From: Kotta, Shireesha (sk434m) <shireesha.kotta@att.com>
Date: Tue, 9 Oct 2018 15:28:41 +0000 (-0400)
Subject: Add roles to user
X-Git-Tag: 2.3.0~2^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?p=portal.git;a=commitdiff_plain;h=47bcf09a62fb260a60b90d4f6c8406d956ab5a8a

Add roles to user

Issue-ID: PORTAL-432

add roles to user when the app is centralized

Change-Id: I46a782be24ea1804597dc7205bf98170731ffe4d
Signed-off-by: Kotta, Shireesha (sk434m) <shireesha.kotta@att.com>
---

diff --git a/deliveries/Apps_Users_OnBoarding_Script.sql b/deliveries/Apps_Users_OnBoarding_Script.sql
index 583238f0..08146ff2 100644
--- a/deliveries/Apps_Users_OnBoarding_Script.sql
+++ b/deliveries/Apps_Users_OnBoarding_Script.sql
@@ -9,8 +9,8 @@ INSERT INTO `fn_app` (`app_id`, `app_name`, `app_image_url`, `app_description`,
 (2, 'xDemo App', 'images/cache/portal-222865671_37476.png', NULL, NULL, 'http://portal.api.simpledemo.onap.org:8990/ONAPPORTALSDK/welcome.htm', NULL, 'http://portal.api.simpledemo.onap.org:8990/ONAPPORTALSDK/api/v2', '', '', NULL, '2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E=', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL),
 (3, 'DMaaP Bus Ctrl', 'images/cache/portal944583064_80711.png', NULL, NULL, 'http://portal.api.simpledemo.onap.org:8989/ECOMPDBCAPP/dbc#/dmaap', NULL, 'http://portal.api.simpledemo.onap.org:8989/ECOMPDBCAPP/api/v2', '', '', NULL, 'okYTaDrhzibcbGVq5mjkVQ==', 'N', 'N', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL),
 (4, 'SDC', 'images/cache/portal956868231_53879.png', NULL, NULL, 'http://sdc.api.simpledemo.onap.org:8181/sdc1/portal', NULL, 'http://sdc.api.simpledemo.onap.org:8080/api/v2', '', '', NULL, 'j85yNhyIs7zKYbR1VlwEfNhS6b7Om4l0Gx5O8931sCI=', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL), 
-(5, 'Policy', 'images/cache/portal1470452815_67021.png', NULL, NULL, 'http://policy.api.simpledemo.onap.org:8443/onap/policy', NULL, 'http://policy.api.simpledemo.onap.org:8443/onap/api/v2', '', '', NULL, 'okYTaDrhzibcbGVq5mjkVQ==', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL),
-(6, 'Virtual Infrastructure Deployment', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'https://vid.api.simpledemo.onap.org:8443/vid/welcome.htm', NULL, 'https://vid.api.simpledemo.onap.org:8443/vid/api/v2', '', '', NULL, 'okYTaDrhzibcbGVq5mjkVQ==', 'N', 'Y', NULL, 'Default', '2Re7Pvdkgw5aeAUD', 'S31PrbOzGgL4hg4owgtx47Da', 'ECOMP-PORTAL-OUTBOX-90', 1,'N',NULL),
+(5, 'Policy', 'images/cache/portal1470452815_67021.png', NULL, NULL, 'http://policy.api.simpledemo.onap.org:8443/onap/policy', NULL, 'http://policy.api.simpledemo.onap.org:8443/onap/api/v2', '', '', NULL, '2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E', 'N', 'Y', NULL, 'Default', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL),
+(6, 'Virtual Infrastructure Deployment', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'https://vid.api.simpledemo.onap.org:8443/vid/welcome.htm', NULL, 'http://vid.api.simpledemo.onap.org:8080/vid/api/v2', '', '', NULL, '2VxipM8Z3SETg32m3Gp0FvKS6zZ2uCbCw46WDyK6T5E', 'N', 'Y', NULL, 'Default', '2Re7Pvdkgw5aeAUD', 'S31PrbOzGgL4hg4owgtx47Da', 'ECOMP-PORTAL-OUTBOX-90', 1,'N',NULL),
 (7, 'A&AI UI', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://aai.api.simpledemo.onap.org:9517/services/aai/webapp/index.html#/viewInspect', NULL, 'http://aai.api.simpledemo.onap.org:9517/api/v2', '', '', NULL, 't1oqm6wCXrGUXUSL8mS7pQ==', 'N', 'Y', NULL, 'aaiui', 'ueb_key', 'ueb_secret', 'ECOMP-PORTAL-OUTBOX', 1,'N',NULL),
 (8, 'CLI', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://portal.api.simpledemo.onap.org:8080/', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 1,'N',NULL),
 (9, 'MSB', 'images/cache/portal-345993588_92550.png', NULL, NULL, 'http://msb-iag:80/iui/microservices/index.html', NULL, NULL, '', '', NULL, '', 'Y', 'Y', NULL, '', '', '', '', 2,'N',NULL);
diff --git a/deliveries/local-dev-host-clone.sh b/deliveries/local-dev-host-clone.sh
index 36fdaccb..1d7ae42b 100644
--- a/deliveries/local-dev-host-clone.sh
+++ b/deliveries/local-dev-host-clone.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # Sets up a new build area for Portal projects on on a dev/test host such as vm-ep-dev3
 
-USER=attuid-goes-here
-git clone https://${USER}@codecloud.web.att.com/scm/st_quantum/lf_portal.git
+USER=org.UserId-goes-here
+git clone https://${USER}@gerrit.onap.org/r/a/portal
 cd lf_portal
-git clone https://${USER}@codecloud.web.att.com/scm/st_quantum/lf_portal_sdk.git sdk
+git clone https://${USER}@gerrit.onap.org/r/a/portal/sdk
diff --git a/deliveries/local-dev-host-start.sh b/deliveries/local-dev-host-start.sh
index 7268dcf7..8355983a 100644
--- a/deliveries/local-dev-host-start.sh
+++ b/deliveries/local-dev-host-start.sh
@@ -43,7 +43,7 @@ export LOGS_DIR=./logs
 mkdir -p $LOGS_DIR
 
 # Make inter-app communication work in dev3
-export EXTRA_HOST_IP="135.207.161.175"
+export EXTRA_HOST_IP=localhost
 export EXTRA_HOST_NAME="portal.api.simpledemo.onap.org"
 
 # (re)start containers
diff --git a/deliveries/server.xml b/deliveries/server.xml
new file mode 100644
index 00000000..3f7bf3f7
--- /dev/null
+++ b/deliveries/server.xml
@@ -0,0 +1,147 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one or more
+  contributor license agreements.  See the NOTICE file distributed with
+  this work for additional information regarding copyright ownership.
+  The ASF licenses this file to You under the Apache License, Version 2.0
+  (the "License"); you may not use this file except in compliance with
+  the License.  You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+  Unless required by applicable law or agreed to in writing, software
+  distributed under the License is distributed on an "AS IS" BASIS,
+  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  See the License for the specific language governing permissions and
+  limitations under the License.
+-->
+<!-- Note:  A "Server" is not itself a "Container", so you may not
+     define subcomponents such as "Valves" at this level.
+     Documentation at /docs/config/server.html
+ -->
+<Server port="8005" shutdown="SHUTDOWN">
+  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
+  <!-- Security listener. Documentation at /docs/config/listeners.html
+  <Listener className="org.apache.catalina.security.SecurityListener" />
+  -->
+  <!--APR library loader. Documentation at /docs/apr.html -->
+  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
+  <!-- Prevent memory leaks due to use of particular java/javax APIs-->
+  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
+  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
+  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
+
+  <!-- Global JNDI resources
+       Documentation at /docs/jndi-resources-howto.html
+  -->
+  <GlobalNamingResources>
+    <!-- Editable user database that can also be used by
+         UserDatabaseRealm to authenticate users
+    -->
+    <Resource name="UserDatabase" auth="Container"
+              type="org.apache.catalina.UserDatabase"
+              description="User database that can be updated and saved"
+              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
+              pathname="conf/tomcat-users.xml" />
+  </GlobalNamingResources>
+
+  <!-- A "Service" is a collection of one or more "Connectors" that share
+       a single "Container" Note:  A "Service" is not itself a "Container",
+       so you may not define subcomponents such as "Valves" at this level.
+       Documentation at /docs/config/service.html
+   -->
+  <Service name="Catalina">
+
+    <!--The connectors can use a shared executor, you can define one or more named thread pools-->
+    <!--
+    <Executor name="tomcatThreadPool" namePrefix="catalina-exec-"
+        maxThreads="150" minSpareThreads="4"/>
+    -->
+
+
+    <!-- A "Connector" represents an endpoint by which requests are received
+         and responses are returned. Documentation at :
+         Java HTTP Connector: /docs/config/http.html (blocking & non-blocking)
+         Java AJP  Connector: /docs/config/ajp.html
+         APR (HTTP/AJP) Connector: /docs/apr.html
+         Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
+    -->
+    <Connector port="8080" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    <!-- A "Connector" using the shared thread pool-->
+    <!--
+    <Connector executor="tomcatThreadPool"
+               port="8080" protocol="HTTP/1.1"
+               connectionTimeout="20000"
+               redirectPort="8443" />
+    -->
+    <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
+         This connector uses the NIO implementation that requires the JSSE
+         style configuration. When using the APR/native implementation, the
+         OpenSSL style configuration is required as described in the APR/native
+         documentation -->
+    <!--
+    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+               clientAuth="false" sslProtocol="TLS" />
+    -->
+	
+	 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
+               maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
+               keystoreFile="keystoreONAP.keystore" keystorePass="changeit"
+               clientAuth="false" sslProtocol="TLS" />
+
+    <!-- Define an AJP 1.3 Connector on port 8009 -->
+    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
+
+
+    <!-- An Engine represents the entry point (within Catalina) that processes
+         every request.  The Engine implementation for Tomcat stand alone
+         analyzes the HTTP headers included with the request, and passes them
+         on to the appropriate Host (virtual host).
+         Documentation at /docs/config/engine.html -->
+
+    <!-- You should set jvmRoute to support load-balancing via AJP ie :
+    <Engine name="Catalina" defaultHost="localhost" jvmRoute="jvm1">
+    -->
+    <Engine name="Catalina" defaultHost="localhost">
+
+      <!--For clustering, please take a look at documentation at:
+          /docs/cluster-howto.html  (simple how to)
+          /docs/config/cluster.html (reference documentation) -->
+      <!--
+      <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/>
+      -->
+
+      <!-- Use the LockOutRealm to prevent attempts to guess user passwords
+           via a brute-force attack -->
+      <Realm className="org.apache.catalina.realm.LockOutRealm">
+        <!-- This Realm uses the UserDatabase configured in the global JNDI
+             resources under the key "UserDatabase".  Any edits
+             that are performed against this UserDatabase are immediately
+             available for use by the Realm.  -->
+        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
+               resourceName="UserDatabase"/>
+      </Realm>
+
+      <Host name="localhost"  appBase="webapps"
+            unpackWARs="true" autoDeploy="true">
+
+        <!-- SingleSignOn valve, share authentication between web applications
+             Documentation at: /docs/config/valve.html -->
+        <!--
+        <Valve className="org.apache.catalina.authenticator.SingleSignOn" />
+        -->
+
+        <!-- Access log processes all example.
+             Documentation at: /docs/config/valve.html
+             Note: The pattern used is equivalent to using pattern="common" -->
+        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+               prefix="localhost_access_log" suffix=".txt"
+               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+
+      </Host>
+    </Engine>
+  </Service>
+</Server>
\ No newline at end of file
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ApplicationsRestClientServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ApplicationsRestClientServiceImpl.java
index 5a354f3a..54b915fe 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ApplicationsRestClientServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ApplicationsRestClientServiceImpl.java
@@ -207,8 +207,8 @@ public class ApplicationsRestClientServiceImpl implements ApplicationsRestClient
 			client.header(SystemProperties.USERAGENT_NAME, EPCommonSystemProperties.ECOMP_PORTAL_BE);
 			
 			logger.debug(EELFLoggerDelegate.debugLogger,
-					String.format("App %d found, baseUri=[%s], Headers: [%s=%s, %s=%s, %s=%s]", appSystemId, appBaseUri,
-							APP_USERNAME_HEADER, username, PASSWORD_HEADER, encriptedPwd, BASIC_AUTHENTICATION_HEADER, encodingStr));
+					String.format("App %d found, baseUri=[%s], Headers: [%s=%s]", appSystemId, appBaseUri,
+							APP_USERNAME_HEADER, username));
 
 			return client;
 		}
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
index a77b9589..f83a8e34 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/ExternalAccessRolesServiceImpl.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -42,7 +42,6 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Iterator;
-import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -53,7 +52,6 @@ import java.util.stream.Collectors;
 
 import org.apache.commons.codec.DecoderException;
 import org.apache.commons.codec.binary.Hex;
-import org.apache.commons.lang.StringUtils;
 import org.hibernate.Query;
 import org.hibernate.Session;
 import org.hibernate.SessionFactory;
@@ -99,7 +97,6 @@ import org.onap.portalapp.portal.transport.ExternalAccessRolePerms;
 import org.onap.portalapp.portal.transport.ExternalAccessUser;
 import org.onap.portalapp.portal.transport.ExternalAccessUserRoleDetail;
 import org.onap.portalapp.portal.transport.ExternalRequestFieldsValidator;
-import org.onap.portalapp.portal.transport.ExternalRoleDescription;
 import org.onap.portalapp.portal.transport.GlobalRoleWithApplicationRoleFunction;
 import org.onap.portalapp.portal.transport.LocalRole;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
@@ -157,8 +154,6 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 
 	private static final String FUNCTION_PIPE = "|";
 
-	private static final String IS_NULL_STRING = "null";
-
 	private static final String EXTERNAL_AUTH_PERMS = "perms";
 
 	private static final String EXTERNAL_AUTH_ROLE_DESCRIPTION = "description";
@@ -167,18 +162,10 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 
 	private static final String CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE = "Connecting to External Auth system";
 
-	private static final String APP_ROLE_ID = "appRoleId";
-
 	private static final String APP_ID = "appId";
 
-	private static final String PRIORITY = "priority";
-
-	private static final String ACTIVE = "active";
-
 	private static final String ROLE_NAME = "name";
 
-	private static final String ID = "id";
-
 	private static final String APP_ID_EQUALS = " app_id = ";
 	
 	private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesServiceImpl.class);
@@ -315,12 +302,10 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 	 * @throws Exception
 	 * 					If updateRoleInExternalSystem fails we catch it in logger for detail message
 	 */
-	@SuppressWarnings("unchecked")
 	private boolean updateRoleInExternalSystem(Role updateExtRole, EPApp app, boolean isGlobalRole) throws Exception {
 		boolean response = false;
 		ObjectMapper mapper = new ObjectMapper();
 		ResponseEntity<String> deleteResponse = null;
-		HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
 		List<EPRole> epRoleList = null;
 		if (app.getId().equals(PortalConstants.PORTAL_APP_ID)
 				|| (isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) {
@@ -328,7 +313,6 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 		} else {
 			epRoleList = getPartnerAppRoleInfo(updateExtRole.getId(), app);
 		}
-
 		// Assigning functions to global role
 		if ((isGlobalRole && !app.getId().equals(PortalConstants.PORTAL_APP_ID))) {
 			List<RoleFunction> globalRoleFunctionListNew = convertSetToListOfRoleFunctions(updateExtRole);
@@ -360,86 +344,29 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 						list = mapper.readValue(perms.toString(), TypeFactory.defaultInstance()
 								.constructCollectionType(List.class, ExternalAccessPerms.class));
 					}
-					ExternalRoleDescription sysRoleList = mapper.readValue(desc, ExternalRoleDescription.class);
 					// If role name or role functions are updated then delete
 					// record in External System and add new record to avoid
 					// conflicts
-					Boolean existingRoleActive;
-					boolean isActiveValueChanged;
-					// check role active status
-					existingRoleActive = new Boolean(sysRoleList.getActive());
-					isActiveValueChanged = existingRoleActive.equals(updateExtRole.getActive());
 					boolean isRoleNameChanged = false;
-					if (!sysRoleList.getName().equals(updateExtRole.getName())) {
+					if (!desc.equals(updateExtRole.getName())) {
 						isRoleNameChanged = true;
-						Map<String, String> delRoleKeyMapper = new HashMap<>();
-						delRoleKeyMapper.put(ROLE_NAME, name);
-						String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper);
-						deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue);
-						if (deleteResponse.getStatusCode().value() != 200) {
-							logger.error(EELFLoggerDelegate.errorLogger,
-									"updateRoleInExternalSystem:  Failed to delete role in external system due to {} ",
-									deleteResponse.getBody());
-							throw new ExternalAuthSystemException(deleteResponse.getBody());
-						}
+						deleteRoleInExtSystem(mapper, name);
 						addRole(updateExtRole, app.getUebKey());
 						// add partner functions to the global role in External Auth System
-						if(!list.isEmpty() && isGlobalRole){
-							addPartnerHasRoleFunctionsToGlobalRole(list, mapper, app, updateExtRole);	
+						if (!list.isEmpty() && isGlobalRole) {
+							addPartnerHasRoleFunctionsToGlobalRole(list, mapper, app, updateExtRole);
 						}
-						list.removeIf(perm -> EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace()));
-						// if role name is changes please ignore the previous functions in External Auth and update with user requested functions
-						addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name,
-								list);
+						list.removeIf(
+								perm -> EcompPortalUtils.checkNameSpaceMatching(perm.getType(), app.getNameSpace()));
+						// if role name is changes please ignore the previous functions in External Auth
+						// and update with user requested functions
+						addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name, list);
 					}
-					boolean checkPriorityStatus = StringUtils.equals(String.valueOf(sysRoleList.getPriority()),
-							String.valueOf(updateExtRole.getPriority()));
-					ExternalAccessRole updateRole = new ExternalAccessRole();
-					if (!isActiveValueChanged || !checkPriorityStatus || sysRoleList.getId().equals(IS_NULL_STRING)
-							|| !sysRoleList.getId().equals(String.valueOf(epRoleList.get(0).getId()))) {
-						String updateDesc = "";
-						List<EPRole> getRole;
-						final Map<String, String> getAppRoleByName =  new HashMap<>();
-						getAppRoleByName.put(APP_ROLE_NAME_PARAM, updateExtRole.getName());
-						if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
-							getRole = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, getAppRoleByName,
-									null);
-						} else {
-							getAppRoleByName.put("appId", String.valueOf(app.getId()));
-							getRole = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM,
-									getAppRoleByName, null);
-						}
-						Map<String, String> extSystemUpdateRoleJsonMapper = new LinkedHashMap<>();
-						extSystemUpdateRoleJsonMapper.put(ID, String.valueOf(getRole.get(0).getId()));
-						extSystemUpdateRoleJsonMapper.put(ROLE_NAME, String.valueOf(updateExtRole.getName()));
-						extSystemUpdateRoleJsonMapper.put(ACTIVE, String.valueOf(updateExtRole.getActive()));
-						extSystemUpdateRoleJsonMapper.put(PRIORITY, String.valueOf(updateExtRole.getPriority()));
-						if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
-							extSystemUpdateRoleJsonMapper.put(APP_ID, "null");
-							extSystemUpdateRoleJsonMapper.put(APP_ROLE_ID, "null");
-						} else {
-							extSystemUpdateRoleJsonMapper.put(APP_ID, String.valueOf(app.getId()));
-							extSystemUpdateRoleJsonMapper.put(APP_ROLE_ID,
-									String.valueOf(getRole.get(0).getAppRoleId()));
-
-						}
-						updateDesc = mapper.writeValueAsString(extSystemUpdateRoleJsonMapper);
-						updateRole.setName(app.getNameSpace() + "." + updateExtRole.getName().replaceAll(
-								EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
-						updateRole.setDescription(updateDesc);
-						String updateRoleDesc = mapper.writeValueAsString(updateRole);
-						HttpEntity<String> entity = new HttpEntity<>(updateRoleDesc, headers);
-						logger.debug(EELFLoggerDelegate.debugLogger, "updateRoleInExternalSystem: {} for PUT: {}",
-								CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRoleDesc);
-						ResponseEntity<String> updatePermsResponse = template.exchange(
-								SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL)
-										+ "role",
-								HttpMethod.PUT, entity, String.class);
-						logger.debug(EELFLoggerDelegate.debugLogger,
-								"updateRoleInExternalSystem: Finished updating in External Auth system {} and status code: {} ",
-								updateRoleDesc, updatePermsResponse.getStatusCode().value());
+					// Delete role in External System if role is inactive
+					if (!updateExtRole.getActive()) {
+						deleteRoleInExtSystem(mapper, name);
 					}
-					if(!isRoleNameChanged) {
+					if (!isRoleNameChanged) {
 						response = addRemoveFunctionsToRole(updateExtRole, app, mapper, roleFunctionListNew, name,
 								list);
 					}
@@ -447,17 +374,41 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 			} else {
 				// It seems like role exists in local DB but not in External
 				// Access system
-				addRole(updateExtRole, app.getUebKey());
-				List<RoleFunction> roleFunctionListUpdate = convertSetToListOfRoleFunctions(updateExtRole);
-				response = true;
-				if (!roleFunctionListUpdate.isEmpty()) {
-					addRoleFunctionsInExternalSystem(updateExtRole, mapper, app);
+				if (updateExtRole.getActive()) {
+					addRole(updateExtRole, app.getUebKey());
+					ExternalAccessRolePerms extAddRolePerms = null;
+					ExternalAccessPerms extAddPerms = null;
+					List<RoleFunction> roleFunctionListAdd = convertSetToListOfRoleFunctions(updateExtRole);
+					HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
+					for (RoleFunction roleFunc : roleFunctionListAdd) {
+						extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + roleFunc.getType(),
+								roleFunc.getCode(), roleFunc.getAction());
+						extAddRolePerms = new ExternalAccessRolePerms(extAddPerms,
+								app.getNameSpace() + "." + updateExtRole.getName().replaceAll(
+										EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
+						response = addRoleFuncExtSysRestAPI(mapper, extAddRolePerms, headers);
+					}
 				}
 			}
 		}
 		return response;
 	}
 
+	private void deleteRoleInExtSystem(ObjectMapper mapper, String name)
+			throws JsonProcessingException, Exception, ExternalAuthSystemException {
+		ResponseEntity<String> deleteResponse;
+		Map<String, String> delRoleKeyMapper = new HashMap<>();
+		delRoleKeyMapper.put(ROLE_NAME, name);
+		String delRoleKeyValue = mapper.writeValueAsString(delRoleKeyMapper);
+		deleteResponse = deleteRoleInExternalSystem(delRoleKeyValue);
+		if (deleteResponse.getStatusCode().value() != 200) {
+			logger.error(EELFLoggerDelegate.errorLogger,
+					"updateRoleInExternalSystem:  Failed to delete role in external system due to {} ",
+					deleteResponse.getBody());
+			throw new ExternalAuthSystemException(deleteResponse.getBody());
+		}
+	}
+
 	private boolean addRemoveFunctionsToRole(Role updateExtRole, EPApp app, ObjectMapper mapper,
 			List<RoleFunction> roleFunctionListNew, String name, List<ExternalAccessPerms> list) throws Exception {
 		boolean response;
@@ -701,54 +652,23 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 		}
 	}
 
-	/**
-	 * 
-	 * It adds functions to the role in external auth system 
-	 * 
-	 * @param updateExtRole
-	 * @param addPermsMapper
-	 * @param app
-	 * @return true if success else false
-	 * @throws Exception
-	 */
-	private boolean addRoleFunctionsInExternalSystem(Role updateExtRole, ObjectMapper addPermsMapper, EPApp app)
-			throws Exception {
-		boolean response = false;
-		ExternalAccessRolePerms extAddRolePerms = null;
-		ExternalAccessPerms extAddPerms = null;
-		List<RoleFunction> roleFunctionListAdd = convertSetToListOfRoleFunctions(updateExtRole);
-		HttpHeaders headers = EcompPortalUtils.base64encodeKeyForAAFBasicAuth();
-		for (RoleFunction roleFunc : roleFunctionListAdd) {
-			String code = "";
-			String type= "";
-			String action = "";
-			if (roleFunc.getCode().contains(FUNCTION_PIPE)) {
-				code = EcompPortalUtils.getFunctionCode(roleFunc.getCode());
-				type = getFunctionCodeType(roleFunc.getCode());
-				action = getFunctionCodeAction(roleFunc.getCode());
-			} else {
-				code = roleFunc.getCode();
-				type = roleFunc.getCode().contains("menu") ? "menu" : "url";
-				action = "*";
-			}
-			extAddPerms = new ExternalAccessPerms(app.getNameSpace() + "." + type, code, action);
-			extAddRolePerms = new ExternalAccessRolePerms(extAddPerms,
-					app.getNameSpace() + "." + updateExtRole.getName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
-			String updateRolePerms = addPermsMapper.writeValueAsString(extAddRolePerms);
-			HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
-			logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} for POST: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
-			ResponseEntity<String> addResponse = template.exchange(
-					SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
-					HttpMethod.POST, entity, String.class);
-			if (addResponse.getStatusCode().value() != 201) {
-				response = false;
-				logger.debug(EELFLoggerDelegate.debugLogger,
-						"addRoleFunctionsInExternalSystem: While adding permission to the role in  External Auth system something went wrong! due to {} and statuscode: {}",
-						addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
-			} else {
-				response = true;
-				logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ", updateRolePerms, addResponse.getStatusCode().value());
-			}
+	private boolean addRoleFuncExtSysRestAPI(ObjectMapper addPermsMapper, ExternalAccessRolePerms extAddRolePerms,
+			HttpHeaders headers) throws JsonProcessingException {
+		boolean response;
+		String updateRolePerms = addPermsMapper.writeValueAsString(extAddRolePerms);
+		HttpEntity<String> entity = new HttpEntity<>(updateRolePerms, headers);
+		logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: {} for POST: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, updateRolePerms);
+		ResponseEntity<String> addResponse = template.exchange(
+				SystemProperties.getProperty(EPCommonSystemProperties.EXTERNAL_CENTRAL_ACCESS_URL) + "role/perm",
+				HttpMethod.POST, entity, String.class);
+		if (addResponse.getStatusCode().value() != 201 && addResponse.getStatusCode().value() != 409) {
+			response = false;
+			logger.debug(EELFLoggerDelegate.debugLogger,
+					"addRoleFunctionsInExternalSystem: While adding permission to the role in  External Auth system something went wrong! due to {} and statuscode: {}",
+					addResponse.getStatusCode().getReasonPhrase(), addResponse.getStatusCode().value());
+		} else {
+			response = true;
+			logger.debug(EELFLoggerDelegate.debugLogger, "addRoleFunctionsInExternalSystem: Finished adding permissions to roles in External Auth system {} and status code: {} ", updateRolePerms, addResponse.getStatusCode().value());
 		}
 		return response;
 	}
@@ -823,17 +743,8 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 		ObjectMapper mapper = new ObjectMapper();
 		String addNewRole = "";
 		ExternalAccessRole extRole = new ExternalAccessRole();
-		String addDesc = null;
-		Map<String, String> extSystemJsonMapper = new LinkedHashMap<>();
-		extSystemJsonMapper.put(ID, String.valueOf(newRole.get(0).getId()));
-		extSystemJsonMapper.put(ROLE_NAME, String.valueOf(newRole.get(0).getName()));
-		extSystemJsonMapper.put(ACTIVE, String.valueOf(newRole.get(0).getActive()));
-		extSystemJsonMapper.put(PRIORITY, String.valueOf(newRole.get(0).getPriority()));
-		extSystemJsonMapper.put(APP_ID, String.valueOf(newRole.get(0).getAppId()));
-		extSystemJsonMapper.put(APP_ROLE_ID, String.valueOf(newRole.get(0).getAppRoleId()));
-		addDesc = mapper.writeValueAsString(extSystemJsonMapper);
 		extRole.setName(app.getNameSpace() + "." + newRole.get(0).getName().replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
-		extRole.setDescription(addDesc);
+		extRole.setDescription(String.valueOf(newRole.get(0).getName()));
 		addNewRole = mapper.writeValueAsString(extRole);
 		HttpEntity<String> postEntity = new HttpEntity<>(addNewRole, headers);
 		logger.debug(EELFLoggerDelegate.debugLogger, "addNewRoleInExternalSystem: {} for POST: {} " , CONNECTING_TO_EXTERNAL_AUTH_SYSTEM_LOG_MESSAGE, addNewRole);
@@ -1258,13 +1169,11 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 	 */
 	@SuppressWarnings("unchecked")
 	private CentralV2User createEPUser(EPUser userInfo, Set<EPUserApp> userAppSet, EPApp app) throws Exception {
-
 		final Map<String, Long> params = new HashMap<>();
 		CentralV2User userAppList = new CentralV2User();
 		CentralV2User user1 = null;
 		final Map<String, Long> params1 = new HashMap<>();
 		List<EPRole> globalRoleList = new ArrayList<>();
-
 		try {
 			if (app.getId() != PortalConstants.PORTAL_APP_ID) {
 				params1.put("userId", userInfo.getId());
@@ -1781,7 +1690,7 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 		String deleteRoleKey = "{\"name\":\"" + app.getNameSpace() + "." + epRoleList.get(0).getName()
 				.replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_") + "\"}";
 		deleteResponse = deleteRoleInExternalSystem(deleteRoleKey);
-		if (deleteResponse.getStatusCode().value() != 200 || deleteResponse.getStatusCode().value() != 404) {
+		if (deleteResponse.getStatusCode().value() != 200 && deleteResponse.getStatusCode().value() != 404) {
 			EPLogUtil.logExternalAuthAccessAlarm(logger, deleteResponse.getStatusCode());
 			logger.error(EELFLoggerDelegate.errorLogger,
 					"deleteRoleForApplication: Failed to delete role in external auth system! due to {} ",
@@ -2190,7 +2099,8 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 			if (extPerms.getJSONObject(i).has("description")) {
 				description = extPerms.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
 			} else {
-				description = extPerms.getJSONObject(i).getString("instance");
+				description = extPerms.getJSONObject(i).getString("type")+"|"+extPerms.getJSONObject(i).getString("instance")
+						+"|"+extPerms.getJSONObject(i).getString("action");
 			}
 			if (extPerms.getJSONObject(i).has("roles")) {
 				ObjectMapper rolesListMapper = new ObjectMapper();
@@ -2341,7 +2251,7 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 		roleParams.put(APP_ROLE_NAME_PARAM, role);
 		List<EPRole> roleCreated = null;
 		if (app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
-			roleCreated = dataAccessService.executeNamedQuery(GET_ROLE_TO_UPDATE_IN_EXTERNAL_AUTH_SYSTEM, roleParams,
+			roleCreated = dataAccessService.executeNamedQuery(GET_PORTAL_APP_ROLES_QUERY, roleParams,
 					null);
 		} else {
 			roleParams.put("appId", String.valueOf(app.getId()));
@@ -2710,6 +2620,7 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 			JSONArray extRole = getAppRolesJSONFromExtAuthSystem(app);
 			
 			logger.debug(EELFLoggerDelegate.debugLogger, "Entering into getExternalRoleDetailsList");
+			//refactoring done
 			List<ExternalRoleDetails> externalRoleDetailsList = getExternalRoleDetailsList(app,
 					mapper, extRole);
 			
@@ -2899,20 +2810,17 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 			ObjectMapper mapper, JSONArray extRole)
 			throws IOException {
 		List<ExternalRoleDetails> externalRoleDetailsList = new ArrayList<>();
-		ExternalRoleDescription ApplicationRole = new ExternalRoleDescription();
 		ExternalAccessPerms externalAccessPerms = new ExternalAccessPerms();
 		List<String> functionCodelist = new ArrayList<>();
 		Map<String, EPRole> curRolesMap = getCurrentRolesInDB(app);
-
 		for (int i = 0; i < extRole.length(); i++) {
 			ExternalRoleDetails externalRoleDetail = new ExternalRoleDetails();
 			EPAppRoleFunction ePAppRoleFunction = new EPAppRoleFunction();
 			JSONObject Role = (JSONObject) extRole.get(i);
-			String roleName = extRole.getJSONObject(i).getString(ROLE_NAME);
-			ApplicationRole.setName(roleName.substring(app.getNameSpace().length() + 1));
+			String name = extRole.getJSONObject(i).getString(ROLE_NAME);
+			String actualRoleName = name.substring(app.getNameSpace().length() + 1); 
 			if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_ROLE_DESCRIPTION)) {
-				String desc = extRole.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
-				ApplicationRole.setName(desc);
+				actualRoleName = extRole.getJSONObject(i).getString(EXTERNAL_AUTH_ROLE_DESCRIPTION);
 			}
 			SortedSet<ExternalAccessPerms> externalAccessPermsOfRole = new TreeSet<>();
 			if (extRole.getJSONObject(i).has(EXTERNAL_AUTH_PERMS)) {
@@ -2932,14 +2840,14 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 				}
 			}
 			externalRoleDetail.setActive(true);
-			externalRoleDetail.setName(ApplicationRole.getName());
+			externalRoleDetail.setName(actualRoleName);
 			if (app.getId() == 1) {
 				externalRoleDetail.setAppId(null);
 			} else {
 				externalRoleDetail.setAppId(app.getId());
 			}
 			// get role functions from DB
-			EPRole currRole = curRolesMap.get(ApplicationRole.getName()
+			EPRole currRole = curRolesMap.get(actualRoleName
 					.replaceAll(EcompPortalUtils.EXTERNAL_CENTRAL_AUTH_ROLE_HANDLE_SPECIAL_CHARACTERS, "_"));
 			Long roleId = null;
 			if (currRole != null)
@@ -3045,6 +2953,9 @@ public class ExternalAccessRolesServiceImpl implements ExternalAccessRolesServic
 		logger.debug(EELFLoggerDelegate.debugLogger,
 				"syncApplicationRolesWithEcompDB: Finished GET roles from External Auth system and the result is :",
 				res);
+		if(res == null || res.trim().isEmpty()) 
+			return null;
+		
 		JSONObject jsonObj = new JSONObject(res);
 		JSONArray extRole = jsonObj.getJSONArray("userRole");
 		
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
index 2eb7c948..b0dd4a21 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/UserRolesCommonServiceImpl.java
@@ -823,6 +823,72 @@ public class UserRolesCommonServiceImpl  {
 		return addRemoteUser;
 	}
 	
+	
+	private EPUser pushRemoteUser(List<RoleInAppForUser> roleInAppForUserList, String userId, EPApp app,
+			ObjectMapper mapper, SearchService searchService,
+			ApplicationsRestClientService applicationsRestClientService) throws Exception {
+		EPUser addRemoteUser = null;
+		if (remoteUserShouldBeCreated(roleInAppForUserList)) {
+			pushUserOnRemoteApp(userId, app, applicationsRestClientService, searchService, mapper,
+					isAppUpgradeVersion(app), roleInAppForUserList);
+		}
+		return addRemoteUser;
+	}
+
+	protected void pushUserOnRemoteApp(String userId, EPApp app,
+			ApplicationsRestClientService applicationsRestClientService, SearchService searchService,
+			ObjectMapper mapper, boolean postOpenSource, List<RoleInAppForUser> roleInAppForUserList) throws Exception {
+
+		EPUser client = searchService.searchUserByUserId(userId);
+
+		mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+
+		if (client == null) {
+			String msg = "cannot create user " + userId + ", because he/she cannot be found in phonebook.";
+			logger.error(EELFLoggerDelegate.errorLogger, msg);
+			throw new Exception(msg);
+		}
+
+		client.setLoginId(userId);
+		client.setActive(true);
+		roleInAppForUserList.removeIf(role -> role.isApplied.equals(false));
+		Set<EcompRole> userRolesInRemoteApp = constructUsersRemoteAppRoles(roleInAppForUserList);
+		SortedSet<Role> roles = new TreeSet<>();
+		List<EPRole> getAppRoles = getAppRoles(app.getId());
+		for (EcompRole epRole : userRolesInRemoteApp) {
+			Role role = new Role();
+			EPRole appRole = getAppRoles.stream()
+					  .filter(applicationRole -> epRole.getId().equals(applicationRole.getId()))
+					  .findAny()
+					  .orElse(null);
+			if(appRole != null)
+			role.setId(appRole.getAppRoleId());
+			role.setName(epRole.getName());
+			roles.add(role);
+		}
+		client.setRoles(roles);
+		String userInString = null;
+		userInString = mapper.writerFor(EPUser.class).writeValueAsString(client);
+		logger.debug(EELFLoggerDelegate.debugLogger,
+				"about to post a client to remote application, users json = " + userInString);
+		applicationsRestClientService.post(EPUser.class, app.getId(), userInString, String.format("/user/%s", userId));
+
+	}
+	
+	
+	public List<EPRole> getAppRoles(Long appId) throws Exception {
+		List<EPRole> applicationRoles = null;
+		final Map<String, Long> appParams = new HashMap<>();
+		try {
+				appParams.put("appId", appId);
+				applicationRoles = dataAccessService.executeNamedQuery("getPartnerAppRolesList", appParams, null);
+		} catch (Exception e) {
+			logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles: failed", e);
+			throw e;
+		}
+		return applicationRoles;
+	}
+	
 	/**
 	 * It checks whether the remote user exists or not
 	 * if exits returns user object else null
@@ -883,16 +949,12 @@ public class UserRolesCommonServiceImpl  {
 				// if centralized app
 				if (app.getCentralAuth()) {
 					if (!app.getId().equals(PortalConstants.PORTAL_APP_ID)) {
-						try {
-							addRemoteUser(roleInAppForUserList, userId, app, mapper, searchService,
+							pushRemoteUser(roleInAppForUserList, userId, app, mapper, searchService,
 									applicationsRestClientService);
-						} catch (Exception e) {
-							String message=e.getMessage();
-							logger.error(EELFLoggerDelegate.errorLogger, message, e);
-						}
 					}
 					
-					Set<EcompRole> userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
+					
+					Set<EcompRole>  userRolesInLocalApp = postUsersRolesToLocalApp(roleInAppForUserList, mapper,
 							applicationsRestClientService, appId, userId);
 					RolesInAppForUser rolesInAppForUser = constructRolesInAppForUserUpdate(userId, appId,
 							userRolesInLocalApp);
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/ExternalRoleDescription.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/ExternalRoleDescription.java
index dd013c78..b9781071 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/ExternalRoleDescription.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/ExternalRoleDescription.java
@@ -39,59 +39,20 @@ package org.onap.portalapp.portal.transport;
 
 public class ExternalRoleDescription {
 
-	private String id;
 	private String  name;
-    private String active;
-    private String priority;
-    private String appId;
-    private String appRoleId;
     
-	public String getId() {
-		return id;
-	}
-	public void setId(String id) {
-		this.id = id;
-	}
 	public String getName() {
 		return name;
 	}
 	public void setName(String name) {
 		this.name = name;
 	}
-	public String getActive() {
-		return active;
-	}
-	public void setActive(String active) {
-		this.active = active;
-	}
-	public String getPriority() {
-		return priority;
-	}
-	public void setPriority(String priority) {
-		this.priority = priority;
-	}
-	public String getAppId() {
-		return appId;
-	}
-	public void setAppId(String appId) {
-		this.appId = appId;
-	}
-	public String getAppRoleId() {
-		return appRoleId;
-	}
-	public void setAppRoleId(String appRoleId) {
-		this.appRoleId = appRoleId;
-	}
+
 	@Override
 	public int hashCode() {
 		final int prime = 31;
 		int result = 1;
-		result = prime * result + ((active == null) ? 0 : active.hashCode());
-		result = prime * result + ((appId == null) ? 0 : appId.hashCode());
-		result = prime * result + ((appRoleId == null) ? 0 : appRoleId.hashCode());
-		result = prime * result + ((id == null) ? 0 : id.hashCode());
 		result = prime * result + ((name == null) ? 0 : name.hashCode());
-		result = prime * result + ((priority == null) ? 0 : priority.hashCode());
 		return result;
 	}
 	@Override
@@ -103,38 +64,15 @@ public class ExternalRoleDescription {
 		if (getClass() != obj.getClass())
 			return false;
 		ExternalRoleDescription other = (ExternalRoleDescription) obj;
-		if (active == null) {
-			if (other.active != null)
-				return false;
-		} else if (!active.equals(other.active))
-			return false;
-		if (appId == null) {
-			if (other.appId != null)
-				return false;
-		} else if (!appId.equals(other.appId))
-			return false;
-		if (appRoleId == null) {
-			if (other.appRoleId != null)
-				return false;
-		} else if (!appRoleId.equals(other.appRoleId))
-			return false;
-		if (id == null) {
-			if (other.id != null)
-				return false;
-		} else if (!id.equals(other.id))
-			return false;
 		if (name == null) {
 			if (other.name != null)
 				return false;
 		} else if (!name.equals(other.name))
 			return false;
-		if (priority == null) {
-			if (other.priority != null)
-				return false;
-		} else if (!priority.equals(other.priority))
-			return false;
 		return true;
 	}
+	
+	
     
     
 }
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/ExternalAccessUserRoleDetailTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/ExternalAccessUserRoleDetailTest.java
index e6d97ec4..1ddadd89 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/ExternalAccessUserRoleDetailTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/ExternalAccessUserRoleDetailTest.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -48,13 +48,7 @@ public class ExternalAccessUserRoleDetailTest {
 	public ExternalAccessUserRoleDetail mockExternalAccessUserRoleDetail(){
 		
 		ExternalRoleDescription externalRoleDescription = new ExternalRoleDescription();
-		externalRoleDescription.setId("test");
 		externalRoleDescription.setName("test");
-		externalRoleDescription.setActive("test");
-		externalRoleDescription.setPriority("test");
-		externalRoleDescription.setAppId("test");
-		externalRoleDescription.setAppRoleId("test");
-			    
 		ExternalAccessUserRoleDetail externalAccessUserRoleDetail = new ExternalAccessUserRoleDetail("test", externalRoleDescription);
 		
 		externalAccessUserRoleDetail.setName("test");
@@ -67,12 +61,7 @@ public class ExternalAccessUserRoleDetailTest {
 		ExternalAccessUserRoleDetail externalAccessUserRoleDetail = mockExternalAccessUserRoleDetail();
 		
 		ExternalRoleDescription externalRoleDescription1 = new ExternalRoleDescription();
-		externalRoleDescription1.setId("test");
 		externalRoleDescription1.setName("test");
-		externalRoleDescription1.setActive("test");
-		externalRoleDescription1.setPriority("test");
-		externalRoleDescription1.setAppId("test");
-		externalRoleDescription1.setAppRoleId("test");
 			    
 		ExternalAccessUserRoleDetail externalAccessUserRoleDetail1 = new ExternalAccessUserRoleDetail("test", externalRoleDescription1);
 		
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/ExternalRoleDescriptionTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/ExternalRoleDescriptionTest.java
index 6a4b6cab..41ee7fde 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/ExternalRoleDescriptionTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/transport/ExternalRoleDescriptionTest.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -42,7 +42,6 @@ import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.onap.portalapp.portal.transport.ExternalRoleDescription;
 
 public class ExternalRoleDescriptionTest {
 
@@ -51,49 +50,17 @@ public class ExternalRoleDescriptionTest {
 	@Test
 	public void externalRoleDescriptionTest(){
 		ExternalRoleDescription extRole=mockExternalRoleDescription();
-		
 		ExternalRoleDescription externalRoleDescription = new ExternalRoleDescription();
-		 externalRoleDescription.setId(extRole.getId());
 		    externalRoleDescription.setName(extRole.getName());
-		    externalRoleDescription.setActive(extRole.getActive());
-		    externalRoleDescription.setPriority(extRole.getPriority());
-		    externalRoleDescription.setAppId(extRole.getAppId());
-		    externalRoleDescription.setAppRoleId(extRole.getAppRoleId());
-		
-		assertEquals(externalRoleDescription.getId(), TEST);
 		assertEquals(externalRoleDescription.getName(), TEST);
-		assertEquals(externalRoleDescription.getActive(), TEST);
-		assertEquals(externalRoleDescription.getPriority(), TEST);
-		assertEquals(externalRoleDescription.getAppId(), TEST);
-		assertEquals(externalRoleDescription.getAppRoleId(), TEST);
 		assertEquals(externalRoleDescription.hashCode(), extRole.hashCode());
 		assertTrue(externalRoleDescription.equals(extRole));
-		
-		assertFalse(externalRoleDescription.equals(null));
-		externalRoleDescription.setPriority(null);
-		assertFalse(externalRoleDescription.equals(extRole));
 		externalRoleDescription.setName(null);
 		assertFalse(externalRoleDescription.equals(extRole));
-		externalRoleDescription.setId(null);
-		assertFalse(externalRoleDescription.equals(extRole));
-		externalRoleDescription.setAppRoleId(null);
-		assertFalse(externalRoleDescription.equals(extRole));
-		externalRoleDescription.setAppId(null);
-		assertFalse(externalRoleDescription.equals(extRole));
-		externalRoleDescription.setActive(null);
-		assertFalse(externalRoleDescription.equals(extRole));
 	}
 	private ExternalRoleDescription mockExternalRoleDescription(){
-		
 		ExternalRoleDescription externalRoleDescription = new ExternalRoleDescription();
-			    
-	    externalRoleDescription.setId(TEST);
 	    externalRoleDescription.setName(TEST);
-	    externalRoleDescription.setActive(TEST);
-	    externalRoleDescription.setPriority(TEST);
-	    externalRoleDescription.setAppId(TEST);
-	    externalRoleDescription.setAppRoleId(TEST);
-	    
 		return externalRoleDescription;
 	}
 	
diff --git a/ecomp-portal-BE-os/README.md b/ecomp-portal-BE-os/README.md
index 682dbfce..7f4358f4 100644
--- a/ecomp-portal-BE-os/README.md
+++ b/ecomp-portal-BE-os/README.md
@@ -44,6 +44,8 @@ Version 2.2
 - [Portal-220] Fix to delete a portal admin, removed the OS test case
 - [Portal-248] Id value fix in in Add App Account Management modal
 - [Portal-211] High memory Usage by Portal, SDK, Cassandra
+- [Portal-202] Remove files that have GPL or other license issues - b2b-library.min.js
+- [Portal-432]Push userroles even if the app is centralized(ASDC)
 
 Version 1.1.0 (Amsterdam), November 2017
 - [Portal-6] Updates to License and Trademark in the PORTAL Source Code
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
index e9c48251..ac7c3f72 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/conf/ExternalAppConfig.java
@@ -162,23 +162,15 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
 			MDC.put(MDC_ALERT_SEVERITY, AlarmSeverityEnum.INFORMATIONAL.severity());
 			MDC.put(MDC_INSTANCE_UUID, SystemProperties.getProperty(SystemProperties.INSTANCE_UUID));
 			
-			//			if("true".equalsIgnoreCase(remotecentralizedsystemaccess)){
-			//				importFromExternalAuth();
-			//			}			
+			if("true".equalsIgnoreCase(remotecentralizedsystemaccess)){
+				importFromExternalAuth();
+			}			
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "init failed", e);
 		}
 	}
 
-	/**
-	 * Does a sync on functions, roles and role functions based on namespace 
-	 * for all the centralized applications between AAF and ONAP, updates
-	 * fn_user and fn_user_role with user information from AAF.
-	 * 
-	 * This is being handled in AAF directly, so it has been deprecated
-	 * 
-	 */
-	@Deprecated
+	
 	private void importFromExternalAuth() throws Exception {
 		JSONArray aafAppRoles = new JSONArray();
 		JSONArray aafUserList = new JSONArray();
@@ -195,8 +187,8 @@ public class ExternalAppConfig extends AppConfig implements Configurable {
 					for(int j = 0; j < aafAppRoles.length(); j++){
 						ObjectMapper mapper = new ObjectMapper();
 						String name = aafAppRoles.getJSONObject(j).getString("name");
-						String desc = aafAppRoles.getJSONObject(j).getString("description");
-						ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class);
+						//String desc = aafAppRoles.getJSONObject(j).getString("description");
+						//ExternalRoleDescription externalRoleDescription = mapper.readValue(desc, ExternalRoleDescription.class);
 						aafUserList = externalAccessRolesService.getAllUsersByRole(name);	
 						if(aafUserList != null && aafUserList.length() > 0){
 							for(int k = 0; k < aafUserList.length(); k++){
diff --git a/ecomp-portal-BE-os/src/main/resources/music.properties b/ecomp-portal-BE-os/src/main/resources/music.properties
index fdf6e499..87c4c942 100644
--- a/ecomp-portal-BE-os/src/main/resources/music.properties
+++ b/ecomp-portal-BE-os/src/main/resources/music.properties
@@ -12,19 +12,19 @@ music.atomic.put = false
 music.cleanup.frequency = 6
 #how old of session need to be cleaned up (hour)
 music.cleanup.threshold = 10
-cassandra.host=135.197.226.103
-zookeeper.host=135.197.226.103, 135.197.226.108, 135.197.226.119
+cassandra.host=localhost
+zookeeper.host=localhost
 cassandra.user=cassandra
 cassandra.password=cassandra
 
 #Music API 
-#music.endpoint = http://vm-ep-dev4.research.att.com/MUSIC/rest/
+#music.endpoint = localhost
 #music.version = v2
 #music.keyspace = keyspaces
 #music.x.minor.version = 3
 #music.x.patch.version = 0 
-#music.ns = com.att.ecomp.portal.demeter
-#music.user.id = m00468@portal.ecomp.att.com
-#music.password = friedG33nS-
+#music.ns = org.onap.portal
+#music.user.id = xxxxxx@portal.onap.org
+#music.password = xxxxxx
 #music.consistency.info = type
 #music.consistency.info.value = eventual
\ No newline at end of file
diff --git a/ecomp-portal-FE-common/client/app/views/role/role-list-controller.js b/ecomp-portal-FE-common/client/app/views/role/role-list-controller.js
index acfb25e0..0ae218c4 100644
--- a/ecomp-portal-FE-common/client/app/views/role/role-list-controller.js
+++ b/ecomp-portal-FE-common/client/app/views/role/role-list-controller.js
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2017-2018 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  *
  * Unless otherwise specified, all software contained herein is licensed
@@ -217,6 +217,8 @@ app.controller('roleListController', function ($scope,RoleService, applicationsS
 		
 		// edit Role
 		$scope.editRoleModalPopup = function(appId, availableRole) {
+			if(!availableRole.active)
+				 return confirmBoxService.showInformation('Edit is disabled! Please toggle the role to activate it.').then(isConfirmed => {});
 			$scope.editRole = availableRole;
 			if(appId != undefined && availableRole.id != undefined){
 				RoleService.getRole(appId, availableRole.id).then(function(data){	
diff --git a/ecomp-portal-FE-common/client/app/views/role/role_list.html b/ecomp-portal-FE-common/client/app/views/role/role_list.html
index b082c3ea..34244b5f 100644
--- a/ecomp-portal-FE-common/client/app/views/role/role_list.html
+++ b/ecomp-portal-FE-common/client/app/views/role/role_list.html
@@ -93,7 +93,7 @@
 						    	</div>
 		                    </td>
 		                    <td b2b-table-body id="{{$index}}-button-edit-role" class="icon-misc-pen" ng-click="editRoleModalPopup(apps.selectedCentralizedApp, rowData)"></td>
-		                    <td ng-if="apps.selectedCentralizedApp != 1"  b2b-table-body class="icon-trash" ng-click="removeRole(apps.selectedCentralizedApp, rowData)"></td>    
+		                    <td ng-if="apps.selectedCentralizedApp != 1"  b2b-table-body class="icon-misc-trash" ng-click="removeRole(apps.selectedCentralizedApp, rowData)"></td>    
 		                </tr>
 		            </tbody>
 		        </table>
diff --git a/ecomp-portal-FE-os/client/configurations/dev.json b/ecomp-portal-FE-os/client/configurations/dev.json
index 43b82c76..ec7ca82d 100644
--- a/ecomp-portal-FE-os/client/configurations/dev.json
+++ b/ecomp-portal-FE-os/client/configurations/dev.json
@@ -98,7 +98,7 @@
 		"loggedinUser" : "http://localhost:8080/ecompportal/portalApi/loggedinUser",
 		"modifyLoggedinUser" : "http://localhost:8080/ecompportal/portalApi/modifyLoggedinUser",
 		"centralizedApps": "http:/localhost:8080/ecompportal/portalApi/centralizedApps",
-		"uploadRoleFunction":"http://www.ecomp.att.com:8080/ecompportal-att/portalApi/uploadRoleFunction/:appId"
+		"uploadRoleFunction":"http://localhost:8080/ecompportal/portalApi/uploadRoleFunction/:appId"
 	},
 	"cookieDomain": "onap.org"
 }
diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/resources/application.properties b/ecomp-portal-widget-ms/widget-ms/src/main/resources/application.properties
new file mode 100644
index 00000000..5116f966
--- /dev/null
+++ b/ecomp-portal-widget-ms/widget-ms/src/main/resources/application.properties
@@ -0,0 +1,40 @@
+## General App Properties
+server.contextPath=/widget
+server.port=8082
+spring.http.multipart.max-file-size=128MB
+spring.http.multipart.max-request-size=128MB
+
+## App DB Properties
+#
+#db.connectionURL = jdbc:mariadb:failover://mtanjv9pord01.aic.cip.att.com:3306/portal
+#db.userName = m02549
+#db.password = 9zDXMxxzUG1ay5Dny1Eazw==
+#db.encrypt_flag = true
+spring.datasource.url=jdbc:mariadb://vm-ep-dev8.client.research.att.com:3306/portal_2_1_att
+spring.datasource.username=portal_user
+spring.datasource.password=P0rt@l_user
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.MySQLDialect
+spring.database.driver.classname=org.mariadb.jdbc.Driver
+spring.jpa.show-sql=false
+spring.jpa.properties.hibernate.format_sql=false
+
+## Basic Authentication Properties
+security.user.name=widget_user
+security.user.password=widget_pass
+
+## Initalization setting
+initialization.default.widgets=true
+initialization.widgetData.url=http://www.ecomp.att.com:8080/ecompportal-att/commonWidgets
+
+## Account Basic Authentication Properties
+account.user.name=portal
+account.user.password=6APqvG4AU2rfLgCvMdySwQ==
+
+## Certificate Properties
+#server.ssl.key-store=classpath:widget-keystore.p12
+#server.ssl.key-store-password=ENC(DiIYnAMab4u7rEW2yKhF9zBL00uU55q8)
+#server.ssl.keyStoreType=PKCS12
+#server.ssl.keyAlias=widget-microservice
+
+## Jasypt Properties
+jasypt.encryptor.password=EncryptionKey