Merge "Examples.java"
diff --git a/auth-client/pom.xml b/auth-client/pom.xml
index c404ab1..f9f000f 100644
--- a/auth-client/pom.xml
+++ b/auth-client/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>parent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
     </parent>
 
     <artifactId>aaf-auth-client</artifactId>
@@ -66,22 +66,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/auth/auth-batch/pom.xml b/auth/auth-batch/pom.xml
index 802538a..8f9db7c 100644
--- a/auth/auth-batch/pom.xml
+++ b/auth/auth-batch/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -45,22 +45,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
@@ -123,12 +107,6 @@
             <groupId>org.onap.aaf.authz</groupId>
             <artifactId>aaf-auth-deforg</artifactId>
         </dependency>
-
-        <!--dependency>
-            <groupId>org.slf4j</groupId>
-            <artifactId>slf4j-log4j12</artifactId>
-        </dependency -->
-
     </dependencies>
 
     <build>
diff --git a/auth/auth-batch/src/assemble/auth-batch.xml b/auth/auth-batch/src/assemble/auth-batch.xml
index 1ba34da..25b37b7 100644
--- a/auth/auth-batch/src/assemble/auth-batch.xml
+++ b/auth/auth-batch/src/assemble/auth-batch.xml
@@ -38,7 +38,20 @@
       	<include>org.onap.aaf.authz:aaf-cadi-core</include>
       	<include>org.onap.aaf.authz:aaf-misc-env</include>
       	<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+      	<include>javax.xml.bind:jaxb-api</include>
+      	<include>org.glassfish.jaxb:jaxb-runtime</include>
       </includes -->
+      <includes>
+        <include>org.onap.aaf.authz:aaf-auth-batch</include>
+      	<include>org.onap.aaf.authz:aaf-auth-core</include>
+      	<include>org.onap.aaf.authz:aaf-cadi-core</include>
+      	<include>org.onap.aaf.authz:aaf-misc-env</include>
+      	<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
+      	<include>javax.xml.bind:jaxb-api</include>
+      	<include>org.glassfish.jaxb:jaxb-runtime</include>
+      	<include>com.sun.istack:istack-commons-runtime</include>
+      	<include>javax.activation:javax.activation-api</include>
+      </includes>
     </dependencySet>
   </dependencySets>
 </assembly>
\ No newline at end of file
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
index a6c49f0..408a17b 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/ApprovedRpt.java
@@ -63,13 +63,6 @@
 
         TimeTaken tt0 = trans.start("Cassandra Initialization", Env.SUB);
         try {
-//            TimeTaken tt = trans.start("Connect to Cluster", Env.REMOTE);
-//            try {
-//                session = cluster.connect();
-//            } finally {
-//                tt.done();
-//            }
-
             now = new Date();
             String sdate = Chrono.dateOnlyStamp(now);
             File file = new File(logDir(),APPR_RPT + sdate +CSV);
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
index 82542e1..fadd068 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/reports/NotInOrg.java
@@ -99,7 +99,7 @@
     @Override
     protected void run(AuthzTrans trans) {
         try {
-            Map<String,Boolean> checked = new TreeMap<String, Boolean>();
+            Map<String,Boolean> checked = new TreeMap<>();
             trans.info().log("Process Organization Identities");
             trans.info().log("User Roles");
 
diff --git a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
index 3d26ce9..7c516b1 100644
--- a/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
+++ b/auth/auth-batch/src/main/java/org/onap/aaf/auth/batch/update/Remove.java
@@ -111,7 +111,7 @@
         final Holder<Boolean> ur = new Holder<>(false);
         final Holder<Boolean> cred = new Holder<>(false);
         final Holder<Boolean> x509 = new Holder<>(false);
-        final Holder<String> memoFmt = new Holder<String>("");
+        final Holder<String> memoFmt = new Holder<>("");
         final HistoryDAO.Data hdd = new HistoryDAO.Data();
         final String orgName = trans.org().getName();
 
diff --git a/auth/auth-cass/pom.xml b/auth/auth-cass/pom.xml
index d8e25cc..5e86ba6 100644
--- a/auth/auth-cass/pom.xml
+++ b/auth/auth-cass/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -37,22 +37,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
index 75efdfa..31e5069 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/cached/FileGetter.java
@@ -129,7 +129,7 @@
 
     public static void main(String[] args) {
         PropAccess access = new PropAccess(args);
-        access.setProperty(AAF_FILEGETTER,"/Users/jg1555/cred.dat");
+        access.setProperty(AAF_FILEGETTER,"/opt/app/aaf/data/cred.dat");
         FileGetter fg = FileGetter.singleton(access);
 
         for(String id : new String[] {"m01891@aaf.att.com","bogus"}) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
index 0d5c487..e5cde35 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Function.java
@@ -227,7 +227,6 @@
         if (rparent.notOK()) {
             return Result.err(rparent);
         }
-        parent = rparent.value.parent;
         if (!fromApproval) {
             rparent = q.mayUser(trans, user, rparent.value, Access.write);
             if (rparent.notOK()) {
diff --git a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
index 1809686..39578f8 100644
--- a/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
+++ b/auth/auth-cass/src/main/java/org/onap/aaf/auth/dao/hl/Question.java
@@ -786,11 +786,17 @@
                     return Result.err(Status.ERR_BadData,
                             "[%s] cannot be a delegate for self", dd.user);
                 }
-                if (!isUser    && !isGranted(trans, trans.user(), ROOT_NS,DELG,
-                                org.getDomain(), Question.CREATE)) {
-                    return Result.err(Status.ERR_Denied,
+                if (!isUser) {
+                	String supportedDomain = org.supportedDomain(dd.user);
+                	if(supportedDomain==null) {
+                        return Result.err(Status.ERR_Denied,
+                                "[%s] may not create a delegate for the domain for [%s]",
+                                trans.user(), dd.user);
+                	} else if(!isGranted(trans, trans.user(), ROOT_NS,DELG,supportedDomain,Question.CREATE)) {
+                		return Result.err(Status.ERR_Denied,
                             "[%s] may not create a delegate for [%s]",
                             trans.user(), dd.user);
+                	}
                 }
                 break;
             case read:
diff --git a/auth/auth-certman/pom.xml b/auth/auth-certman/pom.xml
index 69465b7..64ab837 100644
--- a/auth/auth-certman/pom.xml
+++ b/auth/auth-certman/pom.xml
@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java
new file mode 100644
index 0000000..38429ad
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/api/CmpClient.java
@@ -0,0 +1,85 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.api;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CAOfflineException;
+import org.onap.aaf.auth.cm.cmpv2client.impl.CmpClientException;
+
+/**
+ * This class represent CmpV2Client Interface for obtaining X.509 Digital Certificates in a Public Key Infrastructure
+ * (PKI), making use of Certificate Management Protocol (CMPv2) operating on newest version: cmp2000(2).
+ */
+public interface CmpClient {
+
+    /**
+     * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+     * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+     * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+     * encountered in fetching certificate from CA.
+     *
+     * @param caName    Information about the External Root Certificate Authority (CA) performing the event CA Name.
+     *                  Could be {@code null}.
+     * @param profile   Profile on CA server Client/RA Mode configuration on Server. Could be {@code null}.
+     * @param csrMeta   Certificate Signing Request Meta Data. Must not be {@code null}.
+     * @param csr       Certificate Signing Request {.cer} file. Must not be {@code null}.
+     * @param notBefore An optional validity to set in the created certificate, Certificate not valid before this date.
+     * @param notAfter  An optional validity to set in the created certificate, Certificate not valid after this date.
+     * @return The newly created Certificate.
+     *
+     * @throws CAOfflineException if External CA that is offline
+     * @throws CmpClientException if client error occurs.
+     */
+    Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr,
+        Date notBefore, Date notAfter)
+        throws CAOfflineException, CmpClientException;
+
+    /**
+     * Requests for a External Root CA Certificate to be created for the passed public keyPair wrapped in a CSRMeta with
+     * common details, accepts self-signed certificate. Basic Authentication using IAK/RV, Verification of the signature
+     * (proof-of-possession) on the request is performed and an Exception thrown if verification fails or issue
+     * encountered in fetching certificate from CA.
+     *
+     * @param caName  Information about the External Root Certificate Authority (CA) performing the event CA Name. Could
+     *                be {@code null}.
+     * @param csrMeta Certificate Signing Request Meta Data. Must not be {@code null}.
+     * @param csr     Certificate Signing Request {.cer} file. Must not be {@code null}.
+     * @return The newly created Certificate.
+     *
+     * @throws CAOfflineException if External CA that is offline
+     * @throws CmpClientException if client error occurs.
+     */
+    Certificate createCertRequest(String caName, String profile, CSRMeta csrMeta, Certificate csr)
+        throws CAOfflineException, CmpClientException;
+
+    /**
+     * Requests to Revoke a Certificate. If the certificate is deemed to be no longer trustable prior to its expiration
+     * date, it can be revoked by the issuing Certificate Authority (CA). Methods of revocation  to be used, Certificate
+     * Revocation List (CRL) Or Online Certificate Status Protocol (OCSP) responses.
+     *
+     * @param caName         CA name. Could be {@code null}.
+     * @param cert           Target certificate. Must not be {@code null}.
+     * @param reason         Revocation reason.
+     * @param invalidityTime Invalidity time. Could be {@code null}.
+     * @return return Certificate.
+     *
+     * @throws CmpClientException if client error occurs.
+     */
+    Certificate revokeCertRequest(String caName, Certificate cert, int reason, Date invalidityTime)
+        throws CAOfflineException, CmpClientException;
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java
new file mode 100644
index 0000000..d1484f3
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CAOfflineException.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CAOfflineException wraps java.net.ConnectException. Exception thrown during Http Method call towards External CA
+ * Server if Offline. Signals an error occurred while attempting to connect a socket to a remote address and port. The
+ * connection was refused remotely (e.g., no process is listening on the remote address/port).
+ */
+public class CAOfflineException extends Exception {
+
+    private static final long serialVersionUID = 2L;
+
+    /**
+     * Creates a new instance without detail message.
+     */
+    public CAOfflineException() {
+        super();
+    }
+
+    /**
+     * Constructs an instance with the specified detail message.
+     *
+     * @param msg the detail message.
+     */
+    public CAOfflineException(String msg) {
+        super(msg);
+    }
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java
new file mode 100644
index 0000000..2a17ab1
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientException.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+/**
+ * The CmpClientException wraps all Exceptions occur internally to Cmpv2Client Api code.
+ */
+public class CmpClientException extends Exception {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Creates a new instance with detail message.
+     */
+    public CmpClientException(String message) {
+        super(message);
+    }
+
+    /**
+     * Creates a new instance with detail Throwable cause.
+     */
+    public CmpClientException(Throwable cause) {
+        super(cause);
+    }
+
+    /**
+     * Creates a new instance with detail message and Throwable cause.
+     */
+    public CmpClientException(String message, Throwable cause) {
+        super(message, cause);
+    }
+}
diff --git a/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java
new file mode 100644
index 0000000..19cf634
--- /dev/null
+++ b/auth/auth-certman/src/main/java/org/onap/aaf/auth/cm/cmpv2client/impl/CmpClientImpl.java
@@ -0,0 +1,54 @@
+/*
+ * Copyright (C) 2019 Ericsson Software Technology AB. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+package org.onap.aaf.auth.cm.cmpv2client.impl;
+
+import java.security.cert.Certificate;
+import java.util.Date;
+import org.onap.aaf.auth.cm.cert.CSRMeta;
+import org.onap.aaf.auth.cm.cmpv2client.api.CmpClient;
+
+/**
+ * Implementation of the CmpClient Interface conforming to RFC4210 (Certificate Management Protocol (CMP)) and RFC4211 (
+ * Certificate Request Message Format (CRMF)) standards.
+ */
+public final class CmpClientImpl implements CmpClient {
+
+    @Override
+    public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+        final Certificate csr, final Date notBefore, final Date notAfter)
+        throws CAOfflineException, CmpClientException {
+
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public Certificate createCertRequest(final String caName, final String profile, final CSRMeta csrMeta,
+        final Certificate csr)
+        throws CAOfflineException, CmpClientException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+    @Override
+    public Certificate revokeCertRequest(final String caName, final Certificate cert, final int reason,
+        final Date invalidityTime)
+        throws CAOfflineException, CmpClientException {
+        // TODO Auto-generated method stub
+        return null;
+    }
+}
+
diff --git a/auth/auth-cmd/pom.xml b/auth/auth-cmd/pom.xml
index 6de09de..2e7cb2d 100644
--- a/auth/auth-cmd/pom.xml
+++ b/auth/auth-cmd/pom.xml
@@ -18,7 +18,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -58,22 +58,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/auth/auth-cmd/src/assemble/auth-cmd.xml b/auth/auth-cmd/src/assemble/auth-cmd.xml
index 013010b..ba31242 100644
--- a/auth/auth-cmd/src/assemble/auth-cmd.xml
+++ b/auth/auth-cmd/src/assemble/auth-cmd.xml
@@ -42,6 +42,10 @@
       	<include>org.onap.aaf.authz:aaf-misc-env</include>
       	<include>org.onap.aaf.authz:aaf-misc-rosetta</include>
       	<include>jline:jline</include>
+      	<include>javax.xml.bind:jaxb-api</include>
+      	<include>org.glassfish.jaxb:jaxb-runtime</include>
+      	<include>com.sun.istack:istack-commons-runtime</include>
+      	<include>javax.activation:javax.activation-api</include>
       </includes>
     </dependencySet>
 
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java
index 6e6b40b..8d4d66a 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Create.java
@@ -61,7 +61,7 @@
         }
         String[] admin;
         if (args.length>idx) {
-            admin = args[idx++].split(COMMA);
+            admin = args[idx].split(COMMA);
         } else {
             admin = responsible;
         }
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java
index fd43e8d..e93ec05 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/ns/Owner.java
@@ -49,7 +49,7 @@
 
         final int option = whichOption(options, args[idx++]);
         final String ns = args[idx++];
-        final String ids[] = args[idx++].split(",");
+        final String ids[] = args[idx].split(",");
 
         return same(new Retryable<Integer>() {
             @Override
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java
index fc1f936..f53ca4c 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Delete.java
@@ -57,7 +57,7 @@
                 PermRequest pk = new PermRequest();
                 pk.setType(args[idx++]);
                 pk.setInstance(args[idx++]);
-                pk.setAction(args[idx++]);
+                pk.setAction(args[idx]);
 
                 if(pk.getType().contains("@")) { // User Perm deletion... Must remove from hidden role
                     client.setQueryParams("force");
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
index eb20697..3770a58 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Grant.java
@@ -74,7 +74,7 @@
 
                 Future<RolePermRequest> frpr = null;
 
-                String[] roles = args[idx++].split(",");
+                String[] roles = args[idx].split(",");
                 String strA;
                 String strB;
                 for (String role : roles) {
@@ -110,7 +110,6 @@
                             pw().println(" Accepted, but requires Approvals before actualizing");
                         } else {
                             error(frpr);
-                            idx=Integer.MAX_VALUE;
                         }
                     }
                 }
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java
index 6400aad..4272522 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/ListActivity.java
@@ -51,8 +51,7 @@
         return same(new Retryable<Integer>() {
             @Override
             public Integer code(Rcli<?> client) throws CadiException, APIException {
-                int idx = index;
-                String type = args[idx++];
+                String type = args[index];
                 Future<History> fp = client.read(
                         "/authz/hist/perm/"+type,
                         getDF(History.class)
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java
index d868a7c..36b5a96 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/perm/Rename.java
@@ -65,7 +65,7 @@
                 PermRequest pr = new PermRequest();
                 pr.setType(args[idx++]);
                 pr.setInstance(args[idx++]);
-                pr.setAction(args[idx++]);
+                pr.setAction(args[idx]);
 
                 // Set Start/End commands
                 setStartEnd(pr);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java
index b6a8a0d..9433807 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/ListActivity.java
@@ -47,9 +47,8 @@
     }
 
     @Override
-    public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
-            int idx = _idx;
-        final String role = args[idx++];
+    public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {
+        final String role = args[idx];
         return same(new Retryable<Integer>() {
             @Override
             public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
index 4641ade..a0a8579 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/role/User.java
@@ -63,7 +63,7 @@
 
                 Future<?> fp = null;
 
-                String[] ids = args[idx++].split(",");
+                String[] ids = args[idx].split(",");
                 String verb=null,participle=null;
                 // You can request to be added or removed from role.
                 setQueryParamsOn(client);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
index 1a41008..9ef4c00 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Cred.java
@@ -132,11 +132,22 @@
 
                     // IMPORTANT! We do this backward, because it is looking for string
                     // %1 or %13.  If we replace %1 first, that messes up %13
+                    String var;
                     for(int i=vars.size()-1;i>0;--i) {
-                        text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + vars.get(i));
+                    	var = vars.get(i);
+                    	if(aafcli.isTest()) {
+                    		int type = var.indexOf("U/P");
+                    		if(type>0) {
+                    			var = var.substring(0,type+4) + "  XXXX/XX/XX XX:XX UTC  XXXXXXXXXXXXXXXXXX";
+                    		}
+                    	}
+                        text = text.replace("%"+(i+1), (i<10?" ":"") + i+") " + var);
                     }
 
                     text = text.replace("%1",vars.get(0));
+                    if(aafcli.isTest()) {
+                    	
+                    }
                     pw().println(text);
                 } else if (fp.code()==406 && option==1) {
                         pw().println("You cannot delete this Credential");
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
index f5cb449..6e96728 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/Delg.java
@@ -72,7 +72,7 @@
                     if (option<2 && args.length>idx) {
                         Date date;
                         try {
-                            date = Chrono.dateOnlyFmt.parse(args[idx++]);
+                            date = Chrono.dateOnlyFmt.parse(args[idx]);
                         } catch (ParseException e) {
                             throw new CadiException(e);
                         }
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
index 30c71e5..485e6d1 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListActivity.java
@@ -47,9 +47,8 @@
     }
 
     @Override
-    public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
-            int idx = _idx;
-        final String user = fullID(args[idx++]);
+    public int _exec(final int idx, final String ... args) throws CadiException, APIException, LocatorException {
+        final String user = fullID(args[idx]);
         return same(new Retryable<Integer>() {
             @Override
             public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
index 765bd0a..17f3002 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListApprovals.java
@@ -50,10 +50,10 @@
 
     @Override
     public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
-            int idx = _idx;
+        int idx = _idx;
         final String type = args[idx++];
         int option = whichOption(options,type);
-        String value = args[idx++];
+        String value = args[idx];
         final String fullValue;
         if (option != 2) {
             fullValue = fullID(value);
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
index 07a19d3..8502f39 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForCreds.java
@@ -60,7 +60,7 @@
             int idx = idxParam;
         final int option = whichOption(options, args[idx++]);
         final String which = options[option];
-        final String value = args[idx++];
+        final String value = args[idx];
         return same(new Retryable<Integer>() {
             @Override
             public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
index 0ab2490..6b9c83f 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForPermission.java
@@ -64,7 +64,7 @@
                 String type = args[idx++];
                 String instance = args[idx++];
                 if ("\\*".equals(instance))instance="*";
-                String action = args[idx++];
+                String action = args[idx];
                 if ("\\*".equals(action))action="*";
                 try {
                     Future<Users> fp = client.read(
diff --git a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
index 6fdf162..13f0a00 100644
--- a/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
+++ b/auth/auth-cmd/src/main/java/org/onap/aaf/auth/cmd/user/ListForRoles.java
@@ -47,8 +47,7 @@
 
     @Override
     public int _exec(int _idx, final String ... args) throws CadiException, APIException, LocatorException {
-            int idx = _idx;
-        final String role = args[idx++];
+        final String role = args[_idx];
         return same(new Retryable<Integer>() {
             @Override
             public Integer code(Rcli<?> client) throws CadiException, APIException {
diff --git a/auth/auth-core/pom.xml b/auth/auth-core/pom.xml
index 9151783..5409a32 100644
--- a/auth/auth-core/pom.xml
+++ b/auth/auth-core/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -45,22 +45,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-             <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
index 288d79d..7309309 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/Organization.java
@@ -95,7 +95,16 @@
 
     public void addSupportedRealm(String r);
 
-    public String getDomain();
+    /**
+     * If Supported, returns Realm, ex: org.onap
+     * ELSE returns null
+     * 
+     * @param user
+     * @return
+     */
+    public String supportedDomain(String user);
+
+	public String getDomain();
 
     /**
      * Get Identity information based on userID
@@ -420,6 +429,11 @@
         @Override
         public void addSupportedRealm(String r) {
         }
+        
+        @Override
+        public String supportedDomain(String r) {
+        	return null;
+        }
 
         @Override
         public String getDomain() {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
index 867d298..6d559de 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/org/OrganizationFactory.java
@@ -131,13 +131,13 @@
                 }
                 env.init().printf("Instantiated %s with %s%s",orgNS,orgClass,(isDefault?" as default":""));
             }
-            if (org==null) {
-                if (defaultOrg!=null) {
+            if ( (org==null) && (defaultOrg!=null)){
+                
                     org=defaultOrg;
                     orgs.put(orgNS, org);
                 }
             }
-        }
+        
 
         return org;
     }
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
index bd718e4..bf9f57e 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Acceptor.java
@@ -45,8 +45,7 @@
     }
 
     private boolean eval(HttpCode<TRANS,?> code, String str, List<String> props) {
-//        int plus = str.indexOf('+');
-//        if (plus<0) {
+
         boolean ok = false;
         boolean any = false;
         for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {
@@ -61,23 +60,7 @@
                 }
             }
         }
-//        } else { // Handle Accepts with "+" as in application/xaml+xml
-//            int prev = str.indexOf('/')+1;
-//            String first = str.substring(0,prev);
-//            String nstr;
-//            while (prev!=0) {
-//                nstr = first + (plus<0?str.substring(prev):str.substring(prev,plus));
-//
-//                for (Pair<String, Pair<HttpCode<TRANS,?>, List<Pair<String, Object>>>> type : types) {
-//                    if (type.x.equals(nstr)) {
-//                        acceptable.add(type);
-//                        return type;
-//                    }
-//                }
-//                prev = plus+1;
-//                plus=str.indexOf('+', prev);
-//            };
-//        }
+
         return any;
     }
 
@@ -93,9 +76,9 @@
         if (type.y!=null) {
             for (Pair<String,Object> prop : type.y.y){
                 if (tag.equals(prop.x)) {
-                    if (tag.equals("charset")) {
+                    if ( "charset".equals(tag)) {
                         return prop.x==null?false:prop.y.equals(value.toLowerCase()); // return True if Matched
-                    } else if (tag.equals("version")) {
+                    } else if ("version".equals(tag)) {
                         return prop.y.equals(new Version(value)); // Note: Version Class knows Minor Version encoding
                     } else if (tag.equals(Content.Q)) { // replace Q value
                         try {
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
index 761fd8c..172f386 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/CodeSetter.java
@@ -41,7 +41,7 @@
         this.resp = resp;
 
     }
-    public boolean matches(Route<TRANS> route) throws IOException, ServletException {
+    public boolean matches(Route<TRANS> route) {
         // Find best Code in Route based on "Accepts (Get) or Content-Type" (if exists)
         return (code = route.getCode(trans, req, resp))!=null;
     }
diff --git a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
index f8c5ae1..03d6dfe 100644
--- a/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
+++ b/auth/auth-core/src/main/java/org/onap/aaf/auth/rserv/Route.java
@@ -21,10 +21,9 @@
 
 package org.onap.aaf.auth.rserv;
 
-import java.io.IOException;
+
 import java.util.List;
 
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
diff --git a/auth/auth-deforg/pom.xml b/auth/auth-deforg/pom.xml
index 353d4b9..e9bee7b 100644
--- a/auth/auth-deforg/pom.xml
+++ b/auth/auth-deforg/pom.xml
@@ -26,7 +26,7 @@
         <artifactId>authparent</artifactId>
         <relativePath>../pom.xml</relativePath>
         <groupId>org.onap.aaf.authz</groupId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
     </parent>
 
     <artifactId>aaf-auth-deforg</artifactId>
@@ -45,22 +45,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
index 46d3db9..70b3324 100644
--- a/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
+++ b/auth/auth-deforg/src/main/java/org/onap/aaf/org/DefaultOrg.java
@@ -637,6 +637,25 @@
         }
         return false;
     }
+    
+	@Override
+	public String supportedDomain(String user) {
+		if(user!=null) {
+			int after_at = user.indexOf('@')+1;
+			if(after_at<user.length()) {
+				String ud = FQI.reverseDomain(user);
+				if(ud.startsWith(getDomain())) {
+					return getDomain();
+				}
+				for(String s : supportedRealms) {
+					if(ud.startsWith(s)) {
+						return FQI.reverseDomain(s);
+					}
+				}
+			}
+		}
+		return null;
+	}
 
     @Override
     public synchronized void addSupportedRealm(final String r) {
diff --git a/auth/auth-fs/pom.xml b/auth/auth-fs/pom.xml
index 7b87126..8776365 100644
--- a/auth/auth-fs/pom.xml
+++ b/auth/auth-fs/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -57,22 +57,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
index 19a150d..64d9353 100644
--- a/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
+++ b/auth/auth-fs/src/main/java/org/onap/aaf/auth/fs/AAF_FS.java
@@ -44,7 +44,7 @@
 import org.onap.aaf.cadi.config.Config;
 import org.onap.aaf.cadi.register.Registrant;
 import org.onap.aaf.cadi.register.RemoteRegistrant;
-import org.onap.aaf.misc.env.APIException;
+
 
 
 public class AAF_FS extends AbsService<AuthzEnv, AuthzTrans>  {
@@ -58,7 +58,7 @@
             // creates StaticSlot, needed for CachingFileAccess, and sets to public Dir
             env.staticSlot(CachingFileAccess.CFA_WEB_PATH,"aaf_public_dir");
 
-            CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<AuthzTrans>(env);
+            CachingFileAccess<AuthzTrans> cfa = new CachingFileAccess<>(env);
             route(env,GET,"/:key*", cfa);
             final String aaf_locate_url = Config.getAAFLocateUrl(access);
             if (aaf_locate_url == null) {
diff --git a/auth/auth-gui/pom.xml b/auth/auth-gui/pom.xml
index 6b00305..f93fb7e 100644
--- a/auth/auth-gui/pom.xml
+++ b/auth/auth-gui/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/auth/auth-hello/pom.xml b/auth/auth-hello/pom.xml
index 2cb8f57..4728576 100644
--- a/auth/auth-hello/pom.xml
+++ b/auth/auth-hello/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/auth/auth-locate/pom.xml b/auth/auth-locate/pom.xml
index 3ea432b..8df2390 100644
--- a/auth/auth-locate/pom.xml
+++ b/auth/auth-locate/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
index 962b985..c77e9a8 100644
--- a/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
+++ b/auth/auth-locate/src/main/java/org/onap/aaf/auth/locate/api/API_Proxy.java
@@ -59,7 +59,7 @@
      * @param facade
      * @throws Exception
      */
-    public static void init(final AAF_Locate gwAPI, LocateFacade facade) throws Exception {
+    public static void init(final AAF_Locate gwAPI, LocateFacade facade) {
 
         String aafurl = gwAPI.access.getProperty(Config.AAF_URL,null);
         if (aafurl!=null) {
diff --git a/auth/auth-oauth/pom.xml b/auth/auth-oauth/pom.xml
index 5e0c56f..cc0ed53 100644
--- a/auth/auth-oauth/pom.xml
+++ b/auth/auth-oauth/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
index 0126c2e..a0644fd 100644
--- a/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
+++ b/auth/auth-oauth/src/main/java/org/onap/aaf/auth/oauth/service/JSONPermLoader.java
@@ -28,6 +28,7 @@
 import org.onap.aaf.cadi.CadiException;
 import org.onap.aaf.misc.env.APIException;
 
+@FunctionalInterface
 public interface JSONPermLoader {
     public Result<String> loadJSONPerms(AuthzTrans trans, String user, Set<String> scopes) throws APIException, CadiException;
 
diff --git a/auth/auth-service/pom.xml b/auth/auth-service/pom.xml
index 63585f9..9f9ca86 100644
--- a/auth/auth-service/pom.xml
+++ b/auth/auth-service/pom.xml
@@ -17,7 +17,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
index 2431e0e..6741030 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/AuthzCassServiceImpl.java
@@ -2346,10 +2346,11 @@
                 }
                 switch(action) {
                     case DELETE:
+                    	String why;
                         if(ques.isOwner(trans, user,ns) ||
-                                ques.isAdmin(trans, user,ns) ||
-                                ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
-                                     return Result.ok();
+                        		ques.isAdmin(trans, user,ns) ||
+                        		ques.isGranted(trans, user, ROOT_NS,"password",company,DELETE)) {
+                        	return Result.ok();
                         }
                         break;
                     case RESET:
@@ -2509,13 +2510,16 @@
                         try {
                             if (firstID) {
                                 // OK, it's a first ID, and not by NS Owner
-                                if(!ques.isOwner(trans,trans.user(),cdd.ns)) {
+                            	String user = trans.user();
+                                if(!ques.isOwner(trans,user,cdd.ns)) {
                                     // Admins are not allowed to set first Cred, but Org has already
                                     // said entity MAY create, typically by Permission
                                     // We can't know which reason they are allowed here, so we
                                     // have to assume that any with Special Permission would not be
                                     // an Admin.
-                                    if(ques.isAdmin(trans, trans.user(), cdd.ns)) {
+                                	String domain = org.supportedDomain(user);
+                                    if((domain!=null && !ques.isGranted(trans, user, ROOT_NS, "mechid", domain, Question.CREATE)) &&
+                                    		ques.isAdmin(trans, user, cdd.ns)) {
                                         return Result.err(Result.ERR_Denied,
                                             "Only Owners may create first passwords in their Namespace. Admins may modify after one exists" );
                                     } else {
@@ -3900,6 +3904,10 @@
         }
 
         final DelegateDAO.Data dd = rd.value;
+        
+        if(dd.user.contentEquals(dd.delegate) && !trans.requested(force)) {
+        	return Result.err(Status.ERR_InvalidDelegate,dd.user + " cannot delegate to self");
+        }
 
         Result<List<DelegateDAO.Data>> ddr = ques.delegateDAO().read(trans, dd);
         if (access==Access.create && ddr.isOKhasData()) {
diff --git a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
index 60b76ea..4a299e7 100644
--- a/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
+++ b/auth/auth-service/src/main/java/org/onap/aaf/auth/service/facade/AuthzFacadeImpl.java
@@ -135,7 +135,7 @@
         (nssDF                 = env.newDataFactory(service.mapper().getClass(API.NSS))).in(dataType).out(dataType);
         (permRequestDF         = env.newDataFactory(service.mapper().getClass(API.PERM_REQ))).in(dataType).out(dataType);
         (permsDF             = env.newDataFactory(service.mapper().getClass(API.PERMS))).in(dataType).out(dataType);
-//        (permKeyDF            = env.newDataFactory(service.mapper().getClass(API.PERM_KEY))).in(dataType).out(dataType);
+
         (roleDF             = env.newDataFactory(service.mapper().getClass(API.ROLES))).in(dataType).out(dataType);
         (roleRequestDF         = env.newDataFactory(service.mapper().getClass(API.ROLE_REQ))).in(dataType).out(dataType);
         (usersDF             = env.newDataFactory(service.mapper().getClass(API.USERS))).in(dataType).out(dataType);
@@ -174,7 +174,7 @@
         if (result.variables==null || result.variables.length<1) {
             detail = new String[1];
         } else {
-            List<String> dlist = new ArrayList<String>();
+            List<String> dlist = new ArrayList<>();
             dlist.add(null);
             String os;
             for(Object s : result.variables) {
@@ -185,8 +185,6 @@
             detail = new String[dlist.size()];
             dlist.toArray(detail);
         }
-        //int httpstatus;
-
         switch(result.status) {
             case ERR_ActionNotCompleted:
                 msgId = "SVC1202";
diff --git a/auth/docker/Dockerfile.base b/auth/docker/Dockerfile.base
index e7ae643..4874f1a 100644
--- a/auth/docker/Dockerfile.base
+++ b/auth/docker/Dockerfile.base
@@ -19,6 +19,9 @@
 #
 # Use dbuild.sh input parameter to set registry
 FROM ${REGISTRY}/openjdk:8-jre-alpine
+#FROM openjdk:12-jdk-alpine
+#FROM openjdk:13-jdk-alpine
+
 MAINTAINER AAF Team, AT&T 2018
 
 LABEL description="aaf_base"
diff --git a/auth/docker/agent.sh b/auth/docker/agent.sh
index 575e21f..f59bd22 100644
--- a/auth/docker/agent.sh
+++ b/auth/docker/agent.sh
@@ -28,7 +28,8 @@
 . ./aaf.props
 
 DOCKER=${DOCKER:=docker}
-CADI_VERSION=${CADI_VERSION:=2.1.16}
+VERSION=${VERSION}
+CADI_VERSION=${CADI_VERSION:=${VERSION}}
 
 for V in VERSION DOCKER_REPOSITORY HOSTNAME CONTAINER_NS AAF_FQDN AAF_FQDN_IP DEPLOY_FQI APP_FQDN APP_FQI VOLUME DRIVER LATITUDE LONGITUDE; do
    if [ "$(grep $V ./aaf.props)" = "" ]; then
diff --git a/auth/docker/d.props.csit b/auth/docker/d.props.csit
index cdb6b5a..0bd992e 100644
--- a/auth/docker/d.props.csit
+++ b/auth/docker/d.props.csit
@@ -28,7 +28,7 @@
 PROJECT=aaf
 DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
 DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.16-SNAPSHOT
+VERSION=latest
 CONF_ROOT_DIR=/opt/app/osaaf
 # For local builds, set PREFIX=   
 PREFIX="$DOCKER_REPOSITORY/"
diff --git a/auth/docker/d.props.init b/auth/docker/d.props.init
index 41a3024..8ef2e31 100644
--- a/auth/docker/d.props.init
+++ b/auth/docker/d.props.init
@@ -23,7 +23,7 @@
 # Note: Override can happen on dbuild.sh Commandline, -r <registry>
 DOCKER_PULL_REGISTRY=nexus3.onap.org:10001
 DOCKER_REPOSITORY=nexus3.onap.org:10003
-VERSION=2.1.16-SNAPSHOT
+VERSION=2.1.17-SNAPSHOT
 CONF_ROOT_DIR=/opt/app/osaaf
 # For local builds, set PREFIX=   
 PREFIX="$DOCKER_REPOSITORY/"
diff --git a/auth/docker/dclean.sh b/auth/docker/dclean.sh
index 4fb4e07..0e974aa 100644
--- a/auth/docker/dclean.sh
+++ b/auth/docker/dclean.sh
@@ -23,7 +23,7 @@
 DOCKER=${DOCKER:=docker}
 
 if [ "$1" == "" ]; then
-    AAF_COMPONENTS="$(cat components) config core agent "
+    AAF_COMPONENTS="$(cat components) config core agent base "
 else
     AAF_COMPONENTS="$@"
 fi
diff --git a/auth/docker/pom.xml b/auth/docker/pom.xml
index b4d3545..9bfb80c 100644
--- a/auth/docker/pom.xml
+++ b/auth/docker/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>authparent</artifactId>
-        <version>2.1.16</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
diff --git a/auth/helm/.gitignore b/auth/helm/.gitignore
index 44cae66..e106bce 100644
--- a/auth/helm/.gitignore
+++ b/auth/helm/.gitignore
@@ -2,3 +2,6 @@
 pause/
 aaf.new/
 aaf.props
+.DS_Store
+current
+*.tgz
diff --git a/auth/helm/aaf-hello/values.yaml b/auth/helm/aaf-hello/values.yaml
index 5a3931c..130fa74 100644
--- a/auth/helm/aaf-hello/values.yaml
+++ b/auth/helm/aaf-hello/values.yaml
@@ -37,8 +37,8 @@
   # repository: localhost:5000/
 
 service:
-  agentImage: onap/aaf/aaf_agent:2.1.16-SNAPSHOT
-  image: onap/aaf/aaf_hello:2.1.16-SNAPSHOT
+  agentImage: onap/aaf/aaf_agent:2.1.17-SNAPSHOT
+  image: onap/aaf/aaf_hello:2.1.17-SNAPSHOT
   app_ns: "org.osaaf.aaf"
   fqi: "aaf@aaf.osaaf.org"
   fqdn: "aaf-hello"
diff --git a/auth/helm/aaf/Chart.yaml b/auth/helm/aaf/Chart.yaml
index f83041e..976e2ef 100644
--- a/auth/helm/aaf/Chart.yaml
+++ b/auth/helm/aaf/Chart.yaml
@@ -22,4 +22,4 @@
 appVersion: "1.0"
 description: AAF Helm Chart
 name: aaf
-version: 2.1.16-SNAPSHOT
+version: 2.1.17-SNAPSHOT
diff --git a/auth/helm/aaf/values.yaml b/auth/helm/aaf/values.yaml
index b320d9c..9cfee33 100644
--- a/auth/helm/aaf/values.yaml
+++ b/auth/helm/aaf/values.yaml
@@ -104,7 +104,7 @@
   # When using Docker Repo, add, and include trailing "/"
   # repository: nexus3.onap.org:10003/
   # repository: localhost:5000/
-  version: 2.1.16-SNAPSHOT
+  version: 2.1.17-SNAPSHOT
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/auth/pom.xml b/auth/pom.xml
index 27abccd..eb65a5d 100644
--- a/auth/pom.xml
+++ b/auth/pom.xml
@@ -26,7 +26,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>parent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
     </parent>
     <artifactId>authparent</artifactId>
     <name>AAF Auth Parent</name>
@@ -66,22 +66,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/auth/sample/bin/client.sh b/auth/sample/bin/client.sh
index 4768d81..4132e6c 100755
--- a/auth/sample/bin/client.sh
+++ b/auth/sample/bin/client.sh
@@ -21,7 +21,7 @@
 # This script is run when starting client Container.
 #  It needs to cover the cases where the initial data doesn't exist, and when it has already been configured (don't overwrite)
 #
-JAVA=/usr/bin/java
+JAVA=${JAVA_HOME}/bin/java
 AAF_INTERFACE_VERSION=2.1
 
 # Extract Name, Domain and NS from FQI
diff --git a/auth/sample/bin/service.sh b/auth/sample/bin/service.sh
index bddd42c..10a3e15 100644
--- a/auth/sample/bin/service.sh
+++ b/auth/sample/bin/service.sh
@@ -39,7 +39,7 @@
 cadi_x509_issuers=${cadi_x509_issuers:-"${CADI_X509_ISSUERS}"}
 aaf_locate_url=${aaf_locate_url:-"https://${HOSTNAME}:8095"}
 
-JAVA=/usr/bin/java
+JAVA=${JAVA_HOME}/bin/java
 
 OSAAF=/opt/app/osaaf
 LOCAL=$OSAAF/local
diff --git a/cadi/aaf/pom.xml b/cadi/aaf/pom.xml
index 1fa4ab5..5d277be 100644
--- a/cadi/aaf/pom.xml
+++ b/cadi/aaf/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>cadiparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 
@@ -61,22 +61,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java
index f3a45e5..943e43e 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/cert/AAFListedCertIdentity.java
@@ -67,7 +67,7 @@
 
     private static Map<String,Set<String>> trusted =null;
 
-    public AAFListedCertIdentity(Access access, AAFCon<?> aafcon) throws APIException {
+    public AAFListedCertIdentity(Access access, AAFCon<?> aafcon) {
         synchronized(AAFListedCertIdentity.class) {
             if (certIDs==null) {
                 String cip = access.getProperty(Config.AAF_CERT_IDS, null);
diff --git a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
index b62bc40..7ccf3e6 100644
--- a/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
+++ b/cadi/aaf/src/main/java/org/onap/aaf/cadi/aaf/v2_0/AAFConHttp.java
@@ -54,7 +54,7 @@
         hman = new HMangr(access,Config.loadLocator(si, access.getProperty(Config.AAF_URL,null)));
     }
 
-    protected SecuritySetter<HttpURLConnection> bestSS(SecurityInfoC<HttpURLConnection> si) throws CadiException {
+    protected SecuritySetter<HttpURLConnection> bestSS(SecurityInfoC<HttpURLConnection> si) {
         return si.defSS;
     }
 
diff --git a/cadi/client/pom.xml b/cadi/client/pom.xml
index 38d5082..8217f64 100644
--- a/cadi/client/pom.xml
+++ b/cadi/client/pom.xml
@@ -22,7 +22,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>cadiparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 
@@ -61,22 +61,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
index cef4ae4..c7b2605 100644
--- a/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
+++ b/cadi/client/src/main/java/org/onap/aaf/cadi/http/HClient.java
@@ -32,6 +32,8 @@
 import java.net.URL;
 import java.util.ArrayList;
 
+import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLHandshakeException;
 import javax.servlet.http.HttpServletResponse;
 
 import org.onap.aaf.cadi.CadiException;
diff --git a/cadi/core/pom.xml b/cadi/core/pom.xml
index aa50090..36e5409 100644
--- a/cadi/core/pom.xml
+++ b/cadi/core/pom.xml
@@ -16,7 +16,7 @@
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>cadiparent</artifactId>
         <relativePath>..</relativePath>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>
@@ -52,22 +52,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java b/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java
index b6aabf3..e3a65ce 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/BufferedServletInputStream.java
@@ -84,12 +84,12 @@
         }
         return value;
     }
-
+    @Override
     public int read(byte[] b) throws IOException {
         return read(b,0,b.length);
     }
-
-
+    
+  @Override
     public int read(byte[] b, int off, int len) throws IOException {
         int count = -1;
         if (capacitor==null) {
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java
index 88ac57e..c5f60d2 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Connector.java
@@ -21,6 +21,7 @@
 
 package org.onap.aaf.cadi;
 
+@FunctionalInterface
 public interface Connector {
     public Lur newLur() throws CadiException;
 }
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java b/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java
index 4c5ca54..c813754 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/GetCred.java
@@ -21,6 +21,8 @@
 
 package org.onap.aaf.cadi;
 
+
+@FunctionalInterface
 public interface GetCred {
     byte[] getCred();
 }
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
index c4719f8..0cebaa7 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/PropAccess.java
@@ -181,7 +181,7 @@
                                 String value = es.getValue().toString();
                                 props.put(key, value);
                                 if(key.contains("pass")) {
-                                    value = "XXXXXXX";
+                                    value = "vi XX";
                                 }
                                 printf(Level.DEBUG,"  %s=%s",key,value);
                             }
diff --git a/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java b/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java
index 33a5bc9..6853341 100644
--- a/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java
+++ b/cadi/core/src/main/java/org/onap/aaf/cadi/Revalidator.java
@@ -21,7 +21,7 @@
 
 package org.onap.aaf.cadi;
 
-
+@FunctionalInterface
 public interface Revalidator<TRANS> {
     /**
      * Re-Validate Credential
diff --git a/cadi/core/src/test/resources/cadi.properties b/cadi/core/src/test/resources/cadi.properties
deleted file mode 100644
index a6e256e..0000000
--- a/cadi/core/src/test/resources/cadi.properties
+++ /dev/null
@@ -1,49 +0,0 @@
-#########
-#  ============LICENSE_START====================================================
-#  org.onap.aaf
-#  ===========================================================================
-#  Copyright (c) 2017 AT&T Intellectual Property. All rights reserved.
-#  ===========================================================================
-#  Licensed under the Apache License, Version 2.0 (the "License");
-#  you may not use this file except in compliance with the License.
-#  You may obtain a copy of the License at
-#
-#       http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#  ============LICENSE_END====================================================
-#
-
-hostname=veeger.mo.sbc.com 
-
-port=2533
-
-# CSP has Production mode (active users) or DEVL mode (for 
-# Testing purposes... Bogus users)
-#csp_domain=DEVL
-csp_domain=PROD
-
-# Report all AUTHN and AUTHZ activity
-loglevel=AUDIT
-
-#
-# BasicAuth and other User/Password support
-#
-# The realm reported on BasicAuth callbacks
-basic_realm=spiderman.agile.att.com
-users=ks%xiVUs_25_1jqGdJ24hqy43Gi;
-groups=aaf:Jd8bb3jslg88b@spiderman.agile.att.com%7sZCPBZ_8iWbslqdjWFIDLgTZlm9ung0ym-G,\
-		jg1555,lg2384,rd8227,tp007s,pe3617;
-	
-
-# Keyfile (with relative path) for encryption.  This file
-# should be marked as ReadOnly by Only the running process
-# for security's sake
-keyfile=conf/keyfile
-
-# This is here to force property chaining in tests
-cadi_prop_files=test/cadi.properties.duplicate
diff --git a/cadi/oauth-enduser/pom.xml b/cadi/oauth-enduser/pom.xml
index efc32dd..be68eb9 100644
--- a/cadi/oauth-enduser/pom.xml
+++ b/cadi/oauth-enduser/pom.xml
@@ -25,7 +25,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>cadiparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
     
@@ -61,22 +61,6 @@
                 <role>Lead Developer</role>
             </roles>
         </developer>
-        <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
     </developers>
     
     <dependencies>
diff --git a/cadi/pom.xml b/cadi/pom.xml
index 9075385..d023218 100644
--- a/cadi/pom.xml
+++ b/cadi/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>parent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
     </parent>
     <artifactId>cadiparent</artifactId>
     <name>AAF CADI Parent (Code, Access, Data, Identity)</name>
@@ -68,22 +68,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/cadi/servlet-sample/pom.xml b/cadi/servlet-sample/pom.xml
index 7ca8aa4..2b41d92 100644
--- a/cadi/servlet-sample/pom.xml
+++ b/cadi/servlet-sample/pom.xml
@@ -4,7 +4,7 @@
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>cadiparent</artifactId>
         <relativePath>..</relativePath>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
     </parent>
     <modelVersion>4.0.0</modelVersion>
     <name>CADI Servlet Sample (Test Only)</name>
diff --git a/misc/env/pom.xml b/misc/env/pom.xml
index 360b920..f432fce 100644
--- a/misc/env/pom.xml
+++ b/misc/env/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>miscparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 
@@ -63,22 +63,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/Data.java b/misc/env/src/main/java/org/onap/aaf/misc/env/Data.java
index 4c64e5d..caa8ff1 100644
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/Data.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/Data.java
@@ -50,7 +50,7 @@
  * @param <T>

  */

 public interface Data<T> {

-    static enum TYPE {XML,JSON,JAXB,RAW,DEFAULT};

+     enum TYPE {XML,JSON,JAXB,RAW,DEFAULT};

     // can & with 0xFFFF;

 //    public static final int XML = 0x1;

 //    public static final int JSON = 0x2;

diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java b/misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java
index 9edd3bf..c785f2c 100644
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/impl/AbsTrans.java
@@ -122,7 +122,8 @@
     @Override

     public Metric auditTrail(LogTarget lt, int indent, StringBuilder sb, int ... flags) {

         Metric metric = new Metric();

-        int last = (metric.entries = trail.size()) -1;

+        metric.entries = trail.size();

+        int last = (metric.entries) -1;

         metric.buckets = flags.length==0?EMPTYF:new float[flags.length];

         if (last>=0) {

             TimeTaken first = trail.get(0);

@@ -159,7 +160,7 @@
                 }

             }            

         } else {

-            Stack<Long> stack = new Stack<Long>();

+            Stack<Long> stack = new Stack<>();

             for (TimeTaken tt : trail) {

                 // Create Indentation based on SUB

                 while (!stack.isEmpty() && tt.end()>stack.peek()) {

diff --git a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java
index 6d83aca..a5f10e0 100644
--- a/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java
+++ b/misc/env/src/main/java/org/onap/aaf/misc/env/jaxb/JAXBData.java
@@ -117,7 +117,8 @@
         if (dataAsString!=null) {

             return dataAsString;

         } else {

-            return dataAsString = stringifier.stringify(env, dataAsObject);

+        	dataAsString = stringifier.stringify(env, dataAsObject);

+            return dataAsString;

         }

     }

 

@@ -134,7 +135,8 @@
         if (dataAsString!=null) {

             return dataAsString;

         } else {

-            return dataAsString = stringifier.stringify(creatingEnv, dataAsObject,options);

+            dataAsString = stringifier.stringify(creatingEnv, dataAsObject,options);

+            return dataAsString;

         }

     }

     

@@ -243,7 +245,8 @@
             return dataAsString;

         } else {

             try {

-                return dataAsString = stringifier.stringify(creatingEnv, dataAsObject);

+                dataAsString = stringifier.stringify(creatingEnv, dataAsObject);

+                return dataAsString;

             } catch (APIException e) {

                 return "ERROR - Can't Stringify from Object " + e.getLocalizedMessage();

             }

diff --git a/misc/log4j/pom.xml b/misc/log4j/pom.xml
index 7bfc1bc..65929e6 100644
--- a/misc/log4j/pom.xml
+++ b/misc/log4j/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>miscparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 
@@ -44,22 +44,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/misc/pom.xml b/misc/pom.xml
index 68e3c4b..3d182c4 100644
--- a/misc/pom.xml
+++ b/misc/pom.xml
@@ -25,7 +25,7 @@
     <parent>
        <groupId>org.onap.aaf.authz</groupId>
        <artifactId>parent</artifactId>
-       <version>2.1.16-SNAPSHOT</version>
+       <version>2.1.17-SNAPSHOT</version>
     </parent>
     <artifactId>miscparent</artifactId>
     <name>AAF Misc Parent</name>
@@ -42,22 +42,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/misc/rosetta/pom.xml b/misc/rosetta/pom.xml
index 9c6d003..73d388d 100644
--- a/misc/rosetta/pom.xml
+++ b/misc/rosetta/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>miscparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 
@@ -44,22 +44,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
@@ -93,8 +77,23 @@
         <dependency>
             <groupId>org.onap.aaf.authz</groupId>
             <artifactId>aaf-misc-env</artifactId>
-            <version>${project.version}</version>
         </dependency>
+        <dependency>
+          <groupId>javax.xml.bind</groupId>
+          <artifactId>jaxb-api</artifactId>
+        </dependency>
+        <dependency>
+          <groupId>org.glassfish.jaxb</groupId>
+          <artifactId>jaxb-runtime</artifactId>
+          <scope>runtime</scope>
+        </dependency>
+        <dependency>
+          <groupId>com.sun.istack</groupId>
+          <artifactId>istack-commons-runtime</artifactId>
+          <version>2.2</version>
+          <scope>runtime</scope>
+        </dependency>
+        
     </dependencies>
 
             
diff --git a/misc/rosetta/src/main/java/org/onap/aaf/misc/rosetta/marshal/ListIterator.java b/misc/rosetta/src/main/java/org/onap/aaf/misc/rosetta/marshal/ListIterator.java
index 4bc2344..d26544c 100644
--- a/misc/rosetta/src/main/java/org/onap/aaf/misc/rosetta/marshal/ListIterator.java
+++ b/misc/rosetta/src/main/java/org/onap/aaf/misc/rosetta/marshal/ListIterator.java
@@ -44,7 +44,8 @@
 
     @Override
     public T next() {
-        return curr = delg.hasNext()?delg.next():null;
+        curr = delg.hasNext()?delg.next():null;
+        return curr;
     }
 
     public T peek() {
diff --git a/misc/xgen/pom.xml b/misc/xgen/pom.xml
index 8315389..83a4ad3 100644
--- a/misc/xgen/pom.xml
+++ b/misc/xgen/pom.xml
@@ -24,7 +24,7 @@
     <parent>
         <groupId>org.onap.aaf.authz</groupId>
         <artifactId>miscparent</artifactId>
-        <version>2.1.16-SNAPSHOT</version>
+        <version>2.1.17-SNAPSHOT</version>
         <relativePath>..</relativePath>
     </parent>
 
@@ -44,22 +44,6 @@
             </roles>
         </developer>
         <developer>
-            <name>Gabe Maurer</name>
-            <email>gabe.maurer@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
-            <name>Ian Howell</name>
-            <email>ian.howell@att.com</email>
-            <organization>ATT</organization>
-            <roles>
-                <role>Developer</role>
-            </roles>
-        </developer>
-        <developer>
             <name>Sai Gandham</name>
             <email>sai.gandham@att.com</email>
             <organization>ATT</organization>
diff --git a/pom.xml b/pom.xml
index 55c36e0..a753070 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,14 +22,19 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.onap.aaf.authz</groupId>
     <artifactId>parent</artifactId>
-    <version>2.1.16-SNAPSHOT</version>
+    <version>2.1.17-SNAPSHOT</version>
     <name>aaf-authz</name>
     <packaging>pom</packaging>
 
     <parent>
         <groupId>org.onap.oparent</groupId>
         <artifactId>oparent</artifactId>
+        <!-- Official Released Version
         <version>2.1.0</version>
+
+        Frankfurt working Version
+    -->
+        <version>3.0.0-SNAPSHOT</version>
     </parent>
 
     <properties>
@@ -51,7 +56,8 @@
         <project.interfaceVersion>${project.version}</project.interfaceVersion>
         <project.jettyVersion>9.4.12.v20180830</project.jettyVersion>
         <project.cassVersion>3.6.0</project.cassVersion>
-
+        <project.jaxbVersion>2.3.1</project.jaxbVersion>
+        <project.glassfishJaxbVersion>3.0-b71</project.glassfishJaxbVersion>
     </properties>
     <build>
         <plugins>
@@ -342,6 +348,23 @@
                 <scope>test</scope>
             </dependency>
 
+          <!-- Javax removed as of JDK 9 -->
+          <dependency>
+            <groupId>javax.xml.bind</groupId>
+            <artifactId>jaxb-api</artifactId>
+            <version>${project.jaxbVersion}</version>
+          </dependency>
+          <dependency>
+            <groupId>org.glassfish.jaxb</groupId>
+            <artifactId>jaxb-xjc</artifactId>
+            <version>${project.jaxbVersion}</version>
+          </dependency>
+          <dependency>
+            <groupId>org.glassfish.jaxb</groupId>
+            <artifactId>jaxb-runtime</artifactId>
+            <version>${project.jaxbVersion}</version>
+          </dependency>
+          
         </dependencies>
     </dependencyManagement>
 
diff --git a/version.properties b/version.properties
index 564f55f..de52dc0 100644
--- a/version.properties
+++ b/version.properties
@@ -24,10 +24,10 @@
 # Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
 # because they are used in Jenkins, whose plug-in doesn't support
 
-# This TAG <version>2.1.16-SNAPSHOT</version> is here to help remember to change this file.  Keep it up to date with the following "real" entries:
+# This TAG <version>2.1.17-SNAPSHOT</version> is here to help remember to change this file.  Keep it up to date with the following "real" entries:
 major=2
 minor=1
-patch=16
+patch=17
 
 base_version=${major}.${minor}.${patch}