Merge "NotificationCleanupConfig class fix"
diff --git a/deliveries/.env b/deliveries/.env
index babd90e..c5961d3 100644
--- a/deliveries/.env
+++ b/deliveries/.env
@@ -38,11 +38,11 @@
 
 # This is the first portion of the Docker image tag
 # that is published to the ONAP registry.
-PORTAL_VERSION=2.5.0
+PORTAL_VERSION=2.6.0
 
 # This is used during builds and in docker-compose;
 # it is never published to the ONAP registry.
-PORTAL_TAG=casablanca
+PORTAL_TAG=elalto
 
 # Name of directory in apps container (NOT host)
 WEBAPPS_DIR=/opt/apache-tomcat-8.0.37/webapps
diff --git a/deliveries/build_portalapps_dockers.sh b/deliveries/build_portalapps_dockers.sh
index 2a09997..fdaf9a1 100755
--- a/deliveries/build_portalapps_dockers.sh
+++ b/deliveries/build_portalapps_dockers.sh
@@ -19,7 +19,6 @@
 
 # Check for Jenkins build number
 if [ -n "$BUILD_NUMBER" ]; then
-    export PORTAL_TAG=$BUILD_NUMBER
     echo "Using Jenkins build number $BUILD_NUMBER; Docker Tag $PORTAL_TAG"
 else
     # This indicates a non-Jenkins build
diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index a1b6e09..b1b0266 100644
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -19,8 +19,11 @@
             * Use of CADI
         * 68% JUnit Test Coverage
         * Addressing security issues
-        * Internationalization language support - partially implemented
+        * Angular 6 upgrade delivered foundation code with sample screen
+            * Documentation on the Angular 6 upgrade can be found `here <https://docs.onap.org/en/latest/submodules/portal.git/docs/tutorials/portal-sdk/your-angular-app.html>`_
+        * Internationalization language support - partially implemented.
         * Reporting feature enhancement in portal/sdk - design and partial code changes
+        * There is more information about new features at `DEMOS - R4 Dublin Demos <https://wiki.onap.org/display/DW/DEMOS+-+R4+Dublin+Demos>`_
 
 **Bug Fixes**
         * Fixed Sonar reported critical issues.
@@ -29,6 +32,7 @@
         * Mismatch while displaying active online user in Portal.
         * Internationalization Language component partially completed.
         * Functional Menu change requires manual refresh.
+        * Modifying Onboarded App configurations from the onboarding page malfunctions but changes to the App configuration can be done through accessing the database (portal:fn_app table) directly.
 
 **Security Notes**
 
@@ -39,9 +43,9 @@
         * CVE-2019-12317 - Number of XSS vulnerabilities in Portal [`OJSI-15 <https://jira.onap.org/browse/OJSI-15>`_]
         * CVE-2019-12122 - ONAP Portal allows to retrieve password of currently active user [`OJSI-65 <https://jira.onap.org/browse/OJSI-65>`_]
         * CVE-2019-12121 - ONAP Portal is vulnerable for Padding Oracle attack [`OJSI-92 <https://jira.onap.org/browse/OJSI-92>`_]
-        * In defult deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
-        * In defult deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
-        * In defult deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
+        * In default deployment PORTAL (portal-app) exposes HTTP port 8989 outside of cluster. [`OJSI-97 <https://jira.onap.org/browse/OJSI-97>`_]
+        * In default deployment PORTAL (portal-app) exposes HTTP port 30215 outside of cluster. [`OJSI-105 <https://jira.onap.org/browse/OJSI-105>`_]
+        * In default deployment PORTAL (portal-sdk) exposes HTTP port 30212 outside of cluster. [`OJSI-106 <https://jira.onap.org/browse/OJSI-106>`_]
         * CVE-2019-12318 - Number of SQL Injections in Portal [`OJSI-174 <https://jira.onap.org/browse/OJSI-174>`_]
         * Portal stores users passwords encrypted instead of hashed [`OJSI-190 <https://jira.onap.org/browse/OJSI-190>`_]
 
diff --git a/ecomp-portal-BE-common/pom.xml b/ecomp-portal-BE-common/pom.xml
index 61f166d..58ae584 100644
--- a/ecomp-portal-BE-common/pom.xml
+++ b/ecomp-portal-BE-common/pom.xml
@@ -180,6 +180,11 @@
 			<version>${springframework.version}</version>
 		</dependency>
 		<dependency>
+			<groupId>javax.xml.bind</groupId>
+			<artifactId>jaxb-api</artifactId>
+			<version>2.4.0-b180830.0359</version>
+		</dependency>
+		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter</artifactId>
 			<version>1.3.0.RELEASE</version>
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/externalsystemapproval/model/ExternalSystemRoleApproval.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/externalsystemapproval/model/ExternalSystemRoleApproval.java
index 550d11d..49eb469 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/externalsystemapproval/model/ExternalSystemRoleApproval.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/externalsystemapproval/model/ExternalSystemRoleApproval.java
@@ -38,13 +38,14 @@
 package org.onap.portalapp.externalsystemapproval.model;
 
 import java.io.Serializable;
+import org.hibernate.validator.constraints.SafeHtml;
 
 public class ExternalSystemRoleApproval implements Serializable {
 
 	private static final long serialVersionUID = 6048830318039958615L;
-
+	@SafeHtml
 	private String roleName;
-
+	@SafeHtml
 	public String getRoleName() {
 		return roleName;
 	}
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/externalsystemapproval/model/ExternalSystemUser.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/externalsystemapproval/model/ExternalSystemUser.java
index cfe4926..fa6c04e 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/externalsystemapproval/model/ExternalSystemUser.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/externalsystemapproval/model/ExternalSystemUser.java
@@ -40,15 +40,17 @@
 
 import java.util.ArrayList;
 import java.util.List;
+import javax.validation.Valid;
+import org.hibernate.validator.constraints.SafeHtml;
 
 public class ExternalSystemUser {
-
+	@SafeHtml
 	private String loginId;
-	
+	@SafeHtml
 	private String applicationName;
-	
+	@SafeHtml
 	private String myloginrequestId;
-	
+	@Valid
 	private List<ExternalSystemRoleApproval> roles;
 
 	public ExternalSystemUser() {
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppContactUsController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppContactUsController.java
index 5da3552..b5876af 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppContactUsController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppContactUsController.java
@@ -37,7 +37,6 @@
  */
 package org.onap.portalapp.portal.controller;
 
-import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashMap;
 import java.util.List;
@@ -53,9 +52,11 @@
 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
 import org.onap.portalapp.portal.service.AppContactUsService;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
+import org.onap.portalapp.validation.DataValidator;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -65,42 +66,51 @@
 
 @RestController
 @RequestMapping("/portalApi/contactus")
-@org.springframework.context.annotation.Configuration
+@Configuration
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class AppContactUsController extends EPRestrictedBaseController {
 
-	static final String FAILURE = "failure";
+	private static final String FAILURE = "failure";
+	private static final String SUCCESS= "success";
 
-	private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppContactUsController.class);
+	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppContactUsController.class);
+	private static final DataValidator dataValidator = new DataValidator();
+	private final Comparator<AppCategoryFunctionsItem> appCategoryFunctionsItemComparator = Comparator
+		.comparing(AppCategoryFunctionsItem::getCategory);
+
+	private AppContactUsService contactUsService;
 
 	@Autowired
-	private AppContactUsService contactUsService;
+	public AppContactUsController(AppContactUsService contactUsService) {
+		this.contactUsService = contactUsService;
+	}
+
 
 	/**
 	 * Answers a JSON object with three items from the system.properties file:
 	 * user self-help ticket URL, email for feedback, and Portal info link.
-	 * 
+	 *
 	 * @param request HttpServletRequest
 	 * @return PortalRestResponse
 	 */
 	@RequestMapping(value = "/feedback", method = RequestMethod.GET, produces = "application/json")
 	public PortalRestResponse<String> getPortalDetails(HttpServletRequest request) {
-		PortalRestResponse<String> portalRestResponse = null;
+		PortalRestResponse<String> portalRestResponse;
 		try {
 			final String ticketUrl = SystemProperties.getProperty(EPCommonSystemProperties.USH_TICKET_URL);
 			final String portalInfoUrl = SystemProperties.getProperty(EPCommonSystemProperties.PORTAL_INFO_URL);
 			final String feedbackEmail = SystemProperties.getProperty(EPCommonSystemProperties.FEEDBACK_EMAIL_ADDRESS);
-			HashMap<String, String> map = new HashMap<String, String>();
+			HashMap<String, String> map = new HashMap<>();
 			map.put(EPCommonSystemProperties.USH_TICKET_URL, ticketUrl);
 			map.put(EPCommonSystemProperties.PORTAL_INFO_URL, portalInfoUrl);
 			map.put(EPCommonSystemProperties.FEEDBACK_EMAIL_ADDRESS, feedbackEmail);
 			JSONObject j = new JSONObject(map);
 			String contactUsPortalResponse = j.toString();
-			portalRestResponse = new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
-					contactUsPortalResponse);
+			portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK, SUCCESS,
+				contactUsPortalResponse);
 		} catch (Exception e) {
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE, e.getMessage());
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, e.getMessage());
 		}
 		return portalRestResponse;
 	}
@@ -108,21 +118,21 @@
 	/**
 	 * Answers the contents of the contact-us table, extended with the
 	 * application name.
-	 * 
+	 *
 	 * @param request HttpServletRequest
 	 * @return PortalRestResponse<List<AppContactUsItem>>
 	 */
 	@RequestMapping(value = "/list", method = RequestMethod.GET, produces = "application/json")
 	public PortalRestResponse<List<AppContactUsItem>> getAppContactUsList(HttpServletRequest request) {
-		PortalRestResponse<List<AppContactUsItem>> portalRestResponse = null;
+		PortalRestResponse<List<AppContactUsItem>> portalRestResponse;
 		try {
 			List<AppContactUsItem> contents = contactUsService.getAppContactUs();
-			portalRestResponse = new PortalRestResponse<List<AppContactUsItem>>(PortalRestStatusEnum.OK, "success",
-					contents);
+			portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK, SUCCESS,
+				contents);
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getAppContactUsList failed", e);
-			portalRestResponse = new PortalRestResponse<List<AppContactUsItem>>(PortalRestStatusEnum.ERROR,
-					e.getMessage(), null);
+			portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				e.getMessage(), null);
 		}
 		return portalRestResponse;
 	}
@@ -130,36 +140,26 @@
 	/**
 	 * Answers a list of objects, one per application, extended with available
 	 * data on how to contact that app's organization (possibly none).
-	 * 
+	 *
 	 * @param request HttpServletRequest
 	 * @return PortalRestResponse<List<AppContactUsItem>>
 	 */
 	@RequestMapping(value = "/allapps", method = RequestMethod.GET, produces = "application/json")
 	public PortalRestResponse<List<AppContactUsItem>> getAppsAndContacts(HttpServletRequest request) {
-		PortalRestResponse<List<AppContactUsItem>> portalRestResponse = null;
+		PortalRestResponse<List<AppContactUsItem>> portalRestResponse;
 		try {
 			List<AppContactUsItem> contents = contactUsService.getAppsAndContacts();
-			portalRestResponse = new PortalRestResponse<List<AppContactUsItem>>(PortalRestStatusEnum.OK, "success",
-					contents);
+			portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK, SUCCESS,
+				contents);
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getAllAppsAndContacts failed", e);
-			portalRestResponse = new PortalRestResponse<List<AppContactUsItem>>(PortalRestStatusEnum.ERROR,
-					e.getMessage(), null);
+			portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				e.getMessage(), null);
 		}
 		return portalRestResponse;
 	}
 
 	/**
-	 * Sorts by category name.
-	 */
-	private Comparator<AppCategoryFunctionsItem> appCategoryFunctionsItemComparator = new Comparator<AppCategoryFunctionsItem>() {
-		@Override
-		public int compare(AppCategoryFunctionsItem o1, AppCategoryFunctionsItem o2) {
-			return o1.getCategory().compareTo(o2.getCategory());
-		}
-	};
-	
-	/**
 	 * Answers a list of objects with category-application-function details. Not
 	 * all applications participate in the functional menu.
 	 * 
@@ -168,20 +168,17 @@
 	 */
 	@RequestMapping(value = "/functions", method = RequestMethod.GET, produces = "application/json")
 	public PortalRestResponse<List<AppCategoryFunctionsItem>> getAppCategoryFunctions(HttpServletRequest request) {
-		PortalRestResponse<List<AppCategoryFunctionsItem>> portalRestResponse = null;
+		PortalRestResponse<List<AppCategoryFunctionsItem>> portalRestResponse;
 		try {
 			List<AppCategoryFunctionsItem> contents = contactUsService.getAppCategoryFunctions();
-			// logger.debug(EELFLoggerDelegate.debugLogger,
-			// "getAppCategoryFunctions: result list size is " +
-			// contents.size());
-			Collections.sort(contents, appCategoryFunctionsItemComparator);
-			portalRestResponse = new PortalRestResponse<List<AppCategoryFunctionsItem>>(PortalRestStatusEnum.OK,
-					"success", contents);
+			contents.sort(appCategoryFunctionsItemComparator);
+			portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK,
+				SUCCESS, contents);
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getAppCategoryFunctions failed", e);
 			// TODO build JSON error
-			portalRestResponse = new PortalRestResponse<List<AppCategoryFunctionsItem>>(PortalRestStatusEnum.ERROR,
-					e.getMessage(), null);
+			portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				e.getMessage(), null);
 		}
 		return portalRestResponse;
 	}
@@ -195,29 +192,41 @@
 	@RequestMapping(value = "/save", method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> save(@RequestBody AppContactUsItem contactUs) {
 
-		if (contactUs == null || contactUs.getAppName() == null)
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE,
-					"AppName cannot be null or empty");
+		if (contactUs == null || contactUs.getAppName() == null) {
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
+				"AppName cannot be null or empty");
+		}else if(!dataValidator.isValid(contactUs)){
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, "AppName is not valid.");
+		}
 
 		String saveAppContactUs = FAILURE;
 		try {
 			saveAppContactUs = contactUsService.saveAppContactUs(contactUs);
 		} catch (Exception e) {
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, saveAppContactUs, e.getMessage());
+			logger.error(EELFLoggerDelegate.errorLogger, "save failed", e);
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveAppContactUs, e.getMessage());
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, saveAppContactUs, "");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveAppContactUs, "");
 	}
 
 	@RequestMapping(value = "/saveAll", method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> save(@RequestBody List<AppContactUsItem> contactUsList) {
 
+		if (contactUsList == null) {
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
+				"AppNameList cannot be null or empty");
+		}else if(!dataValidator.isValid(contactUsList)){
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE, "AppNameList is not valid.");
+		}
+
 		String saveAppContactUs = FAILURE;
 		try {
 			saveAppContactUs = contactUsService.saveAppContactUs(contactUsList);
 		} catch (Exception e) {
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, saveAppContactUs, e.getMessage());
+			logger.error(EELFLoggerDelegate.errorLogger, "save failed", e);
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveAppContactUs, e.getMessage());
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, saveAppContactUs, "");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveAppContactUs, "");
 	}
 
 	/**
@@ -234,9 +243,10 @@
 		try {
 			saveAppContactUs = contactUsService.deleteContactUs(id);
 		} catch (Exception e) {
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, saveAppContactUs, e.getMessage());
+			logger.error(EELFLoggerDelegate.errorLogger, "delete failed", e);
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveAppContactUs, e.getMessage());
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, saveAppContactUs, "");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveAppContactUs, "");
 	}
 
 }
\ No newline at end of file
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java
index 4b401e2..9feecec 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsController.java
@@ -2,7 +2,7 @@
  * ============LICENSE_START==========================================
  * ONAP Portal
  * ===================================================================
- * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * Copyright (C) 2019 AT&T Intellectual Property. All rights reserved.
  * ===================================================================
  * Modifications Copyright (c) 2019 Samsung
  * ===================================================================
@@ -42,18 +42,12 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import java.io.IOException;
-import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.List;
-import java.util.Map;
 import java.util.Set;
-import java.util.stream.Stream;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
-import org.json.JSONArray;
-import org.json.JSONObject;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
 import org.onap.portalapp.controller.EPRestrictedBaseController;
 import org.onap.portalapp.portal.domain.AdminUserApplications;
 import org.onap.portalapp.portal.domain.AppIdAndNameTransportModel;
@@ -68,7 +62,6 @@
 import org.onap.portalapp.portal.service.AdminRolesService;
 import org.onap.portalapp.portal.service.EPAppService;
 import org.onap.portalapp.portal.service.EPLeftMenuService;
-import org.onap.portalapp.portal.service.ExternalAccessRolesService;
 import org.onap.portalapp.portal.transport.EPAppsManualPreference;
 import org.onap.portalapp.portal.transport.EPAppsSortPreference;
 import org.onap.portalapp.portal.transport.EPDeleteAppsManualSortPref;
@@ -76,10 +69,10 @@
 import org.onap.portalapp.portal.transport.FieldsValidator;
 import org.onap.portalapp.portal.transport.LocalRole;
 import org.onap.portalapp.portal.transport.OnboardingApp;
-import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.portal.utils.PortalConstants;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.onap.portalsdk.core.web.support.AppUtils;
@@ -87,7 +80,6 @@
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
-import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
@@ -97,27 +89,27 @@
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.client.HttpClientErrorException;
-import org.springframework.web.client.HttpStatusCodeException;
-import org.springframework.web.client.RestTemplate;
 
 @RestController
 @EnableAspectJAutoProxy
 @EPAuditLog
+@NoArgsConstructor
+@Getter
 public class AppsController extends EPRestrictedBaseController {
-	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsController.class);
+	private static final String GET_RESULT = "GET result =";
+	private static final String PUT_RESULT = "PUT result =";
+	private static final String PORTAL_API_ONBOARDING_APPS = "/portalApi/onboardingApps";
+	private static final String PORTAL_API_USER_APPS_ORDER_BY_SORT_PREF = "/portalApi/userAppsOrderBySortPref";
+
+	private final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsController.class);
+	private final DataValidator dataValidator = new DataValidator();
 
 	@Autowired
 	private AdminRolesService adminRolesService;
-
 	@Autowired
 	private EPAppService appService;
-
 	@Autowired
 	private EPLeftMenuService leftMenuService;
-	
-	@Autowired
-	private ExternalAccessRolesService externalAccessRolesService;
-	RestTemplate template = new RestTemplate();
 
 	/**
 	 * RESTful service method to fetch all Applications available to current
@@ -139,7 +131,7 @@
 				EcompPortalUtils.setBadPermissions(user, response, "getUserApps");
 			} else {
 				ecompApps = appService.transformAppsToEcompApps(appService.getUserApps(user));
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userApps", "GET result =", ecompApps);
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userApps", GET_RESULT, ecompApps);
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getUserApps failed", e);
@@ -174,7 +166,7 @@
 				else
 					apps = appService.getPersUserApps(user);
 				ecompApps = appService.transformAppsToEcompApps(apps);
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userPersApps", "GET result =", ecompApps);
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userPersApps", GET_RESULT, ecompApps);
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getPersUserApps failed", e);
@@ -203,7 +195,7 @@
 				EcompPortalUtils.setBadPermissions(user, response, "getAdminApps");
 			} else {
 				adminApps = appService.getAdminApps(user);
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/adminApps", "GET result =", adminApps);
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/adminApps", GET_RESULT, adminApps);
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getAdminApps failed", e);
@@ -235,7 +227,7 @@
 			} else {
 				adminApps = appService.getAppsForSuperAdminAndAccountAdmin(user);
 				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/appsForSuperAdminAndAccountAdmin",
-						"GET result =", adminApps);
+						GET_RESULT, adminApps);
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getAppsForSuperAdminAndAccountAdmin failed", e);
@@ -245,7 +237,7 @@
 	}
 
 	/**
-	 * RESTful service method to fetch left menu items from the user's session.
+	 * RESTful service method to fetch left menu items from the user'PORTAL_API_USER_APPS_ORDER_BY_SORT_PREF session.
 	 * 
 	 * @param request
 	 *            HttpServletRequest
@@ -267,7 +259,7 @@
 
 		try {
 			menuList = leftMenuService.getLeftMenuItems(user, menuSet, roleFunctionSet);
-			EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/leftmenuItems", "GET result =", menuList);
+			EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/leftmenuItems", GET_RESULT, menuList);
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getLeftMenuItems failed", e);
 		}
@@ -275,7 +267,7 @@
 	}
 
 	@RequestMapping(value = {
-			"/portalApi/userAppsOrderBySortPref" }, method = RequestMethod.GET, produces = "application/json")
+			PORTAL_API_USER_APPS_ORDER_BY_SORT_PREF }, method = RequestMethod.GET, produces = "application/json")
 	public List<EcompApp> getUserAppsOrderBySortPref(HttpServletRequest request, HttpServletResponse response) {
 		EPUser user = EPUserUtils.getUserSession(request);
 		List<EcompApp> ecompApps = null;
@@ -284,28 +276,28 @@
 				EcompPortalUtils.setBadPermissions(user, response, "getUserAppsOrderBySortPref");
 			} else {
 				String usrSortPref = request.getParameter("mparams");
-				if (usrSortPref.equals("")) {
+				if (usrSortPref.isEmpty()) {
 					usrSortPref = "N";
 				}
 				switch (usrSortPref) {
 				case "N":
 					ecompApps = appService.transformAppsToEcompApps(appService.getAppsOrderByName(user));
-					EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppsOrderBySortPref", "GET result =",
+					EcompPortalUtils.logAndSerializeObject(logger, PORTAL_API_USER_APPS_ORDER_BY_SORT_PREF, GET_RESULT,
 							ecompApps);
 					break;
 				case "L":
 					ecompApps = appService.transformAppsToEcompApps(appService.getAppsOrderByLastUsed(user));
-					EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppsOrderBySortPref", "GET result =",
+					EcompPortalUtils.logAndSerializeObject(logger, PORTAL_API_USER_APPS_ORDER_BY_SORT_PREF, GET_RESULT,
 							ecompApps);
 					break;
 				case "F":
 					ecompApps = appService.transformAppsToEcompApps(appService.getAppsOrderByMostUsed(user));
-					EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppsOrderBySortPref", "GET result =",
+					EcompPortalUtils.logAndSerializeObject(logger, PORTAL_API_USER_APPS_ORDER_BY_SORT_PREF, GET_RESULT,
 							ecompApps);
 					break;
 				case "M":
 					ecompApps = appService.transformAppsToEcompApps(appService.getAppsOrderByManual(user));
-					EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppsOrderBySortPref", "GET result =",
+					EcompPortalUtils.logAndSerializeObject(logger, PORTAL_API_USER_APPS_ORDER_BY_SORT_PREF, GET_RESULT,
 							ecompApps);
 					break;
 				default:
@@ -335,6 +327,13 @@
 	public FieldsValidator putUserAppsSortingManual(HttpServletRequest request,
 			@RequestBody List<EPAppsManualPreference> epAppsManualPref, HttpServletResponse response) {
 		FieldsValidator fieldsValidator = null;
+
+		if (isNotNullAndNotValid(epAppsManualPref)){
+			fieldsValidator = new FieldsValidator();
+			fieldsValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+			return fieldsValidator;
+		}
+
 		try {
 			EPUser user = EPUserUtils.getUserSession(request);
 			fieldsValidator = appService.saveAppsSortManual(epAppsManualPref, user);
@@ -342,7 +341,7 @@
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "putUserAppsSortingManual failed", e);
 		}
-		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/saveUserAppsSortingManual", "PUT result =",
+		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/saveUserAppsSortingManual", PUT_RESULT,
 				response.getStatus());
 		return fieldsValidator;
 	}
@@ -352,6 +351,13 @@
 	public FieldsValidator putUserWidgetsSortManual(HttpServletRequest request,
 			@RequestBody List<EPWidgetsSortPreference> saveManualWidgetSData, HttpServletResponse response) {
 		FieldsValidator fieldsValidator = null;
+
+		if (isNotNullAndNotValid(saveManualWidgetSData)){
+			fieldsValidator = new FieldsValidator();
+			fieldsValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
+			return fieldsValidator;
+		}
+
 		try {
 			EPUser user = EPUserUtils.getUserSession(request);
 			fieldsValidator = appService.saveWidgetsSortManual(saveManualWidgetSData, user);
@@ -359,8 +365,7 @@
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "putUserWidgetsSortManual failed", e);
 		}
-		// return fieldsValidator;
-		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/putUserWidgetsSortManual", "PUT result =",
+		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/putUserWidgetsSortManual", PUT_RESULT,
 				response.getStatus());
 		return fieldsValidator;
 	}
@@ -370,6 +375,13 @@
 	public FieldsValidator putUserWidgetsSortPref(HttpServletRequest request,
 			@RequestBody List<EPWidgetsSortPreference> delManualWidgetData, HttpServletResponse response) {
 		FieldsValidator fieldsValidator = null;
+
+		if (isNotNullAndNotValid(delManualWidgetData)){
+			fieldsValidator = new FieldsValidator();
+			fieldsValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
+			return fieldsValidator;
+		}
+
 		try {
 			EPUser user = EPUserUtils.getUserSession(request);
 			fieldsValidator = appService.deleteUserWidgetSortPref(delManualWidgetData, user);
@@ -378,8 +390,7 @@
 			logger.error(EELFLoggerDelegate.errorLogger, "putUserWidgetsSortPref failed", e);
 
 		}
-		// return fieldsValidator;
-		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/putUserWidgetsSortPref", "PUT result =",
+		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/putUserWidgetsSortPref", PUT_RESULT,
 				response.getStatus());
 		return fieldsValidator;
 	}
@@ -400,6 +411,7 @@
 	public FieldsValidator deleteUserAppSortManual(HttpServletRequest request,
 			@RequestBody EPDeleteAppsManualSortPref delManualAppData, HttpServletResponse response) {
 		FieldsValidator fieldsValidator = null;
+
 		try {
 			EPUser user = EPUserUtils.getUserSession(request);
 			fieldsValidator = appService.deleteUserAppSortManual(delManualAppData, user);
@@ -408,8 +420,7 @@
 			logger.error(EELFLoggerDelegate.errorLogger, "deleteUserAppSortManual failed", e);
 
 		}
-		// return fieldsValidator;
-		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/deleteUserAppSortManual", "PUT result =",
+		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/deleteUserAppSortManual", PUT_RESULT,
 				response.getStatus());
 		return fieldsValidator;
 	}
@@ -428,8 +439,7 @@
 
 		}
 
-		// return fieldsValidator;
-		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/putUserAppsSortingPreference", "PUT result =",
+		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/putUserAppsSortingPreference", PUT_RESULT,
 				response.getStatus());
 		return fieldsValidator;
 	}
@@ -445,7 +455,7 @@
 				EcompPortalUtils.setBadPermissions(user, response, "userAppsSortTypePreference");
 			} else {
 				userSortPreference = appService.getUserAppsSortTypePreference(user);
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppsSortTypePreference", "GET result =",
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/userAppsSortTypePreference", GET_RESULT,
 						userSortPreference);
 			}
 		} catch (Exception e) {
@@ -475,7 +485,7 @@
 				EcompPortalUtils.setBadPermissions(user, response, "getAppsAdministrators");
 			} else {
 				admins = appService.getAppsAdmins();
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/accountAdmins", "GET result =", admins);
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/accountAdmins", GET_RESULT, admins);
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getAppsAdministrators failed", e);
@@ -493,7 +503,7 @@
 				EcompPortalUtils.setBadPermissions(user, response, "getApps");
 			} else {
 				apps = appService.getAllApplications(false);
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/availableApps", "GET result =", apps);
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/availableApps", GET_RESULT, apps);
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getApps failed", e);
@@ -522,7 +532,7 @@
 				EcompPortalUtils.setBadPermissions(user, response, "getApps");
 			} else {
 				apps = appService.getAllApps(true);
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/availableApps", "GET result =", apps);
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/availableApps", GET_RESULT, apps);
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getAllApps failed", e);
@@ -547,7 +557,7 @@
 			EcompPortalUtils.setBadPermissions(user, response, "getAppsFullList");
 		} else {
 			ecompApps = appService.getEcompAppAppsFullList();
-			EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/appsFullList", "GET result =", ecompApps);
+			EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/appsFullList", GET_RESULT, ecompApps);
 		}
 		return ecompApps;
 	}
@@ -598,7 +608,7 @@
 				|| (adminRolesService.isSuperAdmin(user) && requestedApp.getId() == PortalConstants.PORTAL_APP_ID))) {
 			try {
 				roleList = appService.getAppRoles(appId);
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/appRoles/" + appId, "GET result =",
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/appRoles/" + appId, GET_RESULT,
 						roleList);
 			} catch (Exception e) {
 				logger.error(EELFLoggerDelegate.errorLogger, "getAppRoles failed", e);
@@ -626,8 +636,8 @@
 			String appName = request.getParameter("appParam");
 			app = appService.getAppDetailByAppName(appName);
 			if (user != null && (adminRolesService.isAccountAdminOfApplication(user, app)
-					|| (adminRolesService.isSuperAdmin(user) && app.getId() == PortalConstants.PORTAL_APP_ID)))
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/singleAppInfo" + appName, "GET result =", app);
+					|| (adminRolesService.isSuperAdmin(user) && app.getId().equals(PortalConstants.PORTAL_APP_ID))))
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/singleAppInfo" + appName, GET_RESULT, app);
 			else{
 				app= null;
 				EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
@@ -659,8 +669,8 @@
 				app.setCentralAuth(false);
 			}
 			if (user != null && (adminRolesService.isAccountAdminOfApplication(user, app)
-					|| (adminRolesService.isSuperAdmin(user) && app.getId() == PortalConstants.PORTAL_APP_ID)))
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/singleAppInfoById" + appId, "GET result =", app);
+					|| (adminRolesService.isSuperAdmin(user) && app.getId().equals(PortalConstants.PORTAL_APP_ID))))
+				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/singleAppInfoById" + appId, GET_RESULT, app);
 			else{
 				app= null;
 				EcompPortalUtils.setBadPermissions(user, response, "createAdmin");
@@ -680,7 +690,7 @@
 	 *            HTTP servlet response
 	 * @return List<OnboardingApp>
 	 */
-	@RequestMapping(value = { "/portalApi/onboardingApps" }, method = RequestMethod.GET, produces = "application/json")
+	@RequestMapping(value = { PORTAL_API_ONBOARDING_APPS }, method = RequestMethod.GET, produces = "application/json")
 	public List<OnboardingApp> getOnboardingApps(HttpServletRequest request, HttpServletResponse response) {
 		EPUser user = EPUserUtils.getUserSession(request);
 		List<OnboardingApp> onboardingApps = null;
@@ -697,8 +707,8 @@
 					//get all his admin apps
 					onboardingApps =  appService.getAdminAppsOfUser(user);
 				}
-				EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "GET result =",
-						"onboardingApps of size " + onboardingApps.size());
+				EcompPortalUtils.logAndSerializeObject(logger, PORTAL_API_ONBOARDING_APPS, GET_RESULT,
+						"onboardingApps of size " + (onboardingApps != null ? onboardingApps.size() : 0));
 			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "getOnboardingApps failed", e);
@@ -718,14 +728,12 @@
 	 * @return FieldsValidator
 	 * @throws Exception 
 	 */
-	@RequestMapping(value = { "/portalApi/onboardingApps" }, method = RequestMethod.PUT, produces = "application/json")
+	@RequestMapping(value = { PORTAL_API_ONBOARDING_APPS }, method = RequestMethod.PUT, produces = "application/json")
 	public FieldsValidator putOnboardingApp(HttpServletRequest request,
-			@RequestBody OnboardingApp modifiedOnboardingApp, HttpServletResponse response) throws Exception {
+			@RequestBody OnboardingApp modifiedOnboardingApp, HttpServletResponse response) {
 		FieldsValidator fieldsValidator = null;
 		EPUser user = null;
-		EPApp oldEPApp = null;
-		oldEPApp = appService.getApp(modifiedOnboardingApp.id);
-		ResponseEntity<String> res = null;
+		EPApp oldEPApp = appService.getApp(modifiedOnboardingApp.id);
 		
 		try {
 			user = EPUserUtils.getUserSession(request);
@@ -734,20 +742,7 @@
 			} else {
 				if((oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && !oldEPApp.getNameSpace().equalsIgnoreCase(modifiedOnboardingApp.nameSpace) && modifiedOnboardingApp.nameSpace!= null ) || (!oldEPApp.getCentralAuth() && modifiedOnboardingApp.isCentralAuth && modifiedOnboardingApp.nameSpace!= null))
 				{
-					try {
-						res = appService.checkIfNameSpaceIsValid(modifiedOnboardingApp.nameSpace);
-					} catch (HttpClientErrorException e) {
-						logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e);
-						EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
-						if (e.getStatusCode() == HttpStatus.NOT_FOUND || e.getStatusCode() == HttpStatus.FORBIDDEN) {
-							fieldsValidator = setResponse(e.getStatusCode(),fieldsValidator,response);
-							throw new InvalidApplicationException("Invalid NameSpace");
-						}else{
-							fieldsValidator = setResponse(e.getStatusCode(),fieldsValidator,response);
-							throw e;
-						}
-					}
-
+					checkIfNameSpaceIsValid(modifiedOnboardingApp, fieldsValidator, response);
 				}	
 				modifiedOnboardingApp.normalize();
 				fieldsValidator = appService.modifyOnboardingApp(modifiedOnboardingApp, user);
@@ -767,7 +762,7 @@
 				logger.error(EELFLoggerDelegate.errorLogger, "putOnboardingApps failed", e);
 			}
 		}
-		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "PUT result =",
+		EcompPortalUtils.logAndSerializeObject(logger, PORTAL_API_ONBOARDING_APPS, PUT_RESULT,
 				response.getStatus());
 		return fieldsValidator;
 	}
@@ -784,7 +779,7 @@
 	 *            app to add
 	 * @return FieldsValidator
 	 */
-	@RequestMapping(value = { "/portalApi/onboardingApps" }, method = RequestMethod.POST, produces = "application/json")
+	@RequestMapping(value = { PORTAL_API_ONBOARDING_APPS }, method = RequestMethod.POST, produces = "application/json")
 	public FieldsValidator postOnboardingApp(HttpServletRequest request, @RequestBody OnboardingApp newOnboardingApp,
 			HttpServletResponse response) {
 		FieldsValidator fieldsValidator = null;
@@ -794,21 +789,7 @@
 				EcompPortalUtils.setBadPermissions(user, response, "postOnboardingApps");
 			} else {
 				newOnboardingApp.normalize();
-				ResponseEntity<String> res = null;
-				try {
-					if( !(newOnboardingApp.nameSpace == null) && !newOnboardingApp.nameSpace.isEmpty()) 
-					    res = appService.checkIfNameSpaceIsValid(newOnboardingApp.nameSpace);
-				} catch (HttpClientErrorException e) {
-					logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e);
-					EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
-					if (e.getStatusCode() == HttpStatus.NOT_FOUND || e.getStatusCode() == HttpStatus.FORBIDDEN) {
-						fieldsValidator = setResponse(e.getStatusCode(),fieldsValidator,response);
-						throw new InvalidApplicationException("Invalid NameSpace");
-					}else{
-						fieldsValidator = setResponse(e.getStatusCode(),fieldsValidator,response);
-						throw e;
-					}
-				}
+				checkIfNameSpaceIsValid(newOnboardingApp, fieldsValidator, response);
 				fieldsValidator = appService.addOnboardingApp(newOnboardingApp, user);
 				response.setStatus(fieldsValidator.httpStatusCode.intValue());
 			}
@@ -824,22 +805,22 @@
 			logger.error(EELFLoggerDelegate.errorLogger, "postOnboardingApp failed", e);				
 		}
 
-		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps", "POST result =",
+		EcompPortalUtils.logAndSerializeObject(logger, PORTAL_API_ONBOARDING_APPS, "POST result =",
 				response.getStatus());
 		return fieldsValidator;
 	}
 	
-	private FieldsValidator setResponse(HttpStatus statusCode,FieldsValidator fieldsValidator,HttpServletResponse response)
+	private FieldsValidator setResponse(HttpStatus statusCode, HttpServletResponse response)
 	{
-		fieldsValidator = new FieldsValidator();
+		FieldsValidator fieldsValidator = new FieldsValidator();
 		if (statusCode == HttpStatus.NOT_FOUND || statusCode == HttpStatus.FORBIDDEN) {
-			fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_NOT_FOUND);
+			fieldsValidator.httpStatusCode = (long) HttpServletResponse.SC_NOT_FOUND;
 			logger.error(EELFLoggerDelegate.errorLogger, "setResponse failed"+ "invalid namespace");
 		}else if (statusCode == HttpStatus.UNAUTHORIZED) {
-			fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_UNAUTHORIZED);
+			fieldsValidator.httpStatusCode = (long) HttpServletResponse.SC_UNAUTHORIZED;
 			logger.error(EELFLoggerDelegate.errorLogger, "setResponse failed"+ "unauthorized");
 		} else{
-			fieldsValidator.httpStatusCode = new Long(HttpServletResponse.SC_BAD_REQUEST);
+			fieldsValidator.httpStatusCode = (long) HttpServletResponse.SC_BAD_REQUEST;
 			logger.error(EELFLoggerDelegate.errorLogger, "setResponse failed ",statusCode);
 
 		}
@@ -880,7 +861,7 @@
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 		}
 		
-		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/onboardingApps" + appId, "DELETE result =",
+		EcompPortalUtils.logAndSerializeObject(logger, PORTAL_API_ONBOARDING_APPS + appId, "DELETE result =",
 				response.getStatus());
 		return fieldsValidator;
 	}
@@ -918,8 +899,29 @@
 		HttpHeaders header = new HttpHeaders();
 		header.setContentType(mediaType);
 		header.setContentLength(app.getThumbnail().length);
-		return new HttpEntity<byte[]>(app.getThumbnail(), header);
+		return new HttpEntity<>(app.getThumbnail(), header);
 	}
 	
+	private void checkIfNameSpaceIsValid(OnboardingApp modifiedOnboardingApp, FieldsValidator fieldsValidator, HttpServletResponse response)
+		throws InvalidApplicationException {
+		try {
+			ResponseEntity<String> res  = appService.checkIfNameSpaceIsValid(modifiedOnboardingApp.nameSpace);
+		} catch (HttpClientErrorException e) {
+			logger.error(EELFLoggerDelegate.errorLogger, "checkIfNameSpaceExists failed", e);
+			EPLogUtil.logExternalAuthAccessAlarm(logger, e.getStatusCode());
+			if (e.getStatusCode() == HttpStatus.NOT_FOUND || e.getStatusCode() == HttpStatus.FORBIDDEN) {
+				fieldsValidator = setResponse(e.getStatusCode(),response);
+				throw new InvalidApplicationException("Invalid NameSpace");
+			}else{
+				fieldsValidator = setResponse(e.getStatusCode(),response);
+				throw e;
+			}
+		} catch (Exception e) {
+		    logger.error(EELFLoggerDelegate.errorLogger, "Exception in checkIfNameSpaceIsValid", e);
+		}
+	}
 
+	private boolean isNotNullAndNotValid(Object o){
+		return o!=null && !dataValidator.isValid(o);
+	}
 }
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java
index fe029e0..0ae5aa8 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AppsControllerExternalRequest.java
@@ -151,29 +151,33 @@
 		EcompPortalUtils.logAndSerializeObject(logger, "postPortalAdmin", "request", epUser);
 		PortalRestResponse<String> portalResponse = new PortalRestResponse<>();
 
-		if (epUser!=null){
-			Validator validator = VALIDATOR_FACTORY.getValidator();
-			Set<ConstraintViolation<EPUser>> constraintViolations = validator.validate(epUser);
-			if (!constraintViolations.isEmpty()){
-				portalResponse.setStatus(PortalRestStatusEnum.ERROR);
-				portalResponse.setMessage("Data is not valid");
-				return portalResponse;
-			}
-		}
+        if (epUser != null) {
+            Validator validator = VALIDATOR_FACTORY.getValidator();
+            Set<ConstraintViolation<EPUser>> constraintViolations = validator.validate(epUser);
+            if (!constraintViolations.isEmpty()) {
+                portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+                portalResponse.setMessage("Data is not valid");
+                return portalResponse;
+            }
+        }
 
-		// Check mandatory fields.
-		if (epUser.getEmail() == null || epUser.getEmail().trim().length() == 0 //
-				|| epUser.getLoginId() == null || epUser.getLoginId().trim().length() == 0 //
-				|| epUser.getLoginPwd() == null) {
-			portalResponse.setStatus(PortalRestStatusEnum.ERROR);
-			portalResponse.setMessage("Missing required field: email, loginId, or loginPwd");
-			return portalResponse;
-		}
+        // Check mandatory fields.
+        if (epUser != null && (epUser.getEmail() == null || epUser.getEmail().trim().length() == 0 //
+                || epUser.getLoginId() == null || epUser.getLoginId().trim().length() == 0 //
+                || epUser.getLoginPwd() == null)) {
+            portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+            portalResponse.setMessage("Missing required field: email, loginId, or loginPwd");
+            return portalResponse;
+        }
 
 		try {
-			// Check for existing user; create if not found.
-			List<EPUser> userList = userService.getUserByUserId(epUser.getOrgUserId());
-			if (userList == null || userList.size() == 0) {
+            // Check for existing user; create if not found.
+            List<EPUser> userList = null;
+            if (epUser != null) {
+                userList = userService.getUserByUserId(epUser.getOrgUserId());
+            }
+
+			if (userList == null || userList.isEmpty()) {
 				// Create user with first, last names etc.; do check for
 				// duplicates.
 				String userCreateResult = userService.saveNewUser(epUser, "Yes");
@@ -185,17 +189,22 @@
 			}
 
 			// Check for Portal admin status; promote if not.
-			if (adminRolesService.isSuperAdmin(epUser)) {
-				portalResponse.setStatus(PortalRestStatusEnum.OK);
-			} else {
-				FieldsValidator fv = portalAdminService.createPortalAdmin(epUser.getOrgUserId());
-				if (fv.httpStatusCode.intValue() == HttpServletResponse.SC_OK) {
-					portalResponse.setStatus(PortalRestStatusEnum.OK);
-				} else {
-					portalResponse.setStatus(PortalRestStatusEnum.ERROR);
-					portalResponse.setMessage(fv.toString());
-				}
-			}
+            if (adminRolesService.isSuperAdmin(epUser)) {
+                portalResponse.setStatus(PortalRestStatusEnum.OK);
+            } else {
+                FieldsValidator fv = null;
+                if (epUser != null) {
+                    fv = portalAdminService.createPortalAdmin(epUser.getOrgUserId());
+                }
+                if (fv != null && fv.httpStatusCode.intValue() == HttpServletResponse.SC_OK) {
+                    portalResponse.setStatus(PortalRestStatusEnum.OK);
+                } else {
+                    portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+                    if (fv != null) {
+                        portalResponse.setMessage(fv.toString());
+                    }
+                }
+            }
 		} catch (Exception ex) {
 			// Uncaught exceptions yield 404 and an empty error page
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
@@ -273,29 +282,37 @@
 			}
 		}
 		// Validate fields
-		if (newOnboardApp.id != null) {
+		if (newOnboardApp != null && newOnboardApp.id != null) {
 			portalResponse.setStatus(PortalRestStatusEnum.ERROR);
 			portalResponse.setMessage("Unexpected field: id");
 			return portalResponse;
 		}
-		if (newOnboardApp.name == null || newOnboardApp.name.trim().length() == 0 //
-				|| newOnboardApp.url == null || newOnboardApp.url.trim().length() == 0 //
-				|| newOnboardApp.restUrl == null || newOnboardApp.restUrl.trim().length() == 0
-				|| newOnboardApp.myLoginsAppOwner == null || newOnboardApp.myLoginsAppOwner.trim().length() == 0
-				|| newOnboardApp.restrictedApp == null //
-				|| newOnboardApp.isOpen == null //
-				|| newOnboardApp.isEnabled == null) {
-			portalResponse.setStatus(PortalRestStatusEnum.ERROR);
-			portalResponse.setMessage(
-					"Missing required field: name, url, restUrl, restrictedApp, isOpen, isEnabled, myLoginsAppOwner");
-			return portalResponse;
-		}
+        if (newOnboardApp != null && (newOnboardApp.name == null || newOnboardApp.name.trim().length() == 0 //
+                || newOnboardApp.url == null || newOnboardApp.url.trim().length() == 0 //
+                || newOnboardApp.restUrl == null || newOnboardApp.restUrl.trim().length() == 0
+                || newOnboardApp.myLoginsAppOwner == null || newOnboardApp.myLoginsAppOwner.trim().length() == 0
+                || newOnboardApp.restrictedApp == null //
+                || newOnboardApp.isOpen == null //
+                || newOnboardApp.isEnabled == null)) {
+            portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+            portalResponse.setMessage(
+                    "Missing required field: name, url, restUrl, restrictedApp, isOpen, isEnabled, myLoginsAppOwner");
+            return portalResponse;
+        }
 
 		try {
-			List<EPUser> userList = userService.getUserByUserId(newOnboardApp.myLoginsAppOwner);
-			if (userList == null || userList.size() != 1) {
-				portalResponse.setStatus(PortalRestStatusEnum.ERROR);
-				portalResponse.setMessage("Failed to find user: " + newOnboardApp.myLoginsAppOwner);
+		    List<EPUser> userList = null;
+            if (newOnboardApp != null) {
+                userList = userService.getUserByUserId(newOnboardApp.myLoginsAppOwner);
+            }
+            if (userList == null || userList.size() != 1) {
+                portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+                if (newOnboardApp != null) {
+                    portalResponse.setMessage("Failed to find user: " + newOnboardApp.myLoginsAppOwner);
+                } else {
+                    portalResponse.setMessage("Failed to find user");
+                }
+
 				return portalResponse;
 			}
 
@@ -370,18 +387,18 @@
 		}
 
 		// Validate fields.
-		if (oldOnboardApp.id == null || !appId.equals(oldOnboardApp.id)) {
+		if (oldOnboardApp !=null && (oldOnboardApp.id == null || !appId.equals(oldOnboardApp.id))) {
 			portalResponse.setStatus(PortalRestStatusEnum.ERROR);
 			portalResponse.setMessage("Unexpected value for field: id");
 			return portalResponse;
 		}
-		if (oldOnboardApp.name == null || oldOnboardApp.name.trim().length() == 0 //
+		if (oldOnboardApp !=null && (oldOnboardApp.name == null || oldOnboardApp.name.trim().length() == 0 //
 				|| oldOnboardApp.url == null || oldOnboardApp.url.trim().length() == 0 //
 				|| oldOnboardApp.restUrl == null || oldOnboardApp.restUrl.trim().length() == 0
 				|| oldOnboardApp.myLoginsAppOwner == null || oldOnboardApp.myLoginsAppOwner.trim().length() == 0
 				|| oldOnboardApp.restrictedApp == null //
 				|| oldOnboardApp.isOpen == null //
-				|| oldOnboardApp.isEnabled == null) {
+				|| oldOnboardApp.isEnabled == null)) {
 			portalResponse.setStatus(PortalRestStatusEnum.ERROR);
 			portalResponse.setMessage(
 					"Missing required field: name, url, restUrl, restrictedApp, isOpen, isEnabled, myLoginsAppOwner");
@@ -389,12 +406,20 @@
 		}
 
 		try {
-			List<EPUser> userList = userService.getUserByUserId(oldOnboardApp.myLoginsAppOwner);
-			if (userList == null || userList.size() != 1) {
-				portalResponse.setStatus(PortalRestStatusEnum.ERROR);
-				portalResponse.setMessage("Failed to find user: " + oldOnboardApp.myLoginsAppOwner);
-				return portalResponse;
-			}
+            List<EPUser> userList = null;
+            if (oldOnboardApp != null) {
+                userList = userService.getUserByUserId(oldOnboardApp.myLoginsAppOwner);
+            }
+            if (userList == null || userList.size() != 1) {
+                portalResponse.setStatus(PortalRestStatusEnum.ERROR);
+                if (oldOnboardApp != null) {
+                    portalResponse.setMessage("Failed to find user: " + oldOnboardApp.myLoginsAppOwner);
+                } else {
+                    portalResponse.setMessage("Failed to find user");
+                }
+
+                return portalResponse;
+            }
 
 			EPUser epUser = userList.get(0);
 			// Check for Portal admin status
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java
index 67d7566..cff8245 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuditLogController.java
@@ -43,6 +43,8 @@
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
 import org.slf4j.MDC;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -68,14 +70,18 @@
 @RestController
 @RequestMapping("/portalApi/auditLog")
 public class AuditLogController extends EPRestrictedBaseController {
-	private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardController.class);
+	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardController.class);
+	private static final DataValidator dataValidator = new DataValidator();
 
-	@Autowired
 	private AuditService auditService;
+	@Autowired
+	public AuditLogController(AuditService auditService) {
+		this.auditService = auditService;
+	}
 
 	/**
 	 * Store audit log of the specified access type.
-	 * 
+	 *
 	 * @param request
 	 *            HttpServletRequest
 	 * @param affectedAppId
@@ -90,34 +96,50 @@
 			@RequestParam String comment) {
 		logger.debug(EELFLoggerDelegate.debugLogger, "auditLog: appId {}, type {}, comment {}", affectedAppId, type,
 				comment);
-		String cd_type = null;
+		String cdType = null;
+
+		SecureString secureString0 = new SecureString(affectedAppId);
+		SecureString secureString1 = new SecureString(type);
+		SecureString secureString2 = new SecureString(comment);
+		if (  !dataValidator.isValid(secureString0)
+			||!dataValidator.isValid(secureString1)
+			||!dataValidator.isValid(secureString2)){
+			return;
+		}
+
 		try {
 			EPUser user = EPUserUtils.getUserSession(request);
 			/* Check type of Activity CD */
-			if (type.equals("app")) {
-				cd_type = AuditLog.CD_ACTIVITY_APP_ACCESS;
-			} else if (type.equals("tab")) {
-				cd_type = AuditLog.CD_ACTIVITY_TAB_ACCESS;
-			} else if (type.equals("functional")) {
-				cd_type = AuditLog.CD_ACTIVITY_FUNCTIONAL_ACCESS;
-			} else if (type.equals("leftMenu")) {
-				cd_type = AuditLog.CD_ACTIVITY_LEFT_MENU_ACCESS;
-			} else {
-				logger.error(EELFLoggerDelegate.errorLogger,
+			switch (type) {
+				case "app":
+					cdType = AuditLog.CD_ACTIVITY_APP_ACCESS;
+					break;
+				case "tab":
+					cdType = AuditLog.CD_ACTIVITY_TAB_ACCESS;
+					break;
+				case "functional":
+					cdType = AuditLog.CD_ACTIVITY_FUNCTIONAL_ACCESS;
+					break;
+				case "leftMenu":
+					cdType = AuditLog.CD_ACTIVITY_LEFT_MENU_ACCESS;
+					break;
+				default:
+					logger.error(EELFLoggerDelegate.errorLogger,
 						"Storing auditLog failed! Activity CD type is not correct.");
+					break;
 			}
 			/* Store the audit log only if it contains valid Activity CD */
-			if (cd_type != null) {
+			if (cdType != null) {
 				AuditLog auditLog = new AuditLog();
-				auditLog.setActivityCode(cd_type);
+				auditLog.setActivityCode(cdType);
 				/*
 				 * Check affectedAppId and comment and see if these two values
 				 * are valid
 				 */
-				if (comment != null && !comment.equals("") && !comment.equals("undefined"))
+				if (comment != null && !comment.isEmpty() && !"undefined".equals(comment))
 					auditLog.setComments(
 							EcompPortalUtils.truncateString(comment, PortalConstants.AUDIT_LOG_COMMENT_SIZE));
-				if (affectedAppId != null && !affectedAppId.equals("") && !affectedAppId.equals("undefined"))
+				if (affectedAppId != null && !affectedAppId.isEmpty() && !"undefined".equals(affectedAppId))
 					auditLog.setAffectedRecordId(affectedAppId);
 				long userId = EPUserUtils.getUserId(request);
 				auditLog.setUserId(userId);
@@ -140,7 +162,7 @@
 				MDC.put(SystemProperties.MDC_TIMER, timeDifference);
 				MDC.put(EPCommonSystemProperties.STATUS_CODE, "COMPLETE");
 				logger.info(EELFLoggerDelegate.auditLogger, EPLogUtil.formatAuditLogMessage(
-						"AuditLogController.auditLog", cd_type, user.getOrgUserId(), affectedAppId, comment));
+						"AuditLogController.auditLog", cdType, user.getOrgUserId(), affectedAppId, comment));
 				MDC.remove(EPCommonSystemProperties.AUDITLOG_BEGIN_TIMESTAMP);
 				MDC.remove(EPCommonSystemProperties.AUDITLOG_END_TIMESTAMP);
 			}
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java
index fe2c349..969605c 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperController.java
@@ -36,6 +36,8 @@
  */
 package org.onap.portalapp.portal.controller;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
+import io.swagger.annotations.ApiOperation;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.ArrayList;
@@ -44,13 +46,13 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
+import java.util.concurrent.atomic.AtomicReference;
 import java.util.jar.Attributes;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.onap.aaf.cadi.aaf.AAFPermission;
 import org.onap.portalapp.annotation.ApiVersion;
 import org.onap.portalapp.externalsystemapproval.model.ExternalSystemUser;
@@ -67,6 +69,8 @@
 import org.onap.portalapp.portal.transport.FavoritesFunctionalMenuItemJson;
 import org.onap.portalapp.portal.transport.FunctionalMenuItem;
 import org.onap.portalapp.portal.transport.OnboardingApp;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.domain.Role;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse;
@@ -76,6 +80,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -85,18 +90,15 @@
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-
-import io.swagger.annotations.ApiOperation;
-
 @RestController
 @RequestMapping("/auxapi")
-@org.springframework.context.annotation.Configuration
+@Configuration
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class AuxApiRequestMapperController implements ApplicationContextAware, BasicAuthenticationController {
 
 	private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AuxApiRequestMapperController.class);
+	private DataValidator dataValidator = new DataValidator();
 
 	ApplicationContext context = null;
 	int minorVersion = 0;
@@ -108,6 +110,13 @@
 	@RequestMapping(value = { "/v3/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
 	public String getUser(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("loginId") String loginId) throws Exception {
+		if (loginId!=null){
+			SecureString secureLoginId = new SecureString(loginId);
+			if (!dataValidator.isValid(secureLoginId))
+				return "Provided data is not valid";
+		}
+
+
 		Map<String, Object> res = getMethod(request, response);
 		String answer = null;
 		try {
@@ -198,6 +207,12 @@
 	@RequestMapping(value = { "/v3/function/{code}" }, method = RequestMethod.GET, produces = "application/json")
 	public CentralV2RoleFunction getRoleFunction(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("code") String code) throws Exception {
+		if (code!=null){
+			SecureString secureCode = new SecureString(code);
+			if (!dataValidator.isValid(secureCode))
+				return new CentralV2RoleFunction();
+		}
+
 		Map<String, Object> res = getMethod(request, response);
 		CentralV2RoleFunction roleFunction = null;
 		try {
@@ -213,15 +228,24 @@
 	@RequestMapping(value = { "/v3/roleFunction" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response,
 			@RequestBody String roleFunc) throws Exception {
-		PortalRestResponse<String> result = null;
+		if (roleFunc!=null){
+			SecureString secureRoleFunc = new SecureString(roleFunc);
+			if(!dataValidator.isValid(secureRoleFunc))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
+		}
+		Optional<PortalRestResponse<String>> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response, roleFunc);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", new Exception("saveRoleFunction failed"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "saveRoleFunction failed", "Failed");
+			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
 		}
+		return result.get();
 	}
 
 	@SuppressWarnings("unchecked")
@@ -230,6 +254,13 @@
 	public PortalRestResponse<String> deleteRoleFunction(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("code") String code) throws Exception {
 		PortalRestResponse<String> result = null;
+
+		if (code!=null){
+			SecureString secureCode = new SecureString(code);
+			if(!dataValidator.isValid(secureCode))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
+		}
+
 		Map<String, Object> res = getMethod(request, response);
 		try {
 			result = (PortalRestResponse<String>) invokeMethod(res, request, response, code);
@@ -252,7 +283,7 @@
 			return result;
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
 		}
 	}
 
@@ -276,6 +307,14 @@
 	public String getEcompUser(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("loginId") String loginId) throws Exception {
 		Map<String, Object> res = getMethod(request, response);
+
+		if (loginId!=null){
+			SecureString secureLoginId = new SecureString(loginId);
+
+			if (!dataValidator.isValid(secureLoginId))
+				return null;
+		}
+
 		String answer = null;
 		try {
 			answer = (String) invokeMethod(res, request, response, loginId);
@@ -319,6 +358,14 @@
 	@RequestMapping(value = { "/v3/extendSessionTimeOuts" }, method = RequestMethod.POST)
 	public Boolean extendSessionTimeOuts(HttpServletRequest request, HttpServletResponse response,
 			@RequestParam String sessionMap) throws Exception {
+
+		if (sessionMap!=null){
+			SecureString secureSessionMap = new SecureString(sessionMap);
+			if (!dataValidator.isValid(secureSessionMap)){
+				return null;
+			}
+		}
+
 		Map<String, Object> res = getMethod(request, response);
 		Boolean ans = null;
 		try {
@@ -347,6 +394,12 @@
 	@ApiOperation(value = "Accepts data from partner applications with web analytics data.", response = PortalAPIResponse.class)
 	public PortalAPIResponse storeAnalyticsScript(HttpServletRequest request, HttpServletResponse response,
 			@RequestBody Analytics analyticsMap) throws Exception {
+
+		if (analyticsMap!=null){
+			if (!dataValidator.isValid(analyticsMap))
+				return new PortalAPIResponse(false, "analyticsScript is not valid");
+		}
+
 		Map<String, Object> res = getMethod(request, response);
 		PortalAPIResponse ans = new PortalAPIResponse(true, "error");
 		try {
@@ -364,16 +417,19 @@
 			"/v3/upload/portal/functions" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response)
 			throws Exception {
-		PortalRestResponse<String> result = null;
+		Optional<PortalRestResponse<String>> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadFunctions", new Exception("Failed to bulkUploadFunctions"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed");
+			}
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e);
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
 		}
-
+		return result.get();
 	}
 
 	@SuppressWarnings("unchecked")
@@ -381,11 +437,15 @@
 	@RequestMapping(value = { "/v3/upload/portal/roles" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> bulkUploadRoles(HttpServletRequest request, HttpServletResponse response)
 			throws Exception {
-		PortalRestResponse<String> result = null;
+		Optional<PortalRestResponse<String>> result;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoles", new Exception("Failed to bulkUploadRoles"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed");
+			}
+			return result.get();
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e);
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
@@ -398,11 +458,15 @@
 			"/v3/upload/portal/roleFunctions" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response)
 			throws Exception {
-		PortalRestResponse<String> result = null;
+		Optional<PortalRestResponse<String>> result;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoleFunctions", new Exception("Failed to bulkUploadRoleFunctions"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed");
+			}
+			return result.get();
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoleFunctions failed", e);
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
@@ -415,11 +479,15 @@
 			"/v3/upload/portal/userRoles" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response)
 			throws Exception {
-		PortalRestResponse<String> result = null;
+		Optional<PortalRestResponse<String>> result;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadUserRoles", new Exception("Failed to bulkUploadUserRoles"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed");
+			}
+			return result.get();
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUserRoles failed", e);
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
@@ -433,11 +501,15 @@
 			"/v3/upload/portal/userRole/{roleId}" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> bulkUploadUsersSingleRole(HttpServletRequest request,
 			HttpServletResponse response, @PathVariable Long roleId) throws Exception {
-		PortalRestResponse<String> result = null;
+		Optional<PortalRestResponse<String>> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response, roleId);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadUsersSingleRole", new Exception("Failed to bulkUploadUsersSingleRole"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed");
+			}
+			return result.get();
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUsersSingleRole failed", e);
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
@@ -450,11 +522,15 @@
 			"/v3/upload/partner/functions" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> bulkUploadPartnerFunctions(HttpServletRequest request,
 			HttpServletResponse response) throws Exception {
-		PortalRestResponse<String> result = null;
+		Optional<PortalRestResponse<String>> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadPartnerRoleFunctions", new Exception("Failed to bulkUploadPartnerRoleFunctions"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed");
+			}
+			return result.get();
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerFunctions failed", e);
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
@@ -467,11 +543,15 @@
 	@RequestMapping(value = { "/v3/upload/partner/roles" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response,
 			@RequestBody List<Role> upload) throws Exception {
-		PortalRestResponse<String> result = null;
+		Optional<PortalRestResponse<String>> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response, upload);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadRoles", new Exception("Failed to bulkUploadRoles"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed");
+			}
+			return result.get();
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoles failed", e);
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
@@ -484,11 +564,15 @@
 			"/v3/upload/partner/roleFunctions" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> bulkUploadPartnerRoleFunctions(HttpServletRequest request,
 			HttpServletResponse response) throws Exception {
-		PortalRestResponse<String> result = null;
+		Optional<PortalRestResponse<String>> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalRestResponse<String>) invokeMethod(res, request, response);
-			return result;
+			result = Optional.ofNullable((PortalRestResponse<String>) invokeMethod(res, request, response));
+			if (!result.isPresent()){
+				logger.error(EELFLoggerDelegate.errorLogger, "Failed to bulkUploadPartnerRoleFunctions", new Exception("Failed to bulkUploadPartnerRoleFunctions"));
+				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed");
+			}
+			return result.get();
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoleFunctions failed", e);
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
@@ -715,6 +799,12 @@
 	@RequestMapping(value = { "/v3/userProfile" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> postUserProfile(HttpServletRequest request,
 			@RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
+
+		if (extSysUser!=null){
+			if (!dataValidator.isValid(extSysUser))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		}
+
 		PortalRestResponse<String> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
@@ -731,6 +821,12 @@
 	@RequestMapping(value = { "/v3/userProfile" }, method = RequestMethod.PUT, produces = "application/json")
 	public PortalRestResponse<String> putUserProfile(HttpServletRequest request,
 			@RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
+
+		if (extSysUser!=null){
+			if (!dataValidator.isValid(extSysUser))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		}
+
 		PortalRestResponse<String> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
@@ -747,6 +843,12 @@
 	@RequestMapping(value = { "/v3/userProfile" }, method = RequestMethod.DELETE, produces = "application/json")
 	public PortalRestResponse<String> deleteUserProfile(HttpServletRequest request,
 			@RequestBody ExternalSystemUser extSysUser, HttpServletResponse response) {
+
+		if (extSysUser!=null){
+			if (!dataValidator.isValid(extSysUser))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		}
+
 		PortalRestResponse<String> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
@@ -763,6 +865,13 @@
 	@RequestMapping(value = { "/v3/ticketevent" }, method = RequestMethod.POST)
 	public PortalRestResponse<String> handleRequest(HttpServletRequest request, HttpServletResponse response,
 			@RequestBody String ticketEventJson) throws Exception {
+
+		if (ticketEventJson!=null){
+			SecureString secureTicketEventJson = new SecureString(ticketEventJson);
+			if (!dataValidator.isValid(secureTicketEventJson))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ticketEventJson is not valid", "Failed");
+		}
+
 		PortalRestResponse<String> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
@@ -780,6 +889,12 @@
 	@ResponseBody
 	public PortalRestResponse<String> postPortalAdmin(HttpServletRequest request, HttpServletResponse response,
 			@RequestBody EPUser epUser) {
+
+		if (epUser!=null){
+			if (!dataValidator.isValid(epUser))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "EPUser is not valid", "Failed");
+		}
+
 		PortalRestResponse<String> result = null;
 		Map<String, Object> res = getMethod(request, response);
 		try {
@@ -812,6 +927,12 @@
 	@ResponseBody
 	public PortalRestResponse<String> postOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
 			@RequestBody OnboardingApp newOnboardApp) {
+
+		if (newOnboardApp!=null){
+			if (!dataValidator.isValid(newOnboardApp))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
+		}
+
 		PortalRestResponse<String> result = new PortalRestResponse<>();
 		Map<String, Object> res = getMethod(request, response);
 		try {
@@ -830,7 +951,13 @@
 	@ResponseBody
 	public PortalRestResponse<String> putOnboardAppExternal(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("appId") Long appId, @RequestBody OnboardingApp oldOnboardApp) {
-		PortalRestResponse<String> result = new PortalRestResponse<>();
+
+		if (oldOnboardApp!=null){
+			if (!dataValidator.isValid(oldOnboardApp))
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
+		}
+
+		PortalRestResponse<String> result;
 		Map<String, Object> res = getMethod(request, response);
 		try {
 			result = (PortalRestResponse<String>) invokeMethod(res, request, response, appId, oldOnboardApp);
@@ -845,12 +972,16 @@
 	@RequestMapping(value = { "/v3/publishNotification" }, method = RequestMethod.POST, produces = "application/json")
 	@ResponseBody
 	public PortalAPIResponse publishNotification(HttpServletRequest request,
-			@RequestBody EpNotificationItem notificationItem, HttpServletResponse response) throws Exception {
-		PortalAPIResponse result = new PortalAPIResponse(true, "success");
+			@RequestBody EpNotificationItem notificationItem, HttpServletResponse response) {
+
+		if (notificationItem!=null){
+			if (!dataValidator.isValid(notificationItem))
+				return new PortalAPIResponse(false, "EpNotificationItem is not valid");
+		}
+
 		Map<String, Object> res = getMethod(request, response);
 		try {
-			result = (PortalAPIResponse) invokeMethod(res, request, response, notificationItem);
-			return result;
+			return (PortalAPIResponse) invokeMethod(res, request, response, notificationItem);
 		} catch (Exception e) {
 			logger.error(EELFLoggerDelegate.errorLogger, "publishNotification failed", e);
 			return new PortalAPIResponse(false, e.getMessage());
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardController.java
index 727d190..6137aec 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/DashboardController.java
@@ -66,6 +66,8 @@
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.portal.utils.PortalConstants;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.domain.AuditLog;
 import org.onap.portalsdk.core.domain.support.CollaborateList;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
@@ -87,19 +89,23 @@
 @RestController
 @RequestMapping("/portalApi/dashboard")
 public class DashboardController extends EPRestrictedBaseController {
+	private static final DataValidator DATA_VALIDATOR = new DataValidator();
+	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardController.class);
 
-	private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(DashboardController.class);
-
-	@Autowired
 	private DashboardSearchService searchService;
-	@Autowired
 	private AuditService auditService;
-	
-	@Autowired
 	private AdminRolesService adminRolesService;
-	
+
+	@Autowired
+	public DashboardController(DashboardSearchService searchService,
+		AuditService auditService, AdminRolesService adminRolesService) {
+		this.searchService = searchService;
+		this.auditService = auditService;
+		this.adminRolesService = adminRolesService;
+	}
+
 	public enum WidgetCategory {
-		EVENTS, NEWS, IMPORTANTRESOURCES;
+		EVENTS, NEWS, IMPORTANTRESOURCES
 	}
 
 	/**
@@ -129,11 +135,15 @@
 	@RequestMapping(value = "/widgetData", method = RequestMethod.GET, produces = "application/json")
 	public PortalRestResponse<CommonWidgetMeta> getWidgetData(HttpServletRequest request,
 			@RequestParam String resourceType) {
-		if (!isValidResourceType(resourceType))
-			return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.ERROR,
-					"Unexpected resource type " + resourceType, null);
-		return new PortalRestResponse<CommonWidgetMeta>(PortalRestStatusEnum.OK, "success",
-				searchService.getWidgetData(resourceType));
+		if (!isValidResourceType(resourceType)) {
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				"Unexpected resource type " + resourceType, null);
+		}else if (!DATA_VALIDATOR.isValid(new SecureString(resourceType))){
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				"Unsafe resource type " + resourceType, null);
+		}
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+			searchService.getWidgetData(resourceType));
 	}
 	
 	
@@ -147,20 +157,23 @@
 	@RequestMapping(value = "/widgetDataBulk", method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> saveWidgetDataBulk(@RequestBody CommonWidgetMeta commonWidgetMeta) {
 		logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetDataBulk: argument is {}", commonWidgetMeta);
-		if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals(""))
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
-					"Category cannot be null or empty");
-		if (!isValidResourceType(commonWidgetMeta.getCategory()))
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
-					"Unexpected resource type " + commonWidgetMeta.getCategory(), null);
-		// validate dates
+		if (!DATA_VALIDATOR.isValid(commonWidgetMeta)){
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				"Unsafe resource type " + commonWidgetMeta, "ERROR");
+		}else if (commonWidgetMeta.getCategory() == null || commonWidgetMeta.getCategory().trim().equals("")) {
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+				"Category cannot be null or empty");
+		}else if (!isValidResourceType(commonWidgetMeta.getCategory())) {
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				"Unexpected resource type " + commonWidgetMeta.getCategory(), null);
+		}
 		for (CommonWidget cw : commonWidgetMeta.getItems()) {
 			String err = validateCommonWidget(cw);
 			if (err != null)
-				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
-				searchService.saveWidgetDataBulk(commonWidgetMeta));
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+			searchService.saveWidgetDataBulk(commonWidgetMeta));
 	}
 
 	/**
@@ -175,17 +188,21 @@
 		logger.debug(EELFLoggerDelegate.debugLogger, "saveWidgetData: argument is {}", commonWidget);
 		EPUser user = EPUserUtils.getUserSession(request);
 		if (adminRolesService.isSuperAdmin(user)) {
-			if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().isEmpty())
-				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "ERROR",
-						"Category cannot be null or empty");
+			if (commonWidget.getCategory() == null || commonWidget.getCategory().trim().isEmpty()) {
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ERROR",
+					"Category cannot be null or empty");
+			}else if (!DATA_VALIDATOR.isValid(commonWidget)){
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+					"Unsafe resource type " + commonWidget, "ERROR");
+			}
 			String err = validateCommonWidget(commonWidget);
 			if (err != null)
-				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, err, null);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
-					searchService.saveWidgetData(commonWidget));
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, err, null);
+			return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+				searchService.saveWidgetData(commonWidget));
 		} else {
 			EcompPortalUtils.setBadPermissions(user, response, "saveWidgetData");
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed", null);
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed", null);
 		}
 	}
 
@@ -235,8 +252,12 @@
 	@RequestMapping(value = "/deleteData", method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> deleteWidgetData(@RequestBody CommonWidget commonWidget) {
 		logger.debug(EELFLoggerDelegate.debugLogger, "deleteWidgetData: argument is {}", commonWidget);
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "success",
-				searchService.deleteWidgetData(commonWidget));
+		if (!DATA_VALIDATOR.isValid(commonWidget)){
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				"Unsafe resource type " + commonWidget, "ERROR");
+		}
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+			searchService.deleteWidgetData(commonWidget));
 	}
 
 	/**
@@ -251,7 +272,10 @@
 	@RequestMapping(value = "/search", method = RequestMethod.GET, produces = "application/json")
 	public PortalRestResponse<Map<String, List<SearchResultItem>>> searchPortal(HttpServletRequest request,
 			@RequestParam String searchString) {
-
+		if (!DATA_VALIDATOR.isValid(new SecureString(searchString))){
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is not safe",
+				new HashMap<>());
+		}
 		if (searchString != null)
 			searchString = searchString.trim();
 		EPUser user = EPUserUtils.getUserSession(request);
@@ -259,10 +283,10 @@
 			if (user == null) {
 				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
 						"searchPortal: User object is null? - check logs",
-						new HashMap<String, List<SearchResultItem>>());
+					new HashMap<>());
 			} else if (searchString == null || searchString.length() == 0) {
 				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "searchPortal: String string is null",
-						new HashMap<String, List<SearchResultItem>>());
+					new HashMap<>());
 			} else {
 				logger.debug(EELFLoggerDelegate.debugLogger, "searchPortal: user {}, search string '{}'",
 						user.getLoginId(), searchString);
@@ -294,7 +318,7 @@
 			MDC.put(EPCommonSystemProperties.STATUS_CODE, "ERROR");
 			MDC.remove(EPCommonSystemProperties.STATUS_CODE);
 			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage() + " - check logs.",
-					new HashMap<String, List<SearchResultItem>>());
+				new HashMap<>());
 		}
 	}
 
@@ -308,7 +332,7 @@
 	 */
 	@RequestMapping(value = "/activeUsers", method = RequestMethod.GET, produces = "application/json")
 	public List<String> getActiveUsers(HttpServletRequest request) {
-		List<String> activeUsers = null;
+		List<String> activeUsers;
 		List<String> onlineUsers = new ArrayList<>();
 		try {
 			EPUser user = EPUserUtils.getUserSession(request);
@@ -341,7 +365,7 @@
 			String updateDuration = SystemProperties.getProperty(EPCommonSystemProperties.ONLINE_USER_UPDATE_DURATION);				
 			Integer rateInMiliSec = Integer.valueOf(updateRate)*1000;
 			Integer durationInMiliSec = Integer.valueOf(updateDuration)*1000;
-			Map<String, String> results = new HashMap<String,String>();
+			Map<String, String> results = new HashMap<>();
 			results.put("onlineUserUpdateRate", String.valueOf(rateInMiliSec));
 			results.put("onlineUserUpdateDuration", String.valueOf(durationInMiliSec));			
 			return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", results);
@@ -362,7 +386,7 @@
 		try {
 			String windowWidthString = SystemProperties.getProperty(EPCommonSystemProperties.WINDOW_WIDTH_THRESHOLD_RIGHT_MENU);	
 			Integer windowWidth = Integer.valueOf(windowWidthString);
-			Map<String, String> results = new HashMap<String,String>();
+			Map<String, String> results = new HashMap<>();
 			results.put("windowWidth", String.valueOf(windowWidth));
 			return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", results);
 		} catch (Exception e) {
@@ -383,7 +407,7 @@
 		try {
 			String windowWidthString = SystemProperties.getProperty(EPCommonSystemProperties.WINDOW_WIDTH_THRESHOLD_LEFT_MENU);	
 			Integer windowWidth = Integer.valueOf(windowWidthString);
-			Map<String, String> results = new HashMap<String,String>();
+			Map<String, String> results = new HashMap<>();
 			results.put("windowWidth", String.valueOf(windowWidth));
 			return new PortalRestResponse<>(PortalRestStatusEnum.OK, "success", results);
 		} catch (Exception e) {
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java
index 5f6818f..46493d8 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/ExternalAccessRolesController.java
@@ -69,6 +69,8 @@
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.portal.utils.PortalConstants;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.domain.AuditLog;
 import org.onap.portalsdk.core.domain.Role;
 import org.onap.portalsdk.core.domain.User;
@@ -76,7 +78,6 @@
 import org.onap.portalsdk.core.restful.domain.EcompRole;
 import org.onap.portalsdk.core.restful.domain.EcompUser;
 import org.onap.portalsdk.core.service.AuditService;
-import org.onap.portalsdk.core.service.UserService;
 import org.onap.portalsdk.core.service.UserServiceCentalizedImpl;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.onap.portalsdk.core.web.support.UserUtils;
@@ -90,7 +91,6 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RestController;
-import org.springframework.web.client.RestTemplate;
 
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
@@ -104,36 +104,39 @@
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class ExternalAccessRolesController implements BasicAuthenticationController {
-
 	private static final String ROLE_INVALID_CHARS = "%=():,\"\"";
-
 	private static final String SUCCESSFULLY_DELETED = "Successfully Deleted";
-
 	private static final String INVALID_UEB_KEY = "Invalid credentials!";
-
 	private static final String LOGIN_ID = "LoginId";
-	
-	RestTemplate template = new RestTemplate();
-
-	@Autowired
-	private AuditService auditService;
-
 	private static final String UEBKEY = "uebkey";
 
-	private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class);
+	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(ExternalAccessRolesController.class);
+	private static final DataValidator DATA_VALIDATOR = new DataValidator();
 
-	@Autowired
+	private AuditService auditService;
 	private ExternalAccessRolesService externalAccessRolesService;
+	private UserServiceCentalizedImpl userservice;
 
 	@Autowired
-	private UserService userservice =  new UserServiceCentalizedImpl();
+	public ExternalAccessRolesController(AuditService auditService,
+		ExternalAccessRolesService externalAccessRolesService,
+		UserServiceCentalizedImpl userservice) {
+		this.auditService = auditService;
+		this.externalAccessRolesService = externalAccessRolesService;
+		this.userservice = userservice;
+	}
+
 
 	@ApiOperation(value = "Gets user role for an application.", response = CentralUser.class, responseContainer="List")
 	@RequestMapping(value = {
 			"/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
 	public CentralUser getUser(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("loginId") String loginId) throws Exception {
-
+		if (!DATA_VALIDATOR.isValid(new SecureString(loginId))){
+			sendErrorResponse(response, new Exception("Data is not valid"));
+			logger.error(EELFLoggerDelegate.errorLogger, "getUser not valid data");
+			return null;
+		}
 		CentralUser answer = null;
 		try {
 			fieldsValidation(request);
@@ -150,6 +153,11 @@
 			"/v1/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
 	public String getV2UserList(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("loginId") String loginId) throws Exception {
+		if (!DATA_VALIDATOR.isValid(new SecureString(loginId))){
+			sendErrorResponse(response, new Exception("Data is not valid"));
+			logger.error(EELFLoggerDelegate.errorLogger, "getV2UserList not valid data");
+			return "Data is not valid";
+		}
 		String answer = null;
 		try {
 			fieldsValidation(request);
@@ -300,6 +308,10 @@
 			@PathVariable("code") String code) throws Exception {
 		CentralV2RoleFunction centralV2RoleFunction = null;
 		CentralRoleFunction centralRoleFunction = new CentralRoleFunction();
+		if(!DATA_VALIDATOR.isValid(new SecureString(code))){
+			sendErrorResponse(response, new Exception("Data is not valid"));
+			logger.error(EELFLoggerDelegate.errorLogger, "getRoleFunction failed", new Exception("Data is not valid"));
+		}
 		try {
 			fieldsValidation(request);
 			centralV2RoleFunction = externalAccessRolesService.getRoleFunction(code, request.getHeader(UEBKEY));
@@ -318,6 +330,10 @@
 	public CentralV2RoleFunction getV2RoleFunction(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("code") String code) throws Exception {
 		CentralV2RoleFunction centralV2RoleFunction = null;
+		if(!DATA_VALIDATOR.isValid(new SecureString(code))){
+			sendErrorResponse(response, new Exception("Data is not valid"));
+			logger.error(EELFLoggerDelegate.errorLogger, "getV2RoleFunction failed", new Exception("Data is not valid"));
+		}
 		try {
 			fieldsValidation(request);
 			centralV2RoleFunction = externalAccessRolesService.getRoleFunction(code, request.getHeader(UEBKEY));
@@ -334,16 +350,20 @@
 	@ApiOperation(value = "Saves role function for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/roleFunction" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> saveRoleFunction(HttpServletRequest request, HttpServletResponse response,
-			@RequestBody String roleFunc) throws Exception {
+			@RequestBody String roleFunc) {
 		String status = "Successfully saved!";
+		if(!DATA_VALIDATOR.isValid(new SecureString(roleFunc))){
+			logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				"Failed to roleFunc, not valid data.", "Failed");
+		}
 		try {
 			fieldsValidation(request);
-			String data = roleFunc;
-			ObjectMapper mapper = new ObjectMapper();
+               ObjectMapper mapper = new ObjectMapper();
 			List<EPApp> applicationList = externalAccessRolesService.getApp(request.getHeader(UEBKEY));
 			EPApp requestedApp = applicationList.get(0);
 			mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
-			CentralV2RoleFunction availableRoleFunction = mapper.readValue(data, CentralV2RoleFunction.class);
+			CentralV2RoleFunction availableRoleFunction = mapper.readValue(roleFunc, CentralV2RoleFunction.class);
 			CentralV2RoleFunction domainRoleFunction = null;
 			boolean isCentralV2Version = false;
 			if(availableRoleFunction.getType()!=null && availableRoleFunction.getAction()!= null) {
@@ -405,8 +425,8 @@
 				MDC.remove(SystemProperties.MDC_TIMER);
 			} else {
 				logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed");
-				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
-						"Failed to saveRoleFunction for '" + availableRoleFunction.getCode() + "'", "Failed");
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+                        "Failed to saveRoleFunction for '" + availableRoleFunction.getCode() + "'", "Failed");
 			}
 		} catch (Exception e) {
 			if (e.getMessage() == null ||e.getMessage().contains(INVALID_UEB_KEY)) {
@@ -415,15 +435,20 @@
 				response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			}
 			logger.error(EELFLoggerDelegate.errorLogger, "saveRoleFunction failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, status, "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, status, "Success");
 	}
 	
 	@ApiOperation(value = "Deletes role function for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/roleFunction/{code}" }, method = RequestMethod.DELETE, produces = "application/json")
 	public PortalRestResponse<String> deleteRoleFunction(HttpServletRequest request, HttpServletResponse response,
-			@PathVariable("code") String code) throws Exception {
+			@PathVariable("code") String code) {
+		if(!DATA_VALIDATOR.isValid(new SecureString(code))){
+			logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				"Failed to deleteRoleFunction, not valid data.", "Failed");
+		}
 		try {
 			fieldsValidation(request);
 			EPUser user = externalAccessRolesService.getUser(request.getHeader(LOGIN_ID)).get(0);
@@ -454,8 +479,8 @@
 				MDC.remove(SystemProperties.MDC_TIMER);
 			} else {
 				logger.error(EELFLoggerDelegate.errorLogger, "deleteRoleFunction failed");
-				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
-						"Failed to deleteRoleFunction for '" + code + "'", "Failed");
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+                        "Failed to deleteRoleFunction for '" + code + "'", "Failed");
 			}
 		} catch (Exception e) {
 			if (e.getMessage().contains(INVALID_UEB_KEY)) {
@@ -473,7 +498,7 @@
 	@ApiOperation(value = "Saves role for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/role" }, method = RequestMethod.POST, produces = "application/json")
 	public PortalRestResponse<String> saveRole(HttpServletRequest request, HttpServletResponse response,
-			@RequestBody Role role) throws Exception {
+			@RequestBody Role role) {
 		try {
 			fieldsValidation(request);
 			ExternalRequestFieldsValidator saveRoleResult = null;
@@ -526,15 +551,20 @@
 				response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			}
 			logger.error(EELFLoggerDelegate.errorLogger, "saveRole failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully Saved", "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully Saved", "Success");
 	}
 	
 	@ApiOperation(value = "Deletes role for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/deleteRole/{code}" }, method = RequestMethod.DELETE, produces = "application/json")
 	public  PortalRestResponse<String> deleteRole(HttpServletRequest request, HttpServletResponse response,
-			@PathVariable String code) throws Exception {
+			@PathVariable String code) {
+		if(!DATA_VALIDATOR.isValid(new SecureString(code))){
+			logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+				"Failed to deleteRole, not valid data.", "Failed");
+		}
 		try {
 			fieldsValidation(request);
 			boolean deleteResponse = externalAccessRolesService.deleteRoleForApplication(code,
@@ -566,8 +596,8 @@
 				MDC.remove(SystemProperties.MDC_TIMER);
 			} else {
 				logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed");
-				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR,
-						"Failed to deleteRole for '" + code + "'", "Failed");
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+                        "Failed to deleteRole for '" + code + "'", "Failed");
 			}
 		} catch (Exception e) {
 			if (e.getMessage().contains(INVALID_UEB_KEY)) {
@@ -576,9 +606,9 @@
 				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
 			}
 			logger.error(EELFLoggerDelegate.errorLogger, "deleteRole failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, e.getMessage(), "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, SUCCESSFULLY_DELETED, "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, SUCCESSFULLY_DELETED, "Success");
 	}
 	
 	@ApiOperation(value = "Gets active roles for an application.", response = CentralRole.class, responseContainer = "Json")
@@ -615,7 +645,7 @@
 	@ApiOperation(value = "deletes user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/deleteDependcyRoleRecord/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json")
 	public PortalRestResponse<String> deleteDependencyRoleRecord(HttpServletRequest request, HttpServletResponse response,
-			@PathVariable("roleId") Long roleId) throws Exception {
+			@PathVariable("roleId") Long roleId) {
 		ExternalRequestFieldsValidator removeResult = null;
 		try {
 			fieldsValidation(request);
@@ -642,7 +672,7 @@
 	@ApiOperation(value = "deletes  roles for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/v2/deleteRole/{roleId}" }, method = RequestMethod.DELETE, produces = "application/json")
 	public PortalRestResponse<String> deleteRole(HttpServletRequest request, HttpServletResponse response,
-			@PathVariable("roleId") Long roleId) throws Exception {
+			@PathVariable("roleId") Long roleId) {
 		ExternalRequestFieldsValidator removeResult = null;
 		try {
 			fieldsValidation(request);
@@ -668,63 +698,63 @@
 	
 	@ApiOperation(value = "Bulk upload functions for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/upload/portal/functions" }, method = RequestMethod.POST, produces = "application/json")
-	public  PortalRestResponse<String> bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception {
+	public  PortalRestResponse<String> bulkUploadFunctions(HttpServletRequest request, HttpServletResponse response) {
 		Integer result = 0;
 		try {
 			result = externalAccessRolesService.bulkUploadFunctions(request.getHeader(UEBKEY));
 		} catch (Exception e) {
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success");
 	}
 	
 	@ApiOperation(value = "Bulk upload roles for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/upload/portal/roles" }, method = RequestMethod.POST, produces = "application/json")
-	public  PortalRestResponse<String> bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) throws Exception {
+	public  PortalRestResponse<String> bulkUploadRoles(HttpServletRequest request, HttpServletResponse response) {
 		Integer result = 0;
 		try {
 			result = externalAccessRolesService.bulkUploadRoles(request.getHeader(UEBKEY));
 		} catch (Exception e) {
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success");
 	}
 	
 	@ApiOperation(value = "Bulk upload role functions for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/upload/portal/roleFunctions" }, method = RequestMethod.POST, produces = "application/json")
-	public  PortalRestResponse<String> bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception {
+	public  PortalRestResponse<String> bulkUploadRoleFunctions(HttpServletRequest request, HttpServletResponse response) {
 		Integer result = 0;
 		try {
 			result = externalAccessRolesService.bulkUploadRolesFunctions(request.getHeader(UEBKEY));
 		} catch (Exception e) {
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoleFunctions failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoleFunctions", "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success");
 	}
 	
 	@ApiOperation(value = "Bulk upload user roles for an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/upload/portal/userRoles" }, method = RequestMethod.POST, produces = "application/json")
-	public  PortalRestResponse<String> bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) throws Exception {
+	public  PortalRestResponse<String> bulkUploadUserRoles(HttpServletRequest request, HttpServletResponse response) {
 		Integer result = 0;
 		try {
 			result = externalAccessRolesService.bulkUploadUserRoles(request.getHeader(UEBKEY));
 		} catch (Exception e) {
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUserRoles failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUserRoles", "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success");
 	}
 	
 	@ApiOperation(value = "Bulk upload users for renamed role of an application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/upload/portal/userRole/{roleId}" }, method = RequestMethod.POST, produces = "application/json")
-	public  PortalRestResponse<String> bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) throws Exception {
+	public  PortalRestResponse<String> bulkUploadUsersSingleRole(HttpServletRequest request, HttpServletResponse response, @PathVariable Long roleId) {
 		Integer result = 0;
 		try {
 			String roleName = request.getHeader("RoleName");
@@ -732,50 +762,53 @@
 		} catch (Exception e) {
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadUsersSingleRole failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadUsersSingleRole", "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: "+result, "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added: " + result, "Success");
 	}
 	
 	@ApiOperation(value = "Bulk upload functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/upload/partner/functions" }, method = RequestMethod.POST, produces = "application/json")
-	public  PortalRestResponse<String> bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception {
+	public  PortalRestResponse<String> bulkUploadPartnerFunctions(HttpServletRequest request, HttpServletResponse response) {
 		Integer addedFunctions = 0;
 		try {
 			addedFunctions = externalAccessRolesService.bulkUploadPartnerFunctions(request.getHeader(UEBKEY));
 		} catch (Exception e) {
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadFunctions failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadFunctions", "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: '"+addedFunctions+"' functions", "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK,
+                "Successfully added: '" + addedFunctions + "' functions", "Success");
 	}
 	
 	@ApiOperation(value = "Bulk upload roles for an partner application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/upload/partner/roles" }, method = RequestMethod.POST, produces = "application/json")
-	public  PortalRestResponse<String> bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List<Role> upload) throws Exception {
+	public  PortalRestResponse<String> bulkUploadPartnerRoles(HttpServletRequest request, HttpServletResponse response, @RequestBody List<Role> upload) {
 		try {
 			externalAccessRolesService.bulkUploadPartnerRoles(request.getHeader(UEBKEY), upload);
 		} catch (Exception e) {
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadRoles failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadRoles", "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added", "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, "Successfully added", "Success");
 	}
 	
 	@ApiOperation(value = "Bulk upload role functions for an partner application.", response = PortalRestResponse.class, responseContainer = "Json")
 	@RequestMapping(value = { "/upload/partner/roleFunctions" }, method = RequestMethod.POST, produces = "application/json")
-	public  PortalRestResponse<String> bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) throws Exception {
+	public  PortalRestResponse<String> bulkUploadPartnerRoleFunctions(HttpServletRequest request, HttpServletResponse response) {
 		Integer addedRoleFunctions = 0;
 		try {
 			addedRoleFunctions = externalAccessRolesService.bulkUploadPartnerRoleFunctions(request.getHeader(UEBKEY));
 		} catch (Exception e) {
 			response.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
 			logger.error(EELFLoggerDelegate.errorLogger, "bulkUploadPartnerRoleFunctions failed", e);
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions", "Failed");
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Failed to bulkUploadPartnerRoleFunctions",
+                    "Failed");
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, "Successfully added: '"+addedRoleFunctions + "' role functions", "Success");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK,
+                "Successfully added: '" + addedRoleFunctions + "' role functions", "Success");
 	}
 	
 	@ApiOperation(value = "Gets all functions along with global functions", response = List.class, responseContainer = "Json")
@@ -856,6 +889,10 @@
 	@RequestMapping(value = { "/v2/user/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
 	public String getEcompUser(HttpServletRequest request, HttpServletResponse response,
 			@PathVariable("loginId") String loginId) throws Exception {
+		if(!DATA_VALIDATOR.isValid(new SecureString(loginId))){
+			sendErrorResponse(response, new Exception("getEcompUser failed"));
+			logger.error(EELFLoggerDelegate.errorLogger, "getEcompUser failed", new Exception("getEcompUser failed"));
+		}
 		EcompUser user = new EcompUser();
 		ObjectMapper mapper = new ObjectMapper();
 		String answer = null;
@@ -868,7 +905,7 @@
 				user = UserUtils.convertToEcompUser(ecompUser);
 			    List<EcompRole> missingRolesOfUser = externalAccessRolesService.missingUserApplicationRoles(request.getHeader(UEBKEY), loginId, user.getRoles());
 				if (missingRolesOfUser.size() > 0) {
-					Set<EcompRole> roles = new TreeSet<EcompRole>(missingRolesOfUser);
+					Set<EcompRole> roles = new TreeSet<>(missingRolesOfUser);
 					user.getRoles().addAll(roles);
 				}
 			}
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/LanguageController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/LanguageController.java
index 383e472..508b1be 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/LanguageController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/LanguageController.java
@@ -15,15 +15,16 @@
  */
 package org.onap.portalapp.portal.controller;
 
-import com.alibaba.fastjson.JSONObject;
-import org.onap.portalapp.portal.domain.Language;
-import org.onap.portalapp.portal.service.LanguageService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.web.bind.annotation.*;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.util.List;
+import org.onap.portalapp.portal.service.LanguageService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+import com.alibaba.fastjson.JSONObject;
 
 @RestController
 @RequestMapping("/auxapi")
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
index b50d1cf..9a525b5 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RoleManageController.java
@@ -523,7 +523,7 @@
 			EPApp requestedApp = appService.getApp(appId);
 			if (isAuthorizedUser(user, requestedApp)) {
 				fieldsValidation(requestedApp);
-				if (requestedApp.getCentralAuth()) {
+				if (requestedApp.getCentralAuth() && roleFunc!=null) {
 					String code = roleFunc.getType() + PIPE + roleFunc.getCode() + PIPE + roleFunc.getAction();
 					CentralV2RoleFunction domainRoleFunction = externalAccessRolesService.getRoleFunction(code,
 							requestedApp.getUebKey());
@@ -679,7 +679,7 @@
 	}
 
 	@RequestMapping(value = { "/portalApi/centralizedApps" }, method = RequestMethod.GET)
-	public List<CentralizedApp> getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) throws IOException {
+	public List<CentralizedApp> getCentralizedAppRoles(HttpServletRequest request, HttpServletResponse response, String userId) {
 		if(userId!=null) {
 			SecureString secureString = new SecureString(userId);
 
@@ -817,7 +817,7 @@
 
 	private boolean isAuthorizedUser(EPUser user, EPApp requestedApp) {
 		if (user != null && (adminRolesService.isAccountAdminOfApplication(user, requestedApp)
-				|| (adminRolesService.isSuperAdmin(user) && requestedApp.getId() == PortalConstants.PORTAL_APP_ID)))
+				|| (adminRolesService.isSuperAdmin(user) && requestedApp.getId().equals(PortalConstants.PORTAL_APP_ID))))
 			return true;
 		return false;
 	}
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RolesController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RolesController.java
index c976629..a319c6b 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RolesController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/RolesController.java
@@ -79,7 +79,7 @@
 	private ExternalAccessRolesService externalAccessRolesService;
 
 	@Autowired
-	ExternalAccessRolesController externalAccessRolesController = new ExternalAccessRolesController();
+	ExternalAccessRolesController externalAccessRolesController;
 	
 
 	@ApiOperation(value = "Gets roles for an application which is upgraded to newer version.", response = CentralV2Role.class, responseContainer = "Json")
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SchedulerController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SchedulerController.java
index af34176..69f2568 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SchedulerController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SchedulerController.java
@@ -41,7 +41,6 @@
 import java.text.SimpleDateFormat;
 import java.util.Date;
 import java.util.HashMap;
-import java.util.List;
 import java.util.Map;
 import java.util.Set;
 import java.util.UUID;
@@ -49,12 +48,12 @@
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import lombok.NoArgsConstructor;
 import org.json.simple.JSONObject;
 import org.onap.portalapp.controller.EPRestrictedBaseController;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
-import org.onap.portalapp.portal.exceptions.RoleFunctionException;
 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
 import org.onap.portalapp.portal.logging.logic.EPLogUtil;
 import org.onap.portalapp.portal.scheduler.SchedulerProperties;
@@ -70,7 +69,6 @@
 import org.onap.portalapp.portal.utils.PortalConstants;
 import org.onap.portalapp.util.EPUserUtils;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.onap.portalsdk.core.service.DataAccessService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
@@ -87,62 +85,66 @@
 @Configuration
 @EnableAspectJAutoProxy
 @EPAuditLog
+@NoArgsConstructor
 public class SchedulerController extends EPRestrictedBaseController {
+	private static final String USER_IS_UNAUTHORIZED_TO_MAKE_THIS_CALL = "User is unauthorized to make this call";
 
-	@Autowired
+	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerController.class);
+	private static final DateFormat requestDateFormat = new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z");
+
 	private SchedulerRestInterface schedulerRestController;
-	
-	@Autowired
 	private AdminRolesService adminRolesService;
 
-	private static EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SchedulerController.class);
-
-	/** The request date format. */
-	public DateFormat requestDateFormat = new SimpleDateFormat("EEE, dd MMM YYYY HH:mm:ss z");
+	@Autowired
+	public SchedulerController(SchedulerRestInterface schedulerRestController,
+		AdminRolesService adminRolesService) {
+		this.schedulerRestController = schedulerRestController;
+		this.adminRolesService = adminRolesService;
+	}
 
 	@RequestMapping(value = "/get_time_slots/{scheduler_request}", method = RequestMethod.GET, produces = "application/json")
 	public ResponseEntity<String> getTimeSlots(HttpServletRequest request,
-			@PathVariable("scheduler_request") String scheduler_request) throws Exception {
+			@PathVariable("scheduler_request") String schedulerRequest) throws Exception {
 		if (checkIfUserISValidToMakeSchedule(request)) {
 			try {
 				Date startingTime = new Date();
 				String startTimeRequest = requestDateFormat.format(startingTime);
 				logger.debug(EELFLoggerDelegate.debugLogger,
 						"Controller Scheduler GET Timeslots for startTimeRequest: ", startTimeRequest);
-				logger.debug(EELFLoggerDelegate.debugLogger, "Original Request = {} ", scheduler_request);
+				logger.debug(EELFLoggerDelegate.debugLogger, "Original Request = {} ", schedulerRequest);
 
 				String path = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULER_GET_TIME_SLOTS)
-						+ scheduler_request;
+						+ schedulerRequest;
 
-				GetTimeSlotsWrapper schedulerResWrapper = getTimeSlots(scheduler_request, path, scheduler_request);
+				GetTimeSlotsWrapper schedulerResWrapper = getTimeSlots(path, schedulerRequest);
 
 				Date endTime = new Date();
 				String endTimeRequest = requestDateFormat.format(endTime);
 				logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler - GET for EndTimeRequest = {}",
 						endTimeRequest);
-				return (new ResponseEntity<String>(schedulerResWrapper.getResponse(),
-						HttpStatus.valueOf(schedulerResWrapper.getStatus())));
+				return (new ResponseEntity<>(schedulerResWrapper.getResponse(),
+					HttpStatus.valueOf(schedulerResWrapper.getStatus())));
 			} catch (Exception e) {
 				GetTimeSlotsWrapper schedulerResWrapper = new GetTimeSlotsWrapper();
 				schedulerResWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
 				schedulerResWrapper.setEntity(e.getMessage());
 				logger.error(EELFLoggerDelegate.errorLogger, "Exception with getTimeslots", e);
-				return (new ResponseEntity<String>(schedulerResWrapper.getResponse(),
-						HttpStatus.INTERNAL_SERVER_ERROR));
+				return (new ResponseEntity<>(schedulerResWrapper.getResponse(),
+					HttpStatus.INTERNAL_SERVER_ERROR));
 			}
 		}else{
-			return (new ResponseEntity<String>("User is unauthorized to make this call", HttpStatus.UNAUTHORIZED));
+			return (new ResponseEntity<>(USER_IS_UNAUTHORIZED_TO_MAKE_THIS_CALL, HttpStatus.UNAUTHORIZED));
 		}
 	}
 
-	protected GetTimeSlotsWrapper getTimeSlots(String request, String path, String uuid) throws Exception {
+	protected GetTimeSlotsWrapper getTimeSlots(String path, String uuid) throws Exception {
 
 		try {
 			// STARTING REST API CALL AS AN FACTORY INSTACE
 			logger.debug(EELFLoggerDelegate.debugLogger, "Get Time Slots Request START");
 
-			GetTimeSlotsRestObject<String> restObjStr = new GetTimeSlotsRestObject<String>();
-			String str = new String();
+			GetTimeSlotsRestObject<String> restObjStr = new GetTimeSlotsRestObject<>();
+			String str = "";
 
 			restObjStr.set(str);
 
@@ -169,7 +171,7 @@
 	@SuppressWarnings("unchecked")
 	@RequestMapping(value = "/post_create_new_vnf_change", method = RequestMethod.POST, produces = "application/json")
 	public ResponseEntity<String> postCreateNewVNFChange(HttpServletRequest request,
-			@RequestBody JSONObject scheduler_request) throws Exception {
+			@RequestBody JSONObject schedulerRequest) throws Exception {
 		if (checkIfUserISValidToMakeSchedule(request)) {
 			try {
 				Date startingTime = new Date();
@@ -181,34 +183,34 @@
 				// Generating uuid
 				String uuid = UUID.randomUUID().toString();
 
-				scheduler_request.put("scheduleId", uuid);
+				schedulerRequest.put("scheduleId", uuid);
 				logger.debug(EELFLoggerDelegate.debugLogger, "UUID = {} ", uuid);
 
 				// adding uuid to the request payload
-				scheduler_request.put("scheduleId", uuid);
-				logger.debug(EELFLoggerDelegate.debugLogger, "Original Request = {}", scheduler_request.toString());
+				schedulerRequest.put("scheduleId", uuid);
+				logger.debug(EELFLoggerDelegate.debugLogger, "Original Request = {}", schedulerRequest.toString());
 
 				String path = SchedulerProperties
 						.getProperty(SchedulerProperties.SCHEDULER_CREATE_NEW_VNF_CHANGE_INSTANCE_VAL) + uuid;
 
-				PostCreateNewVnfWrapper responseWrapper = postSchedulingRequest(scheduler_request, path, uuid);
+				PostCreateNewVnfWrapper responseWrapper = postSchedulingRequest(schedulerRequest, path, uuid);
 
 				Date endTime = new Date();
 				String endTimeRequest = requestDateFormat.format(endTime);
 				logger.debug(EELFLoggerDelegate.debugLogger, "Controller Scheduler - POST= {}", endTimeRequest);
 
-				return new ResponseEntity<String>(responseWrapper.getResponse(),
-						HttpStatus.valueOf(responseWrapper.getStatus()));
+				return new ResponseEntity<>(responseWrapper.getResponse(),
+					HttpStatus.valueOf(responseWrapper.getStatus()));
 			} catch (Exception e) {
 				PostCreateNewVnfWrapper responseWrapper = new PostCreateNewVnfWrapper();
 				responseWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
 				responseWrapper.setEntity(e.getMessage());
 				logger.error(EELFLoggerDelegate.errorLogger, "Exception with postCreateNewVNFChange ", e);
-				return (new ResponseEntity<String>(responseWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR));
+				return (new ResponseEntity<>(responseWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR));
 
 			}
 		}else{
-			return (new ResponseEntity<String>("User is unauthorized to make this call",HttpStatus.UNAUTHORIZED));
+			return (new ResponseEntity<>(USER_IS_UNAUTHORIZED_TO_MAKE_THIS_CALL, HttpStatus.UNAUTHORIZED));
 		}
 
 	}
@@ -219,11 +221,11 @@
 		try {
 			// STARTING REST API CALL AS AN FACTORY INSTACE
 
-			PostCreateNewVnfRestObject<String> restObjStr = new PostCreateNewVnfRestObject<String>();
-			String str = new String();
+			PostCreateNewVnfRestObject<String> restObjStr = new PostCreateNewVnfRestObject<>();
+			String str = "";
 
 			restObjStr.set(str);
-			schedulerRestController.<String>Post(str, request, path, restObjStr);
+			schedulerRestController.Post(str, request, path, restObjStr);
 
 			int status = restObjStr.getStatusCode();
 			if (status >= 200 && status <= 299) {
@@ -249,7 +251,7 @@
 
 	@RequestMapping(value = "/submit_vnf_change_timeslots", method = RequestMethod.POST, produces = "application/json")
 	public ResponseEntity<String> postSubmitVnfChangeTimeslots(HttpServletRequest request,
-			@RequestBody JSONObject scheduler_request) throws Exception {
+			@RequestBody JSONObject schedulerRequest) throws Exception {
 		if (checkIfUserISValidToMakeSchedule(request)) {
 		try {
 			Date startingTime = new Date();
@@ -258,17 +260,17 @@
 					startTimeRequest);
 
 			// Generating uuid
-			String uuid = (String) scheduler_request.get("scheduleId");
+			String uuid = (String) schedulerRequest.get("scheduleId");
 			logger.debug(EELFLoggerDelegate.debugLogger, "UUID = {} ", uuid);
 
-			scheduler_request.remove("scheduleId");
+			schedulerRequest.remove("scheduleId");
 			logger.debug(EELFLoggerDelegate.debugLogger, "Original Request for the schedulerId= {} ",
-					scheduler_request.toString());
+					schedulerRequest.toString());
 
 			String path = SchedulerProperties.getProperty(SchedulerProperties.SCHEDULER_SUBMIT_NEW_VNF_CHANGE)
 					.replace("{scheduleId}", uuid);
 
-			PostSubmitVnfChangeTimeSlotsWrapper responseWrapper = postSubmitSchedulingRequest(scheduler_request, path,
+			PostSubmitVnfChangeTimeSlotsWrapper responseWrapper = postSubmitSchedulingRequest(schedulerRequest, path,
 					uuid);
 
 			Date endTime = new Date();
@@ -276,17 +278,17 @@
 			logger.debug(EELFLoggerDelegate.debugLogger, " Controller Scheduler - POST Submit for end time request= {}",
 					endTimeRequest);
 
-			return (new ResponseEntity<String>(responseWrapper.getResponse(),HttpStatus.valueOf(responseWrapper.getStatus())));
+			return (new ResponseEntity<>(responseWrapper.getResponse(), HttpStatus.valueOf(responseWrapper.getStatus())));
 			} catch (Exception e) {
 				PostSubmitVnfChangeTimeSlotsWrapper responseWrapper = new PostSubmitVnfChangeTimeSlotsWrapper();
 				responseWrapper.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value());
 				responseWrapper.setEntity(e.getMessage());
 				logger.error(EELFLoggerDelegate.errorLogger, "Exception with Post submit Vnf change Timeslots", e);
-				return (new ResponseEntity<String>(responseWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR));
+				return (new ResponseEntity<>(responseWrapper.getResponse(), HttpStatus.INTERNAL_SERVER_ERROR));
 
 			}
 		}else{
-			return (new ResponseEntity<String>("User is unauthorized to make this call",HttpStatus.UNAUTHORIZED));
+			return (new ResponseEntity<>(USER_IS_UNAUTHORIZED_TO_MAKE_THIS_CALL, HttpStatus.UNAUTHORIZED));
 		}
 	}
 
@@ -296,11 +298,11 @@
 		try {
 			// STARTING REST API CALL AS AN FACTORY INSTACE
 
-			PostSubmitVnfChangeRestObject<String> restObjStr = new PostSubmitVnfChangeRestObject<String>();
-			String str = new String();
+			PostSubmitVnfChangeRestObject<String> restObjStr = new PostSubmitVnfChangeRestObject<>();
+			String str = "";
 
 			restObjStr.set(str);
-			schedulerRestController.<String>Post(str, request, path, restObjStr);
+			schedulerRestController.Post(str, request, path, restObjStr);
 
 			int status = restObjStr.getStatusCode();
 			if (status >= 200 && status <= 299) {
@@ -362,19 +364,19 @@
 						throw new Exception(entry.getKey() + errorMsg);
 				}
 				logger.debug(EELFLoggerDelegate.debugLogger, " portalRestResponse - getSchedulerConstant= {}", map);
-				portalRestResponse = new PortalRestResponse<Map<String, String>>(PortalRestStatusEnum.OK, "success",
-						map);
+				portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.OK, "success",
+					map);
 
 			} catch (Exception e) {
 				logger.error(EELFLoggerDelegate.errorLogger, "getSchedulerConstant failed", e);
-				portalRestResponse = new PortalRestResponse<Map<String, String>>(PortalRestStatusEnum.ERROR,
-						e.getMessage(), null);
+				portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR,
+					e.getMessage(), null);
 			}
 
 		}
         else{
 			logger.error(EELFLoggerDelegate.errorLogger, "getSchedulerConstant failed: User unauthorized to make this call");
-        	portalRestResponse = new PortalRestResponse<Map<String, String>>(PortalRestStatusEnum.ERROR, "failed : Unauthorized", null);
+			portalRestResponse = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "failed : Unauthorized", null);
         }
 				return portalRestResponse;
 	}
@@ -397,8 +399,6 @@
 		EPUser user = EPUserUtils.getUserSession(request);
 		String portalApiPath = getPath(request);
 		Set<String> functionCodeList = adminRolesService.getAllAppsFunctionsOfUser(user.getId().toString());
-		boolean isValidUser =	EPUserUtils.matchRoleFunctions(portalApiPath, functionCodeList);
-//		boolean isValidUser = functionCodeList.stream().anyMatch(x -> functionCodeList.contains(portalApiPath));
-		return isValidUser;
+		return EPUserUtils.matchRoleFunctions(portalApiPath, functionCodeList);
 	}
 }
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SharedContextRestController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SharedContextRestController.java
index ba77c56..9e3428e 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SharedContextRestController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/SharedContextRestController.java
@@ -48,10 +48,13 @@
 
 import org.onap.portalapp.controller.EPRestrictedRESTfulBaseController;
 import org.onap.portalapp.portal.domain.SharedContext;
+import org.onap.portalapp.portal.exceptions.NotValidDataException;
 import org.onap.portalapp.portal.logging.aop.EPAuditLog;
 import org.onap.portalapp.portal.service.SharedContextService;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.PortalConstants;
+import org.onap.portalapp.validation.DataValidator;
+import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@@ -85,33 +88,20 @@
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class SharedContextRestController extends EPRestrictedRESTfulBaseController {
+	private static final DataValidator dataValidator = new DataValidator();
+	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SharedContextRestController.class);
+	private static final ObjectMapper mapper = new ObjectMapper();
 
-	/**
-	 * Model for a one-element JSON object returned by many methods.
-	 */
-	class SharedContextJsonResponse {
-		String response;
+	private SharedContextService contextService;
+
+	@Autowired
+	public SharedContextRestController(SharedContextService contextService) {
+		this.contextService = contextService;
 	}
 
 	/**
-	 * Access to the database
-	 */
-	@Autowired
-	private SharedContextService contextService;
-
-	/**
-	 * Logger for debug etc.
-	 */
-	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SharedContextRestController.class);
-
-	/**
-	 * Reusable JSON (de)serializer
-	 */
-	private final ObjectMapper mapper = new ObjectMapper();
-
-	/**
 	 * Gets a value for the specified context and key (RESTful service method).
-	 * 
+	 *
 	 * @param request
 	 *            HTTP servlet request
 	 * @param context_id
@@ -127,13 +117,18 @@
 	@RequestMapping(value = { "/get" }, method = RequestMethod.GET, produces = "application/json")
 	public String getContext(HttpServletRequest request, @RequestParam String context_id, @RequestParam String ckey)
 			throws Exception {
-
 		logger.debug(EELFLoggerDelegate.debugLogger, "getContext for ID " + context_id + ", key " + ckey);
 		if (context_id == null || ckey == null)
 			throw new Exception("Received null for context_id and/or ckey");
+		SecureString secureContextId = new SecureString(context_id);
+		SecureString secureCKey = new SecureString(ckey);
+
+		if(!dataValidator.isValid(secureContextId) || !dataValidator.isValid(secureCKey)){
+			throw new NotValidDataException("Received not valid for context_id and/or ckey");
+		}
 
 		SharedContext context = contextService.getSharedContext(context_id, ckey);
-		String jsonResponse = "";
+		String jsonResponse;
 		if (context == null)
 			jsonResponse = convertResponseToJSON(context);
 		else
@@ -144,7 +139,7 @@
 
 	/**
 	 * Gets user information for the specified context (RESTful service method).
-	 * 
+	 *
 	 * @param request
 	 *            HTTP servlet request
 	 * @param context_id
@@ -162,8 +157,11 @@
 		logger.debug(EELFLoggerDelegate.debugLogger, "getUserContext for ID " + context_id);
 		if (context_id == null)
 			throw new Exception("Received null for context_id");
+		SecureString secureContextId = new SecureString(context_id);
+		if (!dataValidator.isValid(secureContextId))
+			throw new NotValidDataException("context_id is not valid");
 
-		List<SharedContext> listSharedContext = new ArrayList<SharedContext>();
+		List<SharedContext> listSharedContext = new ArrayList<>();
 		SharedContext firstNameContext = contextService.getSharedContext(context_id,
 				EPCommonSystemProperties.USER_FIRST_NAME);
 		SharedContext lastNameContext = contextService.getSharedContext(context_id,
@@ -179,14 +177,13 @@
 			listSharedContext.add(emailContext);
 		if (orgUserIdContext != null)
 			listSharedContext.add(orgUserIdContext);
-		String jsonResponse = convertResponseToJSON(listSharedContext);
-		return jsonResponse;
+		return convertResponseToJSON(listSharedContext);
 	}
 
 	/**
 	 * Tests for presence of the specified key in the specified context (RESTful
 	 * service method).
-	 * 
+	 *
 	 * @param request
 	 *            HTTP servlet request
 	 * @param context_id
@@ -208,19 +205,24 @@
 		if (context_id == null || ckey == null)
 			throw new Exception("Received null for contextId and/or key");
 
+		SecureString secureContextId = new SecureString(context_id);
+		SecureString secureCKey = new SecureString(ckey);
+
+		if (!dataValidator.isValid(secureContextId) || !dataValidator.isValid(secureCKey))
+			throw new NotValidDataException("Not valid data for contextId and/or key");
+
 		String response = null;
 		SharedContext context = contextService.getSharedContext(context_id, ckey);
 		if (context != null)
 			response = "exists";
 
-		String jsonResponse = convertResponseToJSON(response);
-		return jsonResponse;
+		return convertResponseToJSON(response);
 	}
 
 	/**
 	 * Removes the specified key in the specified context (RESTful service
 	 * method).
-	 * 
+	 *
 	 * @param request
 	 *            HTTP servlet request
 	 * @param context_id
@@ -242,6 +244,12 @@
 		if (context_id == null || ckey == null)
 			throw new Exception("Received null for contextId and/or key");
 
+		SecureString secureContextId = new SecureString(context_id);
+		SecureString secureCKey = new SecureString(ckey);
+
+		if (!dataValidator.isValid(secureContextId) || !dataValidator.isValid(secureCKey))
+			throw new NotValidDataException("Not valid data for contextId and/or key");
+
 		SharedContext context = contextService.getSharedContext(context_id, ckey);
 		String response = null;
 		if (context != null) {
@@ -249,14 +257,13 @@
 			response = "removed";
 		}
 
-		String jsonResponse = convertResponseToJSON(response);
-		return jsonResponse;
+		return convertResponseToJSON(response);
 	}
 
 	/**
 	 * Clears all key-value pairs in the specified context (RESTful service
 	 * method).
-	 * 
+	 *
 	 * @param request
 	 *            HTTP servlet request
 	 * @param context_id
@@ -275,16 +282,20 @@
 		if (context_id == null)
 			throw new Exception("clearContext: Received null for contextId");
 
+		SecureString secureContextId = new SecureString(context_id);
+
+		if (!dataValidator.isValid(secureContextId))
+			throw new NotValidDataException("Not valid data for contextId");
+
 		int count = contextService.deleteSharedContexts(context_id);
-		String jsonResponse = convertResponseToJSON(Integer.toString(count));
-		return jsonResponse;
+		return convertResponseToJSON(Integer.toString(count));
 	}
 
 	/**
 	 * Sets a context value for the specified context and key (RESTful service
 	 * method). Creates the context if no context with the specified ID-key pair
 	 * exists, overwrites the value if it exists already.
-	 * 
+	 *
 	 * @param request
 	 *            HTTP servlet request
 	 * @param userJson
@@ -302,6 +313,11 @@
 	@ApiOperation(value = "Sets a context value for the specified context and key. Creates the context if no context with the specified ID-key pair exists, overwrites the value if it exists already.", response = SharedContextJsonResponse.class)
 	@RequestMapping(value = { "/set" }, method = RequestMethod.POST, produces = "application/json")
 	public String setContext(HttpServletRequest request, @RequestBody String userJson) throws Exception {
+		if (userJson !=null){
+		SecureString secureUserJson = new SecureString(userJson);
+		if (!dataValidator.isValid(secureUserJson))
+			throw new NotValidDataException("Not valid data for userJson");
+		}
 
 		@SuppressWarnings("unchecked")
 		Map<String, Object> userData = mapper.readValue(userJson, Map.class);
@@ -313,7 +329,7 @@
 			throw new Exception("setContext: received null for contextId and/or key");
 
 		logger.debug(EELFLoggerDelegate.debugLogger, "setContext: ID " + contextId + ", key " + key + "->" + value);
-		String response = null;
+		String response;
 		SharedContext existing = contextService.getSharedContext(contextId, key);
 		if (existing == null) {
 			contextService.addSharedContext(contextId, key, value);
@@ -322,53 +338,49 @@
 			contextService.saveSharedContext(existing);
 		}
 		response = existing == null ? "added" : "replaced";
-		String jsonResponse = convertResponseToJSON(response);
-		return jsonResponse;
+		return convertResponseToJSON(response);
 	}
 
 	/**
 	 * Creates a two-element JSON object tagged "response".
-	 * 
+	 *
 	 * @param responseBody
 	 * @return JSON object as String
 	 * @throws JsonProcessingException
 	 */
 	private String convertResponseToJSON(String responseBody) throws JsonProcessingException {
-		Map<String, String> responseMap = new HashMap<String, String>();
+		Map<String, String> responseMap = new HashMap<>();
 		responseMap.put("response", responseBody);
-		String response = mapper.writeValueAsString(responseMap);
-		return response;
+		return mapper.writeValueAsString(responseMap);
 	}
 
 	/**
 	 * Converts a list of SharedContext objects to a JSON array.
-	 * 
+	 *
 	 * @param contextList
 	 * @return JSON array as String
 	 * @throws JsonProcessingException
 	 */
 	private String convertResponseToJSON(List<SharedContext> contextList) throws JsonProcessingException {
-		String jsonArray = mapper.writeValueAsString(contextList);
-		return jsonArray;
+		return mapper.writeValueAsString(contextList);
 	}
 
 	/**
 	 * Creates a JSON object with the content of the shared context; null is ok.
-	 * 
+	 *
 	 * @param context
 	 * @return tag "response" with collection of context object's fields
 	 * @throws JsonProcessingException
 	 */
 	private String convertResponseToJSON(SharedContext context) throws JsonProcessingException {
-		Map<String, Object> responseMap = new HashMap<String, Object>();
+		Map<String, Object> responseMap = new HashMap<>();
 		responseMap.put("response", context);
-		String responseBody = mapper.writeValueAsString(responseMap);
-		return responseBody;
+		return mapper.writeValueAsString(responseMap);
 	}
 
 	/**
 	 * Handles any exception thrown by a method in this controller.
-	 * 
+	 *
 	 * @param e
 	 *            Exception
 	 * @param response
@@ -382,3 +394,7 @@
 	}
 
 }
+class SharedContextJsonResponse {
+	String response;
+}
+
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WidgetsController.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WidgetsController.java
index f2bba8b..45035a2 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WidgetsController.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/controller/WidgetsController.java
@@ -52,10 +52,13 @@
 import org.onap.portalapp.portal.service.WidgetService;
 import org.onap.portalapp.portal.transport.FieldsValidator;
 import org.onap.portalapp.portal.transport.OnboardingWidget;
+import org.onap.portalapp.portal.transport.WidgetCatalogPersonalization;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.util.EPUserUtils;
+import org.onap.portalapp.validation.DataValidator;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -64,30 +67,36 @@
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@org.springframework.context.annotation.Configuration
+@Configuration
 @EnableAspectJAutoProxy
 @EPAuditLog
 public class WidgetsController extends EPRestrictedBaseController {
-	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WidgetsController.class);
-	
-	@Autowired
+	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(WidgetsController.class);
+	private static final DataValidator dataValidator = new DataValidator();
+
 	private AdminRolesService adminRolesService;
-	@Autowired
 	private WidgetService widgetService;
-	@Autowired
 	private PersUserWidgetService persUserWidgetService;
 
+	@Autowired
+	public WidgetsController(AdminRolesService adminRolesService,
+		WidgetService widgetService, PersUserWidgetService persUserWidgetService) {
+		this.adminRolesService = adminRolesService;
+		this.widgetService = widgetService;
+		this.persUserWidgetService = persUserWidgetService;
+	}
+
 	@RequestMapping(value = { "/portalApi/widgets" }, method = RequestMethod.GET, produces = "application/json")
 	public List<OnboardingWidget> getOnboardingWidgets(HttpServletRequest request, HttpServletResponse response) {
 		EPUser user = EPUserUtils.getUserSession(request);
 		List<OnboardingWidget> onboardingWidgets = null;
-		
+
 		if (user == null || user.isGuest()) {
 			EcompPortalUtils.setBadPermissions(user, response, "getOnboardingWidgets");
 		} else {
 			String getType = request.getHeader("X-Widgets-Type");
-			if (!StringUtils.isEmpty(getType) && (getType.equals("managed") || getType.equals("all"))) {
-				onboardingWidgets = widgetService.getOnboardingWidgets(user, getType.equals("managed"));
+			if (!StringUtils.isEmpty(getType) && ("managed".equals(getType) || "all".equals(getType))) {
+				onboardingWidgets = widgetService.getOnboardingWidgets(user, "managed".equals(getType));
 			} else {
 				logger.debug(EELFLoggerDelegate.debugLogger, "WidgetsController.getOnboardingApps - request must contain header 'X-Widgets-Type' with 'all' or 'managed'");
 				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
@@ -112,6 +121,14 @@
 			@RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) {
 		EPUser user = EPUserUtils.getUserSession(request);
 		FieldsValidator fieldsValidator = null;
+		if (onboardingWidget!=null){
+			if(!dataValidator.isValid(onboardingWidget)){
+				fieldsValidator = new FieldsValidator();
+				fieldsValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
+				return fieldsValidator;
+			}
+		}
+
 		if (userHasPermissions(user, response, "putOnboardingWidget")) {
 			onboardingWidget.id = widgetId; // !
 			onboardingWidget.normalize();
@@ -119,7 +136,7 @@
 			response.setStatus(fieldsValidator.httpStatusCode.intValue());
 		}
 		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "GET result =", response.getStatus());
-		
+
 		return fieldsValidator;
 	}
 
@@ -127,15 +144,23 @@
 	@RequestMapping(value = { "/portalApi/widgets" }, method = { RequestMethod.POST }, produces = "application/json")
 	public FieldsValidator postOnboardingWidget(HttpServletRequest request, @RequestBody OnboardingWidget onboardingWidget, HttpServletResponse response) {
 		EPUser user = EPUserUtils.getUserSession(request);
-		FieldsValidator fieldsValidator = null; ;
-		
+		FieldsValidator fieldsValidator = null;
+
+		if (onboardingWidget!=null){
+			if(!dataValidator.isValid(onboardingWidget)){
+				fieldsValidator = new FieldsValidator();
+				fieldsValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
+				return fieldsValidator;
+			}
+		}
+
 		if (userHasPermissions(user, response, "postOnboardingWidget")) {
 			onboardingWidget.id = null; // !
 			onboardingWidget.normalize();
 			fieldsValidator = widgetService.setOnboardingWidget(user, onboardingWidget);
 			response.setStatus(fieldsValidator.httpStatusCode.intValue());
 		}
-		
+
 		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets", "POST result =", response.getStatus());
 		return fieldsValidator;
 	}
@@ -143,17 +168,17 @@
 	@RequestMapping(value = { "/portalApi/widgets/{widgetId}" }, method = { RequestMethod.DELETE }, produces = "application/json")
 	public FieldsValidator deleteOnboardingWidget(HttpServletRequest request, @PathVariable("widgetId") Long widgetId, HttpServletResponse response) {
 		EPUser user = EPUserUtils.getUserSession(request);
-		FieldsValidator fieldsValidator = null; ;
-		
+		FieldsValidator fieldsValidator = null;
+
 		if (userHasPermissions(user, response, "deleteOnboardingWidget")) {
 			fieldsValidator = widgetService.deleteOnboardingWidget(user, widgetId);
 			response.setStatus(fieldsValidator.httpStatusCode.intValue());
 		}
-		
+
 		EcompPortalUtils.logAndSerializeObject(logger, "/portalApi/widgets/" + widgetId, "DELETE result =", response.getStatus());
 		return fieldsValidator;
 	}
-	
+
 	/**
 	 * service to accept a user's action made on the application
 	 * catalog.
@@ -167,9 +192,18 @@
 	 */
 	@RequestMapping(value = { "portalApi/widgetCatalogSelection" }, method = RequestMethod.PUT, produces = "application/json")
 	public FieldsValidator putWidgetCatalogSelection(HttpServletRequest request,
-			@RequestBody org.onap.portalapp.portal.transport.WidgetCatalogPersonalization persRequest, HttpServletResponse response) throws IOException {
+			@RequestBody WidgetCatalogPersonalization persRequest, HttpServletResponse response) throws IOException {
 		FieldsValidator result = new FieldsValidator();
 		EPUser user = EPUserUtils.getUserSession(request);
+
+		if (persRequest!=null){
+			if(!dataValidator.isValid(persRequest)){
+				result.httpStatusCode = (long)HttpServletResponse.SC_NOT_ACCEPTABLE;
+				return result;
+			}
+		}
+
+
 		try {
 			if (persRequest.getWidgetId() == null || user == null) {
 				EcompPortalUtils.setBadPermissions(user, response, "putWidgetCatalogSelection");
@@ -180,7 +214,7 @@
 			logger.error(EELFLoggerDelegate.errorLogger, "Failed in putAppCatalogSelection", e);
 			response.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, e.toString());
 		}
-		result.httpStatusCode = new Long(HttpServletResponse.SC_OK);
+		result.httpStatusCode = (long) HttpServletResponse.SC_OK;
 		return result;
 	}
 }
\ No newline at end of file
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/ecomp/model/AppContactUsItem.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/ecomp/model/AppContactUsItem.java
index c7c8ebc..2d52626 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/ecomp/model/AppContactUsItem.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/ecomp/model/AppContactUsItem.java
@@ -40,6 +40,7 @@
 import javax.persistence.Entity;
 import javax.persistence.Id;
 
+import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 import com.fasterxml.jackson.annotation.JsonInclude;
 
@@ -55,11 +56,17 @@
 
 	@Id
 	private Long appId;
+	@SafeHtml
 	private String appName;
+	@SafeHtml
 	private String description;
+	@SafeHtml
 	private String contactName;
+	@SafeHtml
 	private String contactEmail;
+	@SafeHtml
 	private String url;
+	@SafeHtml
 	private String activeYN;
 
 	public Long getAppId() {
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/exceptions/NotValidDataException.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/exceptions/NotValidDataException.java
new file mode 100644
index 0000000..2a26ab3
--- /dev/null
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/exceptions/NotValidDataException.java
@@ -0,0 +1,51 @@
+/*-
+ * ============LICENSE_START==========================================
+ * ONAP Portal
+ * ===================================================================
+ * Copyright (C) 2017 AT&T Intellectual Property. All rights reserved.
+ * ===================================================================
+ *
+ * Unless otherwise specified, all software contained herein is licensed
+ * under the Apache License, Version 2.0 (the "License");
+ * you may not use this software except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * Unless otherwise specified, all documentation contained herein is licensed
+ * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
+ * you may not use this documentation except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *             https://creativecommons.org/licenses/by/4.0/
+ *
+ * Unless required by applicable law or agreed to in writing, documentation
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * ============LICENSE_END============================================
+ *
+ *
+ */
+
+package org.onap.portalapp.portal.exceptions;
+
+public class NotValidDataException extends Exception {
+
+       public NotValidDataException(String msg) {
+              super(msg);
+       }
+
+       @Override
+       public String toString() {
+              return "NotValidDataException{}: " + this.getMessage();
+       }
+}
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java
index 18aac6f..6950bdd 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/service/AdminRolesServiceImpl.java
@@ -40,25 +40,19 @@
 package org.onap.portalapp.portal.service;
 
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
-import java.util.SortedSet;
-import java.util.TreeSet;
 import java.util.stream.Collectors;
-
 import javax.annotation.PostConstruct;
-
 import org.apache.cxf.common.util.StringUtils;
 import org.hibernate.Session;
 import org.hibernate.SessionFactory;
 import org.hibernate.Transaction;
 import org.json.JSONArray;
 import org.json.JSONObject;
-import org.onap.portalapp.portal.domain.CentralV2RoleFunction;
 import org.onap.portalapp.portal.domain.EPApp;
 import org.onap.portalapp.portal.domain.EPRole;
 import org.onap.portalapp.portal.domain.EPUser;
@@ -71,16 +65,12 @@
 import org.onap.portalapp.portal.logging.logic.EPLogUtil;
 import org.onap.portalapp.portal.transport.AppNameIdIsAdmin;
 import org.onap.portalapp.portal.transport.AppsListWithAdminRole;
-import org.onap.portalapp.portal.transport.EPUserAppCurrentRoles;
 import org.onap.portalapp.portal.transport.ExternalAccessUser;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
 import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.portal.utils.PortalConstants;
 import org.onap.portalapp.util.EPUserUtils;
-import org.onap.portalsdk.core.domain.RoleFunction;
-import org.onap.portalsdk.core.domain.User;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.onap.portalsdk.core.restful.domain.EcompRole;
 import org.onap.portalsdk.core.service.DataAccessService;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -92,7 +82,6 @@
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.client.RestTemplate;
-
 import com.fasterxml.jackson.databind.ObjectMapper;
 
 @Service("adminRolesService")
@@ -106,6 +95,7 @@
 	private Long ACCOUNT_ADMIN_ROLE_ID = 999L;
 	private Long ECOMP_APP_ID = 1L;
 	public static final String TYPE_APPROVER = "approver";
+	private static final String ADMIN_ACCOUNT= "Is account admin for user {}";
 
 	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AdminRolesServiceImpl.class);
 
@@ -458,7 +448,7 @@
 
 			final Map<String, Long> userParams = new HashMap<>();
 			userParams.put("userId", user.getId());
-			logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user {}", user.getId());
+			logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId());
 			List<Integer> userAdminApps = new ArrayList<>();
 
 			userAdminApps =dataAccessService.executeNamedQuery("getAdminAppsForTheUser", userParams, null);
@@ -498,7 +488,7 @@
 					Set<String> getRoleFuncListOfPortalSet1=new HashSet<>();
 					Set<String> roleFunSet = new HashSet<>();
 					roleFunSet = getRoleFuncListOfPortalSet.stream().filter(x -> x.contains("|")).collect(Collectors.toSet());
-					if (roleFunSet.size() > 0)
+					if (!roleFunSet.isEmpty())
 						for (String roleFunction : roleFunSet) {
 							String type = externalAccessRolesService.getFunctionCodeType(roleFunction);
 							getRoleFuncListOfPortalSet1.add(type);
@@ -561,10 +551,10 @@
 		try {
 					final Map<String, Long> userParams = new HashMap<>();
 					userParams.put("userId", user.getId());
-					logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user {}", user.getId());
+					logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId());
 					List<Integer> userAdminApps = new ArrayList<>();
 					userAdminApps =dataAccessService.executeNamedQuery("getAdminAppsForTheUser", userParams, null);
-					if(userAdminApps.size()>=1){
+					if(!userAdminApps.isEmpty()){
 					isApplicationAccountAdmin=userAdminApps.contains((int) (long) app.getId());
 					logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user is true{} ,appId {}", user.getId(),app.getId());
 					}
@@ -586,7 +576,7 @@
 		Set<String> getRoleFuncListOfPortalSet = new HashSet<>(getRoleFuncListOfPortal);
 		Set<String> roleFunSet = new HashSet<>();
 		roleFunSet = getRoleFuncListOfPortalSet.stream().filter(x -> x.contains("|")).collect(Collectors.toSet());
-		if (roleFunSet.size() > 0)
+		if (!roleFunSet.isEmpty())
 			for (String roleFunction : roleFunSet) {
 				String roleFun = EcompPortalUtils.getFunctionCode(roleFunction);
 				getRoleFuncListOfPortalSet.remove(roleFunction);
@@ -598,7 +588,6 @@
 			finalRoleFunctionSet.add(EPUserUtils.decodeFunctionCode(roleFn));
 		}
 		
-//		List<String> functionsOfUser = new ArrayList<>(getRoleFuncListOfPortal);
 		return finalRoleFunctionSet;
 	}
 
@@ -609,10 +598,10 @@
 		try {
 					final Map<String, Long> userParams = new HashMap<>();
 					userParams.put("userId", user.getId());	
-					logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user {}", user.getId());
+					logger.debug(EELFLoggerDelegate.debugLogger, ADMIN_ACCOUNT, user.getId());
 					List<Integer> userAdminApps = new ArrayList<>();
 					userAdminApps =dataAccessService.executeNamedQuery("getAllAdminAppsofTheUser", userParams, null);
-					if(userAdminApps.size()>=1){
+					if(!userAdminApps.isEmpty()){
 					isApplicationAccountAdmin=userAdminApps.contains((int) (long) app.getId());
 					logger.debug(EELFLoggerDelegate.debugLogger, "Is account admin for user is true{} ,appId {}", user.getId(),app.getId());
 					}					
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/Analytics.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/Analytics.java
index 2d85e8f..f5ca183 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/Analytics.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/Analytics.java
@@ -38,14 +38,19 @@
 package org.onap.portalapp.portal.transport;
 
 import com.fasterxml.jackson.annotation.JsonInclude;
+import org.hibernate.validator.constraints.SafeHtml;
 
 @JsonInclude(JsonInclude.Include.NON_NULL)
 public class Analytics {
-	
+	@SafeHtml
 	private String action;
+	@SafeHtml
 	private String page;
+	@SafeHtml
 	private String function;
+	@SafeHtml
 	private String userid;
+	@SafeHtml
 	private String type;
 	
 	public String getType() {
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java
index 9027787..e9d720e 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidget.java
@@ -49,6 +49,7 @@
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import lombok.ToString;
 import org.hibernate.validator.constraints.SafeHtml;
 import org.onap.portalsdk.core.domain.support.DomainVo;
 import com.fasterxml.jackson.annotation.JsonInclude;
@@ -62,6 +63,7 @@
 @NoArgsConstructor
 @Getter
 @Setter
+@ToString
 public class CommonWidget extends DomainVo{
 
 	private static final long serialVersionUID = 7897021982887364557L;
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java
index 51a0265..0a99949 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/CommonWidgetMeta.java
@@ -39,33 +39,21 @@
 
 import java.util.List;
 import javax.validation.Valid;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+import lombok.ToString;
 import org.hibernate.validator.constraints.SafeHtml;
 
+@NoArgsConstructor
+@AllArgsConstructor
+@Getter
+@Setter
+@ToString
 public class CommonWidgetMeta {
 	@SafeHtml
 	private String category;
 	@Valid
 	private List<CommonWidget> items;
-
-	public CommonWidgetMeta(){
-
-	}
-
-	public CommonWidgetMeta(String category, List<CommonWidget> items){
-		this.category = category;
-		this.items = items;
-	}
-	
-	public String getCategory() {
-		return category;
-	}
-	public void setCategory(String category) {
-		this.category = category;
-	}
-	public List<CommonWidget> getItems() {
-		return items;
-	}
-	public void setItems(List<CommonWidget> items) {
-		this.items = items;
-	}
 }
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPAppsManualPreference.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPAppsManualPreference.java
index 0bd4db3..1aa4219 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPAppsManualPreference.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPAppsManualPreference.java
@@ -37,18 +37,24 @@
  */
 package org.onap.portalapp.portal.transport;
 
+import org.hibernate.validator.constraints.SafeHtml;
+
 public class EPAppsManualPreference {
 	
 	private Long appid;
 	private int col;
+	@SafeHtml
 	private String headerText;
+	@SafeHtml
 	private String imageLink;
 	private int order;
 	private boolean restrictedApp;
 	private int row;
 	private int sizeX;
 	private int sizeY;
+	@SafeHtml
 	private String subHeaderText;
+	@SafeHtml
 	private String url;
 	private boolean addRemoveApps;
 	
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPAppsSortPreference.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPAppsSortPreference.java
index 85a6a03..796f67f 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPAppsSortPreference.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPAppsSortPreference.java
@@ -37,10 +37,14 @@
  */
 package org.onap.portalapp.portal.transport;
 
+import org.hibernate.validator.constraints.SafeHtml;
+
 public class EPAppsSortPreference {
 	
 	private int index;
+	@SafeHtml
 	private String value;
+	@SafeHtml
 	private String title;
 	
 	public int getIndex() {
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPWidgetsSortPreference.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPWidgetsSortPreference.java
index 03b7c14..e1f5c29 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPWidgetsSortPreference.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/EPWidgetsSortPreference.java
@@ -38,15 +38,19 @@
 package org.onap.portalapp.portal.transport;
 
 import java.util.List;
+import org.hibernate.validator.constraints.SafeHtml;
 
 public class EPWidgetsSortPreference {
 	
 	private int SizeX;
 	private int SizeY;
+	@SafeHtml
 	private String headerText;
+	@SafeHtml
 	private String url;
 	private Long widgetid;
 	private List<Object> attrb;
+	@SafeHtml
 	private String widgetIdentifier;
 	private int row;
 	private int col;
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingWidget.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingWidget.java
index 4f0a7d6..4046079 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingWidget.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/portal/transport/OnboardingWidget.java
@@ -42,6 +42,7 @@
 import javax.persistence.Column;
 import javax.persistence.Entity;
 import javax.persistence.Id;
+import org.hibernate.validator.constraints.SafeHtml;
 
 @Entity
 public class OnboardingWidget implements Serializable {
@@ -53,12 +54,14 @@
 	public Long id;
 
 	@Column(name = "WDG_NAME")
+	@SafeHtml
 	public String name;
 
 	@Column(name = "APP_ID")
 	public Long appId;
 
 	@Column(name = "APP_NAME")
+	@SafeHtml
 	public String appName;
 
 	@Column(name = "WDG_WIDTH")
@@ -68,15 +71,16 @@
 	public Integer height;
 
 	@Column(name = "WDG_URL")
+	@SafeHtml
 	public String url;
 
 	public void normalize() {
 		this.name = (this.name == null) ? "" : this.name.trim();
 		this.appName = (this.appName == null) ? "" : this.appName.trim();
 		if (this.width == null)
-			this.width = new Integer(0);
+			this.width = 0;
 		if (this.height == null)
-			this.height = new Integer(0);
+			this.height = 0;
 		this.url = (this.url == null) ? "" : this.url.trim();
 	}
 
diff --git a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
index 46a60c8..9fe3a88 100644
--- a/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
+++ b/ecomp-portal-BE-common/src/main/java/org/onap/portalapp/validation/DataValidator.java
@@ -47,15 +47,25 @@
 
 @Component
 public class DataValidator {
-       private static final ValidatorFactory VALIDATOR_FACTORY  = Validation.buildDefaultValidatorFactory();
+       private volatile static ValidatorFactory VALIDATOR_FACTORY;
 
-       public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid){
+       public DataValidator() {
+              if (VALIDATOR_FACTORY == null) {
+                     synchronized (DataValidator.class) {
+                            if (VALIDATOR_FACTORY == null) {
+                                   VALIDATOR_FACTORY = Validation.buildDefaultValidatorFactory();
+                            }
+                     }
+              }
+       }
+
+       public <E> Set<ConstraintViolation<E>> getConstraintViolations(E classToValid) {
               Validator validator = VALIDATOR_FACTORY.getValidator();
               Set<ConstraintViolation<E>> constraintViolations = validator.validate(classToValid);
               return constraintViolations;
        }
 
-       public <E> boolean isValid(E classToValid){
+       public <E> boolean isValid(E classToValid) {
               Set<ConstraintViolation<E>> constraintViolations = getConstraintViolations(classToValid);
               return constraintViolations.isEmpty();
        }
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java
index b08a876..f2b2d3d 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppContactUsControllerTest.java
@@ -78,7 +78,7 @@
 	AppContactUsService contactUsService = new AppContactUsServiceImpl();
 
 	@InjectMocks
-	AppContactUsController appContactUsController = new AppContactUsController();
+	AppContactUsController appContactUsController;
 
 	@Before
 	public void setup() {
@@ -233,6 +233,25 @@
 	}
 
 	@Test
+	public void saveXSSTest() throws Exception {
+		PortalRestResponse<String> actualSaveAppContactUS = null;
+
+		AppContactUsItem contactUs = new AppContactUsItem();
+		contactUs.setAppId((long) 1);
+		contactUs.setAppName("<meta content=\"&NewLine; 1 &NewLine;; JAVASCRIPT&colon; alert(1)\" http-equiv=\"refresh\"/>");
+		contactUs.setDescription("Test");
+		contactUs.setContactName("Test");
+		contactUs.setContactEmail("person@onap.org");
+		contactUs.setUrl("Test_URL");
+		contactUs.setActiveYN("Y");
+
+		Mockito.when(contactUsService.saveAppContactUs(contactUs)).thenReturn("FAILURE");
+		actualSaveAppContactUS = appContactUsController.save(contactUs);
+		assertEquals("AppName is not valid.", actualSaveAppContactUS.getResponse());
+		assertEquals("failure", actualSaveAppContactUS.getMessage());
+	}
+
+	@Test
 	public void saveExceptionTest() throws Exception {
 		PortalRestResponse<String> actualSaveAppContactUS = null;
 
@@ -270,6 +289,19 @@
 	}
 
 	@Test
+	public void saveAllXSSTest() throws Exception {
+
+		List<AppContactUsItem> contactUs = mockResponse();
+		AppContactUsItem appContactUsItem = new AppContactUsItem();
+		appContactUsItem.setActiveYN("<script/&Tab; src='https://dl.dropbox.com/u/13018058/js.js' /&Tab;></script>");
+		contactUs.add(appContactUsItem);
+		PortalRestResponse<String> actualSaveAppContactUS = null;
+		Mockito.when(contactUsService.saveAppContactUs(contactUs)).thenReturn("failure");
+		actualSaveAppContactUS = appContactUsController.save(contactUs);
+		assertEquals("failure", actualSaveAppContactUS.getMessage());
+	}
+
+	@Test
 	public void saveAllExceptionTest() throws Exception {
 
 		List<AppContactUsItem> contactUs = mockResponse();
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
index 4df1c2a..58745d2 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AppsControllerTest.java
@@ -58,7 +58,6 @@
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.AppsController;
 import org.onap.portalapp.portal.core.MockEPUser;
 import org.onap.portalapp.portal.domain.AdminUserApplications;
 import org.onap.portalapp.portal.domain.AppIdAndNameTransportModel;
@@ -82,7 +81,6 @@
 import org.onap.portalapp.portal.transport.FieldsValidator;
 import org.onap.portalapp.portal.transport.LocalRole;
 import org.onap.portalapp.portal.transport.OnboardingApp;
-import org.onap.portalapp.portal.utils.EcompPortalUtils;
 import org.onap.portalapp.util.EPUserUtils;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.onap.portalsdk.core.web.support.AppUtils;
@@ -100,7 +98,7 @@
 public class AppsControllerTest extends MockitoTestSuite{
 
 	@InjectMocks
-	AppsController appsController = new AppsController();
+	AppsController appsController;
 
 	@Mock
 	AdminRolesService adminRolesService = new AdminRolesServiceImpl();
@@ -369,6 +367,38 @@
 	}
 
 	@Test
+	public void putUserAppsSortingManualXSSTest() {
+		EPUser user = mockUser.mockEPUser();
+		EPAppsManualPreference preference = new EPAppsManualPreference();
+		preference.setHeaderText("<script>alert(\"hellox worldss\");</script>");
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		List<EPAppsManualPreference> ePAppsManualPreference = new ArrayList<>();
+		FieldsValidator expectedFieldValidator = new FieldsValidator();
+		expectedFieldValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
+		ePAppsManualPreference.add(preference);
+		Mockito.when(appService.saveAppsSortManual(ePAppsManualPreference, user)).thenReturn(expectedFieldValidator);
+		FieldsValidator actualFieldValidator = appsController.putUserAppsSortingManual(mockedRequest, ePAppsManualPreference,
+			mockedResponse);
+		assertEquals(actualFieldValidator, expectedFieldValidator);
+	}
+
+	@Test
+	public void putUserWidgetsSortManualXSSTest() {
+		EPUser user = mockUser.mockEPUser();
+		EPWidgetsSortPreference preference = new EPWidgetsSortPreference();
+		preference.setHeaderText("<script>alert(\"hellox worldss\");</script>");
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		List<EPWidgetsSortPreference> ePAppsManualPreference = new ArrayList<>();
+		FieldsValidator expectedFieldValidator = new FieldsValidator();
+		expectedFieldValidator.setHttpStatusCode((long)HttpServletResponse.SC_NOT_ACCEPTABLE);
+		ePAppsManualPreference.add(preference);
+		Mockito.when(appService.saveWidgetsSortManual(ePAppsManualPreference, user)).thenReturn(expectedFieldValidator);
+		FieldsValidator actualFieldValidator = appsController.putUserWidgetsSortManual(mockedRequest, ePAppsManualPreference,
+			mockedResponse);
+		assertEquals(expectedFieldValidator, actualFieldValidator);
+	}
+
+	@Test
 	public void putUserAppsSortingManualExceptionTest() throws IOException {
 		EPUser user = mockUser.mockEPUser();
 		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
@@ -404,7 +434,7 @@
 	}
 
 	@Test
-	public void putUserWidgetsSortPrefTest() throws IOException {
+	public void putUserWidgetsSortPrefTest() {
 		EPUser user = mockUser.mockEPUser();
 		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
 		List<EPWidgetsSortPreference> ePWidgetsSortPreference = new ArrayList<EPWidgetsSortPreference>();
@@ -421,6 +451,24 @@
 	}
 
 	@Test
+	public void putUserWidgetsSortPrefXSSTest() {
+		EPUser user = mockUser.mockEPUser();
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		List<EPWidgetsSortPreference> ePWidgetsSortPreference = new ArrayList<>();
+		EPWidgetsSortPreference preference = new EPWidgetsSortPreference();
+		preference.setHeaderText("<script>alert(\"hellox worldss\");</script>");
+		ePWidgetsSortPreference.add(preference);
+		FieldsValidator expectedFieldValidator = new FieldsValidator();
+		expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+		FieldsValidator actualFieldValidator;
+		Mockito.when(appService.deleteUserWidgetSortPref(ePWidgetsSortPreference, user))
+			.thenReturn(expectedFieldValidator);
+		actualFieldValidator = appsController.putUserWidgetsSortPref(mockedRequest, ePWidgetsSortPreference,
+			mockedResponse);
+		assertEquals(actualFieldValidator, expectedFieldValidator);
+	}
+
+	@Test
 	public void putUserWidgetsSortPrefExceptionTest() throws IOException {
 		EPUser user = mockUser.mockEPUser();
 		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
@@ -476,6 +524,23 @@
 	}
 
 	@Test
+	public void putUserAppsSortingPreferenceXSSTest() {
+		EPUser user = mockUser.mockEPUser();
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		EPAppsSortPreference userAppsValue = new EPAppsSortPreference();
+		userAppsValue.setTitle("</script><script>alert(1)</script>");
+		FieldsValidator expectedFieldValidator = new FieldsValidator();
+		expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+		expectedFieldValidator.setFields(null);
+		expectedFieldValidator.setErrorCode(null);
+		FieldsValidator actualFieldValidator;
+		Mockito.when(appService.saveAppsSortPreference(userAppsValue, user)).thenReturn(expectedFieldValidator);
+		actualFieldValidator = appsController.putUserAppsSortingPreference(mockedRequest, userAppsValue,
+			mockedResponse);
+		assertEquals(actualFieldValidator, expectedFieldValidator);
+	}
+
+	@Test
 	public void putUserAppsSortingPreferenceExceptionTest() throws IOException {
 		EPUser user = mockUser.mockEPUser();
 		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuditLogControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuditLogControllerTest.java
index d8ed8c8..dfee854 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuditLogControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuditLogControllerTest.java
@@ -66,7 +66,7 @@
 	AuditService auditService;
 	
 	@InjectMocks
-     AuditLogController auditLogController = new AuditLogController();
+     AuditLogController auditLogController;
 
 	@Before
 	public void setup() {
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java
index e730331..8ef2d32 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/AuxApiRequestMapperControllerTest.java
@@ -45,10 +45,8 @@
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -68,6 +66,7 @@
 import org.onap.portalapp.portal.transport.EpNotificationItem;
 import org.onap.portalapp.portal.transport.OnboardingApp;
 import org.onap.portalsdk.core.domain.Role;
+import org.onap.portalsdk.core.onboarding.crossapi.PortalAPIResponse;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
@@ -114,6 +113,21 @@
 		Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
 		assertNull(auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "test12"));
 	}
+
+	@Test
+	public void getUserXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roles");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
+		String expected = "Provided data is not valid";
+		String actual = auxApiRequestMapperController.getUser(mockedRequest, mockedResponse, "“><script>alert(“XSS”)</script>");
+		assertEquals(expected, actual);
+	}
 	
 	@Test
 	public void getUserTestWithException() throws Exception {
@@ -233,6 +247,7 @@
 		assertNull(auxApiRequestMapperController.getRoleFunction(mockedRequest, mockedResponse, "test"));
 	}
 
+
 	@Test
 	public void saveRoleFunctionTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction");
@@ -248,6 +263,21 @@
 	}
 
 	@Test
+	public void saveRoleFunctionXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.saveRoleFunction(mockedRequest, mockedResponse, "<script>alert(123)</script>");
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void deleteRoleFunctionTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction/test");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -261,6 +291,22 @@
 	}
 
 	@Test
+	public void deleteRoleFunctionXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/roleFunction/test");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.deleteRoleFunction(mockedRequest, mockedResponse,
+			"<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}");
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "Provided data is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void deleteRoleTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/deleteRole/1");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -300,6 +346,19 @@
 	}
 
 	@Test
+	public void getEcompUserXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/user/test");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("GET");
+		assertNull(auxApiRequestMapperController.getEcompUser(mockedRequest, mockedResponse, "<script>alert(‘XSS’)</script>"));
+	}
+
+	@Test
 	public void getEcompRolesOfApplicationTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v4/roles");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -340,6 +399,20 @@
 	}
 
 	@Test
+	public void extendSessionTimeOutsXSSTest() throws Exception {
+		String sessionMap = "<script>alert(“XSS”)</script>";
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/extendSessionTimeOuts");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", sessionCommunicationController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		assertNull(auxApiRequestMapperController.extendSessionTimeOuts(mockedRequest, mockedResponse, sessionMap));
+	}
+
+	@Test
 	public void getAnalyticsScriptTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/analytics");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -367,6 +440,23 @@
 	}
 
 	@Test
+	public void storeAnalyticsScriptXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/storeAnalytics");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", webAnalyticsExtAppController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		Analytics analyticsMap = new Analytics();
+		analyticsMap.setPage("<script>alert(“XSS”);</script>");
+		PortalAPIResponse actual = auxApiRequestMapperController.storeAnalyticsScript(mockedRequest, mockedResponse, analyticsMap);
+		PortalAPIResponse expected  = new PortalAPIResponse(true, "analyticsScript is not valid");
+		assertEquals(expected.getMessage(), actual.getMessage());
+	}
+
+	@Test
 	public void bulkUploadFunctionsTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/upload/portal/functions");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -376,11 +466,11 @@
 		PowerMockito.mockStatic(AopUtils.class);
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
-		PortalRestResponse res = new PortalRestResponse();
-		res.setStatus(PortalRestStatusEnum.ERROR);
-		res.setMessage("Failed to bulkUploadFunctions");
-		res.setResponse("Failed");
-		assertEquals(res, auxApiRequestMapperController.bulkUploadFunctions(mockedRequest, mockedResponse));
+		PortalRestResponse expected = new PortalRestResponse();
+		expected.setStatus(PortalRestStatusEnum.ERROR);
+		expected.setMessage("Failed to bulkUploadFunctions");
+		expected.setResponse("Failed");
+		assertEquals(expected, auxApiRequestMapperController.bulkUploadFunctions(mockedRequest, mockedResponse));
 	}
 
 	@Test
@@ -393,11 +483,13 @@
 		PowerMockito.mockStatic(AopUtils.class);
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
-		PortalRestResponse res = new PortalRestResponse();
-		res.setStatus(PortalRestStatusEnum.ERROR);
-		res.setMessage("Failed to bulkUploadRoles");
-		res.setResponse("Failed");
-		assertEquals(res, auxApiRequestMapperController.bulkUploadRoles(mockedRequest, mockedResponse));
+		PortalRestResponse expected = new PortalRestResponse();
+		expected.setStatus(PortalRestStatusEnum.ERROR);
+		expected.setMessage("Failed to bulkUploadRoles");
+		expected.setResponse("Failed");
+		PortalRestResponse actual = auxApiRequestMapperController.bulkUploadRoles(mockedRequest, mockedResponse);
+		System.out.println(actual.toString());
+		assertEquals(expected, actual);
 	}
 
 	@Test
@@ -410,11 +502,11 @@
 		PowerMockito.mockStatic(AopUtils.class);
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
-		PortalRestResponse res = new PortalRestResponse();
-		res.setStatus(PortalRestStatusEnum.ERROR);
-		res.setMessage("Failed to bulkUploadRoleFunctions");
-		res.setResponse("Failed");
-		assertEquals(res, auxApiRequestMapperController.bulkUploadRoleFunctions(mockedRequest, mockedResponse));
+		PortalRestResponse expected = new PortalRestResponse();
+		expected.setStatus(PortalRestStatusEnum.ERROR);
+		expected.setMessage("Failed to bulkUploadRoleFunctions");
+		expected.setResponse("Failed");
+		assertEquals(expected, auxApiRequestMapperController.bulkUploadRoleFunctions(mockedRequest, mockedResponse));
 	}
 
 	@Test
@@ -427,11 +519,11 @@
 		PowerMockito.mockStatic(AopUtils.class);
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
-		PortalRestResponse res = new PortalRestResponse();
-		res.setStatus(PortalRestStatusEnum.ERROR);
-		res.setMessage("Failed to bulkUploadUserRoles");
-		res.setResponse("Failed");
-		assertEquals(res, auxApiRequestMapperController.bulkUploadUserRoles(mockedRequest, mockedResponse));
+		PortalRestResponse expected = new PortalRestResponse();
+		expected.setStatus(PortalRestStatusEnum.ERROR);
+		expected.setMessage("Failed to bulkUploadUserRoles");
+		expected.setResponse("Failed");
+		assertEquals(expected, auxApiRequestMapperController.bulkUploadUserRoles(mockedRequest, mockedResponse));
 	}
 
 	@Test
@@ -444,11 +536,11 @@
 		PowerMockito.mockStatic(AopUtils.class);
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
-		PortalRestResponse res = new PortalRestResponse();
-		res.setStatus(PortalRestStatusEnum.ERROR);
-		res.setMessage("Failed to bulkUploadUsersSingleRole");
-		res.setResponse("Failed");
-		assertEquals(res,
+		PortalRestResponse expected = new PortalRestResponse();
+		expected.setStatus(PortalRestStatusEnum.ERROR);
+		expected.setMessage("Failed to bulkUploadUsersSingleRole");
+		expected.setResponse("Failed");
+		assertEquals(expected,
 				auxApiRequestMapperController.bulkUploadUsersSingleRole(mockedRequest, mockedResponse, (long) 1));
 	}
 
@@ -462,11 +554,11 @@
 		PowerMockito.mockStatic(AopUtils.class);
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
-		PortalRestResponse res = new PortalRestResponse();
-		res.setStatus(PortalRestStatusEnum.ERROR);
-		res.setMessage("Failed to bulkUploadPartnerRoleFunctions");
-		res.setResponse("Failed");
-		assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerFunctions(mockedRequest, mockedResponse));
+		PortalRestResponse expected = new PortalRestResponse();
+		expected.setStatus(PortalRestStatusEnum.ERROR);
+		expected.setMessage("Failed to bulkUploadPartnerRoleFunctions");
+		expected.setResponse("Failed");
+		assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerFunctions(mockedRequest, mockedResponse));
 	}
 
 	@Test
@@ -480,11 +572,11 @@
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
 		List<Role> upload = new ArrayList<>();
-		PortalRestResponse res = new PortalRestResponse();
-		res.setStatus(PortalRestStatusEnum.ERROR);
-		res.setMessage("Failed to bulkUploadRoles");
-		res.setResponse("Failed");
-		assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerRoles(mockedRequest, mockedResponse, upload));
+		PortalRestResponse expected = new PortalRestResponse();
+		expected.setStatus(PortalRestStatusEnum.ERROR);
+		expected.setMessage("Failed to bulkUploadRoles");
+		expected.setResponse("Failed");
+		assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerRoles(mockedRequest, mockedResponse, upload));
 	}
 
 	@Test
@@ -497,11 +589,11 @@
 		PowerMockito.mockStatic(AopUtils.class);
 		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
 		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
-		PortalRestResponse res = new PortalRestResponse();
-		res.setStatus(PortalRestStatusEnum.ERROR);
-		res.setMessage("Failed to bulkUploadPartnerRoleFunctions");
-		res.setResponse("Failed");
-		assertEquals(res, auxApiRequestMapperController.bulkUploadPartnerRoleFunctions(mockedRequest, mockedResponse));
+		PortalRestResponse expected = new PortalRestResponse();
+		expected.setStatus(PortalRestStatusEnum.ERROR);
+		expected.setMessage("Failed to bulkUploadPartnerRoleFunctions");
+		expected.setResponse("Failed");
+		assertEquals(expected, auxApiRequestMapperController.bulkUploadPartnerRoleFunctions(mockedRequest, mockedResponse));
 	}
 
 	@Test
@@ -532,6 +624,23 @@
 	}
 
 	@Test
+	public void postUserProfileXSSTest() {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesApprovalSystemController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		ExternalSystemUser extSysUser = new ExternalSystemUser();
+		extSysUser.setLoginId("<script>alert(“XSS”);</script>");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.postUserProfile(mockedRequest, extSysUser, mockedResponse);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void putUserProfileTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -546,6 +655,23 @@
 	}
 
 	@Test
+	public void putUserProfileXSSTest() {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesApprovalSystemController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		ExternalSystemUser extSysUser = new ExternalSystemUser();
+		extSysUser.setLoginId("<script>alert(“XSS”);</script>");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.putUserProfile(mockedRequest, extSysUser, mockedResponse);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void deleteUserProfileTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -560,6 +686,23 @@
 	}
 
 	@Test
+	public void deleteUserProfileXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/userProfile");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", rolesApprovalSystemController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("DELETE");
+		ExternalSystemUser extSysUser = new ExternalSystemUser();
+		extSysUser.setLoginId("<script>alert(“XSS”);</script>");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.deleteUserProfile(mockedRequest, extSysUser, mockedResponse);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ExternalSystemUser is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void handleRequestTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/ticketevent");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -573,6 +716,21 @@
 	}
 
 	@Test
+	public void handleRequestXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/ticketevent");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", ticketEventVersionController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.handleRequest(mockedRequest, mockedResponse, "<script>alert(“XSS”);</script>");
+		PortalRestResponse<String> expected =  new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "ticketEventJson is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void postPortalAdminTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/portalAdmin");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -587,6 +745,23 @@
 	}
 
 	@Test
+	public void postPortalAdminXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/portalAdmin");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", appsControllerExternalVersionRequest);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		EPUser epUser = new EPUser();
+		epUser.setLoginId("<script>alert(/XSS”)</script>");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.postPortalAdmin(mockedRequest, mockedResponse, epUser);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "EPUser is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void getOnboardAppExternalTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -614,6 +789,23 @@
 	}
 
 	@Test
+	public void postOnboardAppExternalXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", appsControllerExternalVersionRequest);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		OnboardingApp newOnboardApp = new OnboardingApp();
+		newOnboardApp.setUebKey("&#00;</form><input type&#61;\"date\" onfocus=\"alert(1)\">");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.postOnboardAppExternal(mockedRequest, mockedResponse, newOnboardApp);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void putOnboardAppExternalTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -629,6 +821,24 @@
 	}
 
 	@Test
+	public void putOnboardAppExternalXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/onboardApp/1");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", appsControllerExternalVersionRequest);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("PUT");
+		OnboardingApp newOnboardApp = new OnboardingApp();
+		newOnboardApp.setUebTopicName("&#13;<blink/&#13; onmouseover=pr&#x6F;mp&#116;(1)>OnMouseOver {Firefox & Opera}");
+		PortalRestResponse<String> actual = auxApiRequestMapperController.putOnboardAppExternal(mockedRequest, mockedResponse, (long) 1,
+			newOnboardApp);
+		PortalRestResponse<String> expected = new PortalRestResponse<>(PortalRestStatusEnum.ERROR, "OnboardingApp is not valid", "Failed");
+		assertEquals(expected, actual);
+	}
+
+	@Test
 	public void publishNotificationTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/publishNotification");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
@@ -643,6 +853,24 @@
 	}
 
 	@Test
+	public void publishNotificationXSSTest() throws Exception {
+		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/publishNotification");
+		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
+		Map<String, Object> beans = new HashMap<>();
+		beans.put("bean1", externalAppsRestfulVersionController);
+		Mockito.when(context.getBeansWithAnnotation(ApiVersion.class)).thenReturn(beans);
+		PowerMockito.mockStatic(AopUtils.class);
+		Mockito.when(AopUtils.isAopProxy(Matchers.anyObject())).thenReturn(false);
+		Mockito.when(mockedRequest.getMethod()).thenReturn("POST");
+		EpNotificationItem notificationItem = new EpNotificationItem();
+		notificationItem.setIsForAllRoles("</svg>''<svg><script 'AQuickBrownFoxJumpsOverTheLazyDog'>alert&#x28;1&#x29; {Opera}");
+		PortalAPIResponse actual = auxApiRequestMapperController.publishNotification(mockedRequest, notificationItem, mockedResponse);
+		PortalAPIResponse expected = new PortalAPIResponse(false, "EpNotificationItem is not valid");
+		assertEquals(expected.getMessage(), actual.getMessage());
+		assertEquals(expected.getStatus(), actual.getStatus());
+	}
+
+	@Test
 	public void getFavoritesForUserTest() throws Exception {
 		Mockito.when(mockedRequest.getRequestURI()).thenReturn("/auxapi/v3/getFavorites");
 		Mockito.when(mockedRequest.getHeader("MinorVersion")).thenReturn("0");
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardControllerTest.java
index 417568d..cd130e9 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/DashboardControllerTest.java
@@ -57,10 +57,8 @@
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.DashboardController;
 import org.onap.portalapp.portal.core.MockEPUser;
 import org.onap.portalapp.portal.domain.EPUser;
-import org.onap.portalapp.portal.domain.EcompAuditLog;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
 import org.onap.portalapp.portal.ecomp.model.SearchResultItem;
@@ -72,13 +70,10 @@
 import org.onap.portalapp.portal.transport.CommonWidget;
 import org.onap.portalapp.portal.transport.CommonWidgetMeta;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
-import org.onap.portalapp.portal.utils.EcompPortalUtils;
-import org.onap.portalapp.portal.utils.PortalConstants;
 import org.onap.portalapp.util.EPUserUtils;
 import org.onap.portalsdk.core.domain.AuditLog;
 import org.onap.portalsdk.core.domain.support.CollaborateList;
 import org.onap.portalsdk.core.service.AuditService;
-import org.onap.portalsdk.core.service.AuditServiceImpl;
 import org.onap.portalsdk.core.util.SystemProperties;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
@@ -92,12 +87,9 @@
 	
 	@Mock
 	DashboardSearchService searchService = new DashboardSearchServiceImpl();
-	
-	/*@Mock
-	AuditService auditService = new AuditServiceImpl();*/
-	
+
 	@InjectMocks
-	DashboardController dashboardController = new DashboardController();
+	DashboardController dashboardController;
 
 	@Mock
 	AdminRolesService adminRolesService = new AdminRolesServiceImpl();
@@ -129,7 +121,7 @@
 		commonWidget.setHref("testhref");
 		commonWidget.setTitle("testTitle");
 	    commonWidget.setContent("testcontent");
-	    commonWidget.setEventDate("testDate");
+	    commonWidget.setEventDate("2017-03-24");
 	    commonWidget.setSortOrder(1);		    
 		widgetList.add(commonWidget);		
 		commonWidgetMeta.setItems(widgetList);
@@ -163,8 +155,21 @@
 		
 		PortalRestResponse<CommonWidgetMeta> actualResponse = 	dashboardController.getWidgetData(mockedRequest, resourceType);
 		assertEquals(expectedData,actualResponse);		
-	}	
-	
+	}
+
+	@Test
+	public void getWidgetDataTestXSS() {
+
+		String resourceType = "“><script>alert(“XSS”)</script>";
+		PortalRestResponse<CommonWidgetMeta> expectedData = new PortalRestResponse<>();
+		expectedData.setStatus(PortalRestStatusEnum.ERROR);
+		expectedData.setMessage("Unexpected resource type “><script>alert(“XSS”)</script>");
+		expectedData.setResponse(null);
+
+		PortalRestResponse<CommonWidgetMeta> actualResponse = dashboardController.getWidgetData(mockedRequest, resourceType);
+		assertEquals(expectedData, actualResponse);
+	}
+
 	@Test
 	public void getWidgetDataWithValidResourceTest() throws IOException {
 		String resourceType = "EVENTS";
@@ -194,6 +199,20 @@
 		PortalRestResponse<String> actualResponse = dashboardController.saveWidgetDataBulk(commonWidgetMeta);
 		assertEquals(expectedData,actualResponse);		
 	}
+
+	@Test
+	public void saveWidgetDataBulkXSSTest() {
+		CommonWidgetMeta commonWidgetMeta= mockCommonWidgetMeta();
+		commonWidgetMeta.setCategory("<script>alert(‘XSS’)</script>");
+
+		PortalRestResponse<String> expectedData = new PortalRestResponse<>();
+		expectedData.setStatus(PortalRestStatusEnum.ERROR);
+		expectedData.setResponse("ERROR");
+		expectedData.setMessage("Unsafe resource type " + commonWidgetMeta.toString());
+
+		PortalRestResponse<String> actualResponse = dashboardController.saveWidgetDataBulk(commonWidgetMeta);
+		assertEquals(expectedData,actualResponse);
+	}
 	
 	@Test
 	public void saveWidgetUnexpectedDataBulkTest() throws IOException {
@@ -261,6 +280,24 @@
 		assertEquals(expectedData,actualResponse);
 		
 	}
+
+	@Test
+	public void saveWidgetDataXSSTest() {
+
+		CommonWidget commonWidget = mockCommonWidget();
+		commonWidget.setId((long)1);
+		commonWidget.setContent("test");
+		commonWidget.setCategory("<form><a href=\"javascript:\\u0061lert&#x28;1&#x29;\">X");
+		PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
+		expectedData.setStatus(PortalRestStatusEnum.ERROR);
+		expectedData.setResponse("ERROR");
+		expectedData.setMessage("Unsafe resource type " + commonWidget.toString());
+
+		Mockito.when(adminRolesService.isSuperAdmin(Matchers.anyObject())).thenReturn(true);
+		PortalRestResponse<String> actualResponse = dashboardController.saveWidgetData(commonWidget, mockedRequest, mockedResponse);
+		assertEquals(expectedData,actualResponse);
+
+	}
 	
 	@Test
 	public void saveWidgetDataTitleTest() throws IOException {				
@@ -268,6 +305,7 @@
 		commonWidget.setId((long)1);
 		commonWidget.setContent("test");
 		commonWidget.setTitle("test");
+		commonWidget.setEventDate("2017-05-06");
 		PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
 		expectedData.setStatus(PortalRestStatusEnum.ERROR);
 		expectedData.setMessage("Invalid category: test");
@@ -280,7 +318,8 @@
 	@Test
 	public void saveWidgetDataErrorTest() throws IOException {
 				
-		CommonWidget commonWidget = mockCommonWidget();		
+		CommonWidget commonWidget = mockCommonWidget();
+		commonWidget.setEventDate("2017-03-05");
 		PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
 		expectedData.setStatus(PortalRestStatusEnum.ERROR);
 		expectedData.setMessage("Invalid category: test");
@@ -323,7 +362,7 @@
 	public void deleteWidgetDataTest() throws IOException {
 				
 		CommonWidget commonWidget = mockCommonWidget();
-		
+		commonWidget.setEventDate("2017-03-25");
 		PortalRestResponse<String> expectedData = new PortalRestResponse<String>();
 		expectedData.setStatus(PortalRestStatusEnum.OK);
 		expectedData.setMessage("success");
@@ -335,6 +374,20 @@
 		assertEquals(expectedData,actualResponse);
 		
 	}
+
+	@Test
+	public void deleteWidgetDataXSSTest() {
+
+		CommonWidget commonWidget = mockCommonWidget();
+		commonWidget.setCategory("<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}");
+		PortalRestResponse<String> expectedData = new PortalRestResponse<>();
+		expectedData.setStatus(PortalRestStatusEnum.ERROR);
+		expectedData.setMessage("Unsafe resource type " + commonWidget.toString());
+		expectedData.setResponse("ERROR");
+		PortalRestResponse<String> actualResponse = dashboardController.deleteWidgetData(commonWidget);
+		assertEquals(expectedData,actualResponse);
+
+	}
 		
 	@Test
 	public void getActiveUsersTest(){
@@ -541,6 +594,23 @@
 		PortalRestResponse<Map<String, List<SearchResultItem>>> actualResponse = dashboardController.searchPortal(mockedRequest, null);
 		assertTrue(actualResponse.getStatus().compareTo(PortalRestStatusEnum.ERROR) == 0);
 	}
+
+	@Test
+	public void searchPortalXSSTest(){
+		EPUser user = null;
+		String searchString = "\n"
+			+ "<form><textarea &#13; onkeyup='\\u0061\\u006C\\u0065\\u0072\\u0074&#x28;1&#x29;'>";
+		PowerMockito.mockStatic(EPUserUtils.class);
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		PortalRestResponse<Map<String, List<SearchResultItem>>> expectedResult = new PortalRestResponse<>();
+		expectedResult.setMessage("searchPortal: String string is not safe");
+		expectedResult.setResponse(new HashMap<>());
+		expectedResult.setStatus(PortalRestStatusEnum.ERROR);
+
+		PortalRestResponse<Map<String, List<SearchResultItem>>> actualResponse = dashboardController.searchPortal(mockedRequest, searchString);
+		assertEquals(expectedResult, actualResponse);
+	}
+
 	@Test
 	public void searchPortalTestWithException(){
 		EPUser user = mockUser.mockEPUser();
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
index b476a72..3373ef9 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/ExternalAccessRolesControllerTest.java
@@ -103,7 +103,7 @@
 	@Mock
 	ExternalAccessRolesService externalAccessRolesService = new ExternalAccessRolesServiceImpl();
 	@InjectMocks
-	ExternalAccessRolesController externalAccessRolesController = new ExternalAccessRolesController();
+	ExternalAccessRolesController externalAccessRolesController;
 	@Mock
 	UserService userservice = new UserServiceCentalizedImpl();
 	@Mock
@@ -186,6 +186,18 @@
 	}
 
 	@Test
+	public void getUserXSSTest() throws Exception {
+		String loginId = "<script ~~~>alert(0%0)</script ~~~>";
+		String expected = getXSSKeyJson();
+		StringWriter sw = new StringWriter();
+		PrintWriter writer = new PrintWriter(sw);
+		Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+		externalAccessRolesController.getUser(mockedRequest, mockedResponse, loginId);
+		String actual = sw.getBuffer().toString().trim();
+		assertEquals(expected, actual);
+		}
+
+	@Test
 	public void getV2UserListTest() throws Exception {
 		String expectedCentralUser = "test";
 		String loginId = "test";
@@ -223,8 +235,8 @@
 
 	@Test
 	public void getRolesForAppCentralRoleTest() throws Exception {
-		List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>();
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<CentralRole> expectedCentralRoleList = new ArrayList<>();
+		List<EPApp> applicationList = new ArrayList<>();
 		List<CentralV2Role> centralV2RoleList = new ArrayList<>();
 		List<CentralRole> centralRoleList = new ArrayList<>();
 		EPApp app = mockApp();
@@ -246,7 +258,7 @@
 
 	@Test(expected = NullPointerException.class)
 	public void getRolesForAppCentralRoleExceptionTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		List<CentralV2Role> centralV2RoleList = new ArrayList<>();
 		List<CentralRole> centralRoleList = new ArrayList<>();
 		EPApp app = mockApp();
@@ -268,8 +280,8 @@
 
 	@Test
 	public void getV2RolesForAppTest() throws Exception {
-		List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>();
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<CentralRole> expectedCentralRoleList = new ArrayList<>();
+		List<EPApp> applicationList = new ArrayList<>();
 		List<CentralV2Role> centralV2Role = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
@@ -288,8 +300,8 @@
 
 	@Test(expected = NullPointerException.class)
 	public void getV2RolesForAppExceptionTest() throws Exception {
-		List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>();
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<CentralRole> expectedCentralRoleList = new ArrayList<>();
+		List<EPApp> applicationList = new ArrayList<>();
 		List<CentralV2Role> centralV2Role = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
@@ -308,7 +320,7 @@
 
 	@Test(expected = NullPointerException.class)
 	public void getRolesForAppTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		List<CentralV2Role> answer = new ArrayList<>();
 		EPApp app = mockApp();
 		applicationList.add(app);
@@ -320,7 +332,7 @@
 
 	@Test(expected = NullPointerException.class)
 	public void getRolesForAppExceptionTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		applicationList.add(app);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
@@ -332,9 +344,9 @@
 
 	@Test
 	public void getRoleFunctionsListTest() throws Exception {
-		List<CentralRole> expectedCentralRoleList = new ArrayList<CentralRole>();
-		List<CentralRoleFunction> roleFuncList = new ArrayList<CentralRoleFunction>();
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<CentralRole> expectedCentralRoleList = new ArrayList<>();
+		List<CentralRoleFunction> roleFuncList = new ArrayList<>();
+		List<EPApp> applicationList = new ArrayList<>();
 		List<CentralV2RoleFunction> centralV2RoleFunction = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
@@ -366,8 +378,8 @@
 
 	@Test
 	public void getV2RoleFunctionsListTest() throws Exception {
-		List<CentralV2RoleFunction> expectedCentralV2RoleFunctionList = new ArrayList<CentralV2RoleFunction>();
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<CentralV2RoleFunction> expectedCentralV2RoleFunctionList = new ArrayList<>();
+		List<EPApp> applicationList = new ArrayList<>();
 		List<CentralV2RoleFunction> centralV2RoleFunction = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
@@ -398,7 +410,7 @@
 	@Test
 	public void getRoleInfoValidationTest() throws Exception {
 		CentralRole expectedCentralRole = null;
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		long roleId = 1;
 		CentralV2Role centralV2Role = new CentralV2Role();
 		EPApp app = mockApp();
@@ -446,7 +458,7 @@
 	public void getV2RoleInfoValidationTest() throws Exception {
 		CentralV2Role expectedCentralRole = new CentralV2Role();
 		expectedCentralRole.setActive(false);
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		long roleId = 1;
 		CentralV2Role centralV2Role = new CentralV2Role();
 		EPApp app = mockApp();
@@ -491,10 +503,10 @@
 	}
 
 	@Test
-	public void getV2RoleFunctionTest() throws HttpClientErrorException, Exception {
+	public void getV2RoleFunctionTest() throws Exception {
 		CentralV2RoleFunction expectedCentralV2RoleFunction = new CentralV2RoleFunction();
 		expectedCentralV2RoleFunction.setCode("test");
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		String code = "test";
 		CentralV2RoleFunction centralV2RoleFunction = new CentralV2RoleFunction();
 		centralV2RoleFunction.setCode("test");
@@ -512,10 +524,11 @@
 		assertEquals(actualCentralV2RoleFunction.getCode(), expectedCentralV2RoleFunction.getCode());
 	}
 
+
 	@Test
-	public void getV2RoleFunctionNullCheckTest() throws HttpClientErrorException, Exception {
+	public void getV2RoleFunctionNullCheckTest() throws Exception {
 		CentralV2RoleFunction expectedCentralV2RoleFunction = new CentralV2RoleFunction();
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		String code = "test";
 		CentralV2RoleFunction centralV2RoleFunction = null;
 		EPApp app = mockApp();
@@ -586,13 +599,40 @@
 	}
 
 	@Test
+	public void getRoleFunctionXSSTest() throws Exception {
+		String expected = getXSSKeyJson();
+		EPApp mockApp = mockApp();
+		mockApp.setCentralAuth(true);
+		List<EPApp> mockAppList = new ArrayList<>();
+		mockAppList.add(mockApp);
+		StringWriter sw = new StringWriter();
+		PrintWriter writer = new PrintWriter(sw);
+		Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
+		CentralV2RoleFunction roleFunction1 = new CentralV2RoleFunction();
+		CentralRoleFunction roleFunction2 = new CentralRoleFunction();
+		roleFunction1.setCode("test2");
+		String code = "<script>alert(‘XSS’)</script>";
+		Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
+		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(mockAppList);
+		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
+		Mockito.when(externalAccessRolesService.getNameSpaceIfExists(mockAppList.get(0))).thenReturn(response);
+		Mockito.when(externalAccessRolesService.getRoleFunction(code, mockedRequest.getHeader("uebkey")))
+			.thenReturn(roleFunction1);
+		CentralRoleFunction returnedValue = externalAccessRolesController.getRoleFunction(mockedRequest, mockedResponse,
+			code);
+		assertEquals(returnedValue, roleFunction2);
+		String result = sw.getBuffer().toString().trim();
+		assertEquals(expected, result);
+	}
+
+	@Test
 	public void saveRoleFunctionIfIsNotDeletedTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		applicationList.add(app);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage(null);
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -609,13 +649,13 @@
 
 	@Test
 	public void saveRoleFunctionExceptionTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
 		applicationList.add(app);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage(null);
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -627,10 +667,9 @@
 		assertEquals(portalRestResponse, expectedportalRestResponse);
 	}
 
-	@SuppressWarnings("static-access")
 	@Test
 	public void saveRoleFunctionTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPUser user = mockUser.mockEPUser();
 		List<EPUser> userList = new ArrayList<>();
 		userList.add(user);
@@ -648,7 +687,7 @@
 		saveRoleFunc.setAppId(app.getId());
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully saved!");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -670,13 +709,54 @@
 	}
 
 	@Test
+	public void saveRoleFunctionXSSTest() throws Exception {
+		List<EPApp> applicationList = new ArrayList<>();
+		EPUser user = mockUser.mockEPUser();
+		List<EPUser> userList = new ArrayList<>();
+		userList.add(user);
+		EPApp app = mockApp();
+		app.setCentralAuth(true);
+		applicationList.add(app);
+		JSONObject roleFunc = new JSONObject();
+		roleFunc.put("type", "<script>alert(“XSS”)</script> ");
+		roleFunc.put("code", "test_instance");
+		roleFunc.put("action", "test_action");
+		roleFunc.put("name", "test_name");
+		ObjectMapper mapper = new ObjectMapper();
+		mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+		CentralV2RoleFunction saveRoleFunc = mapper.readValue(roleFunc.toString(), CentralV2RoleFunction.class);
+		saveRoleFunc.setAppId(app.getId());
+		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
+		PortalRestResponse<String> portalRestResponse = null;
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+		expectedportalRestResponse.setMessage("Failed to roleFunc, not valid data.");
+		expectedportalRestResponse.setResponse("Failed");
+		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+		Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
+		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(applicationList);
+		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
+		Mockito.when(externalAccessRolesService.getNameSpaceIfExists(applicationList.get(0))).thenReturn(response);
+		Mockito.when(externalAccessRolesService.getRoleFunction("test_type|test_instance|test_action", app.getUebKey()))
+			.thenReturn(null);
+		Mockito.when(externalAccessRolesService.saveCentralRoleFunction(Matchers.any(CentralV2RoleFunction.class),
+			Matchers.any(EPApp.class))).thenReturn(true);
+		Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader(Matchers.anyString())))
+			.thenReturn(userList);
+		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(Matchers.anyString())))
+			.thenReturn(applicationList);
+		portalRestResponse = externalAccessRolesController.saveRoleFunction(mockedRequest, mockedResponse,
+			roleFunc.toString());
+		assertEquals(expectedportalRestResponse, portalRestResponse);
+	}
+
+	@Test
 	public void deleteRoleFunctionTest() throws Exception {
 		PowerMockito.mockStatic(EcompPortalUtils.class);
 		PowerMockito.mockStatic(SystemProperties.class);
 		PowerMockito.mockStatic(EPCommonSystemProperties.class);
 		PowerMockito.mockStatic(PortalConstants.class);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully Deleted");
 		expectedportalRestResponse.setResponse("Success");
 		EPUser user = mockUser.mockEPUser();
@@ -700,6 +780,36 @@
 	}
 
 	@Test
+	public void deleteRoleFunctionXSSTest() throws Exception {
+		PowerMockito.mockStatic(EcompPortalUtils.class);
+		PowerMockito.mockStatic(SystemProperties.class);
+		PowerMockito.mockStatic(EPCommonSystemProperties.class);
+		PowerMockito.mockStatic(PortalConstants.class);
+		PortalRestResponse<String> portalRestResponse = null;
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+		expectedportalRestResponse.setMessage("Failed to deleteRoleFunction, not valid data.");
+		expectedportalRestResponse.setResponse("Failed");
+		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+		EPUser user = mockUser.mockEPUser();
+		List<EPUser> userList = new ArrayList<>();
+		userList.add(user);
+		EPApp app = mockApp();
+		app.setCentralAuth(true);
+		List<EPApp> appList = new ArrayList<>();
+		appList.add(app);
+		String code = "<script>alert(‘XSS’)</script>";
+		Mockito.when(mockedRequest.getHeader("LoginId")).thenReturn("guestT");
+		Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
+		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList);
+		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
+		Mockito.when(externalAccessRolesService.getNameSpaceIfExists(appList.get(0))).thenReturn(response);
+		Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader("LoginId"))).thenReturn(userList);
+		Mockito.when(externalAccessRolesService.deleteCentralRoleFunction(code, app)).thenReturn(true);
+		portalRestResponse = externalAccessRolesController.deleteRoleFunction(mockedRequest, mockedResponse, code);
+		assertEquals(portalRestResponse, expectedportalRestResponse);
+	}
+
+	@Test
 	public void getActiveRolesTest() throws Exception {
 		String reason = getInvalidKeyJson();
 		StringWriter sw = new StringWriter();
@@ -717,9 +827,9 @@
 		List<CentralRole> expectedRolesList = null;
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
-		List<EPApp> appList = new ArrayList<EPApp>();
+		List<EPApp> appList = new ArrayList<>();
 		appList.add(app);
-		List<CentralV2Role> cenRoles = new ArrayList<CentralV2Role>();
+		List<CentralV2Role> cenRoles = new ArrayList<>();
 		Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList);
 		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
@@ -757,10 +867,19 @@
 		return reason;
 	}
 
+	private String getXSSKeyJson() throws JsonProcessingException {
+		final Map<String, String> uebkeyResponse = new HashMap<>();
+		String reason = "";
+		ObjectMapper mapper = new ObjectMapper();
+		uebkeyResponse.put("error", "Data is not valid");
+		reason = mapper.writeValueAsString(uebkeyResponse);
+		return reason;
+	}
+
 	@Test
-	public void deleteDependcyRoleRecordExceptionTest() throws Exception {
+	public void deleteDependcyRoleRecordExceptionTest() {
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Invalid credentials!");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -776,7 +895,7 @@
 		Mockito.when(externalAccessRolesService.bulkUploadFunctions(mockedRequest.getHeader(uebKey)))
 				.thenReturn(result);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully added: 0");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -789,7 +908,7 @@
 		Mockito.when(externalAccessRolesService.bulkUploadFunctions(mockedRequest.getHeader(uebKey)))
 				.thenThrow(httpClientErrorException);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Failed to bulkUploadFunctions");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -801,7 +920,7 @@
 	public void bulkUploadRolesTest() throws Exception {
 		Integer result = 0;
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully added: 0");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -815,7 +934,7 @@
 		Mockito.when(externalAccessRolesService.bulkUploadRoles(mockedRequest.getHeader(uebKey)))
 				.thenThrow(httpClientErrorException);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Failed to bulkUploadRoles");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -827,7 +946,7 @@
 	public void bulkUploadRoleFunctionsTest() throws Exception {
 		Integer result = 0;
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully added: 0");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -842,7 +961,7 @@
 		Mockito.when(externalAccessRolesService.bulkUploadRolesFunctions(mockedRequest.getHeader(uebKey)))
 				.thenThrow(httpClientErrorException);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Failed to bulkUploadRoleFunctions");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -854,7 +973,7 @@
 	public void bulkUploadUserRolesTest() throws Exception {
 		Integer result = 0;
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully added: 0");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -869,7 +988,7 @@
 		Mockito.when(externalAccessRolesService.bulkUploadUserRoles(mockedRequest.getHeader(uebKey)))
 				.thenThrow(httpClientErrorException);
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Failed to bulkUploadUserRoles");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -878,9 +997,9 @@
 	}
 
 	@Test
-	public void bulkUploadPartnerFunctionsTest() throws Exception {
+	public void bulkUploadPartnerFunctionsTest() {
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully added: '0' functions");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -889,9 +1008,9 @@
 	}
 
 	@Test
-	public void bulkUploadPartnerRolesTest() throws Exception {
+	public void bulkUploadPartnerRolesTest() {
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully added");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -902,9 +1021,9 @@
 	}
 
 	@Test
-	public void bulkUploadPartnerRolesExceptionTest() throws Exception {
+	public void bulkUploadPartnerRolesExceptionTest() {
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully added");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -942,10 +1061,10 @@
 	}
 
 	@Test
-	public void saveRoleExceptionTest() throws Exception {
+	public void saveRoleExceptionTest() {
 		Role role = new Role();
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Invalid credentials!");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -954,10 +1073,10 @@
 	}
 
 	@Test
-	public void deleteRoleExceptionTest() throws Exception {
+	public void deleteRoleExceptionTest() {
 		String role = "TestNew";
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Invalid credentials!");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -966,9 +1085,9 @@
 	}
 
 	@Test
-	public void bulkUploadPartnerRoleFunctionsTest() throws Exception {
+	public void bulkUploadPartnerRoleFunctionsTest() {
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully added: '0' role functions");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -986,7 +1105,7 @@
 		StringWriter sw = new StringWriter();
 		PrintWriter writer = new PrintWriter(sw);
 		Mockito.when(mockedResponse.getWriter()).thenReturn(writer);
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
 		applicationList.add(app);
@@ -1012,7 +1131,7 @@
 
 	@Test(expected = NullPointerException.class)
 	public void deleteRoleV2Test() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		applicationList.add(app);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
@@ -1020,7 +1139,7 @@
 				"Success");
 		Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(),
 				Matchers.anyString())).thenReturn(externalRequestFieldsValidator);
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully Deleted");
 		expectedportalRestResponse.setResponse("Success");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.OK);
@@ -1031,12 +1150,12 @@
 
 	@Test
 	public void deleteRoleV2InvalidUebKeyTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		applicationList.add(app);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey)))
 				.thenThrow(new Exception("Invalid credentials!"));
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Invalid credentials!");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1047,12 +1166,12 @@
 
 	@Test
 	public void deleteRoleV2InvalidUebKeyWithDiffErrorTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		applicationList.add(app);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey)))
 				.thenThrow(new Exception("test"));
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("test");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1063,7 +1182,7 @@
 
 	@Test(expected = NullPointerException.class)
 	public void deleteRoleV2ExceptionTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		applicationList.add(app);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
@@ -1071,7 +1190,7 @@
 				"failed");
 		Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(),
 				Matchers.anyString())).thenReturn(externalRequestFieldsValidator);
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Failed to deleteRole");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1082,7 +1201,7 @@
 
 	@Test
 	public void getEpUserNullTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setUebKey("uebKey");
 		app.setCentralAuth(true);
@@ -1095,7 +1214,7 @@
 
 	@Test
 	public void getEpUserTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setUebKey("uebKey");
 		app.setCentralAuth(true);
@@ -1103,7 +1222,7 @@
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
 		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.OK);
 		Mockito.when(externalAccessRolesService.getNameSpaceIfExists(app)).thenReturn(response);
-		String user = "{\"id\":null,\"created\":null,\"modified\":null,\"createdId\":null,\"modifiedId\":null,\"rowNum\":null,\"auditUserId\":null,\"auditTrail\":null,\"orgId\":null,\"managerId\":null,\"firstName\":\"test\",\"middleInitial\":null,\"lastName\":null,\"phone\":null,\"fax\":null,\"cellular\":null,\"email\":null,\"addressId\":null,\"alertMethodCd\":null,\"hrid\":null,\"orgUserId\":null,\"orgCode\":null,\"address1\":null,\"address2\":null,\"city\":null,\"state\":null,\"zipCode\":null,\"country\":null,\"orgManagerUserId\":null,\"locationClli\":null,\"businessCountryCode\":null,\"businessCountryName\":null,\"businessUnit\":null,\"businessUnitName\":null,\"department\":null,\"departmentName\":null,\"companyCode\":null,\"company\":null,\"zipCodeSuffix\":null,\"jobTitle\":null,\"commandChain\":null,\"siloStatus\":null,\"costCenter\":null,\"financialLocCode\":null,\"loginId\":null,\"loginPwd\":null,\"lastLoginDate\":null,\"active\":false,\"internal\":false,\"selectedProfileId\":null,\"timeZoneId\":null,\"online\":false,\"chatId\":null,\"userApps\":[],\"pseudoRoles\":[],\"defaultUserApp\":null,\"roles\":[],\"fullName\":\"test null\"}";
+		String user = "{\"id\":null,\"created\":null,\"modified\":null,\"createdId\":null,\"modifiedId\":null,\"rowNum\":null,\"auditUserId\":null,\"auditTrail\":null,\"orgId\":null,\"managerId\":null,\"firstName\":\"test\",\"middleInitial\":null,\"lastName\":null,\"phone\":null,\"fax\":null,\"cellular\":null,\"email\":null,\"addressId\":null,\"alertMethodCd\":null,\"hrid\":null,\"orgUserId\":null,\"orgCode\":null,\"address1\":null,\"address2\":null,\"city\":null,\"state\":null,\"zipCode\":null,\"country\":null,\"orgManagerUserId\":null,\"locationClli\":null,\"businessCountryCode\":null,\"businessCountryName\":null,\"businessUnit\":null,\"businessUnitName\":null,\"department\":null,\"departmentName\":null,\"companyCode\":null,\"company\":null,\"zipCodeSuffix\":null,\"jobTitle\":null,\"commandChain\":null,\"siloStatus\":null,\"costCenter\":null,\"financialLocCode\":null,\"loginId\":null,\"loginPwd\":null,\"lastLoginDate\":null,\"active\":false,\"internal\":false,\"selectedProfileId\":null,\"timeZoneId\":null,\"online\":false,\"chatId\":null,\"userApps\":[],\"pseudoRoles\":[],\"roles\":[]}";
 		Mockito.when(externalAccessRolesService.getV2UserWithRoles("test12", mockedRequest.getHeader(uebKey)))
 				.thenReturn(user);
 		User EPuser = new User();
@@ -1115,7 +1234,7 @@
 
 	@Test
 	public void getEpUserExceptionTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
@@ -1127,7 +1246,7 @@
 
 	@Test
 	public void getEPRolesOfApplicationTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setUebKey("uebKey");
 		app.setCentralAuth(true);
@@ -1152,7 +1271,7 @@
 
 	@Test
 	public void getEPRolesOfApplicationNullTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setUebKey("uebKey");
 		app.setCentralAuth(true);
@@ -1171,7 +1290,7 @@
 
 	@Test
 	public void getEPRolesOfApplicationExceptionTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		app.setCentralAuth(true);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader(uebKey))).thenReturn(applicationList);
@@ -1188,7 +1307,7 @@
 		PowerMockito.mockStatic(EPCommonSystemProperties.class);
 		PowerMockito.mockStatic(PortalConstants.class);
 		PortalRestResponse<String> actualPortalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully Saved");
 		expectedportalRestResponse.setResponse("Success");
 		EPUser user = mockUser.mockEPUser();
@@ -1220,7 +1339,7 @@
 		PowerMockito.mockStatic(EPCommonSystemProperties.class);
 		PowerMockito.mockStatic(PortalConstants.class);
 		PortalRestResponse<String> actualPortalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully Saved");
 		expectedportalRestResponse.setResponse("Success");
 		EPUser user = mockUser.mockEPUser();
@@ -1252,7 +1371,7 @@
 		PowerMockito.mockStatic(EPCommonSystemProperties.class);
 		PowerMockito.mockStatic(PortalConstants.class);
 		PortalRestResponse<String> actualPortalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully Saved");
 		expectedportalRestResponse.setResponse("Failed");
 		EPUser user = mockUser.mockEPUser();
@@ -1279,7 +1398,7 @@
 
 	@Test(expected = NullPointerException.class)
 	public void saveRoleNullExceptionTest() throws Exception {
-		List<EPApp> applicationList = new ArrayList<EPApp>();
+		List<EPApp> applicationList = new ArrayList<>();
 		EPApp app = mockApp();
 		applicationList.add(app);
 		Role role = new Role();
@@ -1288,7 +1407,7 @@
 				"failed");
 		Mockito.when(externalAccessRolesService.deleteDependencyRoleRecord(Matchers.anyLong(), Matchers.anyString(),
 				Matchers.anyString())).thenReturn(externalRequestFieldsValidator);
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Failed to deleteRole");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
@@ -1304,7 +1423,7 @@
 		PowerMockito.mockStatic(EPCommonSystemProperties.class);
 		PowerMockito.mockStatic(PortalConstants.class);
 		PortalRestResponse<String> actualPortalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Successfully Deleted");
 		expectedportalRestResponse.setResponse("Success");
 		EPUser user = mockUser.mockEPUser();
@@ -1329,13 +1448,44 @@
 	}
 
 	@Test
+	public void deleteRoleXSSTest() throws Exception {
+		PowerMockito.mockStatic(EcompPortalUtils.class);
+		PowerMockito.mockStatic(SystemProperties.class);
+		PowerMockito.mockStatic(EPCommonSystemProperties.class);
+		PowerMockito.mockStatic(PortalConstants.class);
+		PortalRestResponse<String> actualPortalRestResponse = null;
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
+		expectedportalRestResponse.setMessage("Failed to deleteRole, not valid data.");
+		expectedportalRestResponse.setResponse("Failed");
+		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
+		EPUser user = mockUser.mockEPUser();
+		List<EPUser> userList = new ArrayList<>();
+		userList.add(user);
+		EPApp app = mockApp();
+		app.setCentralAuth(true);
+		List<EPApp> appList = new ArrayList<>();
+		appList.add(app);
+		String code = "<img src=xss onerror=alert(1)>";
+		boolean deleteResponse = true;
+		Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
+		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList);
+		ResponseEntity<String> response = new ResponseEntity<>(HttpStatus.FOUND);
+		Mockito.when(externalAccessRolesService.getNameSpaceIfExists(appList.get(0))).thenReturn(response);
+		Mockito.when(externalAccessRolesService.getUser(mockedRequest.getHeader("LoginId"))).thenReturn(userList);
+		Mockito.when(externalAccessRolesService.deleteRoleForApplication(code, mockedRequest.getHeader("uebkey")))
+			.thenReturn(deleteResponse);
+		actualPortalRestResponse = externalAccessRolesController.deleteRole(mockedRequest, mockedResponse, code);
+		assertEquals(actualPortalRestResponse.getStatus(), expectedportalRestResponse.getStatus());
+	}
+
+	@Test
 	public void deleteRoleNegativeTest() throws Exception {
 		PowerMockito.mockStatic(EcompPortalUtils.class);
 		PowerMockito.mockStatic(SystemProperties.class);
 		PowerMockito.mockStatic(EPCommonSystemProperties.class);
 		PowerMockito.mockStatic(PortalConstants.class);
 		PortalRestResponse<String> actualPortalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Failed to delete Role for 'test");
 		expectedportalRestResponse.setResponse("Failed");
 		EPUser user = mockUser.mockEPUser();
@@ -1363,13 +1513,13 @@
 	public void deleteDependcyRoleRecordTest() throws Exception {
 		ExternalRequestFieldsValidator removeResult = new ExternalRequestFieldsValidator(true, "success");
 		PortalRestResponse<String> portalRestResponse = null;
-		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<String>();
+		PortalRestResponse<String> expectedportalRestResponse = new PortalRestResponse<>();
 		expectedportalRestResponse.setMessage("Invalid credentials!");
 		expectedportalRestResponse.setResponse("Failed");
 		expectedportalRestResponse.setStatus(PortalRestStatusEnum.ERROR);
 		long roleId = 123;
 		String LoginId = "loginId";
-		List<EPApp> appList = new ArrayList<EPApp>();
+		List<EPApp> appList = new ArrayList<>();
 		Mockito.when(mockedRequest.getHeader("uebkey")).thenReturn(uebKey);
 		Mockito.when(mockedRequest.getHeader("LoginId")).thenReturn(LoginId);
 		Mockito.when(externalAccessRolesService.getApp(mockedRequest.getHeader("uebkey"))).thenReturn(appList);
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SchedulerControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SchedulerControllerTest.java
index b1816ec..5d32301 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SchedulerControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SchedulerControllerTest.java
@@ -48,7 +48,6 @@
 import org.apache.poi.ss.formula.functions.T;
 import org.json.simple.JSONObject;
 import org.junit.Before;
-import org.junit.Ignore;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.mockito.InjectMocks;
@@ -56,7 +55,6 @@
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.SchedulerController;
 import org.onap.portalapp.portal.core.MockEPUser;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.framework.MockitoTestSuite;
@@ -84,7 +82,7 @@
 	AdminRolesService adminRolesService;
 
 	@InjectMocks
-	SchedulerController schedulerController = new SchedulerController();
+	SchedulerController schedulerController;
 
 	@Before
 	public void setup() {
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SharedContextRestControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SharedContextRestControllerTest.java
index 1607f42..49cccae 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SharedContextRestControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/SharedContextRestControllerTest.java
@@ -38,24 +38,19 @@
  */
 
 
-import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 
-import java.io.IOException;
+import com.fasterxml.jackson.databind.ObjectMapper;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.UUID;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.drools.core.command.assertion.AssertEquals;
 import org.json.JSONObject;
-import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -64,24 +59,15 @@
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.SharedContextRestClient;
-import org.onap.portalapp.portal.controller.SharedContextTestProperties;
 import org.onap.portalapp.portal.core.MockEPUser;
-import org.onap.portalapp.portal.domain.CentralV2RoleFunction;
 import org.onap.portalapp.portal.domain.SharedContext;
+import org.onap.portalapp.portal.exceptions.NotValidDataException;
 import org.onap.portalapp.portal.framework.MockitoTestSuite;
-import org.onap.portalapp.portal.scheduler.SchedulerProperties;
 import org.onap.portalapp.portal.service.SharedContextService;
 import org.onap.portalapp.portal.utils.EPCommonSystemProperties;
-import org.onap.portalsdk.core.util.SystemProperties;
-import org.onap.portalsdk.core.web.support.UserUtils;
 import org.powermock.api.mockito.PowerMockito;
 import org.powermock.core.classloader.annotations.PrepareForTest;
 import org.powermock.modules.junit4.PowerMockRunner;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import com.fasterxml.jackson.databind.DeserializationFeature;
-import com.fasterxml.jackson.databind.ObjectMapper;
 
 /**
  * Tests the endpoints exposed by the Shared Context controller in Portal.
@@ -95,7 +81,7 @@
 	SharedContextService contextService;
 
 	@InjectMocks
-	SharedContextRestController sharedContextRestController=new SharedContextRestController();
+	SharedContextRestController sharedContextRestController=new SharedContextRestController(contextService);
 	
 	@Before
 	public void setup() {
@@ -220,11 +206,31 @@
 	public void getContextTestWithException() throws Exception{
 		sharedContextRestController.getContext(mockedRequest, null,null);
 	}
+
+	@Test(expected=NotValidDataException.class)
+	public void getContextTestNotValidDataException() throws Exception{
+		sharedContextRestController.getContext(mockedRequest, "<script>alert(\"hellox worldss\");</script>","test");
+	}
+
+	@Test(expected=NotValidDataException.class)
+	public void getContextTest2NotValidDataException() throws Exception{
+		sharedContextRestController.getContext(mockedRequest, "test","“><script>alert(“XSS”)</script>");
+	}
+
+	@Test(expected=NotValidDataException.class)
+	public void getContextTest3NotValidDataException() throws Exception{
+		sharedContextRestController.getContext(mockedRequest, "<ScRipT>alert(\"XSS\");</ScRipT>","“><script>alert(“XSS”)</script>");
+	}
 	
-	@Test(expected=Exception.class)
+	@Test(expected= Exception.class)
 	public void getUserContextTest() throws Exception{
 		sharedContextRestController.getUserContext(mockedRequest, null);
 	}
+
+	@Test(expected= NotValidDataException.class)
+	public void getUserContextXSSTest() throws Exception{
+		sharedContextRestController.getUserContext(mockedRequest, "<svg><script x:href='https://dl.dropbox.com/u/13018058/js.js' {Opera}");
+	}
 	
 	@Test
 	public void getUserContextTestWithContext() throws Exception{
@@ -257,6 +263,16 @@
 		Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
 		sharedContextRestController.checkContext(mockedRequest, null,null);
 	}
+
+	@Test(expected=NotValidDataException.class)
+	public void checkContextTestWithContextXSSl() throws Exception{
+		SharedContext sharedContext=new SharedContext();
+		sharedContext.setContext_id("test_contextid");
+		sharedContext.setCkey("test_ckey");
+		Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
+		sharedContextRestController.checkContext(mockedRequest,
+			"<ScRipT 5-0*3+9/3=>prompt(1)</ScRipT giveanswerhere=?","<script>alert(123);</script>");
+	}
 	
 	@Test
 	public void removeContextTest() throws Exception{
@@ -283,6 +299,20 @@
 		assertNotNull(actual);
 
 	}
+
+	@Test(expected=NotValidDataException.class)
+	public void removeContextTestWithContextXSS() throws Exception{
+		SharedContext sharedContext=new SharedContext();
+		sharedContext.setContext_id("test_contextid");
+		sharedContext.setCkey("test_ckey");
+		Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
+
+		//Mockito.when(contextService.deleteSharedContext(sharedContext));
+		String actual=sharedContextRestController.removeContext(mockedRequest,
+			"<script>alert(“XSS”)</script> ","<script>alert(/XSS/)</script>");
+		assertNotNull(actual);
+
+	}
 	
 	@Test(expected=Exception.class)
 	public void clearContextTestwithContextIdNull() throws Exception{
@@ -293,6 +323,16 @@
 		assertNotNull(actual);
 
 	}
+
+	@Test(expected=NotValidDataException.class)
+	public void clearContextTestwithContextXSS() throws Exception{
+
+		Mockito.when(contextService.deleteSharedContexts(Matchers.any())).thenReturn(12);
+
+		String actual=sharedContextRestController.clearContext(mockedRequest,"<script>alert(123)</script>");
+		assertNotNull(actual);
+
+	}
 	
 	@Test
 	public void clearContextTest() throws Exception{
@@ -350,4 +390,27 @@
 		String actual=sharedContextRestController.setContext(mockedRequest,testUserJson.toString());
 
 	}
+
+	@Test(expected=NotValidDataException.class)
+	public void setContextTestWithContextXSS() throws Exception{
+		ObjectMapper mapper = new ObjectMapper();
+		Map<String, Object> userData = new HashMap<String, Object>();
+		userData.put("context_id", "test_contextId");
+		userData.put("ckey", "<script>alert(‘XSS’)</script>");
+		userData.put("cvalue", "test_cvalue");
+		//String testUserJson=Matchers.anyString();
+		JSONObject testUserJson = new JSONObject();
+		testUserJson.put("context_id", "test1ContextId");
+		testUserJson.put("ckey", "testCkey");
+		testUserJson.put("cvalue", "<script>alert(‘XSS’)</script>");
+		Map<String, Object> userData1 = mapper.readValue(testUserJson.toString(), Map.class);
+		SharedContext sharedContext=new SharedContext();
+		sharedContext.setContext_id("test_contextid");
+		sharedContext.setCkey("test_ckey");
+		Mockito.when(contextService.getSharedContext(Matchers.any(),Matchers.any())).thenReturn(sharedContext);
+		// Mockito.when(mapper.readValue("true", Map.class)).thenReturn(userData);
+		String actual=sharedContextRestController.setContext(mockedRequest,testUserJson.toString());
+
+	}
+
 }
diff --git a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java
index c6bd800..f69ac99 100644
--- a/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java
+++ b/ecomp-portal-BE-common/src/test/java/org/onap/portalapp/portal/controller/WidgetsControllerTest.java
@@ -68,7 +68,7 @@
 public class WidgetsControllerTest  extends MockitoTestSuite{
 
 	@InjectMocks
-	WidgetsController widgetsController = new WidgetsController();
+	WidgetsController widgetsController;
 	
 	@Mock
 	private AdminRolesService rolesService;
@@ -150,7 +150,7 @@
 		OnboardingWidget onboardingWidget=new OnboardingWidget();
 		onboardingWidget.id=12L;
 		onboardingWidget.normalize();
-		//Mockito.doNothing().when(onboardingWidget).normalize();	
+		//Mockito.doNothing().when(onboardingWidget).normalize();
 		FieldsValidator expectedFieldValidator = new FieldsValidator();
 		List<FieldName> fields = new ArrayList<>();
 
@@ -161,6 +161,24 @@
 		actualFieldsValidator = widgetsController.putOnboardingWidget(mockedRequest, 12L, onboardingWidget, mockedResponse);
 		
 	}
+
+	@Test
+	public void putOnboardingWidgetXSSTest() {
+		FieldsValidator actualFieldsValidator = null;
+		EPUser user = mockUser.mockEPUser();
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		OnboardingWidget onboardingWidget=new OnboardingWidget();
+		onboardingWidget.id=12L;
+		onboardingWidget.name = "<script>alert(/XSS”)</script>";
+		onboardingWidget.normalize();
+		FieldsValidator expectedFieldValidator = new FieldsValidator();
+		expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+		Mockito.when(widgetService.setOnboardingWidget(user, onboardingWidget)).thenReturn(expectedFieldValidator);
+		actualFieldsValidator = widgetsController.putOnboardingWidget(mockedRequest, 12L, onboardingWidget, mockedResponse);
+
+		assertEquals(expectedFieldValidator, actualFieldsValidator);
+
+	}
 	
 	@Test
 	public void putOnboardingWidgetWithUserPermissionTest() {
@@ -172,7 +190,7 @@
 		OnboardingWidget onboardingWidget=new OnboardingWidget();
 		onboardingWidget.id=12L;
 		onboardingWidget.normalize();
-		//Mockito.doNothing().when(onboardingWidget).normalize();	
+		//Mockito.doNothing().when(onboardingWidget).normalize();
 		FieldsValidator expectedFieldValidator = new FieldsValidator();
 		List<FieldName> fields = new ArrayList<>();
 
@@ -209,6 +227,31 @@
 		assertEquals(expectedFieldValidator.getErrorCode(), actualFieldsValidator.getErrorCode());
 		assertEquals(expectedFieldValidator.getFields(), actualFieldsValidator.getFields());
 	}
+
+	@Test
+	public void postOnboardingWidgetXSSTest(){
+		EPUser user=mockUser.mockEPUser();
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		FieldsValidator actualFieldsValidator = null;
+		Mockito.when(EPUserUtils.getUserSession(mockedRequest)).thenReturn(user);
+		Mockito.when(rolesService.isSuperAdmin(user)).thenReturn(true);
+		Mockito.when(rolesService.isAccountAdmin(user)).thenReturn(true);
+		OnboardingWidget onboardingWidget=new OnboardingWidget();
+		onboardingWidget.id=12L;
+		onboardingWidget.appName="<script>alert(/XSS”)</script>";
+		onboardingWidget.normalize();
+		FieldsValidator expectedFieldValidator = new FieldsValidator();
+		List<FieldName> fields = new ArrayList<>();
+
+		expectedFieldValidator.setHttpStatusCode((long) HttpServletResponse.SC_NOT_ACCEPTABLE);
+		expectedFieldValidator.setFields(fields);
+		expectedFieldValidator.setErrorCode(null);
+		Mockito.when(widgetService.setOnboardingWidget(user, onboardingWidget)).thenReturn(expectedFieldValidator);
+		actualFieldsValidator = widgetsController.postOnboardingWidget(mockedRequest, onboardingWidget, mockedResponse);
+		assertEquals(expectedFieldValidator.getHttpStatusCode(), actualFieldsValidator.getHttpStatusCode());
+		assertEquals(expectedFieldValidator.getErrorCode(), actualFieldsValidator.getErrorCode());
+		assertEquals(expectedFieldValidator.getFields(), actualFieldsValidator.getFields());
+	}
 	
 	@Test
 	public void postOnboardingWidgetTestwiThoutUserPermission() {
@@ -218,7 +261,7 @@
 		OnboardingWidget onboardingWidget=new OnboardingWidget();
 		onboardingWidget.id=12L;
 		onboardingWidget.normalize();
-		//Mockito.doNothing().when(onboardingWidget).normalize();	
+		//Mockito.doNothing().when(onboardingWidget).normalize();
 		FieldsValidator expectedFieldValidator = new FieldsValidator();
 		List<FieldName> fields = new ArrayList<>();
 
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
deleted file mode 100644
index 703019f..0000000
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssFilter.java
+++ /dev/null
@@ -1,185 +0,0 @@
-/*-
- * ============LICENSE_START==========================================
- * ONAP Portal
- * ===================================================================
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * Modifications Copyright (c) 2019 Samsung
- * ===================================================================
- *
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- * 
- */
-
-package org.onap.portalapp.filter;
-
-import java.io.BufferedReader;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.IOException;
-import java.io.InputStreamReader;
-import java.nio.charset.StandardCharsets;
-import java.util.Enumeration;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ReadListener;
-import javax.servlet.ServletInputStream;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletRequestWrapper;
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang.StringUtils;
-import org.apache.http.HttpStatus;
-import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.springframework.web.filter.OncePerRequestFilter;
-
-public class SecurityXssFilter extends OncePerRequestFilter {
-
-	private EELFLoggerDelegate sxLogger = EELFLoggerDelegate.getLogger(SecurityXssFilter.class);
-
-	private static final String APPLICATION_JSON = "application/json";
-
-	private static final String ERROR_BAD_REQUEST = "{\"error\":\"BAD_REQUEST\"}";
-
-	private SecurityXssValidator validator = SecurityXssValidator.getInstance();
-
-	public class RequestWrapper extends HttpServletRequestWrapper {
-
-		private ByteArrayOutputStream cachedBytes;
-
-		public RequestWrapper(HttpServletRequest request) {
-			super(request);
-		}
-
-		@Override
-		public ServletInputStream getInputStream() throws IOException {
-			if (cachedBytes == null)
-				cacheInputStream();
-
-			return new CachedServletInputStream();
-		}
-
-		@Override
-		public BufferedReader getReader() throws IOException {
-			return new BufferedReader(new InputStreamReader(getInputStream()));
-		}
-
-		private void cacheInputStream() throws IOException {
-			cachedBytes = new ByteArrayOutputStream();
-			IOUtils.copy(super.getInputStream(), cachedBytes);
-		}
-
-		public class CachedServletInputStream extends ServletInputStream {
-			private ByteArrayInputStream input;
-
-			public CachedServletInputStream() {
-				input = new ByteArrayInputStream(cachedBytes.toByteArray());
-			}
-
-			@Override
-			public int read() throws IOException {
-				return input.read();
-			}
-
-			@Override
-			public boolean isFinished() {
-				return false;
-			}
-
-			@Override
-			public boolean isReady() {
-				return false;
-			}
-
-			@Override
-			public void setReadListener(ReadListener readListener) {
-				// do nothing
-			}
-		}
-	}
-
-	@Override
-	protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
-			throws IOException {
-		StringBuilder requestURL = new StringBuilder(request.getRequestURL().toString());
-		String queryString = request.getQueryString();
-		String requestUrl;
-
-		if (queryString == null) {
-			requestUrl = requestURL.toString();
-		} else {
-			requestUrl = requestURL.append('?').append(queryString).toString();
-		}
-
-		validateRequest(requestUrl, response);
-		StringBuilder headerValues = new StringBuilder();
-		Enumeration<String> headerNames = request.getHeaderNames();
-
-		while (headerNames.hasMoreElements()) {
-			String key = headerNames.nextElement();
-			String value = request.getHeader(key);
-			headerValues.append(value);
-		}
-
-		validateRequest(headerValues.toString(), response);
-
-		if (validateRequestType(request)) {
-			request = new RequestWrapper(request);
-			String requestData = IOUtils.toString(request.getInputStream(), StandardCharsets.UTF_8.toString());
-			validateRequest(requestData, response);
-		}
-
-		try {
-			filterChain.doFilter(request, response);
-		} catch (Exception e) {
-			sxLogger.warn(EELFLoggerDelegate.errorLogger, "Handling bad request", e);
-			response.sendError(org.springframework.http.HttpStatus.BAD_REQUEST.value(), "Handling bad request");
-		}
-	}
-
-	private boolean validateRequestType(HttpServletRequest request) {
-		return (request.getMethod().equalsIgnoreCase("POST") || request.getMethod().equalsIgnoreCase("PUT")
-				|| request.getMethod().equalsIgnoreCase("DELETE"));
-	}
-	
-	private void validateRequest(String text, HttpServletResponse response) throws IOException {
-		try {
-			if (StringUtils.isNotBlank(text) && validator.denyXSS(text)) {
-				response.setContentType(APPLICATION_JSON);
-				response.setStatus(HttpStatus.SC_BAD_REQUEST);
-				response.getWriter().write(ERROR_BAD_REQUEST);
-				throw new SecurityException(ERROR_BAD_REQUEST);
-			}
-		} catch (Exception e) {
-			sxLogger.error(EELFLoggerDelegate.errorLogger, "doFilterInternal() failed due to BAD_REQUEST", e);
-			response.getWriter().close();
-		}
-	}
-}
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java
deleted file mode 100644
index c203f1f..0000000
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/filter/SecurityXssValidator.java
+++ /dev/null
@@ -1,207 +0,0 @@
-/*-
- * ============LICENSE_START==========================================
- * ONAP Portal
- * ===================================================================
- * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- *
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- * 
- */
-package org.onap.portalapp.filter;
-
-import java.util.ArrayList;
-import java.util.List;
-import java.util.concurrent.locks.Lock;
-import java.util.concurrent.locks.ReentrantLock;
-import java.util.regex.Pattern;
-
-import org.apache.commons.lang.NotImplementedException;
-import org.apache.commons.lang.StringUtils;
-import org.apache.commons.lang3.StringEscapeUtils;
-import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
-import org.onap.portalsdk.core.util.SystemProperties;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.codecs.Codec;
-import org.owasp.esapi.codecs.MySQLCodec;
-import org.owasp.esapi.codecs.MySQLCodec.Mode;
-import org.owasp.esapi.codecs.OracleCodec;
-
-public class SecurityXssValidator {
-
-	private EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(SecurityXssValidator.class);
-
-	private static final String MYSQL_DB = "mysql";
-	private static final String ORACLE_DB = "oracle";
-	private static final String MARIA_DB = "mariadb";
-	private static final int FLAGS = Pattern.CASE_INSENSITIVE | Pattern.MULTILINE | Pattern.DOTALL;
-	static SecurityXssValidator validator = null;
-	private static Codec instance;
-	private static final Lock lock = new ReentrantLock();
-
-	public static SecurityXssValidator getInstance() {
-
-		if (validator == null) {
-			lock.lock();
-			try {
-				if (validator == null)
-					validator = new SecurityXssValidator();
-			} finally {
-				lock.unlock();
-			}
-		}
-
-		return validator;
-	}
-
-	private SecurityXssValidator() {
-		// Avoid anything between script tags
-		XSS_INPUT_PATTERNS.add(Pattern.compile("<script>(.*?)</script>", FLAGS));
-
-		// avoid iframes
-		XSS_INPUT_PATTERNS.add(Pattern.compile("<iframe(.*?)>(.*?)</iframe>", FLAGS));
-
-		// Avoid anything in a src='...' type of expression
-		XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*\\\'(.*?)\\\'", FLAGS));
-
-		XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", FLAGS));
-
-		XSS_INPUT_PATTERNS.add(Pattern.compile("src[\r\n]*=[\r\n]*([^>]+)", FLAGS));
-
-		// Remove any lonesome </script> tag
-		XSS_INPUT_PATTERNS.add(Pattern.compile("</script>", FLAGS));
-
-		XSS_INPUT_PATTERNS.add(Pattern.compile(".*(<script>|</script>).*", FLAGS));
-
-		XSS_INPUT_PATTERNS.add(Pattern.compile(".*(<iframe>|</iframe>).*", FLAGS));
-
-		// Remove any lonesome <script ...> tag
-		XSS_INPUT_PATTERNS.add(Pattern.compile("<script(.*?)>", FLAGS));
-
-		// Avoid eval(...) expressions
-		XSS_INPUT_PATTERNS.add(Pattern.compile("eval\\((.*?)\\)", FLAGS));
-
-		// Avoid expression(...) expressions
-		XSS_INPUT_PATTERNS.add(Pattern.compile("expression\\((.*?)\\)", FLAGS));
-
-		// Avoid javascript:... expressions
-		XSS_INPUT_PATTERNS.add(Pattern.compile(".*(javascript:|vbscript:).*", FLAGS));
-
-		// Avoid onload= expressions
-		XSS_INPUT_PATTERNS.add(Pattern.compile(".*(onload(.*?)=).*", FLAGS));
-	}
-
-	private List<Pattern> XSS_INPUT_PATTERNS = new ArrayList<Pattern>();
-
-	/**
-	 * * This method takes a string and strips out any potential script injections.
-	 * 
-	 * @param value
-	 * @return String - the new "sanitized" string.
-	 */
-	public String stripXSS(String value) {
-
-		try {
-
-			if (StringUtils.isNotBlank(value)) {
-
-				value = StringEscapeUtils.escapeHtml4(value);
-
-				value = ESAPI.encoder().canonicalize(value);
-
-				// Avoid null characters
-				value = value.replaceAll("\0", "");
-
-				for (Pattern xssInputPattern : XSS_INPUT_PATTERNS) {
-					value = xssInputPattern.matcher(value).replaceAll("");
-				}
-			}
-
-		} catch (Exception e) {
-			logger.error(EELFLoggerDelegate.errorLogger, "stripXSS() failed", e);
-		}
-
-		return value;
-	}
-
-	public Boolean denyXSS(String value) {
-		Boolean flag = Boolean.FALSE;
-		try {
-			if (StringUtils.isNotBlank(value)) {
-				value = ESAPI.encoder().canonicalize(value);
-				for (Pattern xssInputPattern : XSS_INPUT_PATTERNS) {
-					if (xssInputPattern.matcher(value).matches()) {
-						flag = Boolean.TRUE;
-						break;
-					}
-
-				}
-			}
-
-		} catch (Exception e) {
-			logger.error(EELFLoggerDelegate.errorLogger, "denyXSS() failed", e);
-		}
-
-		return flag;
-	}
-
-	public Codec getCodec() {
-		try {
-			if (null == instance) {
-				if (StringUtils.containsIgnoreCase(SystemProperties.getProperty(SystemProperties.DB_DRIVER), MYSQL_DB)
-						|| StringUtils.containsIgnoreCase(SystemProperties.getProperty(SystemProperties.DB_DRIVER),
-								MARIA_DB)) {
-					instance = new MySQLCodec(Mode.STANDARD);
-
-				} else if (StringUtils.containsIgnoreCase(SystemProperties.getProperty(SystemProperties.DB_DRIVER),
-						ORACLE_DB)) {
-					instance = new OracleCodec();
-				} else {
-					throw new NotImplementedException("Handling for data base \""
-							+ SystemProperties.getProperty(SystemProperties.DB_DRIVER) + "\" not yet implemented.");
-				}
-			}
-
-		} catch (Exception ex) {
-			logger.error(EELFLoggerDelegate.errorLogger, "getCodec() failed", ex);
-		}
-		return instance;
-
-	}
-
-	public List<Pattern> getXSS_INPUT_PATTERNS() {
-		return XSS_INPUT_PATTERNS;
-	}
-
-	public void setXSS_INPUT_PATTERNS(List<Pattern> xSS_INPUT_PATTERNS) {
-		XSS_INPUT_PATTERNS = xSS_INPUT_PATTERNS;
-	}
-
-}
\ No newline at end of file
diff --git a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
index 915c5e0..e109ef5 100644
--- a/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
+++ b/ecomp-portal-BE-os/src/main/java/org/onap/portalapp/portal/controller/AppsOSController.java
@@ -47,8 +47,8 @@
 import javax.validation.Validation;
 import javax.validation.Validator;
 import javax.validation.ValidatorFactory;
+import lombok.NoArgsConstructor;
 import org.json.JSONObject;
-import org.onap.portalapp.portal.controller.AppsController;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
@@ -61,6 +61,7 @@
 import org.onap.portalapp.validation.SecureString;
 import org.onap.portalsdk.core.logging.logic.EELFLoggerDelegate;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
@@ -69,27 +70,20 @@
 import org.springframework.web.bind.annotation.RestController;
 
 @RestController
-@org.springframework.context.annotation.Configuration
+@Configuration
 @EnableAspectJAutoProxy
 @EPAuditLog
+@NoArgsConstructor
 public class AppsOSController extends AppsController {
 	private static final ValidatorFactory validatorFactory = Validation.buildDefaultValidatorFactory();
 	
-	static final String FAILURE = "failure";
-	EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
+	private static final String FAILURE = "failure";
+	private static final EELFLoggerDelegate logger = EELFLoggerDelegate.getLogger(AppsOSController.class);
 
 	@Autowired
-	AdminRolesService adminRolesService;
-	@Autowired
-	EPAppService appService;
-	@Autowired
-	PersUserAppService persUserAppService;
-	@Autowired
 	UserService userService;
 
-	
-	
-	/**
+       /**
 	 * Create new application's contact us details.
 	 * 
 	 * @param contactUs
@@ -102,9 +96,9 @@
 			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE,
 					"New User cannot be null or empty");
 		
-		if (!(adminRolesService.isSuperAdmin(user) || adminRolesService.isAccountAdmin(user))){
+		if (!(super.getAdminRolesService().isSuperAdmin(user) || super.getAdminRolesService().isAccountAdmin(user))){
 			if(!user.getLoginId().equalsIgnoreCase(newUser.getLoginId()))
-				return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, FAILURE,
+				return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, FAILURE,
 						"UnAuthorized");
 		}
 			
@@ -113,9 +107,9 @@
 		try {
 			saveNewUser = userService.saveNewUser(newUser,checkDuplicate);
 		} catch (Exception e) {
-			return new PortalRestResponse<String>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage());
+			return new PortalRestResponse<>(PortalRestStatusEnum.ERROR, saveNewUser, e.getMessage());
 		}
-		return new PortalRestResponse<String>(PortalRestStatusEnum.OK, saveNewUser, "");
+		return new PortalRestResponse<>(PortalRestStatusEnum.OK, saveNewUser, "");
 	}
 	
 	@RequestMapping(value = { "/portalApi/currentUserProfile/{loginId}" }, method = RequestMethod.GET, produces = "application/json")
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/filter/SecurityXssValidatorTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/filter/SecurityXssValidatorTest.java
deleted file mode 100644
index 7a4eac8..0000000
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/filter/SecurityXssValidatorTest.java
+++ /dev/null
@@ -1,122 +0,0 @@
-/*-
- * ============LICENSE_START==========================================
- * ONAP Portal
- * ===================================================================
- * Copyright © 2017-2018 AT&T Intellectual Property. All rights reserved.
- * ===================================================================
- *
- * Unless otherwise specified, all software contained herein is licensed
- * under the Apache License, Version 2.0 (the "License");
- * you may not use this software except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * Unless otherwise specified, all documentation contained herein is licensed
- * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
- * you may not use this documentation except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *             https://creativecommons.org/licenses/by/4.0/
- *
- * Unless required by applicable law or agreed to in writing, documentation
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *
- * ============LICENSE_END============================================
- *
- * 
- */
-package org.onap.portalapp.filter;
-
-import org.junit.Assert;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mockito.InjectMocks;
-import org.mockito.Mockito;
-import org.onap.portalsdk.core.util.SystemProperties;
-import org.owasp.esapi.ESAPI;
-import org.owasp.esapi.codecs.Codec;
-import org.powermock.api.mockito.PowerMockito;
-import org.powermock.core.classloader.annotations.PrepareForTest;
-import org.powermock.modules.junit4.PowerMockRunner;
-
-@RunWith(PowerMockRunner.class)
-@PrepareForTest({ESAPI.class, SystemProperties.class})
-public class SecurityXssValidatorTest {
-	@InjectMocks
-	SecurityXssValidator securityXssValidator;
-
-	@Test
-	public void stripXSSTest() {
-	 securityXssValidator=	SecurityXssValidator.getInstance();
-		String value ="Test";
-		securityXssValidator.stripXSS(value);
-	}
-	
-	@Test
-	public void testDenyXss() {
-	 securityXssValidator=	SecurityXssValidator.getInstance();
-		String value ="Test";
-		securityXssValidator.denyXSS(value);
-	}
-	
-	@Test
-		public void getCodecMySqlTest() {
-			PowerMockito.mockStatic(SystemProperties.class);
-			Mockito.when(SystemProperties.getProperty(SystemProperties.DB_DRIVER)).thenReturn("mysql");
-			SecurityXssValidator validator = SecurityXssValidator.getInstance();
-			Codec codec = validator.getCodec();
-			Assert.assertNotNull(codec);
-		}
-	
-	/*//@Test
-	public void stripXSSExceptionTest() {
-		String value ="Test";
-		SecurityXssValidator validator = SecurityXssValidator.getInstance();
-		String reponse = validator.stripXSS(value);
-		Assert.assertEquals(value, reponse);;
-	}
-	
-	//@Test
-	public void denyXSSTest() {
-		String value ="<script>Test</script>";
-		PowerMockito.mockStatic(ESAPI.class);
-		Encoder mockEncoder = Mockito.mock(Encoder.class);
-		Mockito.when(ESAPI.encoder()).thenReturn(mockEncoder);
-		Mockito.when(mockEncoder.canonicalize(value)).thenReturn(value);
-		SecurityXssValidator validator = SecurityXssValidator.getInstance();
-		Boolean flag = validator.denyXSS(value);
-		Assert.assertTrue(flag);
-	}
-	
-	//@Test
-	public void denyXSSFalseTest() {
-		String value ="test";
-		PowerMockito.mockStatic(ESAPI.class);
-		Encoder mockEncoder = Mockito.mock(Encoder.class);
-		Mockito.when(ESAPI.encoder()).thenReturn(mockEncoder);
-		Mockito.when(mockEncoder.canonicalize(value)).thenReturn(value);
-		SecurityXssValidator validator = SecurityXssValidator.getInstance();
-		Boolean flag = validator.denyXSS(value);
-		Assert.assertFalse(flag);
-	}
-
-	//@Test
-	public void getCodecMySqlTest() {
-		PowerMockito.mockStatic(SystemProperties.class);
-		Mockito.when(SystemProperties.getProperty(SystemProperties.DB_DRIVER)).thenReturn("mysql");
-		SecurityXssValidator validator = SecurityXssValidator.getInstance();
-		Codec codec = validator.getCodec();
-		Assert.assertNotNull(codec);
-	}*/
-				
-}
diff --git a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
index 15fe1dd..1083aed 100644
--- a/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
+++ b/ecomp-portal-BE-os/src/test/java/org/onap/portalapp/portal/controller/AppsOSControllerTest.java
@@ -41,10 +41,8 @@
 
 import java.util.ArrayList;
 import java.util.List;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.junit.Before;
 import org.junit.Ignore;
 import org.junit.Test;
@@ -52,7 +50,6 @@
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
-import org.onap.portalapp.portal.controller.AppsOSController;
 import org.onap.portalapp.portal.domain.EPUser;
 import org.onap.portalapp.portal.ecomp.model.PortalRestResponse;
 import org.onap.portalapp.portal.ecomp.model.PortalRestStatusEnum;
@@ -87,7 +84,7 @@
 	}
 
 	@InjectMocks
-	AppsOSController appsOSController = new AppsOSController();
+	AppsOSController appsOSController;
 
 	MockitoTestSuite mockitoTestSuite = new MockitoTestSuite();
 
diff --git a/ecomp-portal-FE-common/client/bower_components_external/b2b/js/b2b-angular/b2b-library.min.js b/ecomp-portal-FE-common/client/bower_components_external/b2b/js/b2b-angular/b2b-library.min.js
index 7523824..ec955ed 100644
--- a/ecomp-portal-FE-common/client/bower_components_external/b2b/js/b2b-angular/b2b-library.min.js
+++ b/ecomp-portal-FE-common/client/bower_components_external/b2b/js/b2b-angular/b2b-library.min.js
@@ -12942,7 +12942,7 @@
                 });
             } else if (attrs.axis === 'y') {
                 visibleHeight = parseInt(attrs.height, 10) || b2bWhenScrollEndsConstants.height;
-                if (element.css('width')) {
+                if (element.css('height')) {
                     visibleHeight = element.css('height').split('px')[0]; 
                 }
 
diff --git a/ecomp-portal-FE-os/client/src/directives/search-users/search-users.controller.js b/ecomp-portal-FE-os/client/src/directives/search-users/search-users.controller.js
index fc7fd7c..22dc501 100644
--- a/ecomp-portal-FE-os/client/src/directives/search-users/search-users.controller.js
+++ b/ecomp-portal-FE-os/client/src/directives/search-users/search-users.controller.js
@@ -112,7 +112,7 @@
 		   				this.newUser ={
 		               			firstName:'',
 		               			lastName:'',
-		               			emailAdress:'',
+		               			emailAddress:'',
 		               			middleName:'',
 		               			loginId:'',
 		               			loginPwd:'',
diff --git a/ecomp-portal-widget-ms/widget-ms/src/main/resources/framework-template.js b/ecomp-portal-widget-ms/widget-ms/src/main/resources/framework-template.js
index 42e8c13..90d8174 100644
--- a/ecomp-portal-widget-ms/widget-ms/src/main/resources/framework-template.js
+++ b/ecomp-portal-widget-ms/widget-ms/src/main/resources/framework-template.js
@@ -45,7 +45,7 @@
 			else if (node.currentStyle) {                                                                                          
 				value = node.currentStyle.color;                                                                                   
 			}                                                                                                                      
-			if (value && value === 'rgb(186, 218, 85)' || value.toLowerCase() === ARGUMENT1.readyCssFlagExpectedValue) {           
+			if (value && (value === 'rgb(186, 218, 85)' || value.toLowerCase() === ARGUMENT1.readyCssFlagExpectedValue)) {           
 				callback();                                                                                                        
 			} else {                                                                                                               
 				setTimeout(poll, 500);                                                                                             
diff --git a/pom.xml b/pom.xml
index 0ddeb31..3ea8ba4 100644
--- a/pom.xml
+++ b/pom.xml
@@ -36,7 +36,7 @@
 		<jacocoVersion>0.7.6.201602180812</jacocoVersion>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<encoding>UTF-8</encoding>
-		<sonar.exclusions>**/scripts/**/*,**.js</sonar.exclusions>
+		<!-- <sonar.exclusions>**/scripts/**/*,**.js</sonar.exclusions>  -->
 		<sonar.test.exclusions>**/test/**/*,**/tests/**/*</sonar.test.exclusions>
 		<enforcer.skip>false</enforcer.skip>
 	</properties>