Add forward proxy code

Add a maven module called sidecar to cadi.
Add forward proxy as a maven module to sidecar.
Note that though sidecar is a module of cadi it does not inherit from cadi's pom.

Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6
Issue-ID: AAI-1603
Signed-off-by: Ravi Geda <gravik@amdocs.com>
diff --git a/pom.xml b/pom.xml
index 78d6633..a4ffa90 100644
--- a/pom.xml
+++ b/pom.xml
@@ -131,6 +131,7 @@
 	<modules>
 		<module>shiro</module>
 		<module>shiro-osgi-bundle</module>
+		<module>sidecar</module>
 	</modules>
 
 	<!-- ============================================================== -->
diff --git a/sidecar/fproxy/License.txt b/sidecar/fproxy/License.txt
new file mode 100644
index 0000000..05117f8
--- /dev/null
+++ b/sidecar/fproxy/License.txt
@@ -0,0 +1,17 @@
+============LICENSE_START=======================================================
+org.onap.aaf
+================================================================================
+Copyright © 2018 European Software Marketing Ltd.
+================================================================================
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+      http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+============LICENSE_END=========================================================
\ No newline at end of file
diff --git a/sidecar/fproxy/README.md b/sidecar/fproxy/README.md
new file mode 100644
index 0000000..e1d3667
--- /dev/null
+++ b/sidecar/fproxy/README.md
@@ -0,0 +1,41 @@
+# Introduction
+
+The AAF Forward Proxy is a forward proxy service with credential caching capabilities for incoming REST requests. It is one of two applications (along with Reverse proxy) deployed as a
+Kubernetes sidecar to the main Primary service
+
+## Features
+
+Forward Proxy:
+
+* The service will forward all incoming REST requests on to their original endpoints.
+* Add any cached security credentials to the forwarding request
+
+### Credential Cache:
+The credential cache is a short-lived in-memory cache, keyed on a transaction ID. The following data is cached:
+
+* Transaction ID - this is the key for retrieving cached values
+* CredentialName - this is the name of the credential to be cached.
+          This should correspond to the header name for a header credential, or the cookie name for a cookie credential.
+* CredentialValue - this is the value associated with the credential.
+          This should correspond to the header value of a header credential, or the cookie contents for a cookie credential.
+* CredentialType - this is the type of the credential to be cached. Currently supported values are: HEADER, COOKIE.
+          The cache has a configurable cache expiry period, so that any cache entries older than the expiry period will be automatically removed from the cache.
+		  
+### Credential Cache REST API:
+Credentials can be added to the credential cache by performing a REST POST using the following URL:
+
+(Note that the transaction ID is provided as a URL parameter)
+
+https://<host>:<port>/credential-cache/<transactionid>
+The body of the request should contain the cached data (described above) in JSON format as follows:
+
+{ "credentialName":"foo", "credentialValue":"bar", "credentialType":"<HEADER/COOKIE>" }
+
+
+## Configuring the fProxy service
+The fProxy service is configured through the fproxy.properties file that resides under the ${CONFIG_HOME} environment variable.
+
+The file has the following configurable properties:
+
+credential.cache.timeout.ms	This is the time in milliseconds that a cache entry will expire after it is added.	        180000
+transactionid.header.name	This is the name of the header in incoming requests that will contain the transaction ID.	X-TransactionId
\ No newline at end of file
diff --git a/sidecar/fproxy/config/auth/client-cert.p12 b/sidecar/fproxy/config/auth/client-cert.p12
new file mode 100644
index 0000000..dbf4fca
--- /dev/null
+++ b/sidecar/fproxy/config/auth/client-cert.p12
Binary files differ
diff --git a/sidecar/fproxy/config/auth/tomcat_keystore b/sidecar/fproxy/config/auth/tomcat_keystore
new file mode 100644
index 0000000..9eec841
--- /dev/null
+++ b/sidecar/fproxy/config/auth/tomcat_keystore
Binary files differ
diff --git a/sidecar/fproxy/config/fproxy.properties b/sidecar/fproxy/config/fproxy.properties
new file mode 100644
index 0000000..f512fb7
--- /dev/null
+++ b/sidecar/fproxy/config/fproxy.properties
@@ -0,0 +1,2 @@
+credential.cache.timeout.ms=180000
+transactionid.header.name=X-TransactionId
\ No newline at end of file
diff --git a/sidecar/fproxy/config/logback-spring.xml b/sidecar/fproxy/config/logback-spring.xml
new file mode 100644
index 0000000..75ec26d
--- /dev/null
+++ b/sidecar/fproxy/config/logback-spring.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+ 
+    <property name="LOGS" value="./logs/AAF-FPS" />
+    <property name="FILEPREFIX" value="application" />
+ 
+    <appender name="Console"
+        class="ch.qos.logback.core.ConsoleAppender">
+        <layout class="ch.qos.logback.classic.PatternLayout">
+            <Pattern>
+                %d{ISO8601} %-5level [%t] %C{1.}: %msg%n%throwable
+            </Pattern>
+        </layout>
+    </appender>
+ 
+    <appender name="RollingFile"
+        class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>${LOGS}/${FILEPREFIX}.log</file>
+        <encoder
+            class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+            <Pattern>%d %p %C{1.} [%t] %m%n</Pattern>
+        </encoder>
+ 
+        <rollingPolicy
+            class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <!-- rollover daily and when the file reaches 10 MegaBytes -->
+            <fileNamePattern>${LOGS}/archived/${FILEPREFIX}-%d{yyyy-MM-dd}.%i.log
+            </fileNamePattern>
+            <timeBasedFileNamingAndTriggeringPolicy
+                class="ch.qos.logback.core.rolling.SizeAndTimeBasedFNATP">
+                <maxFileSize>10MB</maxFileSize>
+            </timeBasedFileNamingAndTriggeringPolicy>
+        </rollingPolicy>
+    </appender>
+     
+    <!-- LOG everything at INFO level -->
+    <root level="info">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </root>
+ 
+    <!-- LOG "org.onap.aaf.fproxy" at DEBUG level -->
+    <logger name="org.onap.aaf.fproxy" level="debug" additivity="false">
+        <appender-ref ref="RollingFile" />
+        <appender-ref ref="Console" />
+    </logger>
+ 
+</configuration>
\ No newline at end of file
diff --git a/sidecar/fproxy/config/readme.txt b/sidecar/fproxy/config/readme.txt
new file mode 100644
index 0000000..79cf29e
--- /dev/null
+++ b/sidecar/fproxy/config/readme.txt
@@ -0,0 +1 @@
+Relevant configuration files need to be copied here to successfully run this service locally.
\ No newline at end of file
diff --git a/sidecar/fproxy/pom.xml b/sidecar/fproxy/pom.xml
new file mode 100644
index 0000000..8035e84
--- /dev/null
+++ b/sidecar/fproxy/pom.xml
@@ -0,0 +1,190 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    ============LICENSE_START=======================================================
+    org.onap.aaf
+    ================================================================================
+    Copyright © 2018 European Software Marketing Ltd.
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+
+	<artifactId>fproxy</artifactId>
+	<version>1.0.0-SNAPSHOT</version>
+	<packaging>jar</packaging>
+
+	<parent>
+		<groupId>org.onap.aaf.cadi</groupId>
+		<artifactId>sidecar</artifactId>
+		<version>1.0.0-SNAPSHOT</version>
+	</parent>
+
+	<name>aaf-fproxy</name>
+	<description>ONAP AAF Forward Proxy Microservice For Pluggable Security</description>
+
+	<properties>
+		<!-- Spring boot version -->
+		<spring.boot.version>2.0.3.RELEASE</spring.boot.version>
+		<docker.location>${basedir}/target</docker.location>
+		<skipNexusStagingDeployMojo>true</skipNexusStagingDeployMojo>
+	</properties>
+
+	<dependencyManagement>
+		<dependencies>
+			<dependency>
+				<!-- Import dependency management from Spring Boot -->
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-dependencies</artifactId>
+				<version>${spring.boot.version}</version>
+				<type>pom</type>
+				<scope>import</scope>
+			</dependency>
+		</dependencies>
+	</dependencyManagement>
+
+	<dependencies>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-jetty</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-web</artifactId>
+			<exclusions>
+				<exclusion>
+					<artifactId>spring-boot-starter-tomcat</artifactId>
+					<groupId>org.springframework.boot</groupId>
+				</exclusion>
+			</exclusions>
+		</dependency>
+
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-actuator</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.apache.commons</groupId>
+			<artifactId>commons-lang3</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>org.apache.httpcomponents</groupId>
+			<artifactId>httpclient</artifactId>
+		</dependency>
+
+		<!-- Testing -->
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+
+	</dependencies>
+
+	<build>
+		<finalName>fproxy</finalName>
+		<plugins>
+			<plugin>
+				<groupId>org.springframework.boot</groupId>
+				<artifactId>spring-boot-maven-plugin</artifactId>
+				<version>${spring.boot.version}</version>
+				<executions>
+					<execution>
+						<goals>
+							<goal>repackage</goal>
+						</goals>
+						<configuration>
+							<classifier>exec</classifier>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>com.mycila</groupId>
+				<artifactId>license-maven-plugin</artifactId>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<reuseForks>false</reuseForks>
+					<forkCount>1</forkCount>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-resources-plugin</artifactId>
+				<version>3.0.2</version>
+				<executions>
+					<execution>
+						<id>copy-docker-file</id>
+						<phase>package</phase>
+						<goals>
+							<goal>copy-resources</goal>
+						</goals>
+						<configuration>
+							<outputDirectory>target</outputDirectory>
+							<overwrite>true</overwrite>
+							<resources>
+								<resource>
+									<directory>${basedir}/src/main/docker</directory>
+									<filtering>true</filtering>
+								</resource>
+								<resource>
+									<directory>${basedir}/src/main/bin/</directory>
+									<filtering>true</filtering>
+								</resource>
+							</resources>
+						</configuration>
+					</execution>
+				</executions>
+			</plugin>
+			<plugin>
+				<groupId>com.spotify</groupId>
+				<artifactId>docker-maven-plugin</artifactId>
+				<version>0.4.11</version>
+				<dependencies>
+					<dependency>
+						<groupId>com.github.jnr</groupId>
+						<artifactId>jnr-unixsocket</artifactId>
+						<version>0.13</version>
+					</dependency>
+				</dependencies>
+				<configuration>
+					<verbose>true</verbose>
+					<serverId>docker-hub</serverId>
+					<imageName>${docker.push.registry}/onap/${project.artifactId}</imageName>
+					<dockerDirectory>${docker.location}</dockerDirectory>
+					<imageTags>
+						<imageTag>latest</imageTag>
+					</imageTags>
+					<forceTags>true</forceTags>
+				</configuration>
+			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-deploy-plugin</artifactId>
+				<configuration>
+					<skip>true</skip>
+				</configuration>
+			</plugin>
+		</plugins>
+	</build>
+</project>
diff --git a/sidecar/fproxy/src/main/bin/start.sh b/sidecar/fproxy/src/main/bin/start.sh
new file mode 100644
index 0000000..53662b6
--- /dev/null
+++ b/sidecar/fproxy/src/main/bin/start.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+# ============LICENSE_START=======================================================
+# org.onap.aaf
+# ================================================================================
+# Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
+# Copyright © 2017-2018 European Software Marketing Ltd.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# ============LICENSE_END=========================================================
+
+BASEDIR="/opt/app/fproxy"
+
+if [ -z "${KEY_STORE_PASSWORD}" ]; then
+	echo "KEY_STORE_PASSWORD must be set in order to start up process"
+	exit 1
+fi
+
+PROPS="-DKEY_STORE_PASSWORD=${KEY_STORE_PASSWORD}"
+JVM_MAX_HEAP=${MAX_HEAP:-1024}
+
+exec java -Xmx${JVM_MAX_HEAP}m ${PROPS} -jar ${BASEDIR}/fproxy-exec.jar
diff --git a/sidecar/fproxy/src/main/docker/Dockerfile b/sidecar/fproxy/src/main/docker/Dockerfile
new file mode 100644
index 0000000..d91f0e3
--- /dev/null
+++ b/sidecar/fproxy/src/main/docker/Dockerfile
@@ -0,0 +1,35 @@
+FROM ubuntu:14.04
+
+ARG MICRO_HOME=/opt/app/fproxy
+ARG BIN_HOME=$MICRO_HOME/bin
+ARG JAR_FILE=fproxy-exec.jar
+
+RUN apt-get update
+
+# Install and setup java8
+RUN apt-get update && apt-get install -y software-properties-common
+## sudo -E is required to preserve the environment. If you remove that line, it will most like freeze at this step
+RUN sudo -E add-apt-repository ppa:openjdk-r/ppa && apt-get update && apt-get install -y openjdk-8-jdk
+
+RUN sudo dpkg --purge --force-depends ca-certificates-java
+RUN sudo apt-get install ca-certificates-java
+
+## Setup JAVA_HOME, this is useful for docker commandline
+ENV JAVA_HOME usr/lib/jvm/java-8-openjdk-$(dpkg --print-architecture)
+RUN export JAVA_HOME
+
+# Build up the deployment folder structure
+RUN mkdir -p $MICRO_HOME
+COPY ${JAR_FILE} $MICRO_HOME
+RUN mkdir -p $BIN_HOME
+COPY *.sh $BIN_HOME
+RUN chmod 755 $BIN_HOME/*
+RUN ln -s /logs $MICRO_HOME/logs
+RUN mkdir /logs
+# Create the appuser
+RUN groupadd -r appgroup && \
+    useradd -r -u 1001 -g appgroup appuser && \
+    chown -R appuser:appgroup $MICRO_HOME && \
+    chmod 777 /logs
+USER appuser
+CMD ["/opt/app/fproxy/bin/start.sh"]
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java
new file mode 100644
index 0000000..f433c65
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/CredentialCacheConfig.java
@@ -0,0 +1,37 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import org.onap.aaf.fproxy.cache.CredentialCache;
+import org.onap.aaf.fproxy.cache.InMemoryCredentialCache;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Scope;
+
+@Configuration
+public class CredentialCacheConfig {
+
+    @Bean
+    @Scope("singleton")
+    public CredentialCache inMemoryCredentialCacheSingleton() {
+        return new InMemoryCredentialCache();
+    }
+
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java
new file mode 100644
index 0000000..d226dc8
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/FProxyApplication.java
@@ -0,0 +1,74 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import java.util.HashMap;
+import javax.annotation.PostConstruct;
+import org.eclipse.jetty.util.security.Password;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.env.Environment;
+
+@SpringBootApplication
+@PropertySource("file:${CONFIG_HOME}/fproxy.properties")
+public class FProxyApplication extends SpringBootServletInitializer {
+
+    @Autowired
+    private Environment env;
+    
+    /**
+     * Spring Boot Initialization.
+     * 
+     * @param args main args
+     */
+    public static void main(String[] args) {
+        String keyStorePassword = System.getProperty("KEY_STORE_PASSWORD");
+        if (keyStorePassword == null || keyStorePassword.isEmpty()) {
+            throw new IllegalArgumentException("Env property KEY_STORE_PASSWORD not set");
+        }
+        HashMap<String, Object> props = new HashMap<>();
+        props.put("server.ssl.key-store-password", Password.deobfuscate(keyStorePassword));
+        new FProxyApplication().configure(new SpringApplicationBuilder(FProxyApplication.class).properties(props))
+                .run(args);
+    }
+    
+    /**
+     * Set required trust store system properties using values from application.properties
+     */
+    @PostConstruct
+    public void setSystemProperties() {
+        String keyStorePath = env.getProperty("server.ssl.key-store");
+        if (keyStorePath != null) {
+            String keyStorePassword = env.getProperty("server.ssl.key-store-password");
+
+            if (keyStorePassword != null) {
+                System.setProperty("javax.net.ssl.keyStore", keyStorePath);
+                System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
+                System.setProperty("javax.net.ssl.trustStore", keyStorePath);
+                System.setProperty("javax.net.ssl.trustStorePassword", keyStorePassword);
+            } else {
+                throw new IllegalArgumentException("Env property server.ssl.key-store-password not set");
+            }
+        }
+    }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
new file mode 100644
index 0000000..a1aef28
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/RestTemplateConfig.java
@@ -0,0 +1,70 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+import javax.net.ssl.SSLContext;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.client.RestTemplateBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.util.ResourceUtils;
+import org.springframework.web.client.RestTemplate;
+
+@Configuration
+public class RestTemplateConfig {
+
+    @Value("${server.ssl.client-cert}")
+    private String clientCertPath;
+
+    @Value("${server.ssl.key-store-password}")
+    private String clientCertPassword;
+
+    @Profile("secure")
+    @Bean
+    public RestTemplate restTemplate(RestTemplateBuilder builder) throws GeneralSecurityException, IOException {
+        return new RestTemplate(new HttpComponentsClientHttpRequestFactory(getClientBuilder().build()));
+    }
+
+    @Profile("noHostVerification")
+    @Bean
+    public RestTemplate restTemplateNoHostVerification(RestTemplateBuilder builder)
+            throws GeneralSecurityException, IOException {
+        return new RestTemplate(new HttpComponentsClientHttpRequestFactory(
+                getClientBuilder().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).build()));
+    }
+
+    private HttpClientBuilder getClientBuilder() throws GeneralSecurityException, IOException {
+
+        SSLContext sslContext = SSLContextBuilder.create()
+                .loadKeyMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray(),
+                        clientCertPassword.toCharArray())
+                .loadTrustMaterial(ResourceUtils.getFile(clientCertPath), clientCertPassword.toCharArray()).build();
+
+        return HttpClients.custom().setSSLContext(sslContext);
+    }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java
new file mode 100644
index 0000000..00fe9d4
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/CredentialCache.java
@@ -0,0 +1,37 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.cache;
+
+import org.onap.aaf.fproxy.data.CredentialCacheData;
+import org.springframework.lang.Nullable;
+
+public interface CredentialCache {
+
+    void add(String key, CredentialCacheData value, long periodInMillis);
+
+    void remove(String key);
+
+    @Nullable
+    CredentialCacheData get(String key);
+
+    void clear();
+
+    long size();
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java
new file mode 100644
index 0000000..44ce0cd
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/InMemoryCredentialCache.java
@@ -0,0 +1,116 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.cache;
+
+import java.lang.ref.SoftReference;
+import java.util.Optional;
+import java.util.concurrent.ConcurrentHashMap;
+import java.util.concurrent.DelayQueue;
+import java.util.concurrent.Delayed;
+import java.util.concurrent.TimeUnit;
+import org.onap.aaf.fproxy.data.CredentialCacheData;
+
+public class InMemoryCredentialCache implements CredentialCache {
+
+    private final ConcurrentHashMap<String, SoftReference<CredentialCacheData>> cache = new ConcurrentHashMap<>();
+    private final DelayQueue<DelayedCacheObject> cleaningUpQueue = new DelayQueue<>();
+
+    public InMemoryCredentialCache() {
+        Thread cleanerThread = new Thread(() -> {
+            while (!Thread.currentThread().isInterrupted()) {
+                try {
+                    DelayedCacheObject delayedCacheObject = cleaningUpQueue.take();
+                    cache.remove(delayedCacheObject.getKey(), delayedCacheObject.getReference());
+                } catch (InterruptedException e) {
+                    Thread.currentThread().interrupt();
+                }
+            }
+        });
+        cleanerThread.setDaemon(true);
+        cleanerThread.start();
+    }
+
+    @Override
+    public void add(String key, CredentialCacheData value, long periodInMillis) {
+        if (key == null) {
+            return;
+        }
+        if (value == null) {
+            cache.remove(key);
+        } else {
+            long expiryTime = System.currentTimeMillis() + periodInMillis;
+            SoftReference<CredentialCacheData> reference = new SoftReference<>(value);
+            cache.put(key, reference);
+            cleaningUpQueue.put(new DelayedCacheObject(key, reference, expiryTime));
+        }
+    }
+
+    @Override
+    public void remove(String key) {
+        cache.remove(key);
+    }
+
+    @Override
+    public CredentialCacheData get(String key) {
+        return Optional.ofNullable(cache.get(key)).map(SoftReference::get).orElse(null);
+    }
+
+    @Override
+    public void clear() {
+        cache.clear();
+    }
+
+    @Override
+    public long size() {
+        return cache.size();
+    }
+
+    private static class DelayedCacheObject implements Delayed {
+
+        private final String key;
+        private final SoftReference<CredentialCacheData> reference;
+        private final long expiryTime;
+
+        public DelayedCacheObject(String key, SoftReference<CredentialCacheData> reference, long expiryTime) {
+            super();
+            this.key = key;
+            this.reference = reference;
+            this.expiryTime = expiryTime;
+        }
+
+        @Override
+        public long getDelay(TimeUnit unit) {
+            return unit.convert(expiryTime - System.currentTimeMillis(), TimeUnit.MILLISECONDS);
+        }
+
+        @Override
+        public int compareTo(Delayed o) {
+            return Long.compare(expiryTime, ((DelayedCacheObject) o).expiryTime);
+        }
+
+        public String getKey() {
+            return key;
+        }
+
+        public SoftReference<CredentialCacheData> getReference() {
+            return reference;
+        }
+    }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java
new file mode 100644
index 0000000..b80fc32
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/cache/utils/CacheUtils.java
@@ -0,0 +1,89 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.cache.utils;
+
+import javax.servlet.http.HttpServletRequest;
+import org.onap.aaf.fproxy.cache.CredentialCache;
+import org.onap.aaf.fproxy.data.CredentialCacheData;
+import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpHeaders;
+import org.springframework.stereotype.Component;
+import org.springframework.web.util.WebUtils;
+
+@Component
+public class CacheUtils {
+
+    Logger logger = LoggerFactory.getLogger(CacheUtils.class);
+
+    @Autowired
+    private CredentialCache credentialCache;
+
+    @Value("${transactionid.header.name}")
+    private String transactionIdHeaderName;
+
+    public void populateCredentialsFromCache(HttpHeaders headers, HttpServletRequest request) {
+        String transactionId = headers.getFirst(transactionIdHeaderName);
+        if (transactionId != null) {
+            CredentialCacheData cacheData = credentialCache.get(transactionId);
+            if (cacheData == null) {
+                logger.info("Transaction ID {} not found in cache, skipping credential population...", transactionId);
+            } else if (cacheData.getCredentialType().equals(CredentialType.HEADER)) {
+                logger.info("Populating header credentials from cache for transaction ID: {}", transactionId);
+                applyHeaderCacheData(cacheData, headers);
+            } else if (cacheData.getCredentialType().equals(CredentialType.COOKIE)) {
+                logger.info("Populating cookie credentials from cache for transaction ID: {}", transactionId);
+                applyCookieCacheData(cacheData, headers, request);
+            }
+        } else {
+            logger.info("No transaction ID found in request, skipping credential population...");
+        }
+    }
+
+    private void applyHeaderCacheData(CredentialCacheData cacheData, HttpHeaders headers) {
+        String credentialName = cacheData.getCredentialName();
+        if (!headers.containsKey(credentialName)) {
+            headers.add(credentialName, cacheData.getCredentialValue());
+            logger.info("Header credentials successfully populated.");
+        } else {
+            logger.info("Request already contains header with name: {}, skipping credential population...",
+                    credentialName);
+        }
+    }
+
+    private void applyCookieCacheData(CredentialCacheData cacheData, HttpHeaders headers, HttpServletRequest request) {
+        String credentialName = cacheData.getCredentialName();
+        // Check if Cookie with same name is already set then skip
+        if (WebUtils.getCookie(request, credentialName) == null) {
+            headers.add(HttpHeaders.COOKIE, cacheData.getCredentialValue());
+            logger.info("Cookie credentials successfully populated.");
+        } else {
+            logger.info("Request already contains cookie with name: {}, skipping credential population...",
+                    credentialName);
+        }
+    }
+
+    public void addCredentialsToCache(String transactionId, CredentialCacheData credentialdata, long cacheExpiryMs) {
+        credentialCache.add(transactionId, credentialdata, cacheExpiryMs);
+    }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java
new file mode 100644
index 0000000..b72ea08
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/data/CredentialCacheData.java
@@ -0,0 +1,72 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.data;
+
+public class CredentialCacheData {
+
+    public enum CredentialType {
+        HEADER, COOKIE;
+    }
+
+    private String credentialName;
+    private String credentialValue;
+    private CredentialType credentialType;
+
+    public CredentialCacheData() {
+        super();
+    }
+
+    public CredentialCacheData(String credentialName, String credentialValue, CredentialType credentialType) {
+        super();
+        this.credentialName = credentialName;
+        this.credentialValue = credentialValue;
+        this.credentialType = credentialType;
+    }
+
+    public String getCredentialName() {
+        return credentialName;
+    }
+
+    public void setCredentialName(String credentialName) {
+        this.credentialName = credentialName;
+    }
+
+    public String getCredentialValue() {
+        return credentialValue;
+    }
+
+    public void setCredentialValue(String credentialValue) {
+        this.credentialValue = credentialValue;
+    }
+
+    public Enum<CredentialType> getCredentialType() {
+        return credentialType;
+    }
+
+    public void setCredentialType(CredentialType credentialType) {
+        this.credentialType = credentialType;
+    }
+
+    @Override
+    public String toString() {
+        return "CredentialCacheData [credentialName=" + credentialName + ", credentialType=" + credentialType + "]";
+    }
+
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java
new file mode 100644
index 0000000..0d150ba
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/service/ForwardingProxyService.java
@@ -0,0 +1,100 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.service;
+
+import java.net.URI;
+import java.util.Enumeration;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.onap.aaf.fproxy.cache.utils.CacheUtils;
+import org.onap.aaf.fproxy.data.CredentialCacheData;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.client.RestTemplate;
+import org.springframework.web.util.UriComponentsBuilder;
+
+@RestController
+public class ForwardingProxyService {
+
+    Logger logger = LoggerFactory.getLogger(ForwardingProxyService.class);
+
+    private static final long DEFAULT_CACHE_EXPIRY_MS = 180000; // 3 mins
+
+    @Autowired
+    RestTemplate restTemplate;
+
+    @Autowired
+    CacheUtils cacheUtils;
+
+    @Value("${credential.cache.timeout.ms:" + DEFAULT_CACHE_EXPIRY_MS + "}")
+    long cacheExpiryMs;
+
+    @RequestMapping(value = "/credential-cache/{transactionId}", method = RequestMethod.POST)
+    public ResponseEntity<String> addCredentialToCache(@PathVariable("transactionId") String transactionId,
+            @RequestBody CredentialCacheData credentialdata) {
+        logger.info("Updating credential cache with transaction ID: {}", transactionId);
+
+        // Update credential cache
+        logger.debug("Credential data: {}", credentialdata);
+        cacheUtils.addCredentialsToCache(transactionId, credentialdata, cacheExpiryMs);
+
+        logger.info("Credential cache successfully updated with transaction ID: {}", transactionId);
+        return new ResponseEntity<>(transactionId, HttpStatus.OK);
+    }
+
+    @RequestMapping("/**")
+    public ResponseEntity<String> forwardRest(@RequestBody(required = false) String body, HttpMethod method,
+            HttpServletRequest request, HttpServletResponse response) {
+
+        String requestUrl = request.getRequestURI();
+
+        logger.info("Request received: {}", requestUrl);
+
+        URI uri = UriComponentsBuilder.fromHttpUrl(request.getRequestURL().toString()).query(request.getQueryString())
+                .build(true).toUri();
+
+        HttpHeaders headers = new HttpHeaders();
+        Enumeration<String> headerNames = request.getHeaderNames();
+        while (headerNames.hasMoreElements()) {
+            String headerName = headerNames.nextElement();
+            headers.set(headerName, request.getHeader(headerName));
+        }
+
+        cacheUtils.populateCredentialsFromCache(headers, request);
+
+        HttpEntity<String> httpEntity = new HttpEntity<>(body, headers);
+
+        logger.info("Forwarding request...");
+
+        return restTemplate.exchange(uri, method, httpEntity, String.class);
+    }
+}
diff --git a/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java
new file mode 100644
index 0000000..ce6e162
--- /dev/null
+++ b/sidecar/fproxy/src/main/java/org/onap/aaf/fproxy/util/RequestValidationException.java
@@ -0,0 +1,35 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy.util;
+
+/** This exception is thrown when the request fails validation. */
+public class RequestValidationException extends Exception {
+
+    private static final long serialVersionUID = 1L;
+
+    /**
+     * Constructor for an instance of this exception with just a message.
+     *
+     * @param message information about the exception
+     */
+    public RequestValidationException(String message) {
+        super(message);
+    }
+}
diff --git a/sidecar/fproxy/src/main/resources/application.properties b/sidecar/fproxy/src/main/resources/application.properties
new file mode 100644
index 0000000..d269c54
--- /dev/null
+++ b/sidecar/fproxy/src/main/resources/application.properties
@@ -0,0 +1,14 @@
+CONFIG_HOME=config
+
+server.port=10680
+server.ssl.key-store=${CONFIG_HOME}/auth/tomcat_keystore
+server.ssl.client-cert=${CONFIG_HOME}/auth/client-cert.p12
+server.ssl.client-auth=need
+
+server.contextPath=/
+
+logging.config=${CONFIG_HOME}/logback-spring.xml
+
+spring.profiles.active=secure
+
+management.endpoints.web.base-path=/fproxy
\ No newline at end of file
diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java
new file mode 100644
index 0000000..ba876e0
--- /dev/null
+++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyIT.java
@@ -0,0 +1,49 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.eclipse.jetty.util.security.Password;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.onap.aaf.fproxy.service.ForwardingProxyService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.test.context.junit4.SpringRunner;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+public class FProxyIT {
+
+    static {
+        System.setProperty("server.ssl.key-store-password",
+                Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"));
+    }
+
+    @Autowired
+    private ForwardingProxyService fProxyService;
+
+    @Test
+    public void contexLoads() throws Exception {
+        assertThat(fProxyService).isNotNull();
+    }
+}
diff --git a/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java
new file mode 100644
index 0000000..ccf13e9
--- /dev/null
+++ b/sidecar/fproxy/src/test/java/org/onap/aaf/fproxy/FProxyServiceTest.java
@@ -0,0 +1,208 @@
+/**
+ * ============LICENSE_START=======================================================
+ * org.onap.aaf
+ * ================================================================================
+ * Copyright © 2018 European Software Marketing Ltd.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ */
+package org.onap.aaf.fproxy;
+
+import static org.hamcrest.Matchers.equalTo;
+import static org.springframework.test.web.client.match.MockRestRequestMatchers.header;
+import static org.springframework.test.web.client.match.MockRestRequestMatchers.method;
+import static org.springframework.test.web.client.match.MockRestRequestMatchers.requestTo;
+import static org.springframework.test.web.client.response.MockRestResponseCreators.withSuccess;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import javax.servlet.http.Cookie;
+import org.eclipse.jetty.util.security.Password;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.onap.aaf.fproxy.data.CredentialCacheData.CredentialType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.MediaType;
+import org.springframework.test.context.junit4.SpringRunner;
+import org.springframework.test.web.client.MockRestServiceServer;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
+import org.springframework.web.client.RestTemplate;
+
+@RunWith(SpringRunner.class)
+@SpringBootTest
+@AutoConfigureMockMvc
+public class FProxyServiceTest {
+
+    static {
+        System.setProperty("server.ssl.key-store-password",
+                Password.deobfuscate("OBF:1y0q1uvc1uum1uvg1pil1pjl1uuq1uvk1uuu1y10"));
+    }
+
+    @Value("${transactionid.header.name}")
+    private String transactionIdHeaderName;
+
+    @Autowired
+    private MockMvc mvc;
+
+    @Autowired
+    private RestTemplate restTemplate;
+
+    private MockRestServiceServer mockServer;
+
+    @Before
+    public void setUp() {
+        mockServer = MockRestServiceServer.createServer(restTemplate);
+    }
+
+    @Test
+    public void testRequestFrowarding() throws Exception {
+        String testUrl = "https://localhost:80/testurl";
+        String testResponse = "Response from MockRestService";
+
+        mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+                .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+        mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk())
+                .andExpect(content().string(equalTo(testResponse)));
+
+        mockServer.verify();
+    }
+
+    @Test
+    public void testCredentialCacheEndpoint() throws Exception {
+        populateCredentialCache("tx1", "headername", "headervalue", CredentialType.HEADER.toString());
+    }
+
+    @Test
+    public void testPopulateHeaderFromCache() throws Exception {
+        String testTransactionId = "tx1";
+        String testUrl = "https://localhost:80/testurl";
+        String headerName = "headername";
+        String headerValue = "headervalue";
+
+        String testResponse = "Response from MockRestService";
+
+        // Populate the cache with header credentials
+        populateCredentialCache(testTransactionId, headerName, headerValue, CredentialType.HEADER.toString());
+
+        // Expect mock server to be called with request containing cached header
+        mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+                .andExpect(header(headerName, headerValue))
+                .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+        // Send request to mock server with transaction Id
+        mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)
+                .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk())
+                .andExpect(content().string(equalTo(testResponse)));
+
+        mockServer.verify();
+    }
+
+    @Test
+    public void testHeaderAlreadyExists() throws Exception {
+        String testTransactionId = "tx1";
+        String testUrl = "https://localhost:80/testurl";
+        String headerName = "headername";
+        String headerValue = "headervalue";
+        String newHeaderValue = "newheadervalue";
+
+        String testResponse = "Response from MockRestService";
+
+        // Populate the cache with header credentials using a new value
+        populateCredentialCache(testTransactionId, headerName, newHeaderValue, CredentialType.HEADER.toString());
+
+        // Expect mock server to be called with request containing the original header credential value, not the cached
+        // new header value
+        mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+                .andExpect(header(headerName, headerValue))
+                .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+        // Send request to mock server that already contains a header with same name as the one that has been cached
+        mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)
+                .header(transactionIdHeaderName, testTransactionId).header(headerName, headerValue))
+                .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse)));
+
+        mockServer.verify();
+    }
+
+    @Test
+    public void testPopulateCookieFromCache() throws Exception {
+        String testTransactionId = "tx1";
+        String testUrl = "https://localhost:80/testurl";
+        String cookieName = "testcookie";
+        String cookieValue = "testcookie=testvalue";
+        String testResponse = "Response from MockRestService";
+
+        // Populate the cache with cookie credentials
+        populateCredentialCache(testTransactionId, cookieName, cookieValue, CredentialType.COOKIE.toString());
+
+        // Expect mock server to be called with request containing cached header
+        mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+                .andExpect(header(HttpHeaders.COOKIE, cookieValue))
+                .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+        // Send request to mock server with transaction Id
+        mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)
+                .header(transactionIdHeaderName, testTransactionId)).andExpect(status().isOk())
+                .andExpect(content().string(equalTo(testResponse)));
+
+        mockServer.verify();
+    }
+
+    @Test
+    public void testCookieAlreadyExists() throws Exception {
+        String testTransactionId = "tx1";
+        String testUrl = "https://localhost:80/testurl";
+        String cookieName = "testcookie";
+        String cookieValue = "testvalue";
+        String newCookieValue = "newtestvalue";
+
+        String testResponse = "Response from MockRestService";
+
+        // Populate the cache with cookie credentials using a new value
+        populateCredentialCache(testTransactionId, cookieName, newCookieValue, CredentialType.COOKIE.toString());
+
+        // Expect mock server to be called with request containing the original cookie credential value, not the cached
+        // new cookie value
+        mockServer.expect(requestTo(testUrl)).andExpect(method(HttpMethod.GET))
+                .andExpect(header(HttpHeaders.COOKIE, cookieName + "=" + cookieValue))
+                .andRespond(withSuccess(testResponse, MediaType.APPLICATION_JSON));
+
+        // Send request to mock server that already contains a cookie with same name as the one that has been cached
+        mvc.perform(MockMvcRequestBuilders.get(testUrl).accept(MediaType.APPLICATION_JSON)
+                .header(transactionIdHeaderName, testTransactionId).cookie(new Cookie(cookieName, cookieValue)))
+                .andExpect(status().isOk()).andExpect(content().string(equalTo(testResponse)));
+
+        mockServer.verify();
+    }
+
+    private void populateCredentialCache(String transactionId, String credentialName, String credentialValue,
+            String credentialType) throws Exception {
+        String cacheUrl = "https://localhost:80/credential-cache/" + transactionId;
+        String requestBody = "{ \"credentialName\":\"" + credentialName + "\", \"credentialValue\":\"" + credentialValue
+                + "\", \"credentialType\":\"" + credentialType + "\" }";
+
+        // Populate the cache with credentials
+        mvc.perform(MockMvcRequestBuilders.post(cacheUrl).content(requestBody).contentType(MediaType.APPLICATION_JSON)
+                .accept(MediaType.APPLICATION_JSON)).andExpect(status().isOk())
+                .andExpect(content().string(equalTo(transactionId)));
+    }
+}
diff --git a/sidecar/fproxy/version.properties b/sidecar/fproxy/version.properties
new file mode 100644
index 0000000..5128787
--- /dev/null
+++ b/sidecar/fproxy/version.properties
@@ -0,0 +1,13 @@
+# Versioning variables
+# Note that these variables cannot be structured (e.g. : version.release or version.snapshot etc... )
+# because they are used in Jenkins, whose plug-in doesn't support
+
+major=1
+minor=0
+patch=0
+
+base_version=${major}.${minor}.${patch}
+
+# Release must be completed with git revision # in Jenkins
+release_version=${base_version}
+snapshot_version=${base_version}-SNAPSHOT
diff --git a/sidecar/pom.xml b/sidecar/pom.xml
new file mode 100644
index 0000000..d33816c
--- /dev/null
+++ b/sidecar/pom.xml
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    ============LICENSE_START=======================================================
+    org.onap.aaf
+    ================================================================================
+    Copyright © 2018 European Software Marketing Ltd.
+    ================================================================================
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+    ============LICENSE_END=========================================================
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>org.onap.aaf.cadi</groupId>
+	<artifactId>sidecar</artifactId>
+	<version>1.0.0-SNAPSHOT</version>
+	<name>aaf-cadi-sidecar</name>
+	<packaging>pom</packaging>
+
+	<parent>
+		<groupId>org.onap.oparent</groupId>
+		<artifactId>oparent</artifactId>
+		<version>1.2.0</version>
+		<relativePath />
+	</parent>
+
+	<properties>
+		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+		<java.version>1.8</java.version>
+	</properties>
+
+		<!-- ============================================================== -->
+	<!-- Define sub-projects (modules) -->
+	<!-- ============================================================== -->
+	<modules>
+		<module>fproxy</module>
+	</modules>
+
+	<build>
+		<pluginManagement>
+			<plugins>
+				<plugin>
+					<groupId>com.mycila</groupId>
+					<artifactId>license-maven-plugin</artifactId>
+					<version>3.0</version>
+					<configuration>
+						<header>License.txt</header>
+						<includes>
+							<include>src/main/java/**</include>
+							<include>src/test/java/**</include>
+							<include>pom.xml</include>
+						</includes>
+						<skipExistingHeaders>true</skipExistingHeaders>
+					</configuration>
+					<executions>
+						<execution>
+							<goals>
+								<!-- Set goal from "check" to "format" to auto update license headers -->
+								<goal>check</goal>
+							</goals>
+							<phase>validate</phase>
+						</execution>
+					</executions>
+				</plugin>
+			</plugins>		
+		</pluginManagement>
+	</build>
+</project>