From: Sébastien Determe <sd378r@intl.att.com>
Date: Thu, 14 Jun 2018 15:34:41 +0000 (+0000)
Subject: Merge "Fix the docker push"
X-Git-Tag: 3.0.0~65
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=21ebe86d82cb7e7700e45df9873ef5ca1834fc76;hp=c11f2a2161dc03f5b55ef9eba14d581e5a74c102;p=clamp.git

Merge "Fix the docker push"
---

diff --git a/docs/architecture.rst b/docs/architecture.rst
index 19c9b705..e526fb06 100644
--- a/docs/architecture.rst
+++ b/docs/architecture.rst
@@ -2,7 +2,6 @@
 .. http://creativecommons.org/licenses/by/4.0
 .. Copyright (c) 2017-2018 AT&T Intellectual Property.  All rights reserved.
 
-
 Clamp in ONAP Architecture
 --------------------------
 
@@ -13,11 +12,13 @@ update the loop with new parameters during runtime, as well as suspending and
 restarting it.
 
 It interacts with other systems to deploy and execute the control loop. For
-example, it gets the control loop blueprint from SDC - DCAE-D.
+example, it gets the control loop blueprint from SDC - DCAE-DS.
 It requests from DCAE the instantiation of microservices
 to manage the control loop flow.  Furthermore, it creates and updates multiple
 policies in the Policy Engine that define the closed loop flow.
 
+|clamp-flow|
+
 The ONAP CLAMP platform abstracts the details of these systems under the concept
 of a control loop model.  The design of a control loop and its management is
 represented by a workflow in which all relevant system interactions take
@@ -28,8 +29,16 @@ required.
 CLAMP also allows to visualize control loop metrics through a dashboard, in order
 to help operations understand how and when a control loop is triggered and takes action.
 
+|dashboard-flow|
+
 At a higher level, CLAMP is about supporting and managing the broad operational
 life cycle of VNFs/VMs and ultimately ONAP components itself. It will offer the
 ability to design, test, deploy and update control loop automation - both closed
 and open. Automating these functions would represent a significant saving on
 operational costs compared to traditional methods.
+
+|closed-loop|
+
+.. |clamp-flow| image:: images/distdepl.png
+.. |dashboard-flow| image:: images/monitoring.png
+.. |closed-loop| image:: images/ONAP-closedloop.png
\ No newline at end of file
diff --git a/docs/images/ONAP-closedloop.png b/docs/images/ONAP-closedloop.png
new file mode 100644
index 00000000..7d3a2cac
Binary files /dev/null and b/docs/images/ONAP-closedloop.png differ
diff --git a/docs/images/distdepl.png b/docs/images/distdepl.png
new file mode 100755
index 00000000..5593f498
Binary files /dev/null and b/docs/images/distdepl.png differ
diff --git a/docs/images/monitoring.png b/docs/images/monitoring.png
new file mode 100755
index 00000000..6dbf75e4
Binary files /dev/null and b/docs/images/monitoring.png differ
diff --git a/pom.xml b/pom.xml
index 75f27528..d849473d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -257,6 +257,17 @@
 						</exclusions>
 				</dependency>
 				<!-- Others dependencies -->
+				<dependency>
+					<groupId>org.onap.aaf.authz</groupId>
+					<artifactId>aaf-cadi-aaf</artifactId>
+					<version>2.1.1</version>
+					<exclusions>
+						<exclusion>
+							<groupId>javax.servlet</groupId>
+							<artifactId>servlet-api</artifactId>
+						</exclusion>
+					</exclusions>
+				</dependency>
 				<dependency>
 						<groupId>ch.qos.logback</groupId>
 						<artifactId>logback-core</artifactId>
diff --git a/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java
new file mode 100644
index 00000000..93432c9f
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/AAFConfiguration.java
@@ -0,0 +1,190 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.clamp.clds.config;
+
+import java.util.Properties;
+
+import javax.servlet.Filter;
+
+import org.onap.clamp.clds.filter.ClampCadiFilter;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.stereotype.Component;
+
+@Component
+@Configuration
+@Profile("clamp-aaf-authentication")
+@ConfigurationProperties(prefix = "clamp.config.cadi")
+public class AAFConfiguration {
+    private static final String CADI_KEY_FILE = "cadi_keyfile";
+    private static final String CADI_LOG_LEVEL = "cadi_loglevel";
+    private static final String LATITUDE = "cadi_latitude";
+    private static final String LONGITUDE = "cadi_longitude";
+    private static final String LOCATE_URL = "aaf_locate_url";
+    private static final String OAUTH_TOKEN_URL = "aaf_oauth2_token_url";
+    private static final String OAUTH_INTROSPECT_URL = "aaf_oauth2_introspect_url";
+    private static final String AAF_ENV = "aaf_env";
+    private static final String AAF_URL = "aaf_url";
+    private static final String X509_ISSUERS = "cadi_x509_issuers";
+	
+    private String              keyFile;
+    private String              cadiLoglevel;
+    private String              cadiLatitude;
+    private String              cadiLongitude;
+    private String              aafLocateUrl;
+    private String              oauthTokenUrl;
+    private String              oauthIntrospectUrl;
+    private String              aafEnv;
+    private String              aafUrl;
+    private String              cadiX509Issuers;
+
+    /**
+     * Method to return clamp cadi filter.
+     * 
+     * @return Filter
+     */
+    @Bean(name = "cadiFilter")
+    public Filter cadiFilter() {
+        return new ClampCadiFilter();
+    }
+
+    /**
+     * Method to register cadi filter.
+     * 
+     * @return FilterRegistrationBean
+     */
+    @Bean
+    public FilterRegistrationBean cadiFilterRegistration() {
+        FilterRegistrationBean registration = new FilterRegistrationBean();
+        registration.setFilter(cadiFilter());
+        registration.addUrlPatterns("/restservices/*");
+        //registration.addUrlPatterns("*");
+        registration.setName("cadiFilter");
+        registration.setOrder(0);
+        return registration;
+    }
+
+	public String getKeyFile() {
+		return keyFile;
+	}
+
+	public void setKeyFile(String keyFile) {
+		this.keyFile = keyFile;
+	}
+
+	public String getCadiLoglevel() {
+		return cadiLoglevel;
+	}
+
+	public void setCadiLoglevel(String cadiLoglevel) {
+		this.cadiLoglevel = cadiLoglevel;
+	}
+
+	public String getCadiLatitude() {
+		return cadiLatitude;
+	}
+
+	public void setCadiLatitude(String cadiLatitude) {
+		this.cadiLatitude = cadiLatitude;
+	}
+
+	public String getCadiLongitude() {
+		return cadiLongitude;
+	}
+
+	public void setCadiLongitude(String cadiLongitude) {
+		this.cadiLongitude = cadiLongitude;
+	}
+
+	public String getAafLocateUrl() {
+		return aafLocateUrl;
+	}
+
+	public void setAafLocateUrl(String aafLocateUrl) {
+		this.aafLocateUrl = aafLocateUrl;
+	}
+
+	public String getOauthTokenUrl() {
+		return oauthTokenUrl;
+	}
+
+	public void setOauthTokenUrl(String oauthTokenUrl) {
+		this.oauthTokenUrl = oauthTokenUrl;
+	}
+
+	public String getOauthIntrospectUrl() {
+		return oauthIntrospectUrl;
+	}
+
+	public void setOauthIntrospectUrl(String oauthIntrospectUrl) {
+		this.oauthIntrospectUrl = oauthIntrospectUrl;
+	}
+
+	public String getAafEnv() {
+		return aafEnv;
+	}
+
+	public void setAafEnv(String aafEnv) {
+		this.aafEnv = aafEnv;
+	}
+
+	public String getAafUrl() {
+		return aafUrl;
+	}
+
+	public void setAafUrl(String aafUrl) {
+		this.aafUrl = aafUrl;
+	}
+
+	public String getCadiX509Issuers() {
+		return cadiX509Issuers;
+	}
+
+	public void setCadiX509Issuers(String cadiX509Issuers) {
+		this.cadiX509Issuers = cadiX509Issuers;
+	}
+
+	public Properties getProperties() {
+        Properties prop = System.getProperties();
+        //prop.put("cadi_prop_files", "");
+        prop.put(CADI_KEY_FILE, keyFile);
+        prop.put(CADI_LOG_LEVEL, cadiLoglevel);
+        prop.put(LATITUDE, cadiLatitude);
+        prop.put(LONGITUDE, cadiLongitude);
+        prop.put(LOCATE_URL, aafLocateUrl);
+        if (oauthTokenUrl != null) {
+            prop.put(OAUTH_TOKEN_URL, oauthTokenUrl);
+        }
+        if (oauthIntrospectUrl != null) {
+            prop.put(OAUTH_INTROSPECT_URL, oauthIntrospectUrl);
+        }
+        prop.put(AAF_ENV, aafEnv);
+        prop.put(AAF_URL, aafUrl);
+        prop.put(X509_ISSUERS, cadiX509Issuers);
+        return prop;
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java
new file mode 100644
index 00000000..a2b6c07d
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/ClampUserWrap.java
@@ -0,0 +1,75 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.config;
+
+import java.security.Principal;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletRequestWrapper;
+
+/**
+ * Overwrite the key method isUserInRole and getUserPrincipal, to adapt to the Clamp default user verification
+ */
+public class ClampUserWrap extends HttpServletRequestWrapper {
+
+    private String user;
+    private List<String> roles = null;
+    private HttpServletRequest realRequest;
+
+    /**
+    * Standard Wrapper constructor for Delegate pattern
+    * @param request
+    */
+    public ClampUserWrap(HttpServletRequest request, String userName, List<String> roles){
+        super(request);
+
+        this.user = userName;
+        this.roles = roles;
+        this.realRequest = request;
+    }
+
+    @Override
+    public boolean isUserInRole(String role) {
+        if (roles == null) {
+            return this.realRequest.isUserInRole(role);
+        }
+        return roles.contains(role);
+     }
+
+    @Override
+    public Principal getUserPrincipal() {
+        if (this.user == null) {
+            return realRequest.getUserPrincipal();
+        }
+
+        // make an anonymous implementation to just return our user
+        return new Principal() {
+            @Override
+            public String getName() {
+                return user;
+            }
+        };
+    }
+}
diff --git a/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java
new file mode 100644
index 00000000..e43aa114
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/DefaultUserConfiguration.java
@@ -0,0 +1,62 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.clamp.clds.config;
+
+import javax.servlet.Filter;
+
+import org.onap.clamp.clds.filter.ClampDefaultUserFilter;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+
+@Configuration
+@Profile("clamp-default-user")
+public class DefaultUserConfiguration {
+
+    /**
+     * Method to return clamp default user filter.
+     * 
+     * @return Filter
+     */
+    @Bean(name = "defaultUserFilter")
+    public Filter defaultUserFilter() {
+        return new ClampDefaultUserFilter();
+    }
+
+    /**
+     * Method to register defaultUserFilter.
+     * 
+     * @return FilterRegistrationBean
+     */
+    @Bean
+    public FilterRegistrationBean defaultUserFilterRegistration() {
+        FilterRegistrationBean registration = new FilterRegistrationBean();
+        registration.setFilter(defaultUserFilter());
+        registration.addUrlPatterns("/restservices/*");
+        registration.setName("defaultUserFilter");
+        registration.setOrder(0);
+        return registration;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java
new file mode 100644
index 00000000..6a97f235
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/SSLConfiguration.java
@@ -0,0 +1,56 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * 
+ */
+package org.onap.clamp.clds.config;
+
+import org.springframework.context.annotation.Configuration;
+
+import javax.annotation.PostConstruct;
+
+import org.springframework.beans.factory.annotation.Value;
+
+@Configuration
+public class SSLConfiguration {
+    private static final String TRUST_STORE = "javax.net.ssl.trustStore";
+    private static final String TRUST_STORE_PW = "javax.net.ssl.trustStorePassword";
+    private static final String TRUST_STORE_TYPE = "javax.net.ssl.trustStoreType";
+
+    @Value("${server.ssl.trust:none}")
+    private String sslTruststoreFile;
+    @Value("${server.ssl.trust-password:none}")
+    private String sslTruststorePw;
+    @Value("${server.ssl.trust-type:none}")
+    private String sslTruststoreType;
+
+    @PostConstruct
+    private void configureSSL() {
+        if (!sslTruststoreFile.equals("none")) {
+            System.setProperty(TRUST_STORE, sslTruststoreFile);
+        }
+        if (!sslTruststoreType.equals("none")) {
+            System.setProperty(TRUST_STORE_TYPE, sslTruststoreType);
+        }
+        if (!sslTruststorePw.equals("none")) {
+            System.setProperty(TRUST_STORE_PW, sslTruststorePw);
+        }
+    }
+}
diff --git a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java b/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java
deleted file mode 100644
index 961cc6b3..00000000
--- a/src/main/java/org/onap/clamp/clds/config/spring/CldsSecurityConfigUsers.java
+++ /dev/null
@@ -1,140 +0,0 @@
-/*-
- * ============LICENSE_START=======================================================
- * ONAP CLAMP
- * ================================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights
- *                             reserved.
- * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- * ============LICENSE_END============================================
- * ===================================================================
- * 
- */
-
-package org.onap.clamp.clds.config.spring;
-
-import com.att.eelf.configuration.EELFLogger;
-import com.att.eelf.configuration.EELFManager;
-
-import java.io.IOException;
-
-import org.onap.clamp.clds.config.ClampProperties;
-import org.onap.clamp.clds.config.CldsUserJsonDecoder;
-import org.onap.clamp.clds.exception.CldsConfigException;
-import org.onap.clamp.clds.exception.CldsUsersException;
-import org.onap.clamp.clds.service.CldsUser;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Value;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.annotation.Profile;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-
-/**
- * This class is used to enable the HTTP authentication to login. It requires a
- * specific JSON file containing the user definition
- * (classpath:clds/clds-users.json).
- */
-@Configuration
-@EnableWebSecurity
-@Profile("clamp-spring-authentication")
-public class CldsSecurityConfigUsers extends WebSecurityConfigurerAdapter {
-
-    protected static final EELFLogger logger = EELFManager.getInstance().getLogger(CldsSecurityConfigUsers.class);
-    protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
-    @Autowired
-    private ClampProperties refProp;
-    @Value("${clamp.config.security.permission.type.cl:permission-type-cl}")
-    private String cldsPersmissionTypeCl;
-    @Value("${CLDS_PERMISSION_INSTANCE:dev}")
-    private String cldsPermissionInstance;
-    @Value("${clamp.config.security.encoder:bcrypt}")
-    private String cldsEncoderMethod;
-    @Value("${clamp.config.security.encoder.bcrypt.strength:10}")
-    private Integer cldsBcryptEncoderStrength;
-
-    /**
-     * This method configures on which URL the authorization will be enabled.
-     */
-    @Override
-    protected void configure(HttpSecurity http) {
-        try {
-            http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
-                    .authenticated().anyRequest().permitAll().and().logout()
-            .and().sessionManagement()
-                .maximumSessions(1)
-            .and().invalidSessionUrl("/designer/timeout.html");
-
-        } catch (Exception e) {
-            logger.error("Exception occurred during the setup of the Web users in memory", e);
-            throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
-        }
-    }
-
-    /**
-     * This method is called by the framework and is used to load all the users
-     * defined in cldsUsersFile variable (this file path can be configured in
-     * the application.properties).
-     * 
-     * @param auth
-     */
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) {
-        // configure algorithm used for password hashing
-        final PasswordEncoder passwordEncoder = getPasswordEncoder();
-
-        try {
-            CldsUser[] usersList = loadUsers();
-            // no users defined
-            if (null == usersList) {
-                logger.warn("No users defined. Users should be defined under clds-users.json");
-                return;
-            }
-            for (CldsUser user : usersList) {
-                auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
-                    .roles(user.getPermissionsString()).and().passwordEncoder(passwordEncoder);
-            }
-        } catch (Exception e) {
-            logger.error("Exception occurred during the setup of the Web users in memory", e);
-            throw new CldsUsersException("Exception occurred during the setup of the Web users in memory", e);
-        }
-    }
-
-    /**
-     * This method loads physically the JSON file and convert it to an Array of
-     * CldsUser.
-     * 
-     * @return The array of CldsUser
-     * @throws IOException
-     *             In case of the file is not found
-     */
-    private CldsUser[] loadUsers() throws IOException {
-        logger.info("Load from clds-users.properties");
-        return CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
-    }
-
-    /**
-     * This methods returns the chosen encoder for password hashing.
-     */
-    private PasswordEncoder getPasswordEncoder() {
-        if ("bcrypt".equals(cldsEncoderMethod)) {
-            return new BCryptPasswordEncoder(cldsBcryptEncoderStrength);
-        } else {
-            throw new CldsConfigException("Invalid clamp.config.security.encoder value. 'bcrypt' is the only option at this time.");
-        }
-    }
-}
diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
new file mode 100644
index 00000000..1c3ba1cf
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/filter/ClampCadiFilter.java
@@ -0,0 +1,91 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ *
+ */
+package org.onap.clamp.clds.filter;
+
+import javax.servlet.FilterConfig;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.core.userdetails.UserDetails;
+
+import org.springframework.beans.factory.annotation.Value;
+
+import org.onap.aaf.cadi.filter.CadiFilter;
+import org.onap.clamp.clds.config.AAFConfiguration;
+
+public class ClampCadiFilter extends CadiFilter {
+    private static final String CADI_TRUST_STORE = "cadi_truststore";
+    private static final String CADI_TRUST_STORE_PW = "cadi_truststore_password";
+    private static final String CADI_KEY_STORE = "cadi_keystore";
+    private static final String CADI_KEY_STORE_PW = "cadi_keystore_password";
+    private static final String ALIAS = "cadi_alias";
+
+    @Value("${server.ssl.key-store:none}")
+    private String              keyStore;
+    
+    @Value("${clamp.config.cadi.cadiKeystorePassword:none}")
+    private String              keyStorePass;
+
+    @Value("${server.ssl.trust:none}")
+    private String              trustStore;
+    
+    @Value("${clamp.config.cadi.cadiTruststorePassword:none}")
+    private String              trustStorePass;
+
+    @Value("${server.ssl.key-alias:clamp@clamp.onap.org}")
+    private String              alias;
+
+    @Autowired
+    private AAFConfiguration aafConfiguration;
+    
+    @Override
+    public void init(FilterConfig filterConfig) throws ServletException {
+        Properties props = aafConfiguration.getProperties();
+        props.setProperty(CADI_KEY_STORE, trimFileName(keyStore));
+        props.setProperty(CADI_TRUST_STORE, trimFileName(trustStore));
+        props.setProperty(ALIAS, alias);
+        props.setProperty(CADI_KEY_STORE_PW,  keyStorePass);
+        props.setProperty(CADI_TRUST_STORE_PW, trustStorePass);
+
+        super.init(filterConfig);
+    }
+
+    private String trimFileName (String fileName) {
+        int index= fileName.indexOf("file:");
+        if (index == -1) { 
+            return fileName;
+        } else {
+            return fileName.substring(index+5);
+        }
+    }
+}
diff --git a/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java
new file mode 100644
index 00000000..539e3c6a
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/filter/ClampDefaultUserFilter.java
@@ -0,0 +1,70 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+package org.onap.clamp.clds.filter;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.onap.clamp.clds.config.ClampProperties;
+import org.onap.clamp.clds.config.ClampUserWrap;
+import org.onap.clamp.clds.config.CldsUserJsonDecoder;
+import org.onap.clamp.clds.exception.CldsUsersException;
+import org.onap.clamp.clds.service.CldsUser;
+
+
+public class ClampDefaultUserFilter  implements Filter {
+    private CldsUser defaultUser;
+    @Autowired
+    private ClampProperties refProp;
+
+    // Load the default user
+    public void init(FilterConfig cfg) throws ServletException {
+        try { 
+            CldsUser[] users = CldsUserJsonDecoder.decodeJson(refProp.getFileContent("files.cldsUsers"));
+            defaultUser = users[0];
+        } catch (IOException e) {
+            // not able to load default user
+        	throw new CldsUsersException("Exception occurred during the decoding of the clds-users.json", e);
+        }
+  }
+
+    // Call the ClampUserWrapper
+    @Override
+    public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws ServletException, IOException {
+        HttpServletRequest hreq = (HttpServletRequest)req;	
+        chain.doFilter(new ClampUserWrap(hreq, defaultUser.getUser(), Arrays.asList(defaultUser.getPermissionsString())), res);
+    }
+
+    public void destroy() {
+    }
+}
diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/clds/service/UserService.java
index d438a471..99611609 100644
--- a/src/main/java/org/onap/clamp/clds/service/UserService.java
+++ b/src/main/java/org/onap/clamp/clds/service/UserService.java
@@ -18,7 +18,6 @@
  * limitations under the License.
  * ============LICENSE_END============================================
  * ===================================================================
- *
  */
 
 package org.onap.clamp.clds.service;
@@ -28,6 +27,8 @@ import javax.ws.rs.Path;
 import javax.ws.rs.PathParam;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Context;
+import javax.ws.rs.core.SecurityContext;
 
 import org.springframework.stereotype.Component;
 
@@ -41,6 +42,8 @@ import org.springframework.stereotype.Component;
         MediaType.TEXT_PLAIN
 })
 public class UserService {
+    @Context
+    private SecurityContext           securityContext;
 
     /**
      * REST service that returns the username.
@@ -49,9 +52,11 @@ public class UserService {
      * @return the user name
      */
     @GET
-    @Path("/{userName}")
+    @Path("/getUser")
     @Produces(MediaType.TEXT_PLAIN)
-    public String getUser(@PathParam("userName") String userName) {
+    public String getUser() {
+        UserNameHandler    userNameHandler = new DefaultUserNameHandler();
+        String userName = userNameHandler.retrieveUserName(securityContext);
         return userName;
     }
 }
\ No newline at end of file
diff --git a/src/main/resources/META-INF/resources/designer/authenticate.html b/src/main/resources/META-INF/resources/designer/authenticate.html
index a6c2cb8d..5429dced 100644
--- a/src/main/resources/META-INF/resources/designer/authenticate.html
+++ b/src/main/resources/META-INF/resources/designer/authenticate.html
@@ -18,7 +18,6 @@
   limitations under the License.
   ============LICENSE_END============================================
   ===================================================================
-  
   -->
 <style>
 .divRow {
@@ -41,20 +40,13 @@
 <head>
 	<title>CLDS</title>
 </head>
-<div ng-controller="AuthenticateCtrl">
+<div ng-controller="AuthenticateCtrl" ng-init="authenticate()">
 	<div id='head'>
 		<div ng-include="'menu_simplified.html'"></div>
 	</div>
 
 	<div  id='main'>
-		<div class="divRow"><b>Welcome to Clamp. Please login first.</b></div>
-		<div class="divForm">
-		<form ng-submit="authenticate()" method="post" autocomplete="off">
-			<div class="divFormRow"><label>User Name :  <input type="text" ng-model="username" name="username"/> </label></div>
-			<div class="divFormRow"><label>Password:  <input type="password" ng-model="password" name="password"/> </label></div>
-			<div class="divFormRow"><input type="submit" value=" Sign In"/></div>
-		</form>
-		</div>
+		<div class="divRow"><b>Welcome to Clamp.</b></div>
 	</div>
 </div>
 
diff --git a/src/main/resources/META-INF/resources/designer/invalid_login.html b/src/main/resources/META-INF/resources/designer/invalid_login.html
index f42be51e..eb7d828a 100644
--- a/src/main/resources/META-INF/resources/designer/invalid_login.html
+++ b/src/main/resources/META-INF/resources/designer/invalid_login.html
@@ -32,14 +32,9 @@
 <head>
 	<title>CLDS</title>
 </head>
-<div>
+<div id='main'>
 	<div class="divRow"><b>Login Failed!</b></div>
-	<div class="divRow"><b>Please make sure your login and password are correct. 
-		If you don't have the login credential, please contact CLAMP administrator.</b></div>
-
-	<div class="divRow">To login again, please click <a href="/designer/index.html"/>Login</a></div>
+	<div class="divRow">You are not authorized to access CLAMP UI, please contact CLAMP administrator.</div>
+	<div class="divRow">Please <a href="/designer/index.html"/>Login</a> again.</div>
+</div>
 </div>
-
-
-
-
diff --git a/src/main/resources/META-INF/resources/designer/logout.html b/src/main/resources/META-INF/resources/designer/logout.html
deleted file mode 100644
index e1759286..00000000
--- a/src/main/resources/META-INF/resources/designer/logout.html
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-  ============LICENSE_START=======================================================
-  ONAP CLAMP
-  ================================================================================
-  Copyright (C) 2017 AT&T Intellectual Property. All rights
-                              reserved.
-  ================================================================================
-  Licensed under the Apache License, Version 2.0 (the "License"); 
-  you may not use this file except in compliance with the License. 
-  You may obtain a copy of the License at
-  
-  http://www.apache.org/licenses/LICENSE-2.0
-  
-  Unless required by applicable law or agreed to in writing, software 
-  distributed under the License is distributed on an "AS IS" BASIS, 
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
-  See the License for the specific language governing permissions and 
-  limitations under the License.
-  ============LICENSE_END============================================
-  ===================================================================
-  
-  -->
-<style>
-.divRow {
-	margin-left: 5px;
-	font-size: 13px;
-	font-weight: normal;
-	margin-top:10px;
-}
-</style>
-
-<head>
-	<title>CLDS</title>
-</head>
-<div ng-controller="AuthenticateCtrl" ng-init="logout()"> 
-	<div id='main'>
-		<div class="divRow"><b>You have been Logged Out successfully!</b></div>
-		<div class="divRow">To login again, please click <a href="/designer/index.html"/>Login</a></div>
-	</div>
-</div>
diff --git a/src/main/resources/META-INF/resources/designer/partials/menu.html b/src/main/resources/META-INF/resources/designer/partials/menu.html
index 2aea3167..036402ca 100644
--- a/src/main/resources/META-INF/resources/designer/partials/menu.html
+++ b/src/main/resources/META-INF/resources/designer/partials/menu.html
@@ -141,12 +141,6 @@
 							id="{{section.name}}" role="presentation"
 							ng-click="emptyMenuClick(section.link,section.name)">{{section.name}}</a>
 						</li>
-						
-						<li ng-repeat="section in tabs[dropDownName]"
-							ng-if="section.name==='Log Out'"><a
-							id="{{section.name}}" role="presentation"
-							ng-click="emptyMenuClick(section.link,section.name)">{{section.name}}</a>
-						</li>
 
 						<li ng-repeat="section in tabs[dropDownName]"
 							ng-if="section.name != 'Create CL' && section.name != 'Open CL' && section.name != 'ECOMP User Guide - Design Overview' && section.name != 'ECOMP User Guide - Closed Loop Design' && section.name != 'ECOMP User Guide - CLAMP' && section.name != 'User Info'"><a
diff --git a/src/main/resources/META-INF/resources/designer/scripts/app.js b/src/main/resources/META-INF/resources/designer/scripts/app.js
index 63d44d55..7953ccc6 100644
--- a/src/main/resources/META-INF/resources/designer/scripts/app.js
+++ b/src/main/resources/META-INF/resources/designer/scripts/app.js
@@ -325,8 +325,6 @@ var app = angular.module('clds-app', ['ngRoute',
               window.open(value);
             } else if (name == "Contact Us") {
               $rootScope.contactUs();
-            } else if (name == "Log Out") {
-              $scope.logout();
             } else if (name == "Revert Model Changes") {
               $scope.cldsRevertModel();
             } else if (name == "Close Model") {
@@ -446,10 +444,6 @@ var app = angular.module('clds-app', ['ngRoute',
           }, {
             link: "/extraUserInfo",
             name: "User Info"
-          }],
-          "Log Out": [{
-            link: "/log_out.html",
-            name: "Log Out"
           }]
         };
 
@@ -1416,4 +1410,5 @@ function updateDecisionLabel(originalLabel, newLabel) {
 window.onunload = function() {
   window.localStorage.removeItem("isAuth");
   window.localStorage.removeItem("loginuser");
+  window.localStorage.removeItem("invalidUser");
 };
diff --git a/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js b/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js
index ac891980..5992138b 100644
--- a/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js
+++ b/src/main/resources/META-INF/resources/designer/scripts/authcontroller.js
@@ -18,7 +18,7 @@
  * limitations under the License.
  * ============LICENSE_END============================================
  * ===================================================================
- * 
+ *
  */
 
 'use strict';
@@ -27,54 +27,30 @@ function AuthenticateCtrl($scope, $rootScope, $window, $resource, $http, $locati
   console.log("//////////AuthenticateCtrl");
   $scope.getInclude = function() {
     console.log("getInclude011111111");
-    var invalidUser = $window.localStorage.getItem("isInvalidUser");
+    var invalidUser = $window.localStorage.getItem("invalidUser");
     var isAuth = $window.localStorage.getItem("isAuth");
-
-    if (invalidUser != null && invalidUser == 'true') {
-      console.log("Authentication failed");
-      $window.localStorage.removeItem("isInvalidUser");
-      window.location.href = "/designer/invalid_login.html";
-    } else if (isAuth == null || isAuth == 'false') {
+    if (invalidUser == 'true')
+      return "invalid_login.html";
+    else if (isAuth == null || isAuth == 'false') {
       return "authenticate.html";
     }
-    // Reassign the login user info, to be used in menu.html
-    $rootScope.loginuser = $window.localStorage.getItem("loginuser");
     return "utmdashboard.html";
   };
 
   $scope.authenticate = function() {
-    var username = $scope.username;
-    var pass = $scope.password;
-    if (!username || !pass) {
-      console.log("Invalid username/password");
-      $window.localStorage.setItem("isInvalidUser", true);
-      return;
-    }
-    var headers = username ? {
-      authorization: "Basic " +
-        btoa(username + ":" + pass)
-    } : {};
-    // send request to a test API with the username/password to verify the authorization
-    $http.get('/restservices/clds/v1/user/testUser', {
-      headers: headers
+    // send request to a test API for authentication/authorization check
+    $http.get('/restservices/clds/v1/user/getUser', {
     }).success(function(data) {
       if (data) {
         $window.localStorage.setItem("isAuth", true);
-        $window.localStorage.setItem("loginuser", $scope.username);
-        $rootScope.loginuser = $scope.username;
-      } else {
-        $window.localStorage.removeItem("isInvalidUser", true);
+        $rootScope.loginuser = data;
       }
+      window.localStorage.removeItem("invalidUser");
       callback && callback();
     }).error(function() {
-      $window.localStorage.removeItem("isInvalidUser", true);
+      $window.localStorage.setItem("invalidUser", true);
       callback && callback();
     });
   };
-  
-  $scope.logout = function() {
-      window.localStorage.removeItem("isAuth");
-      window.localStorage.removeItem("loginuser");
-  };
 
 }
diff --git a/src/main/resources/META-INF/resources/designer/timeout.html b/src/main/resources/META-INF/resources/designer/timeout.html
deleted file mode 100644
index ce3002b2..00000000
--- a/src/main/resources/META-INF/resources/designer/timeout.html
+++ /dev/null
@@ -1,55 +0,0 @@
-<!--
-  ============LICENSE_START=======================================================
-  ONAP CLAMP
-  ================================================================================
-  Copyright (C) 2017 AT&T Intellectual Property. All rights
-                              reserved.
-  ================================================================================
-  Licensed under the Apache License, Version 2.0 (the "License"); 
-  you may not use this file except in compliance with the License. 
-  You may obtain a copy of the License at
-  
-  http://www.apache.org/licenses/LICENSE-2.0
-  
-  Unless required by applicable law or agreed to in writing, software 
-  distributed under the License is distributed on an "AS IS" BASIS, 
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
-  See the License for the specific language governing permissions and 
-  limitations under the License.
-  ============LICENSE_END============================================
-  ===================================================================
-  
-  -->
-<style>
-.divRow {
-	margin-left: 5px;
-	font-size: 13px;
-	font-weight: normal;
-	margin-top:10px;
-}
-</style>
-
-<head>
-	<title>CLDS</title>
-	<script language="javascript">
-		function buttonVilibility()  
-		{
-			if (window.opener && window.opener !== window) {
-					document.getElementById("boton1").style.visibility="visible";  
-			} else {
-					document.getElementById("boton1").style.visibility="hidden";  
-			}
-		}
-	</script>
-</head>
-<body onload='buttonVilibility()'>
-<div ng-controller="AuthenticateCtrl" ng-init="logout()"> 
-	<div id='main'>
-		<div class="divRow"><b>Your session is timeout.</b></div>
-		<div class="divRow">Please <a href="/designer/index.html"/>Login</a> again.</div>
-	</div>
-	<div>
-		<button id="boton1" ng-click="close(true)" class="btn btn-primary">Close</button>
-	</div>
-</div>
-</body>
diff --git a/src/main/resources/application-noaaf.properties b/src/main/resources/application-noaaf.properties
new file mode 100644
index 00000000..8d0395b4
--- /dev/null
+++ b/src/main/resources/application-noaaf.properties
@@ -0,0 +1,220 @@
+###
+# ============LICENSE_START=======================================================
+# ONAP CLAMP
+# ================================================================================
+# Copyright (C) 2017-2018 AT&T Intellectual Property. All rights
+#                             reserved.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END============================================
+# ===================================================================
+#
+###
+
+info.build.artifact=@project.artifactId@
+info.build.name=@project.name@
+info.build.description=@project.description@
+info.build.version=@project.version@
+
+### Set the port for HTTP or HTTPS protocol (Controlled by Spring framework, only one at a time).
+### (See below for the parameter 'server.http.port' if you want to have both enabled)
+### To have only HTTP, keep the lines server.ssl.* commented
+### To have only HTTPS enabled, uncomment the server.ssl.* lines and specify a right keystore location
+### server.port=8080
+### Settings for HTTPS (this automatically enables the HTTPS on the port 'server.port')
+#server.ssl.key-store=file:/tmp/mykey.jks
+#server.ssl.key-store-password=pass
+#server.ssl.key-password=pass
+
+### In order to be user friendly when HTTPS is enabled,
+### you can add another HTTP port that will be automatically redirected to HTTPS
+### by enabling this parameter (server.http.port) and set it to another port (80 or 8080, 8090, etc ...)
+#server.http-to-https-redirection.port=8090
+
+### HTTP Example:
+###--------------
+### server.port=8080
+
+### HTTPS Example:
+### --------------
+### server.port=8443
+### server.ssl.key-store=file:/tmp/mykey.jks
+### server.ssl.key-store-password=mypass
+### server.ssl.key-password=mypass
+server.port=8443
+server.ssl.client-auth=want
+server.ssl.key-store=file:/opt/clamp/config/org.onap.clamp.p12
+server.ssl.key-store-password=China in the Spring
+server.ssl.key-password=China in the Spring
+server.ssl.key-store-type=PKCS12
+server.ssl.trust=/opt/clamp/config/truststoreONAPall.jks
+server.ssl.trust-pass=changeit
+server.ssl.trust-type=JKS
+server.ssl.key-alias=clamp@clamp.onap.org
+server.http-to-https-redirection.port=8080
+
+server.contextPath=/
+#Modified engine-rest applicationpath
+spring.profiles.active=clamp-default,clamp-default-user,clamp-sdc-controller
+
+#The max number of active threads in this pool
+server.tomcat.max-threads=200
+#The minimum number of threads always kept alive
+server.tomcat.min-Spare-Threads=25
+#The number of milliseconds before an idle thread shutsdown, unless the number of active threads are less or equal to minSpareThreads
+server.tomcat.max-idle-time=60000
+
+#Servlet context parameters
+server.context_parameters.p-name=value #context parameter with p-name as key and value as value.
+
+camel.springboot.consumer-template-cache-size=1000
+camel.springboot.producer-template-cache-size=1000
+camel.springboot.jmx-enabled=false
+camel.defaultthreadpool.poolsize=10
+camel.defaultthreadpool.maxpoolsize=20
+camel.defaultthreadpool.maxqueuesize=1000
+camel.defaultthreadpool.keepaliveTime=60
+camel.defaultthreadpool.rejectpolicy=CallerRuns
+#camel.springboot.xmlRoutes = false
+camel.springboot.xmlRoutes=classpath:/clds/camel/*.xml
+#camel.springboot.typeConversion = false
+
+#clds datasource connection details
+spring.datasource.cldsdb.driverClassName=org.mariadb.jdbc.Driver
+spring.datasource.cldsdb.url=jdbc:mariadb:sequential://localhost:${docker.mariadb.port.host}/cldsdb4?autoReconnect=true&connectTimeout=10000&socketTimeout=10000&retriesAllDown=3
+spring.datasource.cldsdb.username=clds
+spring.datasource.cldsdb.password=4c90a0b48204383f4283448d23e0b885a47237b2a23588e7c4651604f51c1067
+spring.datasource.cldsdb.validationQuery=SELECT 1
+spring.datasource.cldsdb.validationQueryTimeout=20000
+spring.datasource.cldsdb.validationInterval=30000
+spring.datasource.cldsdb.testWhileIdle = true
+spring.datasource.cldsdb.minIdle = 0
+spring.datasource.cldsdb.initialSize=0
+# Automatically test whether a connection provided is good or not
+spring.datasource.cldsdb.testOnBorrow=true
+spring.datasource.cldsdb.ignoreExceptionOnPreLoad=true
+
+#Async Executor default Parameters
+async.core.pool.size=10
+async.max.pool.size=20
+async.queue.capacity=500
+
+clamp.config.log.path=/var/log/onap
+clamp.config.files.systemProperties=classpath:/system.properties
+clamp.config.files.cldsUsers=classpath:/clds/clds-users.json
+clamp.config.files.globalProperties=classpath:/clds/templates/globalProperties.json
+clamp.config.files.sdcController=classpath:/clds/sdc-controllers-config.json
+
+# Properties for Clamp
+# DCAE request build properties
+#
+clamp.config.dcae.template=classpath:/clds/templates/dcae-template.json
+clamp.config.dcae.decode.service_ids=classpath:/clds/templates/dcae-decode-service_ids.json
+clamp.config.dcae.deployment.template=classpath:/clds/templates/dcae-deployment-template.json
+#
+# SDC request blueprint properties
+#
+clamp.config.sdc.template=classpath:/clds/templates/sdc-template.json
+clamp.config.sdc.decode.service_ids=classpath:/clds/templates/sdc-decode-service_ids.json
+#
+#
+# Configuration Settings for Policy Engine Components
+clamp.config.policy.pdpUrl1=http://policy.api.simpledemo.onap.org:8081/pdp/ , testpdp, alpha123
+clamp.config.policy.pdpUrl2=http://policy.api.simpledemo.onap.org:8081/pdp/ , testpdp, alpha123
+clamp.config.policy.papUrl=http://policy.api.simpledemo.onap.org:8081/pap/ , testpap, alpha123
+clamp.config.policy.notificationType=websocket
+clamp.config.policy.notificationUebServers=localhost
+clamp.config.policy.notificationTopic=PDPD-CONFIGURATION
+clamp.config.policy.clientId=python
+# base64 encoding
+
+clamp.config.policy.clientKey=dGVzdA==
+#DEVL for development
+#TEST for Test environments
+#PROD for prod environments
+clamp.config.policy.policyEnvironment=TEST
+# General Policy request properties
+#
+clamp.config.policy.onap.name=DCAE
+clamp.config.policy.pdp.group=default
+clamp.config.policy.ms.type=MicroService
+clamp.config.policy.ms.policyNamePrefix=Config_MS_
+clamp.config.policy.op.policyNamePrefix=Config_BRMS_Param_
+clamp.config.policy.base.policyNamePrefix=Config_
+clamp.config.policy.op.type=BRMS_Param
+
+
+# TCA MicroService Policy request build properties
+#
+clamp.config.tca.policyid.prefix=DCAE.Config_
+clamp.config.tca.policy.template=classpath:/clds/templates/tca-policy-template.json
+clamp.config.tca.template=classpath:/clds/templates/tca-template.json
+clamp.config.tca.thresholds.template=classpath:/clds/templates/tca-thresholds-template.json
+
+#
+#
+# Operational Policy request build properties
+#
+clamp.config.op.policyDescription=from clds
+# default
+clamp.config.op.templateName=ClosedLoopControlName
+clamp.config.op.operationTopic=APPC-CL
+clamp.config.op.notificationTopic=POLICY-CL-MGT
+clamp.config.op.controller=amsterdam
+clamp.config.op.policy.appc=APPC
+#
+# Sdc service properties
+clamp.config.sdc.catalog.url=http://sdc.api.simpledemo.onap.org:8080/sdc/v1/catalog/
+clamp.config.sdc.hostUrl=http://sdc.api.simpledemo.onap.org:8080
+clamp.config.sdc.serviceUrl=http://sdc.api.simpledemo.onap.org:8080/sdc/v1/catalog/services
+clamp.config.sdc.serviceUsername=clamp
+clamp.config.sdc.servicePassword=b7acccda32b98c5bb7acccda32b98c5b05D511BD6D93626E90D18E9D24D9B78CD34C7EE8012F0A189A28763E82271E50A5D4EC10C7D93E06E0A2D27CAE66B981
+clamp.config.sdc.artifactLabel=blueprintclampcockpit
+clamp.config.sdc.sdcX-InstanceID=CLAMP
+clamp.config.sdc.artifactType=DCAE_INVENTORY_BLUEPRINT
+clamp.config.sdc.locationArtifactLabel=locationclampcockpit
+clamp.config.sdc.locationArtifactType=DCAE_INVENTORY_JSON
+clamp.config.sdc.InstanceID=X-ECOMP-InstanceID
+clamp.config.sdc.header.requestId = X-ECOMP-RequestID
+#
+clamp.config.sdc.csarFolder = /tmp/sdc-controllers
+clamp.config.sdc.blueprint.parser.mapping = classpath:/clds/blueprint-parser-mapping.json
+#
+clamp.config.ui.location.default=classpath:/clds/templates/ui-location-default.json
+clamp.config.ui.alarm.default=classpath:/clds/templates/ui-alarm-default.json
+#
+# if action.test.override is true, then any action will be marked as test=true (even if incoming action request had test=false); otherwise, test flag will be unchanged on the action request
+clamp.config.action.test.override=false
+# if action.insert.test.event is true, then insert event even if the action is set to test
+clamp.config.action.insert.test.event=false
+clamp.config.clds.service.cache.invalidate.after.seconds=120
+
+#DCAE Inventory Url Properties
+clamp.config.dcae.inventory.url=http://dcae.api.simpledemo.onap.org:8080
+clamp.config.dcae.intentory.retry.interval=10000
+clamp.config.dcae.intentory.retry.limit=3
+
+#DCAE Dispatcher Url Properties
+clamp.config.dcae.dispatcher.url=http://dcae.api.simpledemo.onap.org:8188
+clamp.config.dcae.dispatcher.retry.interval=10000
+clamp.config.dcae.dispatcher.retry.limit=10
+clamp.config.dcae.header.requestId = X-ECOMP-RequestID
+
+#Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case !
+clamp.config.security.permission.type.cl=org.onap.clamp.clds.cl
+clamp.config.security.permission.type.cl.manage=org.onap.clamp.clds.cl.manage
+clamp.config.security.permission.type.cl.event=org.onap.clds.cl.event
+clamp.config.security.permission.type.filter.vf=org.onap.clamp.clds.filter.vf
+clamp.config.security.permission.type.template=org.onap.clamp.clds.template
+#This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties
+clamp.config.security.permission.instance=dev
diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties
index 179553dd..9a9bd282 100644
--- a/src/main/resources/application.properties
+++ b/src/main/resources/application.properties
@@ -30,7 +30,7 @@ info.build.version=@project.version@
 ### (See below for the parameter 'server.http.port' if you want to have both enabled)
 ### To have only HTTP, keep the lines server.ssl.* commented
 ### To have only HTTPS enabled, uncomment the server.ssl.* lines and specify a right keystore location
-server.port=8080
+### server.port=8080
 ### Settings for HTTPS (this automatically enables the HTTPS on the port 'server.port')
 #server.ssl.key-store=file:/tmp/mykey.jks
 #server.ssl.key-store-password=pass
@@ -54,15 +54,21 @@ server.port=8080
 
 ### HTTP (Redirected to HTTPS) and HTTPS Example:
 ### --------------------------------------------
-### server.port=8443           <-- The HTTPS port
-### server.ssl.key-store=file:/tmp/mykey.jks
-### server.ssl.key-store-password=mypass
-### server.ssl.key-password=mypass
-### server.http-to-https-redirection.port=8090  <-- The HTTP port
+server.port=8443
+server.ssl.client-auth=want
+server.ssl.key-store=file:/opt/clamp/config/org.onap.clamp.p12
+server.ssl.key-store-password=China in the Spring
+server.ssl.key-password=China in the Spring
+server.ssl.key-store-type=PKCS12
+server.ssl.trust=/opt/clamp/config/truststoreONAPall.jks
+server.ssl.trust-pass=changeit
+server.ssl.trust-type=JKS
+server.ssl.key-alias=clamp@clamp.onap.org
+server.http-to-https-redirection.port=8080
 
 server.contextPath=/
 #Modified engine-rest applicationpath
-spring.profiles.active=clamp-default,clamp-spring-authentication,clamp-sdc-controller
+spring.profiles.active=clamp-default,clamp-aaf-authentication,clamp-sdc-controller
 
 #The max number of active threads in this pool
 server.tomcat.max-threads=200
@@ -208,10 +214,24 @@ clamp.config.dcae.dispatcher.retry.limit=10
 clamp.config.dcae.header.requestId = X-ECOMP-RequestID
 
 #Define user permission related parameters, the permission type can be changed but MUST be redefined in clds-users.properties in that case !
-clamp.config.security.permission.type.cl=permission-type-cl
-clamp.config.security.permission.type.cl.manage=permission-type-cl-manage
-clamp.config.security.permission.type.cl.event=permission-type-cl-event
-clamp.config.security.permission.type.filter.vf=permission-type-filter-vf
-clamp.config.security.permission.type.template=permission-type-template
+clamp.config.security.permission.type.cl=org.onap.clamp.clds.cl
+clamp.config.security.permission.type.cl.manage=org.onap.clamp.clds.cl.manage
+clamp.config.security.permission.type.cl.event=org.onap.clds.cl.event
+clamp.config.security.permission.type.filter.vf=org.onap.clamp.clds.filter.vf
+clamp.config.security.permission.type.template=org.onap.clamp.clds.template
 #This one indicates the type of instances (dev|prod|perf...), this must be set accordingly in clds-users.properties
 clamp.config.security.permission.instance=dev
+
+#AAF related parameters
+clamp.config.cadi.keyFile=/opt/clamp/config/org.onap.clamp.keyfile
+clamp.config.cadi.cadiLoglevel=INFO
+clamp.config.cadi.cadiLatitude=37.78187
+clamp.config.cadi.cadiLongitude=-122.26147
+clamp.config.cadi.aafLocateUrl=https://aaf-onap-beijing-test.osaaf.org
+clamp.config.cadi.cadiKeystorePassword=enc:V_kq_EwDNb4itWp_lYfDGXIWJzemHGkhkZOxAQI9IHs
+clamp.config.cadi.cadiTruststorePassword=enc:Mj0YQqNCUKbKq2lPp1kTFQWeqLxaBXKNwd5F1yB1ukf
+#clamp.config.cadi.oauthTokenUrl=https://AAF_LOCATE_URL/AAF_NS.token:2.0/token
+#clamp.config.cadi.oauthIntrospectUrll=https://AAF_LOCATE_URL/AAF_NS.introspect:2.0/introspect
+clamp.config.cadi.aafEnv=DEV
+clamp.config.cadi.aafUrl=https://AAF_LOCATE_URL/AAF_NS.service:2.0
+clamp.config.cadi.cadiX509Issuers=CN=intermediateCA_1, OU=OSAAF, O=ONAP, C=US
diff --git a/src/main/resources/clds/aaf/org.onap.clamp.keyfile b/src/main/resources/clds/aaf/org.onap.clamp.keyfile
new file mode 100644
index 00000000..45cdcb60
--- /dev/null
+++ b/src/main/resources/clds/aaf/org.onap.clamp.keyfile
@@ -0,0 +1,27 @@
+HTQLJHUg5Du0VM7wHY5cBMTgupk6ujhSoAgx5BTHp9wt9CoWvD72ScIciyldEH9R2QZIL9ZvpVo0
+h2o-hSQueaVjPcIFUhVIl4HWmNC6I2YAlNkwy3VMl1g9otKaOTgo3ChsFUVq7ACIrcr2977wo4B_
+FeHa0lInuaLoEjHMP1fszTWYBBx9oY3K9s-9MQQyCo6bFV-4L733sPeE60j20FWoygUwvIqxp3Pc
+Bmnm1AtcrhGH0elqDg9qNjmnmC3gxZaGpGiclaEds_lVu57RIXwtTHgYyMbJzfP-Ziq3T7i8d-h3
+JZThj1l9JvDLYm2z0BEXuQ3Owvn4m98cWB9P5esJOKYEvsfIGK_Fd6uT04fzkeDT1wNV4-Swuorr
+ymZQxnvHbUAp91NJEa3EtWTuBxNeoqV0cw97WkAYn95pgjH4ZVhBdczclS-EStFJyYOHtTRAs1A_
+8i36GiuUPHn3KolkRF2GvtZfwNj5AYfcUKhqULJ-T_is2KKYnGwQ2iaItX2852o4zlzkMXFMkt5C
+qbsDmrU7F5zxn4HG6yShW5sIXgAcS9cyIs8IFgHtkYauDJlKZWynhzqibh3-bzPyfFmreTHxQ-Av
+Lgp5sAtf1B9_1feVyE78bmQ3IMtxE-YkV8RYPDJzKw0nIdjce7j89azNq_as5JMfCCHSlYcKRs8O
+Nrh8gXYun28iUL_kwEUWK0WohPgwQBb46_Hkc6a0aSYbuFA_7qgprPB9wmAlHtuqnCAb2vk8GT-h
+07DB6yPGgzE-OgXUzLIWHXVzPO6SjOg3ifYpCRigOsNqkV1paBBOzje7dn2RnpgaRJS3zupTMnqF
+g5N9qCgubxRlII626-Dc_i5X1OAWPzJK8UZPuxRAg3YVJNHluB3O0Q2Uo14RkO3a2Tn_Ce9XoTUJ
+Jqi_qZWytIB9sHMNM7KvcRxGedLqd_230O3zV7rTa4Up0BFoMyHmnf2SZu96x_Yz_n_AWhiaALvE
+ON_nTxPEOHfEfrNzo7pCwIaI5gM6eu_S24aZTf4L-5tekqH7l1PEbKr2QP4XfTZBN4FgNExgGpzG
+the3zv4k7hJeWe7GbtMmnZXIQUJkZVTHBwqvHkqtN9cBWpihCNVmI3zKq6Bsy6Us0SDZ686kpeVS
+s9eyrzj6uLPE65mQxCpoMt6G4HSjzMqA3HOX_7ixBBhtdVi5-X7NeTigr-uaZg67yP3cSikfFf9w
+dyFuMjg29jtlaTNzOov8HFrcLq01N3fpwDkSU_2TmLndU-FMat78CMCLW5QuS1KF3hC9T8wzKWS_
+WHK2oMA3SqWyqnj_cE_T4Ql_VKL3nkvf_bzTvLso_BWodUw2A-eO-1qjtCHp3nnTdSVH06E3_eRH
+BuKWEt0MLyNpm88OD0tgOC3fn7casioynQLoFatta5nlQfj4nsAXj2bD6CrohtDhjOKXqHxDU6s7
+adtNoBGyEK5FKy3HtHMC7KXsK_6wbYUluz93nCNMok696HIHojNUydGFqfr2HluQTi0S3uHnD_pS
+-QM8DbsFi8oIztn6Er4CFFJQ-tUuDyX6ahfY5gWLqCgRM7RzrkoHY7b4vkHxZTBLZlPGWfRtG0vc
+GTSqIRNI2Z_Zte5-wW7T9vfFVBsArF0SJWOrlUqf7fGN1_2H9B9aIpLEMaHF7EEp1OP6_SNnfuhB
+K31EFy0VW0eGnLezpd3HT540kznub7h_m6phZaqeZJxsle9jHEOS7qDc3T6s1hZ7DLK2Ej5RFuq8
+5LA9Cj5VrdejKMZKZJwmyWylLe224RyY4gDa0MB_lDAeC-YFdY2ClymYRJmclFFSWf7X1j5beQve
+xGbsXJaWZcJpahpFu4RR-kOOyZBLPsdiyOZ7PGXz83l35NiXabmRapgjve1t7NFSuRluafihc0Lg
+GKoz_-3YAFJmh4Z3bcCsz1WhCUYqzWyDsnZiD7sMQT7Oyje7RqzoxBZs5Ke1_0jtpgFrc7BcqHG7
+WpwJr6hg53o3BpWcUEopBomhbdxiDSLxZmDrePy9LDC7YNk_7-gVKIc7dZDMgw6kSRR330p0
\ No newline at end of file
diff --git a/src/main/resources/clds/aaf/org.onap.clamp.p12 b/src/main/resources/clds/aaf/org.onap.clamp.p12
new file mode 100644
index 00000000..5cd75944
Binary files /dev/null and b/src/main/resources/clds/aaf/org.onap.clamp.p12 differ
diff --git a/src/main/resources/clds/aaf/truststoreONAPall.jks b/src/main/resources/clds/aaf/truststoreONAPall.jks
new file mode 100644
index 00000000..2da1dcc4
Binary files /dev/null and b/src/main/resources/clds/aaf/truststoreONAPall.jks differ
diff --git a/src/main/resources/clds/clds-users.json b/src/main/resources/clds/clds-users.json
index 8be08e1d..18ab7d39 100644
--- a/src/main/resources/clds/clds-users.json
+++ b/src/main/resources/clds/clds-users.json
@@ -3,11 +3,12 @@
 	"password":"$2a$10$H/e21kl04Dw9C978CHuM7OewyMGUN5WGzAAx7SgIaR4ix8.wTcssi",
 	"permissions":
 	            [
-	               "permission-type-cl|dev|read",
-	               "permission-type-cl|dev|update",
-	               "permission-type-cl-manage|dev|*",
-	               "permission-type-filter-vf|dev|*",
-	               "permission-type-template|dev|read"
+	               "org.onap.clamp.clds.cl|dev|read",
+	               "org.onap.clamp.clds.cl|dev|update",
+	               "org.onap.clamp.clds.cl.manage|dev|*",
+	               "org.onap.clamp.clds.filter.vf|dev|*",
+	               "org.onap.clamp.clds.template|dev|read",
+	               "org.onap.clamp.clds.template|dev|update"
 	            ]
 	},
 	{
@@ -15,12 +16,12 @@
 	"password":"$2a$10$H/e21kl04Dw9C978CHuM7OewyMGUN5WGzAAx7SgIaR4ix8.wTcssi",
 	"permissions":
 	            [
-	               "permission-type-cl|dev|read",
-	               "permission-type-cl|dev|update",
-	               "permission-type-cl-manage|dev|*",
-	               "permission-type-filter-vf|dev|*",
-	               "permission-type-template|dev|read",
-	               "permission-type-template|dev|update"
+	               "org.onap.clamp.clds.cl|dev|read",
+	               "org.onap.clamp.clds.cl|dev|update",
+	               "org.onap.clamp.clds.cl.manage|dev|*",
+	               "org.onap.clamp.clds.filter.vf|dev|*",
+	               "org.onap.clamp.clds.template|dev|read",
+	               "org.onap.clamp.clds.template|dev|update"
 	            ]
 	}
 ]
diff --git a/src/main/resources/logback.xml b/src/main/resources/logback.xml
index 22206fee..e15e0ddf 100644
--- a/src/main/resources/logback.xml
+++ b/src/main/resources/logback.xml
@@ -126,7 +126,13 @@
 				<queueSize>256</queueSize>
 				<appender-ref ref="SECURITY" />
 		</appender>
-
+		<!-- AAF related loggers -->
+		<logger name="org.onap.aaf" level="INFO" additivity="true">
+				<appender-ref ref="DEBUG" />
+		</logger>
+		<logger name="org.apache.catalina.core" level="INFO" additivity="true">
+				<appender-ref ref="DEBUG" />
+		</logger>
 		<!-- CLDS related loggers -->
 		<logger name="org.onap.clamp.clds" level="INFO" additivity="true">
 				<appender-ref ref="ERROR" />