Rework the authentication

Add more granularity in the default authentication mechanism
+ Add some unit tests with Json to validate the json decoder

Change-Id: I89d0ef94e99fc8aa0c1e8c6432b5aa30a0a5ac88
Issue-Id: CLAMP-1
Signed-off-by: Determe, Sebastien (sd378r) <sd378r@intl.att.com>
diff --git a/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java b/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java
index 814d2c6..19c9164 100644
--- a/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java
+++ b/src/main/java/org/onap/clamp/clds/config/CldsConfiguration.java
@@ -23,9 +23,27 @@
 
 package org.onap.clamp.clds.config;
 
-import com.att.ajsc.common.AjscProvider;
-import com.att.ajsc.common.AjscService;
-import org.onap.clamp.clds.client.*;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.sql.DataSource;
+import javax.xml.transform.TransformerConfigurationException;
+
+import org.onap.clamp.clds.client.CldsEventDelegate;
+import org.onap.clamp.clds.client.DcaeDispatcherServices;
+import org.onap.clamp.clds.client.DcaeInventoryServices;
+import org.onap.clamp.clds.client.DcaeReqDelegate;
+import org.onap.clamp.clds.client.DcaeReqDeleteDelegate;
+import org.onap.clamp.clds.client.OperationalPolicyDelegate;
+import org.onap.clamp.clds.client.OperationalPolicyDeleteDelegate;
+import org.onap.clamp.clds.client.PolicyClient;
+import org.onap.clamp.clds.client.SdcCatalogServices;
+import org.onap.clamp.clds.client.SdcSendReqDelegate;
+import org.onap.clamp.clds.client.StringMatchPolicyDelegate;
+import org.onap.clamp.clds.client.StringMatchPolicyDeleteDelegate;
+import org.onap.clamp.clds.client.TcaPolicyDelegate;
+import org.onap.clamp.clds.client.TcaPolicyDeleteDelegate;
 import org.onap.clamp.clds.dao.CldsDao;
 import org.onap.clamp.clds.model.refprop.RefProp;
 import org.onap.clamp.clds.transform.XslTransformer;
@@ -37,11 +55,8 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 
-import javax.sql.DataSource;
-import javax.xml.transform.TransformerConfigurationException;
-import java.io.IOException;
-import java.util.ArrayList;
-import java.util.List;
+import com.att.ajsc.common.AjscProvider;
+import com.att.ajsc.common.AjscService;
 
 @Configuration
 @Profile("clamp-default")
@@ -54,20 +69,18 @@
      * Clds Identity databse DataSource configuration
      */
     @Bean(name = "cldsDataSource")
-    @ConfigurationProperties(prefix = "spring.cldsdatasource")
+    @ConfigurationProperties(prefix = "spring.datasource.cldsdb")
     public DataSource cldsDataSource() {
-        return DataSourceBuilder
-                .create()
-                .build();
+        return DataSourceBuilder.create().build();
     }
 
     @Bean(name = "jaxrsProviders")
-    public List jaxrsProviders() {
+    public List<?> jaxrsProviders() {
         return new ArrayList(context.getBeansWithAnnotation(AjscProvider.class).values());
     }
 
     @Bean(name = "jaxrsServices")
-    public List jaxrsServices() {
+    public List<?> jaxrsServices() {
         return new ArrayList(context.getBeansWithAnnotation(AjscService.class).values());
     }
 
@@ -136,7 +149,28 @@
     }
 
     @Bean(name = "sdcCatalogServices")
-    public SdcCatalogServices getAsdcCatalogServices() {
+    public SdcCatalogServices getSdcCatalogServices() {
         return new SdcCatalogServices();
     }
+
+    @Bean(name = "dcaeDispatcherServices")
+    public DcaeDispatcherServices getDcaeDispatcherServices() {
+        return new DcaeDispatcherServices();
+    }
+
+    @Bean(name = "dcaeInventoryServices")
+    public DcaeInventoryServices getDcaeInventoryServices() {
+        return new DcaeInventoryServices();
+    }
+
+    @Bean(name = "tcaPolicyDelegate")
+    public TcaPolicyDelegate getTcaPolicyDelegate() {
+        return new TcaPolicyDelegate();
+    }
+
+    @Bean(name = "tcaPolicyDeleteDelegate")
+    public TcaPolicyDeleteDelegate getTcaPolicyDeleteDelegate() {
+        return new TcaPolicyDeleteDelegate();
+    }
+
 }
\ No newline at end of file
diff --git a/src/main/java/org/onap/clamp/clds/config/CldsSecurityConfig.java b/src/main/java/org/onap/clamp/clds/config/CldsSecurityConfig.java
index 571ad4b..7e6021c 100644
--- a/src/main/java/org/onap/clamp/clds/config/CldsSecurityConfig.java
+++ b/src/main/java/org/onap/clamp/clds/config/CldsSecurityConfig.java
@@ -5,16 +5,16 @@
  * Copyright (C) 2017 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License"); 
- * you may not use this file except in compliance with the License. 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software 
- * distributed under the License is distributed on an "AS IS" BASIS, 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
- * See the License for the specific language governing permissions and 
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
  * limitations under the License.
  * ============LICENSE_END============================================
  * ===================================================================
@@ -23,95 +23,64 @@
 
 package org.onap.clamp.clds.config;
 
+import org.onap.clamp.clds.service.CldsUser;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.io.Resource;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.logging.Level;
-import java.util.logging.Logger;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
 
 @Configuration
 @EnableWebSecurity
+@Profile("clamp-spring-authentication")
 public class CldsSecurityConfig extends WebSecurityConfigurerAdapter {
 
-    private static final Logger logger = Logger.getLogger(CldsSecurityConfig.class.getName());
+    protected static final EELFLogger logger        = EELFManager.getInstance().getLogger(CldsSecurityConfig.class);
+    protected static final EELFLogger metricsLogger = EELFManager.getInstance().getMetricsLogger();
 
     @Autowired
-    private ApplicationContext appContext;
+    private ApplicationContext      appContext;
 
-    @Value("${org.onap.clamp.config.files.cldsUsers:'classpath:etc/config/clds/clds-users.properties'}")
-    private String cldsUsers;
+    @Value("${org.onap.clamp.config.files.cldsUsers:'classpath:etc/config/clds/clds-users.json'}")
+    private String                  cldsUsersFile;
 
-    private final static String ROLEPREFIX = "null|null|";
+    @Value("${CLDS_PERMISSION_TYPE_CL:permission-type-cl}")
+    private String                  cldsPersmissionTypeCl;
+
+    @Value("${CLDS_PERMISSION_INSTANCE:dev}")
+    private String                  cldsPermissionInstance;
 
     @Override
     protected void configure(HttpSecurity http) throws Exception {
-        http
-            .csrf().disable()
-            .authorizeRequests()
-                .anyRequest().authenticated()
-                .and()
-            .formLogin()
-                .loginPage("/login.html")
-                .permitAll()
-                .and()
-            .logout()
-                .permitAll();
+        http.csrf().disable().httpBasic().and().authorizeRequests().antMatchers("/restservices/clds/v1/user/**")
+                .authenticated().anyRequest().permitAll().and().logout();
     }
 
     @Autowired
     public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        List<String> userList = loadUsers();
+        CldsUser[] usersList = loadUsers();
 
         // no users defined
-        if (null == userList || userList.isEmpty()) {
-            logger.log(Level.SEVERE, "No users defined. Users should be defined under clds/clds-users.properties.");
+        if (null == usersList) {
+            logger.warn("No users defined. Users should be defined under " + cldsUsersFile);
             return;
         }
 
-        for (String user : userList) {
-            String[] userInfo = user.split("[|]");
-            if (userInfo.length != 3) {
-                logger.log(Level.SEVERE, "Defined User(" + user + ") is not in good format.  User format should be:<username>|<password>|<role>. Role should be eiother 'read' or 'all'.");
-                continue;
-            }
-
-            auth
-                .inMemoryAuthentication()
-                .withUser(userInfo[0]).password(userInfo[1]).roles(ROLEPREFIX + ("all".equalsIgnoreCase(userInfo[2]) ? "*" : userInfo[2]));
-
+        for (CldsUser user : usersList) {
+            auth.inMemoryAuthentication().withUser(user.getUser()).password(user.getPassword())
+                    .roles(user.getPermissionsString());
         }
     }
 
-    private boolean validUser(String[] userInfo) {
-        return ((userInfo != null) && (userInfo.length == 3) && (("all".equals(userInfo[2])) || ("read".equals(userInfo[2]))));
-    }
-
-    private List<String> loadUsers() throws Exception {
+    private CldsUser[] loadUsers() throws Exception {
         logger.info("Load from clds-users.properties");
-
-        Resource resource = appContext.getResource(cldsUsers);
-        BufferedReader input = new BufferedReader(new InputStreamReader(resource.getInputStream()));
-
-        List<String> userList = new LinkedList<>();
-
-        String line;
-        while ((line = input.readLine()) != null) {
-            if (!line.contains("#")) {
-                userList.add(line);
-            }
-            logger.info("line read:" + line);
-        }
-        return userList;
+        return CldsUserJsonDecoder.decodeJson(appContext.getResource(cldsUsersFile).getInputStream());
     }
-}
\ No newline at end of file
+}
diff --git a/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java
new file mode 100644
index 0000000..997a20f
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/config/CldsUserJsonDecoder.java
@@ -0,0 +1,46 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.config;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.onap.clamp.clds.service.CldsUser;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+public class CldsUserJsonDecoder {
+
+    /**
+     * This method decodes the JSON file provided to a CldsUser Array. The
+     * stream is closed after this call, this is not possible to reuse it.
+     * 
+     * @return CldsUser[] Array containing a list of the user defined in the
+     *         JSON file
+     */
+    public static CldsUser[] decodeJson(InputStream cldsUsersFile) throws IOException {
+        // the ObjectMapper readValue method closes the stream no need to do it
+        return new ObjectMapper().readValue(cldsUsersFile, CldsUser[].class);
+    }
+}
diff --git a/src/main/java/org/onap/clamp/clds/service/CldsUser.java b/src/main/java/org/onap/clamp/clds/service/CldsUser.java
new file mode 100644
index 0000000..9db1e60
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/service/CldsUser.java
@@ -0,0 +1,84 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.service;
+
+import java.util.Arrays;
+
+public class CldsUser {
+
+    private String                    user;
+
+    private String                    password;
+
+    private SecureServicePermission[] permissions;
+
+    /**
+     * @return the user
+     */
+    public String getUser() {
+        return user;
+    }
+
+    /**
+     * @param user
+     *            the user to set
+     */
+    public void setUser(String user) {
+        this.user = user;
+    }
+
+    /**
+     * @return the password
+     */
+    public String getPassword() {
+        return password;
+    }
+
+    /**
+     * @param password
+     *            the password to set
+     */
+    public void setPassword(String password) {
+        this.password = password;
+    }
+
+    /**
+     * @return the permissions
+     */
+    public SecureServicePermission[] getPermissions() {
+        return permissions;
+    }
+
+    public String[] getPermissionsString() {
+        return Arrays.stream(getPermissions()).map(perm -> perm.getKey()).toArray(String[]::new);
+    }
+
+    /**
+     * @param permissions
+     *            the permissions to set
+     */
+    public void setPermissions(SecureServicePermission[] permissions) {
+        this.permissions = permissions;
+    }
+}
diff --git a/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java
new file mode 100644
index 0000000..511cafe
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/service/DefaultUserNameHandler.java
@@ -0,0 +1,47 @@
+/*-

+ * ============LICENSE_START=======================================================

+ * ONAP CLAMP

+ * ================================================================================

+ * Copyright (C) 2017 AT&T Intellectual Property. All rights

+ *                             reserved.

+ * ================================================================================

+ * Licensed under the Apache License, Version 2.0 (the "License"); 

+ * you may not use this file except in compliance with the License. 

+ * You may obtain a copy of the License at

+ * 

+ * http://www.apache.org/licenses/LICENSE-2.0

+ * 

+ * Unless required by applicable law or agreed to in writing, software 

+ * distributed under the License is distributed on an "AS IS" BASIS, 

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

+ * See the License for the specific language governing permissions and 

+ * limitations under the License.

+ * ============LICENSE_END============================================

+ * ===================================================================

+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ */

+

+package org.onap.clamp.clds.service;

+

+import java.security.Principal;

+

+import javax.ws.rs.core.SecurityContext;

+

+public class DefaultUserNameHandler implements UserNameHandler {

+

+    public DefaultUserNameHandler() {

+    }

+

+    /*

+     * (non-Javadoc)

+     * 

+     * @see

+     * org.onap.clamp.clds.service.PrincipalNameHandler#handleName(javax.ws.rs.

+     * core.SecurityContext)

+     */

+    @Override

+    public String retrieveUserName(SecurityContext securityContext) {

+        Principal p = securityContext.getUserPrincipal();

+        return (p == null ? "Not found" : p.getName());

+    }

+}

diff --git a/src/main/java/org/onap/clamp/clds/service/LogServiceImpl.java b/src/main/java/org/onap/clamp/clds/service/LogServiceImpl.java
index e7ee93a..f38e129 100644
--- a/src/main/java/org/onap/clamp/clds/service/LogServiceImpl.java
+++ b/src/main/java/org/onap/clamp/clds/service/LogServiceImpl.java
@@ -5,16 +5,16 @@
  * Copyright (C) 2017 AT&T Intellectual Property. All rights
  *                             reserved.
  * ================================================================================
- * Licensed under the Apache License, Version 2.0 (the "License"); 
- * you may not use this file except in compliance with the License. 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  * http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software 
- * distributed under the License is distributed on an "AS IS" BASIS, 
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
- * See the License for the specific language governing permissions and 
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
  * limitations under the License.
  * ============LICENSE_END============================================
  * ===================================================================
@@ -23,25 +23,10 @@
 
 package org.onap.clamp.clds.service;
 
-import com.att.ajsc.camunda.core.AttCamundaHistoryEvent;
-import com.att.ajsc.camunda.core.AttCamundaService;
-import com.att.ajsc.logging.AjscEelfManager;
-import com.att.eelf.configuration.EELFLogger;
-import com.google.gson.Gson;
-import org.onap.clamp.clds.common.LogMessages;
-import org.apache.commons.mail.Email;
-import org.apache.commons.mail.SimpleEmail;
-import org.apache.cxf.jaxrs.ext.MessageContext;
-import org.camunda.bpm.engine.HistoryService;
-import org.camunda.bpm.engine.RuntimeService;
-import org.camunda.bpm.engine.history.HistoricActivityInstance;
-import org.camunda.bpm.engine.impl.history.event.HistoricActivityInstanceEventEntity;
-import org.camunda.bpm.engine.runtime.ProcessInstance;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.mail.MailException;
-import org.springframework.mail.SimpleMailMessage;
-import org.springframework.mail.javamail.JavaMailSenderImpl;
-import org.springframework.stereotype.Service;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
 
 import javax.mail.Message;
 import javax.mail.MessagingException;
@@ -50,20 +35,41 @@
 import javax.mail.internet.InternetAddress;
 import javax.mail.internet.MimeMessage;
 import javax.ws.rs.core.Context;
-import java.util.*;
+
+import org.apache.commons.mail.Email;
+import org.apache.commons.mail.SimpleEmail;
+import org.apache.cxf.jaxrs.ext.MessageContext;
+import org.camunda.bpm.engine.HistoryService;
+import org.camunda.bpm.engine.RuntimeService;
+import org.camunda.bpm.engine.history.HistoricActivityInstance;
+import org.camunda.bpm.engine.impl.history.event.HistoricActivityInstanceEventEntity;
+import org.camunda.bpm.engine.runtime.ProcessInstance;
+import org.onap.clamp.clds.common.LogMessages;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mail.MailException;
+import org.springframework.mail.SimpleMailMessage;
+import org.springframework.mail.javamail.JavaMailSenderImpl;
+import org.springframework.stereotype.Service;
+
+import com.att.ajsc.camunda.core.AttCamundaHistoryEvent;
+import com.att.ajsc.camunda.core.AttCamundaService;
+import com.att.eelf.configuration.EELFLogger;
+import com.att.eelf.configuration.EELFManager;
+import com.google.gson.Gson;
 
 @Service
 public class LogServiceImpl implements LogService {
-    private static final EELFLogger logger = AjscEelfManager.getInstance().getLogger(LogServiceImpl.class);
+    protected static final EELFLogger       logger      = EELFManager.getInstance().getLogger(LogServiceImpl.class);
+    protected static final EELFLogger auditLogger = EELFManager.getInstance().getAuditLogger();
 
     @Autowired
-    private RuntimeService runtimeService;
+    private RuntimeService          runtimeService;
 
     @Autowired
-    private HistoryService historyService;
+    private HistoryService          historyService;
 
     @Context
-    private MessageContext context;
+    private MessageContext          context;
 
     public void setRuntimeService(RuntimeService runtimeService) {
         this.runtimeService = runtimeService;
@@ -93,7 +99,9 @@
         }
 
         // BEGIN - added for send mail testing
-        // also added the following to the method signature: , @QueryParam("javamail") String javamail, @QueryParam("springmail") String springmail, @QueryParam("commonsmail") String commonsmail
+        // also added the following to the method signature: ,
+        // @QueryParam("javamail") String javamail, @QueryParam("springmail")
+        // String springmail, @QueryParam("commonsmail") String commonsmail
         // if javamail parameter provided, assume it contains an email address.
         // use Java Mail to send an email from that address, to that address
         if (javamail != null && javamail.length() > 0) {
@@ -104,11 +112,11 @@
                 Session session = Session.getInstance(props);
                 MimeMessage msg = new MimeMessage(session);
 
-                msg.setFrom(new InternetAddress(javamail)); //eMail.setFrom
+                msg.setFrom(new InternetAddress(javamail)); // eMail.setFrom
 
-                InternetAddress[] fromAddresses = {new InternetAddress(javamail)};
-                msg.setReplyTo(fromAddresses); //eMail.addReplyTo
-                msg.setSubject("test message using javax.mail"); //eMail.setSubject
+                InternetAddress[] fromAddresses = { new InternetAddress(javamail) };
+                msg.setReplyTo(fromAddresses); // eMail.addReplyTo
+                msg.setSubject("test message using javax.mail"); // eMail.setSubject
                 msg.setText(logMessageText); // eMail.setMsg
 
                 msg.addRecipient(Message.RecipientType.TO, new InternetAddress(javamail)); // eMail.addTo
@@ -118,7 +126,8 @@
             }
         }
 
-        // if springmail parameter provided, assume it contains an email address.
+        // if springmail parameter provided, assume it contains an email
+        // address.
         // use Spring Mail to send an email from that address, to that address
         if (springmail != null && springmail.length() > 0) {
             variables.put("springmail", springmail);
@@ -127,9 +136,9 @@
 
             try {
                 sender.setHost("smtp.sbc.com"); // eMail.setHostName
-                smsg.setFrom(springmail); //eMail.setFrom
-                smsg.setReplyTo(springmail); //eMail.addReplyTo
-                smsg.setSubject("test message using spring mail"); //eMail.setSubject
+                smsg.setFrom(springmail); // eMail.setFrom
+                smsg.setReplyTo(springmail); // eMail.addReplyTo
+                smsg.setSubject("test message using spring mail"); // eMail.setSubject
                 smsg.setText(logMessageText); // eMail.setMsg
                 smsg.setTo(springmail); // eMail.addTo
                 sender.send(smsg);
@@ -138,18 +147,20 @@
             }
         }
 
-        // if commonsmail parameter provided, assume it contains an email address.
-        // use Apache Commons Mail to send an email from that address, to that address
+        // if commonsmail parameter provided, assume it contains an email
+        // address.
+        // use Apache Commons Mail to send an email from that address, to that
+        // address
         if (commonsmail != null && commonsmail.length() > 0) {
             variables.put("commonsmail", commonsmail);
-            Email eMail = new SimpleEmail();
+            Email email = new SimpleEmail();
             try {
-                eMail.setHostName("smtp.sbc.com");
-                eMail.setFrom(commonsmail);
-                eMail.addReplyTo(commonsmail);
-                eMail.setSubject("test message using commons mail");
-                eMail.setMsg(logMessageText);
-                eMail.addTo(commonsmail);
+                email.setHostName("smtp.sbc.com");
+                email.setFrom(commonsmail);
+                email.addReplyTo(commonsmail);
+                email.setSubject("test message using commons mail");
+                email.setMsg(logMessageText);
+                email.addTo(commonsmail);
                 java.net.URL classUrl = this.getClass().getResource("com.sun.mail.util.TraceInputStream");
                 if (classUrl != null) {
                     logger.info(LogMessages.LOGSERVICE_EMAIL_CLASS, classUrl.getFile());
@@ -157,7 +168,7 @@
                     logger.info(LogMessages.LOGSERVICE_EMAIL_CLASS, classUrl.getFile());
                     logger.info(LogMessages.LOGSERVICE_EMAIL_CLASS_NULL);
                 }
-                eMail.send();
+                email.send();
             } catch (Exception e) {
                 logger.error(LogMessages.LOGSERVICE_EMAIL_ERROR, e);
             }
@@ -168,7 +179,8 @@
         ProcessInstance pi = runtimeService.startProcessInstanceByKey("log-message-wf", variables);
         AttCamundaService.setHttpRequest(null);
         // return text message of what was done
-        return "Started processDefinitionId=" + pi.getProcessDefinitionId() + ", processInstanceId=" + pi.getProcessInstanceId() + ", to log message: " + logMessageText;
+        return "Started processDefinitionId=" + pi.getProcessDefinitionId() + ", processInstanceId="
+                + pi.getProcessInstanceId() + ", to log message: " + logMessageText;
     }
 
     @Override
@@ -179,13 +191,17 @@
         AttCamundaHistoryEvent attCamundaHistoryEvent = gson.fromJson(histEventList, AttCamundaHistoryEvent.class);
         if (attCamundaHistoryEvent != null && attCamundaHistoryEvent.getProcInstId() != null) {
             logger.info(LogMessages.PROCESS_INSTANCE_ID, attCamundaHistoryEvent.getProcInstId());
-            if (context != null && context.getHttpServletRequest() != null && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) {
+            if (context != null && context.getHttpServletRequest() != null
+                    && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) {
                 context.getHttpServletRequest().setAttribute("CALL_TYPE", "Testing");
-                List<HistoricActivityInstance> histActInstList = historyService.createHistoricActivityInstanceQuery().processInstanceId(attCamundaHistoryEvent.getProcInstId()).list();
+                List<HistoricActivityInstance> histActInstList = historyService.createHistoricActivityInstanceQuery()
+                        .processInstanceId(attCamundaHistoryEvent.getProcInstId()).list();
 
                 if (histActInstList != null && histActInstList.size() > 0) {
                     for (HistoricActivityInstance currHistoricActivityInstance : histActInstList) {
-                        if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null && currHistoricActivityInstance.getStartTime() != null
+                        if (currHistoricActivityInstance != null
+                                && currHistoricActivityInstance.getActivityName() != null
+                                && currHistoricActivityInstance.getStartTime() != null
                                 && currHistoricActivityInstance.getEndTime() != null) {
                             logger.info("value of serviceTrack:" + currHistoricActivityInstance);
                             message = "Log Entry Created";
@@ -193,10 +209,13 @@
                         }
                     }
                 }
-                if (attCamundaHistoryEvent.getHistoryEventList() != null && attCamundaHistoryEvent.getHistoryEventList().size() > 0) {
-                    List<HistoricActivityInstanceEventEntity> historyEventList = attCamundaHistoryEvent.getHistoryEventList();
+                if (attCamundaHistoryEvent.getHistoryEventList() != null
+                        && attCamundaHistoryEvent.getHistoryEventList().size() > 0) {
+                    List<HistoricActivityInstanceEventEntity> historyEventList = attCamundaHistoryEvent
+                            .getHistoryEventList();
                     for (HistoricActivityInstanceEventEntity actiEvent : historyEventList) {
-                        //  resolve null pointer exception if actiEvent.getActivityName()
+                        // resolve null pointer exception if
+                        // actiEvent.getActivityName()
                         message = "Log Entry Created";
                     }
                 }
@@ -209,12 +228,17 @@
     public String createLogMessage(String startTime, String endTime, String serviceName) {
         String message = "no logs Created";
 
-        if (context != null && context.getHttpServletRequest() != null && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) {
+        if (context != null && context.getHttpServletRequest() != null
+                && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) {
             context.getHttpServletRequest().setAttribute("X-CSI-ClientApp", "AJSC-CSI~sdsds");
-    		/*PerformanceTrackingBean trackingBean =(PerformanceTrackingBean) context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN");
-    		PerformanceTracking.addInvokeServiceTrack(trackingBean,
-					serviceName, Long.valueOf(startTime), Long.valueOf(endTime), "Completed",
-					500, 1000) ;*/
+            /*
+             * PerformanceTrackingBean trackingBean =(PerformanceTrackingBean)
+             * context.getHttpServletRequest().getAttribute(
+             * "PERFORMANCE_TRACKER_BEAN");
+             * PerformanceTracking.addInvokeServiceTrack(trackingBean,
+             * serviceName, Long.valueOf(startTime), Long.valueOf(endTime),
+             * "Completed", 500, 1000) ;
+             */
             message = "Log Entry Created";
         }
         // return text message of what was done
@@ -226,13 +250,16 @@
         String message = "no logs Created";
         logger.info("value of history events:" + histEventList);
         logger.info("value of events:" + histEventList + ":" + histEventList);
-        if (context != null && context.getHttpServletRequest() != null && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) {
+        if (context != null && context.getHttpServletRequest() != null
+                && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) {
             context.getHttpServletRequest().setAttribute("CALL_TYPE", "Testing");
-            List<HistoricActivityInstance> histActInstList = historyService.createHistoricActivityInstanceQuery().processInstanceId(procInstId).list();
+            List<HistoricActivityInstance> histActInstList = historyService.createHistoricActivityInstanceQuery()
+                    .processInstanceId(procInstId).list();
 
             if (histActInstList != null && histActInstList.size() > 0) {
                 for (HistoricActivityInstance currHistoricActivityInstance : histActInstList) {
-                    if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null && currHistoricActivityInstance.getStartTime() != null
+                    if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null
+                            && currHistoricActivityInstance.getStartTime() != null
                             && currHistoricActivityInstance.getEndTime() != null) {
                         logger.info("value of serviceTrack:" + currHistoricActivityInstance);
                         message = "Log Entry Created";
@@ -247,12 +274,15 @@
     @Override
     public String CreateHistLog(String procInstId) {
         String message = "no logs Created";
-        if (context != null && context.getHttpServletRequest() != null && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) {
-            List<HistoricActivityInstance> histActInstList = historyService.createHistoricActivityInstanceQuery().processInstanceId(procInstId).list();
+        if (context != null && context.getHttpServletRequest() != null
+                && context.getHttpServletRequest().getAttribute("PERFORMANCE_TRACKER_BEAN") != null) {
+            List<HistoricActivityInstance> histActInstList = historyService.createHistoricActivityInstanceQuery()
+                    .processInstanceId(procInstId).list();
 
             if (histActInstList != null && histActInstList.size() > 0) {
                 for (HistoricActivityInstance currHistoricActivityInstance : histActInstList) {
-                    if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null && currHistoricActivityInstance.getStartTime() != null
+                    if (currHistoricActivityInstance != null && currHistoricActivityInstance.getActivityName() != null
+                            && currHistoricActivityInstance.getStartTime() != null
                             && currHistoricActivityInstance.getEndTime() != null) {
                         logger.info("value of serviceTrack:" + currHistoricActivityInstance);
                         context.getHttpServletRequest().setAttribute("X-CSI-ClientApp", "AJSC-CSI~sdsds");
@@ -263,14 +293,4 @@
         }
         return message;
     }
-
-    private String getActivityInstanceState(int activityInstanceState) {
-        String activityState = "Default";
-        if (activityInstanceState == 1) {
-            activityState = "Complete";
-        } else if (activityInstanceState == 2) {
-            activityState = "Cancelled";
-        }
-        return activityState;
-    }
 }
diff --git a/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java
new file mode 100644
index 0000000..cadf334
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/service/UserNameHandler.java
@@ -0,0 +1,31 @@
+/*-

+ * ============LICENSE_START=======================================================

+ * ONAP CLAMP

+ * ================================================================================

+ * Copyright (C) 2017 AT&T Intellectual Property. All rights

+ *                             reserved.

+ * ================================================================================

+ * Licensed under the Apache License, Version 2.0 (the "License"); 

+ * you may not use this file except in compliance with the License. 

+ * You may obtain a copy of the License at

+ * 

+ * http://www.apache.org/licenses/LICENSE-2.0

+ * 

+ * Unless required by applicable law or agreed to in writing, software 

+ * distributed under the License is distributed on an "AS IS" BASIS, 

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 

+ * See the License for the specific language governing permissions and 

+ * limitations under the License.

+ * ============LICENSE_END============================================

+ * ===================================================================

+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.

+ */

+

+package org.onap.clamp.clds.service;

+

+import javax.ws.rs.core.SecurityContext;

+

+public interface UserNameHandler {

+

+    public String retrieveUserName(SecurityContext securityContext);

+}

diff --git a/src/main/java/org/onap/clamp/clds/service/UserService.java b/src/main/java/org/onap/clamp/clds/service/UserService.java
new file mode 100644
index 0000000..6f3e480
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/service/UserService.java
@@ -0,0 +1,54 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.service;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.core.MediaType;
+
+import io.swagger.annotations.Api;
+
+/**
+ * User service used for authorization verification at the login page. Do not
+ * remove this class.
+ */
+@Api(value = "/user")
+@Path("/user")
+@Produces({ MediaType.TEXT_PLAIN })
+public interface UserService {
+
+    /**
+     * REST service that returns the username.
+     *
+     * @param userName
+     * @return the user name
+     */
+    @GET
+    @Path("/{userName}")
+    @Produces(MediaType.TEXT_PLAIN)
+    String getUser(@PathParam("userName") String userName);
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/onap/clamp/clds/service/UserServiceImpl.java b/src/main/java/org/onap/clamp/clds/service/UserServiceImpl.java
new file mode 100644
index 0000000..7d0fda0
--- /dev/null
+++ b/src/main/java/org/onap/clamp/clds/service/UserServiceImpl.java
@@ -0,0 +1,46 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.service;
+
+import com.att.ajsc.common.AjscService;
+
+/**
+ * User service used for authorization verification at the login page. Do not
+ * remove this class.
+ */
+@AjscService
+public class UserServiceImpl implements UserService {
+
+    /**
+     * REST service that returns the username.
+     *
+     * @param userName
+     * @return the user name
+     */
+    @Override
+    public String getUser(String userName) {
+        return userName;
+    }
+
+}
\ No newline at end of file
diff --git a/src/main/resources/clds/clds-users.json b/src/main/resources/clds/clds-users.json
new file mode 100644
index 0000000..b569f9d
--- /dev/null
+++ b/src/main/resources/clds/clds-users.json
@@ -0,0 +1,15 @@
+ [{
+    "user":"admin",
+    "password":"5f4dcc3b5aa765d61d8327deb882cf99",
+	"permissions": 
+	            [
+	               "permission-type-cl|dev|read",
+	               "permission-type-cl|dev|update",
+	               "permission-type-cl-manage|dev|*",
+	               "permission-type-filter-vf|dev|*",
+	               "permission-type-template|dev|read",
+	               "permission-type-template|dev|update"
+	            ]
+	}
+
+]
\ No newline at end of file
diff --git a/src/main/resources/clds/clds-users.properties b/src/main/resources/clds/clds-users.properties
deleted file mode 100644
index f4b11e8..0000000
--- a/src/main/resources/clds/clds-users.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-# Please define the CLDS users here
-# The format is <username>|<password>|<role>
-# Two types of roles are used:read, all
-# -	read: can only read template and closed loop design
-# - all: can read and update template and closed loop related design 
-#
-user|password|all
\ No newline at end of file
diff --git a/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java b/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java
new file mode 100644
index 0000000..fa8adc7
--- /dev/null
+++ b/src/test/java/org/onap/clamp/clds/config/CldsUserJsonDecoderTest.java
@@ -0,0 +1,85 @@
+/*-
+ * ============LICENSE_START=======================================================
+ * ONAP CLAMP
+ * ================================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights
+ *                             reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License"); 
+ * you may not use this file except in compliance with the License. 
+ * You may obtain a copy of the License at
+ * 
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software 
+ * distributed under the License is distributed on an "AS IS" BASIS, 
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 
+ * See the License for the specific language governing permissions and 
+ * limitations under the License.
+ * ============LICENSE_END============================================
+ * ===================================================================
+ * ECOMP is a trademark and service mark of AT&T Intellectual Property.
+ */
+
+package org.onap.clamp.clds.config;
+
+import static org.junit.Assert.assertArrayEquals;
+import static org.junit.Assert.assertEquals;
+
+import org.junit.Test;
+import org.onap.clamp.clds.service.CldsUser;
+
+public class CldsUserJsonDecoderTest {
+
+    private String   user1                      = "admin1";
+    private String   user2                      = "admin2";
+
+    private String   password                   = "5f4dcc3b5aa765d61d8327deb882cf99";
+    private String[] normalPermissionsArray     = { "permission-type-cl|dev|read", "permission-type-cl|dev|update",
+            "permission-type-cl-manage|dev|*", "permission-type-filter-vf|dev|*", "permission-type-template|dev|read",
+            "permission-type-template|dev|update" };
+
+    private String[] incompletePermissionsArray = { "permission-type-cl|dev|*", "permission-type-cl|dev|*",
+            "permission-type-cl-manage|dev|*", "permission-type-filter-vf|dev|*", "permission-type-template|dev|read",
+            "permission-type-template|dev|update" };
+
+    @Test
+    public void testDecodingDoubleUsers() throws Exception {
+        CldsUser[] usersArray = CldsUserJsonDecoder
+                .decodeJson(CldsUserJsonDecoderTest.class.getResourceAsStream("/clds/clds-users-two-users.json"));
+
+        assertEquals(usersArray.length, 2);
+
+        assertEquals(usersArray[0].getUser(), user1);
+        assertEquals(usersArray[1].getUser(), user2);
+
+        assertEquals(usersArray[0].getPassword(), password);
+        assertEquals(usersArray[1].getPassword(), password);
+
+        assertArrayEquals(usersArray[0].getPermissionsString(), normalPermissionsArray);
+        assertArrayEquals(usersArray[1].getPermissionsString(), normalPermissionsArray);
+    }
+
+    @Test
+    public void testDecodingNoPermission() throws Exception {
+        CldsUser[] usersArray = CldsUserJsonDecoder
+                .decodeJson(this.getClass().getResourceAsStream("/clds/clds-users-no-permission.json"));
+
+        assertEquals(usersArray.length, 1);
+        assertEquals(usersArray[0].getUser(), user1);
+        assertEquals(usersArray[0].getPassword(), null);
+        assertArrayEquals(usersArray[0].getPermissionsString(), new String[0]);
+    }
+
+    @Test
+    public void testDecodingIncompletePermissions() throws Exception {
+        CldsUser[] usersArray = CldsUserJsonDecoder
+                .decodeJson(this.getClass().getResourceAsStream("/clds/clds-users-incomplete-permissions.json"));
+
+        assertEquals(usersArray.length, 1);
+        assertEquals(usersArray[0].getUser(), user1);
+        assertEquals(usersArray[0].getPassword(), password);
+        assertArrayEquals(usersArray[0].getPermissionsString(), incompletePermissionsArray);
+    }
+
+}
diff --git a/src/test/resources/clds/clds-users-incomplete-permissions.json b/src/test/resources/clds/clds-users-incomplete-permissions.json
new file mode 100644
index 0000000..a642511
--- /dev/null
+++ b/src/test/resources/clds/clds-users-incomplete-permissions.json
@@ -0,0 +1,14 @@
+ [{
+    "user":"admin1",
+    "password":"5f4dcc3b5aa765d61d8327deb882cf99",
+	"permissions": 
+	            [
+	               "permission-type-cl|dev|",
+	               "permission-type-cl|dev",
+	               "permission-type-cl-manage|dev|*",
+	               "permission-type-filter-vf|dev|*",
+	               "permission-type-template|dev|read",
+	               "permission-type-template|dev|update"
+	            ]
+	}
+]
\ No newline at end of file
diff --git a/src/test/resources/clds/clds-users-no-permission.json b/src/test/resources/clds/clds-users-no-permission.json
new file mode 100644
index 0000000..77f16c3
--- /dev/null
+++ b/src/test/resources/clds/clds-users-no-permission.json
@@ -0,0 +1,9 @@
+ [{
+    "user":"admin1",
+	"permissions": 
+	            [
+
+	            ]
+	}
+
+]
\ No newline at end of file
diff --git a/src/test/resources/clds/clds-users-two-users.json b/src/test/resources/clds/clds-users-two-users.json
new file mode 100644
index 0000000..8c8d727
--- /dev/null
+++ b/src/test/resources/clds/clds-users-two-users.json
@@ -0,0 +1,28 @@
+ [{
+    "user":"admin1",
+    "password":"5f4dcc3b5aa765d61d8327deb882cf99",
+	"permissions": 
+	            [
+	               "permission-type-cl|dev|read",
+	               "permission-type-cl|dev|update",
+	               "permission-type-cl-manage|dev|*",
+	               "permission-type-filter-vf|dev|*",
+	               "permission-type-template|dev|read",
+	               "permission-type-template|dev|update"
+	            ]
+	}
+	,
+	{"user":"admin2",
+    "password":"5f4dcc3b5aa765d61d8327deb882cf99",
+    "permissions": 
+                [
+                   "permission-type-cl|dev|read",
+                   "permission-type-cl|dev|update",
+                   "permission-type-cl-manage|dev|*",
+                   "permission-type-filter-vf|dev|*",
+                   "permission-type-template|dev|read",
+                   "permission-type-template|dev|update"
+                ]
+    
+    }
+]
\ No newline at end of file