handler.RESTfulServiceHandler(sp, registryBasicAuthHandler)))
+	webService.Path("/v1/registry").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
+	webService.Filter(validateTokenMiddleware)
+
+	webService.Route(webService.POST("/auth").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, registryBasicAuthHandler)))
 	return webService
 }
 
 func newUserService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/users").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Path("/v1/users").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
 	// Authenticate handlers Sign Up / Sign In
-	webService.Route(webService.POST("/signup").To(handler.RESTfulServiceHandler(sp, signUpUserHandler)))
-	webService.Route(webService.POST("/signin").To(handler.RESTfulServiceHandler(sp, signInUserHandler)))
+	webService.Route(webService.POST("/signup").
+		To(handler.RESTfulServiceHandler(sp, signUpUserHandler)))
+	webService.Route(webService.POST("/signin").
+		To(handler.RESTfulServiceHandler(sp, signInUserHandler)))
 
 	// TODO only root role can access
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listUserHandler)))
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createUserHandler)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteUserHandler)))
+	webService.Route(webService.GET("/").
+		Filter(validateTokenMiddleware).
+		Filter(rootRole).
+		To(handler.RESTfulServiceHandler(sp, listUserHandler)))
+	webService.Route(webService.POST("/").
+		Filter(validateTokenMiddleware).
+		Filter(rootRole).
+		To(handler.RESTfulServiceHandler(sp, createUserHandler)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(validateTokenMiddleware).
+		Filter(rootRole).
+		To(handler.RESTfulServiceHandler(sp, deleteUserHandler)))
 
 	// user role can access
-	webService.Route(webService.GET("/{id}").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, getUserHandler)))
-	webService.Route(webService.GET("/verify/auth").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, verifyTokenHandler)))
-	webService.Route(webService.PUT("/password").Filter(validateTokenMiddleware).To(handler.RESTfulServiceHandler(sp, patchPasswordHandler)))
+	webService.Route(webService.GET("/{id}").
+		Filter(validateTokenMiddleware).
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getUserHandler)))
+	webService.Route(webService.GET("/verify/auth").
+		Filter(validateTokenMiddleware).
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, verifyTokenHandler)))
+	webService.Route(webService.PUT("/password").
+		Filter(validateTokenMiddleware).
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, patchPasswordHandler)))
 	return webService
 }
 
 func newNetworkService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/networks").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Path("/v1/networks").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listNetworkHandler)))
-	webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getNetworkHandler)))
-	webService.Route(webService.GET("/status/{id}").To(handler.RESTfulServiceHandler(sp, getNetworkStatusHandler)))
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createNetworkHandler)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteNetworkHandler)))
-	webService.Route(webService.GET("/{node}/shell").To(handler.RESTfulServiceHandler(sp, getOVSShellInfoHandler)))
+
+	webService.Route(webService.GET("/").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, listNetworkHandler)))
+	webService.Route(webService.GET("/{id}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getNetworkHandler)))
+	webService.Route(webService.GET("/status/{id}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getNetworkStatusHandler)))
+	webService.Route(webService.POST("/").
+		Filter(rootRole).
+		To(handler.RESTfulServiceHandler(sp, createNetworkHandler)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(rootRole).
+		To(handler.RESTfulServiceHandler(sp, deleteNetworkHandler)))
+	webService.Route(webService.GET("/{node}/shell").
+		Filter(rootRole).
+		To(handler.RESTfulServiceHandler(sp, getOVSShellInfoHandler)))
 	return webService
 }
 
 func newStorageService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/storage").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Path("/v1/storage").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createStorage)))
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listStorage)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteStorage)))
+
+	webService.Route(webService.POST("/").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, createStorage)))
+	webService.Route(webService.GET("/").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, listStorage)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, deleteStorage)))
 	return webService
 }
 
 func newVolumeService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/volume").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+
+	webService.Path("/v1/volume").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createVolumeHandler)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteVolumeHandler)))
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listVolumeHandler)))
+
+	webService.Route(webService.POST("/").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, createVolumeHandler)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, deleteVolumeHandler)))
+	webService.Route(webService.GET("/").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, listVolumeHandler)))
 	return webService
 }
 
 func newContainerService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/containers").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
-	webService.Route(webService.GET("/logs/{namespace}/{pod}/{container}").To(handler.RESTfulServiceHandler(sp, getContainerLogsHandler)))
-	webService.Route(webService.GET("/logs/file/{namespace}/{pod}/{container}").To(handler.RESTfulServiceHandler(sp, getContainerLogFileHandler)))
+	webService.Path("/v1/containers").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
+	webService.Filter(validateTokenMiddleware)
+
+	webService.Route(webService.GET("/logs/{namespace}/{pod}/{container}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getContainerLogsHandler)))
+	webService.Route(webService.GET("/logs/file/{namespace}/{pod}/{container}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getContainerLogFileHandler)))
 	return webService
 }
 
 func newPodService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/pods").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Path("/v1/pods").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createPodHandler)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deletePodHandler)))
-	webService.Route(webService.DELETE("/{namespace}/{pod}").To(handler.RESTfulServiceHandler(sp, deletePodFromClusterHandler)))
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listPodHandler)))
-	webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getPodHandler)))
+
+	webService.Route(webService.POST("/").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, createPodHandler)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, deletePodHandler)))
+	webService.Route(webService.DELETE("/{namespace}/{pod}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, deletePodFromClusterHandler)))
+	webService.Route(webService.GET("/").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, listPodHandler)))
+	webService.Route(webService.GET("/{id}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getPodHandler)))
 	return webService
 }
 
 func newDeploymentService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
+
+	webService.Path("/v1/deployments").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Path("/v1/deployments").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createDeploymentHandler)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteDeploymentHandler)))
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listDeploymentHandler)))
-	webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getDeploymentHandler)))
-	webService.Route(webService.POST("/upload/yaml").Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadDeploymentYAMLHandler)))
-	webService.Route(webService.PUT("/autoscale").To(handler.RESTfulServiceHandler(sp, updateAutoscalerHandler)))
+
+	webService.Route(webService.POST("/").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, createDeploymentHandler)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, deleteDeploymentHandler)))
+	webService.Route(webService.GET("/").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, listDeploymentHandler)))
+	webService.Route(webService.GET("/{id}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getDeploymentHandler)))
+	webService.Route(webService.POST("/upload/yaml").
+		Filter(userRole).
+		Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadDeploymentYAMLHandler)))
+	webService.Route(webService.PUT("/autoscale").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, updateAutoscalerHandler)))
 	return webService
 }
 
 func newAppService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/apps").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Path("/v1/apps").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createAppHandler)))
+
+	webService.Route(webService.POST("/").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, createAppHandler)))
 	return webService
 }
 
 func newServiceService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/services").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+
+	webService.Path("/v1/services").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createServiceHandler)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteServiceHandler)))
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listServiceHandler)))
-	webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getServiceHandler)))
-	webService.Route(webService.POST("/upload/yaml").Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadServiceYAMLHandler)))
+
+	webService.Route(webService.POST("/").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, createServiceHandler)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, deleteServiceHandler)))
+	webService.Route(webService.GET("/").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, listServiceHandler)))
+	webService.Route(webService.GET("/{id}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getServiceHandler)))
+	webService.Route(webService.POST("/upload/yaml").
+		Filter(userRole).
+		Consumes("multipart/form-data").
+		To(handler.RESTfulServiceHandler(sp, uploadServiceYAMLHandler)))
 	return webService
 }
 
 func newNamespaceService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/namespaces").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Path("/v1/namespaces").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createNamespaceHandler)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteNamespaceHandler)))
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listNamespaceHandler)))
-	webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getNamespaceHandler)))
-	webService.Route(webService.POST("/upload/yaml").Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadNamespaceYAMLHandler)))
+
+	webService.Route(webService.POST("/").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, createNamespaceHandler)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, deleteNamespaceHandler)))
+	webService.Route(webService.GET("/").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, listNamespaceHandler)))
+	webService.Route(webService.GET("/{id}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getNamespaceHandler)))
+	webService.Route(webService.POST("/upload/yaml").
+		Filter(userRole).
+		Consumes("multipart/form-data").
+		To(handler.RESTfulServiceHandler(sp, uploadNamespaceYAMLHandler)))
 	return webService
 }
 
 func newConfigMapService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/configmaps").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Path("/v1/configmaps").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
 	webService.Filter(validateTokenMiddleware)
-	webService.Route(webService.POST("/").To(handler.RESTfulServiceHandler(sp, createConfigMapHandler)))
-	webService.Route(webService.DELETE("/{id}").To(handler.RESTfulServiceHandler(sp, deleteConfigMapHandler)))
-	webService.Route(webService.GET("/").To(handler.RESTfulServiceHandler(sp, listConfigMapHandler)))
-	webService.Route(webService.GET("/{id}").To(handler.RESTfulServiceHandler(sp, getConfigMapHandler)))
-	webService.Route(webService.POST("/upload/yaml").Consumes("multipart/form-data").To(handler.RESTfulServiceHandler(sp, uploadConfigMapYAMLHandler)))
+
+	webService.Route(webService.POST("/").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, createConfigMapHandler)))
+	webService.Route(webService.DELETE("/{id}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, deleteConfigMapHandler)))
+	webService.Route(webService.GET("/").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, listConfigMapHandler)))
+	webService.Route(webService.GET("/{id}").
+		Filter(guestRole).
+		To(handler.RESTfulServiceHandler(sp, getConfigMapHandler)))
+	webService.Route(webService.POST("/upload/yaml").
+		Filter(userRole).
+		Consumes("multipart/form-data").
+		To(handler.RESTfulServiceHandler(sp, uploadConfigMapYAMLHandler)))
 	return webService
 }
 
 func newMonitoringService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/monitoring").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
+	webService.Path("/v1/monitoring").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
 	// node
-	webService.Route(webService.GET("/nodes").To(handler.RESTfulServiceHandler(sp, listNodeMetricsHandler)))
-	webService.Route(webService.GET("/nodes/{node}").To(handler.RESTfulServiceHandler(sp, getNodeMetricsHandler)))
-	webService.Route(webService.GET("/nodes/{node}/nics").To(handler.RESTfulServiceHandler(sp, listNodeNicsMetricsHandler)))
+	webService.Route(webService.GET("/nodes").
+		To(handler.RESTfulServiceHandler(sp, listNodeMetricsHandler)))
+	webService.Route(webService.GET("/nodes/{node}").
+		To(handler.RESTfulServiceHandler(sp, getNodeMetricsHandler)))
+	webService.Route(webService.GET("/nodes/{node}/nics").
+		To(handler.RESTfulServiceHandler(sp, listNodeNicsMetricsHandler)))
 	// pod
-	webService.Route(webService.GET("/pods").To(handler.RESTfulServiceHandler(sp, listPodMetricsHandler)))
-	webService.Route(webService.GET("/pods/{pod}").To(handler.RESTfulServiceHandler(sp, getPodMetricsHandler)))
+	webService.Route(webService.GET("/pods").
+		To(handler.RESTfulServiceHandler(sp, listPodMetricsHandler)))
+	webService.Route(webService.GET("/pods/{pod}").
+		To(handler.RESTfulServiceHandler(sp, getPodMetricsHandler)))
 	// container
-	webService.Route(webService.GET("/pods/{pod}/{container}").To(handler.RESTfulServiceHandler(sp, getContainerMetricsHandler)))
+	webService.Route(webService.GET("/pods/{pod}/{container}").
+		To(handler.RESTfulServiceHandler(sp, getContainerMetricsHandler)))
 	// service
-	webService.Route(webService.GET("/services").To(handler.RESTfulServiceHandler(sp, listServiceMetricsHandler)))
-	webService.Route(webService.GET("/services/{service}").To(handler.RESTfulServiceHandler(sp, getServiceMetricsHandler)))
+	webService.Route(webService.GET("/services").
+		To(handler.RESTfulServiceHandler(sp, listServiceMetricsHandler)))
+	webService.Route(webService.GET("/services/{service}").
+		To(handler.RESTfulServiceHandler(sp, getServiceMetricsHandler)))
 	// controller
-	webService.Route(webService.GET("/controllers").To(handler.RESTfulServiceHandler(sp, listControllerMetricsHandler)))
-	webService.Route(webService.GET("/controllers/{controller}").To(handler.RESTfulServiceHandler(sp, getControllerMetricsHandler)))
+	webService.Route(webService.GET("/controllers").
+		To(handler.RESTfulServiceHandler(sp, listControllerMetricsHandler)))
+	webService.Route(webService.GET("/controllers/{controller}").
+		To(handler.RESTfulServiceHandler(sp, getControllerMetricsHandler)))
 	return webService
 }
 
 func newOVSService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/ovs").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
-	webService.Route(webService.GET("/portinfos").To(handler.RESTfulServiceHandler(sp, getOVSPortInfoHandler)))
+	webService.Path("/v1/ovs").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
+	// webService.Filter(validateTokenMiddleware)
+
+	webService.Route(webService.GET("/portinfos").
+		To(handler.RESTfulServiceHandler(sp, getOVSPortInfoHandler)))
 	return webService
 }
 
 func newShellService(sp *serviceprovider.Container) *restful.WebService {
 	webService := new(restful.WebService)
-	webService.Path("/v1/exec").Consumes(restful.MIME_JSON, restful.MIME_JSON).Produces(restful.MIME_JSON, restful.MIME_JSON)
-	webService.Route(webService.GET("/pod/{namespace}/{pod}/shell/{container}").To(handler.RESTfulServiceHandler(sp, handleExecShell)))
+	webService.Path("/v1/exec").
+		Consumes(restful.MIME_JSON, restful.MIME_JSON).
+		Produces(restful.MIME_JSON, restful.MIME_JSON)
+
+	webService.Filter(validateTokenMiddleware)
+
+	webService.Route(webService.GET("/pod/{namespace}/{pod}/shell/{container}").
+		Filter(userRole).
+		To(handler.RESTfulServiceHandler(sp, handleExecShell)))
 	return webService
 }
diff --git a/src/server/route_filter.go b/src/server/route_filter.go
index 0081385e..ed07a0ba 100644
--- a/src/server/route_filter.go
+++ b/src/server/route_filter.go
@@ -51,11 +51,11 @@ func validateTokenMiddleware(req *restful.Request, resp *restful.Response, chain
 }
 
 func rootRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
-	role := req.Attribute("Role").(string)
-	if role == entity.RootRole {
+	role, ok := req.Attribute("Role").(string)
+	if ok && role == entity.RootRole {
 		chain.ProcessFilter(req, resp)
 	} else {
-		log.Printf("User has no root role: Forbidden")
+		log.Printf("User role: %s has no root role: Forbidden", role)
 		resp.WriteHeaderAndEntity(http.StatusForbidden,
 			response.ActionResponse{
 				Error:   true,
@@ -66,11 +66,11 @@ func rootRole(req *restful.Request, resp *restful.Response, chain *restful.Filte
 }
 
 func userRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
-	role := req.Attribute("Role").(string)
-	if role == entity.RootRole || role == entity.UserRole {
+	role, ok := req.Attribute("Role").(string)
+	if ok && role == entity.RootRole || role == entity.UserRole {
 		chain.ProcessFilter(req, resp)
 	} else {
-		log.Printf("User has no user role: Forbidden")
+		log.Printf("User role: %s has no root role: Forbidden", role)
 		resp.WriteHeaderAndEntity(http.StatusForbidden,
 			response.ActionResponse{
 				Error:   true,
@@ -81,11 +81,11 @@ func userRole(req *restful.Request, resp *restful.Response, chain *restful.Filte
 }
 
 func guestRole(req *restful.Request, resp *restful.Response, chain *restful.FilterChain) {
-	role := req.Attribute("Role").(string)
-	if role == entity.RootRole || role == entity.UserRole || role == entity.GuestRole {
+	role, ok := req.Attribute("Role").(string)
+	if ok && role == entity.RootRole || role == entity.UserRole || role == entity.GuestRole {
 		chain.ProcessFilter(req, resp)
 	} else {
-		log.Printf("User has no guest role: Forbidden")
+		log.Printf("User role: %s has no root role: Forbidden", role)
 		resp.WriteHeaderAndEntity(http.StatusForbidden,
 			response.ActionResponse{
 				Error:   true,
diff --git a/tests/02-multiple-interface/credential b/tests/02-multiple-interface/credential
index 714d859c..85b0412b 100644
--- a/tests/02-multiple-interface/credential
+++ b/tests/02-multiple-interface/credential
@@ -1,4 +1,4 @@
 {
-    "username":"testuser@linkernetworks.com",
-    "password":"p@ssw0rd"
+    "username":"admin@vortex.com",
+    "password":"password"
 }
diff --git a/tests/03-host-network/credential b/tests/03-host-network/credential
index 714d859c..85b0412b 100644
--- a/tests/03-host-network/credential
+++ b/tests/03-host-network/credential
@@ -1,4 +1,4 @@
 {
-    "username":"testuser@linkernetworks.com",
-    "password":"p@ssw0rd"
+    "username":"admin@vortex.com",
+    "password":"password"
 }
diff --git a/tests/04-storage-pod/credential b/tests/04-storage-pod/credential
index 714d859c..85b0412b 100644
--- a/tests/04-storage-pod/credential
+++ b/tests/04-storage-pod/credential
@@ -1,4 +1,4 @@
 {
-    "username":"testuser@linkernetworks.com",
-    "password":"p@ssw0rd"
+    "username":"admin@vortex.com",
+    "password":"password"
 }
diff --git a/tests/05-deployment/credential b/tests/05-deployment/credential
index 714d859c..85b0412b 100644
--- a/tests/05-deployment/credential
+++ b/tests/05-deployment/credential
@@ -1,4 +1,4 @@
 {
-    "username":"testuser@linkernetworks.com",
-    "password":"p@ssw0rd"
+    "username":"admin@vortex.com",
+    "password":"password"
 }
diff --git a/tests/06-app/credential b/tests/06-app/credential
index 714d859c..85b0412b 100644
--- a/tests/06-app/credential
+++ b/tests/06-app/credential
@@ -1,4 +1,4 @@
 {
-    "username":"testuser@linkernetworks.com",
-    "password":"p@ssw0rd"
+    "username":"admin@vortex.com",
+    "password":"password"
 }
diff --git a/tests/07-ovs/credential b/tests/07-ovs/credential
index 714d859c..85b0412b 100644
--- a/tests/07-ovs/credential
+++ b/tests/07-ovs/credential
@@ -1,4 +1,4 @@
 {
-    "username":"testuser@linkernetworks.com",
-    "password":"p@ssw0rd"
+    "username":"admin@vortex.com",
+    "password":"password"
 }
diff --git a/tests/99-delete-test-user/credential b/tests/99-delete-test-user/credential
index 714d859c..85b0412b 100644
--- a/tests/99-delete-test-user/credential
+++ b/tests/99-delete-test-user/credential
@@ -1,4 +1,4 @@
 {
-    "username":"testuser@linkernetworks.com",
-    "password":"p@ssw0rd"
+    "username":"admin@vortex.com",
+    "password":"password"
 }