69 files changed, 639 insertions, 640 deletions

diff --git a/sdnr/wt/featureaggregator/feature-oauth/pom.xml b/sdnr/wt/featureaggregator/feature-oauth/pom.xml
index b79b320e6..707dc7801 100644
--- a/sdnr/wt/featureaggregator/feature-oauth/pom.xml
+++ b/sdnr/wt/featureaggregator/feature-oauth/pom.xml
@@ -22,6 +22,7 @@
   ~ ============LICENSE_END=======================================================
   ~
   -->
+
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
@@ -34,7 +35,7 @@
 
     <groupId>org.onap.ccsdk.features.sdnr.wt</groupId>
     <artifactId>sdnr-wt-feature-aggregator-oauth</artifactId>
-    <version>1.6.0-SNAPSHOT</version>
+    <version>1.7.0-SNAPSHOT</version>
     <packaging>feature</packaging>
 
     <name>ccsdk-features :: ${project.artifactId}</name>
@@ -47,14 +48,13 @@
         </dependency>
         <dependency>
             <groupId>${project.groupId}</groupId>
-            <artifactId>sdnr-wt-oauth-provider</artifactId>
+            <artifactId>sdnr-wt-oauth-web</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+         <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>sdnr-wt-oauth-realm</artifactId>
             <version>${project.version}</version>
-            <exclusions>
-                <exclusion>
-                    <groupId>${project.groupId}</groupId>
-                    <artifactId>sdnr-wt-oauth-provider-jar</artifactId>
-                </exclusion>
-            </exclusions>
         </dependency>
     </dependencies>
 </project>
diff --git a/sdnr/wt/featureaggregator/installer/pom.xml b/sdnr/wt/featureaggregator/installer/pom.xml
index ce1e3fe98..1c0e15597 100755
--- a/sdnr/wt/featureaggregator/installer/pom.xml
+++ b/sdnr/wt/featureaggregator/installer/pom.xml
@@ -65,13 +65,13 @@
             <type>xml</type>
             <classifier>features</classifier>
         </dependency>
-        <!-- <dependency>
+        <dependency>
             <groupId>${project.groupId}</groupId>
             <artifactId>sdnr-wt-feature-aggregator-oauth</artifactId>
             <version>${project.version}</version>
             <type>xml</type>
             <classifier>features</classifier>
-        </dependency> -->
+        </dependency>
         <dependency>
             <groupId>${project.groupId}</groupId>
             <artifactId>sdnr-wt-data-provider-setup</artifactId>
diff --git a/sdnr/wt/featureaggregator/pom.xml b/sdnr/wt/featureaggregator/pom.xml
index f0349e472..c0fb6e7bf 100755
--- a/sdnr/wt/featureaggregator/pom.xml
+++ b/sdnr/wt/featureaggregator/pom.xml
@@ -41,7 +41,7 @@
 
     <modules>
         <module>feature</module>
-        <!-- <module>feature-oauth</module> -->
+        <module>feature-oauth</module>
         <module>feature-devicemanager</module>
         <module>feature-devicemanager-base</module>
         <module>installer</module>
diff --git a/sdnr/wt/oauth-provider/provider-jar/pom.xml b/sdnr/wt/oauth-provider/oauth-core/pom.xml
index 6ad79ef8f..ef00bf8e9 100644
--- a/sdnr/wt/oauth-provider/provider-jar/pom.xml
+++ b/sdnr/wt/oauth-provider/oauth-core/pom.xml
@@ -22,6 +22,7 @@
   ~ ============LICENSE_END=======================================================
   ~
   -->
+
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
@@ -33,8 +34,8 @@
     </parent>
 
     <groupId>org.onap.ccsdk.features.sdnr.wt</groupId>
-    <artifactId>sdnr-wt-oauth-provider-jar</artifactId>
-    <version>1.6.0-SNAPSHOT</version>
+    <artifactId>sdnr-wt-oauth-core</artifactId>
+    <version>1.7.0-SNAPSHOT</version>
     <packaging>jar</packaging>
 
     <name>ccsdk-features :: ${project.artifactId}</name>
@@ -133,8 +134,27 @@
             <scope>provided</scope>
         </dependency>
         <dependency>
-            <groupId>jakarta.servlet</groupId>
-            <artifactId>jakarta.servlet-api</artifactId>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.dataformat</groupId>
+            <artifactId>jackson-dataformat-xml</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>sdnr-wt-yang-utils</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>osgi.cmpn</artifactId>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>javax.servlet-api</artifactId>
             <scope>provided</scope>
         </dependency>
         <dependency>
@@ -153,17 +173,6 @@
             <scope>test</scope>
         </dependency>
         <dependency>
-            <groupId>com.fasterxml.jackson.dataformat</groupId>
-            <artifactId>jackson-dataformat-xml</artifactId>
-            <scope>test</scope>
-        </dependency>
-         <dependency>
-            <groupId>${project.groupId}</groupId>
-            <artifactId>sdnr-wt-yang-utils</artifactId>
-            <version>${project.version}</version>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
             <groupId>org.opendaylight.mdsal.binding.model.ietf</groupId>
             <artifactId>rfc6991-ietf-yang-types</artifactId>
             <scope>test</scope>
@@ -178,11 +187,5 @@
             <artifactId>org.osgi.core</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.osgi</groupId>
-            <artifactId>osgi.cmpn</artifactId>
-            <version>7.0.0</version>
-            <scope>compile</scope>
-        </dependency>
     </dependencies>
 </project>
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java
index b9f3d6119..b9f3d6119 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/OAuth2Realm.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
index 1caec63e0..6798026f3 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/Config.java
@@ -242,14 +242,14 @@ public class Config {
         boolean found = false;
         if (isEnvExpression(key)) {
 
-            LOG.debug("try to find env var(s) for {}", key);
+            LOG.info("try to find env var(s) for {}", key);
             final Matcher matcher = pattern.matcher(key);
             String tmp = new String(key);
             while (matcher.find() && matcher.groupCount() > 0) {
                 final String mkey = matcher.group(1);
                 if (mkey != null) {
                     try {
-                        LOG.debug("match found for v={} and env key={}", key, mkey);
+                        LOG.info("match found for v={} and env key={}", key, mkey);
                         String envvar = mkey.substring(2, mkey.length() - 1);
                         String env = System.getenv(envvar);
                         tmp = tmp.replace(mkey, env == null ? "" : env);
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java
index aa23d4dc1..aa23d4dc1 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/CustomObjectMapper.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java
index a0e97de74..a0e97de74 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/InvalidConfigurationException.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java
index 67186baa7..67186baa7 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakRole.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java
index c99ec0d71..c99ec0d71 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/KeycloakUserTokenPayload.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java
index d13be9602..d13be9602 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/NoDefinitionFoundException.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
index 4fb0d0069..4fb0d0069 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthProviderConfig.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java
index 0e25b5b0f..0e25b5b0f 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthResponseData.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java
index 0371f377d..0371f377d 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OAuthToken.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java
index 19eb4b68e..19eb4b68e 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlPolicy.java
diff --git a/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java
new file mode 100644
index 000000000..f5e067450
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlShiroConfiguration.java
@@ -0,0 +1,67 @@
+package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data;
+
+import java.util.List;
+
+public class OdlShiroConfiguration {
+
+    private List<MainItem> main;
+    private List<UrlItem> urls;
+
+
+
+    public List<MainItem> getMain() {
+        return main;
+    }
+
+    public void setMain(List<MainItem> main) {
+        this.main = main;
+    }
+    public List<UrlItem> getUrls() {
+        return urls;
+    }
+    public void setUrls(List<UrlItem> urls) {
+        this.urls = urls;
+    }
+    public OdlShiroConfiguration(){
+
+    }
+
+    public static class BaseItem{
+        private String pairKey;
+        private String pairValue;
+
+        public String getPairKey() {
+            return pairKey;
+        }
+
+        public void setPairKey(String pairKey) {
+            this.pairKey = pairKey;
+        }
+
+        public String getPairValue() {
+            return pairValue;
+        }
+
+        public void setPairValue(String pairValue) {
+            this.pairValue = pairValue;
+        }
+
+        public BaseItem(){
+
+        }
+
+    }
+
+    public static class MainItem extends BaseItem{
+        public MainItem(){
+            super();
+        }
+
+    }
+    public static class UrlItem extends BaseItem{
+        public UrlItem(){
+            super();
+        }
+    }
+
+}
diff --git a/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java
new file mode 100644
index 000000000..cbdc1d0d9
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OdlXmlMapper.java
@@ -0,0 +1,44 @@
+/*
+ * ============LICENSE_START=======================================================
+ * ONAP : ccsdk features
+ * ================================================================================
+ * Copyright (C) 2021 highstreet technologies GmbH Intellectual Property.
+ * All rights reserved.
+ * ================================================================================
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ============LICENSE_END=========================================================
+ *
+ */
+package org.onap.ccsdk.features.sdnr.wt.oauthprovider.data;
+
+import com.fasterxml.jackson.annotation.JsonInclude.Include;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.MapperFeature;
+import com.fasterxml.jackson.databind.PropertyNamingStrategy;
+import com.fasterxml.jackson.dataformat.xml.XmlMapper;
+import org.onap.ccsdk.features.sdnr.wt.yang.mapper.mapperextensions.YangToolsBuilderAnnotationIntrospector;
+
+public class OdlXmlMapper extends XmlMapper {
+
+    private static final long serialVersionUID = 1L;
+
+
+    public OdlXmlMapper() {
+        this.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+        this.setSerializationInclusion(Include.NON_NULL);
+        this.setPropertyNamingStrategy(PropertyNamingStrategy.KEBAB_CASE);
+        this.enable(MapperFeature.USE_GETTERS_AS_SETTERS);
+        YangToolsBuilderAnnotationIntrospector introspector = new YangToolsBuilderAnnotationIntrospector();
+        this.setAnnotationIntrospector(introspector);
+    }
+}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java
index d94631fe3..d94631fe3 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/OpenIdConfigResponseData.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java
index b791a4040..b791a4040 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UnableToConfigureOAuthService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java
index f7731f0b8..f7731f0b8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/data/UserTokenPayload.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java
index 0dc58efff..0dc58efff 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/AnyRoleHttpAuthenticationFilter.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java
index 6fb41d799..51c064819 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/BearerAndBasicHttpAuthenticationFilter.java
@@ -21,17 +21,19 @@
  */
 package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;
 
+import java.util.Locale;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
 import org.apache.shiro.authc.AuthenticationToken;
+import org.apache.shiro.codec.Base64;
+import org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter;
 import org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter;
 import org.apache.shiro.web.util.WebUtils;
-import org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthenticationFilter{
+public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthenticationFilter {
 
     // defined in lower-case for more efficient string comparison
     private static final Logger LOG = LoggerFactory.getLogger(BearerAndBasicHttpAuthenticationFilter.class);
@@ -74,14 +76,16 @@ public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthentica
     protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
         final HttpServletRequest httpRequest = WebUtils.toHttp(request);
         final String httpMethod = httpRequest.getMethod();
+        //always allow options requests
         if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) {
             return true;
-        } else {
-            if (this.basicAuthFilter.isAccessAllowed(httpRequest, response, mappedValue)) {
-                LOG.debug("isAccessAllowed succeeded on basicAuth");
-                return true;
-            }
         }
+
+        if (this.basicAuthFilter.isAccessAllowed(httpRequest, response, mappedValue)) {
+            LOG.debug("isAccessAllowed succeeded on basicAuth");
+            return true;
+        }
+
         return super.isAccessAllowed(request, response, mappedValue);
     }
 
@@ -111,24 +115,47 @@ public class BearerAndBasicHttpAuthenticationFilter extends BearerHttpAuthentica
         return createToken(username, password, request, response);
     }
 
+    private static class ODLHttpAuthenticationHelperFilter extends BasicHttpAuthenticationFilter {
+
+        private static final Logger LOG = LoggerFactory.getLogger(ODLHttpAuthenticationHelperFilter.class);
 
-    private static class ODLHttpAuthenticationHelperFilter extends ODLHttpAuthenticationFilter{
+        // defined in lower-case for more efficient string comparison
+        protected static final String BEARER_SCHEME = "bearer";
 
-        ODLHttpAuthenticationHelperFilter(){
-            super();
+        protected static final String OPTIONS_HEADER = "OPTIONS";
+
+        public ODLHttpAuthenticationHelperFilter() {
+            LOG.info("Creating the ODLHttpAuthenticationFilter");
         }
 
         @Override
-        protected boolean isLoginAttempt(String authzHeader) {
-            return super.isLoginAttempt(authzHeader);
+        protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
+            final String decoded = Base64.decodeToString(encoded);
+            // attempt to decode username/password; otherwise decode as token
+            if (decoded.contains(":")) {
+                return decoded.split(":");
+            }
+            return new String[]{encoded};
         }
+
         @Override
-        protected String[] getPrincipalsAndCredentials(String scheme, String encoded) {
-            return super.getPrincipalsAndCredentials(scheme, encoded);
+        protected boolean isLoginAttempt(String authzHeader) {
+            final String authzScheme = getAuthzScheme().toLowerCase(Locale.ROOT);
+            final String authzHeaderLowerCase = authzHeader.toLowerCase(Locale.ROOT);
+            return authzHeaderLowerCase.startsWith(authzScheme)
+                    || authzHeaderLowerCase.startsWith(BEARER_SCHEME);
         }
+
         @Override
-        protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
-            return super.isAccessAllowed(request, response, mappedValue);
+        protected boolean isAccessAllowed(ServletRequest request, ServletResponse response,
+                                          Object mappedValue) {
+            final HttpServletRequest httpRequest = WebUtils.toHttp(request);
+            final String httpMethod = httpRequest.getMethod();
+            if (OPTIONS_HEADER.equalsIgnoreCase(httpMethod)) {
+                return true;
+            } else {
+                return super.isAccessAllowed(httpRequest, response, mappedValue);
+            }
         }
     }
 }
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java
index 26cdbe773..27ca3b3f9 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/filters/CustomizedMDSALDynamicAuthorizationFilter.java
@@ -1,11 +1,28 @@
 package org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;
 
+import static com.google.common.base.Preconditions.checkArgument;
+import static java.util.Objects.requireNonNull;
+
 import com.google.common.collect.Iterables;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;
+
+import java.io.IOException;
+import java.util.*;
+import java.util.concurrent.ExecutionException;
+import javax.servlet.Filter;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.filter.authz.AuthorizationFilter;
-import org.opendaylight.mdsal.binding.api.*;
+import org.opendaylight.mdsal.binding.api.ClusteredDataTreeChangeListener;
+import org.opendaylight.mdsal.binding.api.DataBroker;
+import org.opendaylight.mdsal.binding.api.DataTreeIdentifier;
+import org.opendaylight.mdsal.binding.api.DataTreeModification;
+import org.opendaylight.mdsal.binding.api.ReadTransaction;
 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.HttpAuthorization;
 import org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies.Policies;
@@ -15,18 +32,7 @@ import org.opendaylight.yangtools.yang.binding.InstanceIdentifier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import javax.servlet.Filter;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.*;
-import java.util.concurrent.ExecutionException;
-
-import static com.google.common.base.Preconditions.checkArgument;
-import static java.util.Objects.requireNonNull;
-
+@SuppressWarnings("checkstyle:AbbreviationAsWordInName")
 public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilter
         implements ClusteredDataTreeChangeListener<HttpAuthorization> {
 
@@ -35,22 +41,24 @@ public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilt
     private static final DataTreeIdentifier<HttpAuthorization> AUTHZ_CONTAINER = DataTreeIdentifier.create(
             LogicalDatastoreType.CONFIGURATION, InstanceIdentifier.create(HttpAuthorization.class));
 
-    private final DataBroker dataBroker;
+    private static DataBroker dataBroker;
 
+    public static void setDataBroker(DataBroker dataBroker2){
+        dataBroker = dataBroker2;
+    }
     private ListenerRegistration<?> reg;
     private volatile ListenableFuture<Optional<HttpAuthorization>> authContainer;
-    private static final ThreadLocal<DataBroker> DATABROKER_TL = new ThreadLocal<>();
 
     public CustomizedMDSALDynamicAuthorizationFilter() {
-        dataBroker = requireNonNull(DATABROKER_TL.get());
+
     }
 
     @Override
     public Filter processPathConfig(final String path, final String config) {
-        try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) {
-            authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier());
-        }
-        this.reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this);
+        /*if (dataBroker == null){
+            throw new RuntimeException("dataBroker is not initialized");
+        }*/
+
         return super.processPathConfig(path, config);
     }
 
@@ -73,6 +81,15 @@ public class CustomizedMDSALDynamicAuthorizationFilter extends AuthorizationFilt
     @Override
     public boolean isAccessAllowed(final ServletRequest request, final ServletResponse response,
                                    final Object mappedValue) {
+        if (dataBroker == null){
+            throw new RuntimeException("dataBroker is not initialized");
+        }
+        if(reg == null){
+            try (ReadTransaction tx = dataBroker.newReadOnlyTransaction()) {
+                authContainer = tx.read(AUTHZ_CONTAINER.getDatastoreType(), AUTHZ_CONTAINER.getRootIdentifier());
+            }
+            reg = dataBroker.registerDataTreeChangeListener(AUTHZ_CONTAINER, this);
+        }
         checkArgument(request instanceof HttpServletRequest, "Expected HttpServletRequest, received {}", request);
 
 
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
index 338da179a..562fe5472 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/AuthHttpServlet.java
@@ -22,6 +22,7 @@
 package org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -43,26 +44,23 @@ import org.apache.shiro.authc.BearerToken;
 import org.apache.shiro.codec.Base64;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.subject.Subject;
-import org.jolokia.osgi.security.Authenticator;
-import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.NoDefinitionFoundException;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthProviderConfig;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OAuthToken;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlPolicy;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.*;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlShiroConfiguration.MainItem;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.OdlShiroConfiguration.UrlItem;
+import org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters.CustomizedMDSALDynamicAuthorizationFilter;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService.PublicOAuthProviderConfig;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.MdSalAuthorizationStore;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.OAuthProviderFactory;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
-import org.opendaylight.aaa.api.IdMService;
+import org.opendaylight.aaa.api.AuthenticationException;
+import org.opendaylight.aaa.api.Claim;
+import org.opendaylight.aaa.api.PasswordCredentialAuth;
+import org.opendaylight.aaa.api.PasswordCredentials;
+import org.opendaylight.aaa.tokenauthrealm.auth.PasswordCredentialBuilder;
 import org.opendaylight.mdsal.binding.api.DataBroker;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.ini.Main;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.ini.Urls;
+import org.osgi.service.http.HttpService;
+import org.osgi.service.http.NamespaceException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -70,7 +68,7 @@ public class AuthHttpServlet extends HttpServlet {
 
     private static final Logger LOG = LoggerFactory.getLogger(AuthHttpServlet.class.getName());
     private static final long serialVersionUID = 1L;
-    public static final String BASEURI = "/oauth";
+    private static final String BASEURI = "/oauth";
     private static final String LOGINURI = BASEURI + "/login";
     private static final String LOGOUTURI = BASEURI + "/logout";
     private static final String PROVIDERSURI = BASEURI + "/providers";
@@ -93,20 +91,26 @@ public class AuthHttpServlet extends HttpServlet {
     private static final String CLASSNAME_ODLMDSALAUTH =
             "org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter";
     public static final String LOGIN_REDIRECT_FORMAT = LOGINURI + "/%s";
+    private static final String URI_PRE = BASEURI;
 
+    private static final String CONFIGFILE ="/opt/opendaylight/etc/opendaylight/datastore/initial/config/aaa-app-config.xml";
     private final ObjectMapper mapper;
     /* state <=> AuthProviderService> */
     private final Map<String, AuthService> providerStore;
     private final TokenCreator tokenCreator;
     private final Config config;
-    private static Authenticator odlAuthenticator;
-    private static IdMService odlIdentityService;
-    private static ShiroConfiguration shiroConfiguration;
     private static MdSalAuthorizationStore mdsalAuthStore;
+    private PasswordCredentialAuth passwordCredentialAuth;
+    private OdlShiroConfiguration shiroConfiguration;
 
     public AuthHttpServlet() throws IllegalArgumentException, IOException, InvalidConfigurationException,
             UnableToConfigureOAuthService {
+        this(CONFIGFILE);
+    }
+    public AuthHttpServlet(String shiroconfigfile) throws IllegalArgumentException, IOException, InvalidConfigurationException,
+            UnableToConfigureOAuthService {
         this.config = Config.getInstance();
+        this.shiroConfiguration = loadShiroConfig(shiroconfigfile);
         this.tokenCreator = TokenCreator.getInstance(this.config);
         this.mapper = new ObjectMapper();
         this.providerStore = new HashMap<>();
@@ -116,20 +120,33 @@ public class AuthHttpServlet extends HttpServlet {
         }
     }
 
-    public void setOdlAuthenticator(Authenticator odlAuthenticator2) {
-        odlAuthenticator = odlAuthenticator2;
+    public void setDataBroker(DataBroker dataBroker) {
+        CustomizedMDSALDynamicAuthorizationFilter.setDataBroker(dataBroker);
+        mdsalAuthStore = new MdSalAuthorizationStore(dataBroker);
     }
 
-    public void setOdlIdentityService(IdMService odlIdentityService2) {
-        odlIdentityService = odlIdentityService2;
+    public void setPasswordCredentialAuth(PasswordCredentialAuth passwordCredentialAuth) {
+        this.passwordCredentialAuth = passwordCredentialAuth;
     }
 
-    public void setShiroConfiguration(ShiroConfiguration shiroConfiguration2) {
-        shiroConfiguration = shiroConfiguration2;
+
+    public void onUnbindService(HttpService httpService) {
+        httpService.unregister(AuthHttpServlet.URI_PRE);
+
     }
 
-    public void setDataBroker(DataBroker dataBroker) {
-        mdsalAuthStore = new MdSalAuthorizationStore(dataBroker);
+    public void onBindService(HttpService httpService)
+            throws ServletException, NamespaceException {
+        if (httpService == null) {
+            LOG.warn("Unable to inject HttpService into loader.");
+        } else {
+            httpService.registerServlet(AuthHttpServlet.URI_PRE, this, null, null);
+            LOG.info("oauth servlet registered.");
+        }
+    }
+    private static OdlShiroConfiguration loadShiroConfig(String filename) throws  IOException {
+        OdlXmlMapper mapper = new OdlXmlMapper();
+        return mapper.readValue(new File(filename), OdlShiroConfiguration.class);
     }
 
     @Override
@@ -158,10 +175,6 @@ public class AuthHttpServlet extends HttpServlet {
         if (redirectUrl == null) {
             redirectUrl = this.config.getPublicUrl();
         }
-        // if nothing configured and nothing from request
-        if(redirectUrl == null || redirectUrl.isBlank()){
-            redirectUrl="/";
-        }
         UserTokenPayload userInfo = this.tokenCreator.decode(bearerToken);
         if (bearerToken != null && userInfo != null && !userInfo.isInternal()) {
             AuthService provider = this.providerStore.getOrDefault(userInfo.getProviderId(), null);
@@ -194,27 +207,26 @@ public class AuthHttpServlet extends HttpServlet {
 
     /**
      * find out what urls can be accessed by user and which are forbidden
-     *
+     * <p>
      * urlEntries: "anon" -> any access allowed "authcXXX" -> no grouping rule -> any access for user allowed "authcXXX,
      * roles[abc] -> user needs to have role abc "authcXXX, roles["abc,def"] -> user needs to have roles abc AND def
      * "authcXXX, anyroles[abc] -> user needs to have role abc "authcXXX, anyroles["abc,def"] -> user needs to have
      * roles abc OR def
      *
-     *
      * @param req
      * @return
      */
     private List<OdlPolicy> getPoliciesForUser(HttpServletRequest req) {
-        List<Urls> urlRules = shiroConfiguration.getUrls();
-        UserTokenPayload data = this.getUserInfo(req);
         List<OdlPolicy> policies = new ArrayList<>();
+        List<UrlItem> urlRules = this.shiroConfiguration.getUrls();
+        UserTokenPayload data = this.getUserInfo(req);
         if (urlRules != null) {
             LOG.debug("try to find rules for user {} with roles {}",
                     data == null ? "null" : data.getPreferredUsername(), data == null ? "null" : data.getRoles());
             final String regex = "^([^,]+)[,]?[\\ ]?([anyroles]+)?(\\[\"?([a-zA-Z,]+)\"?\\])?";
             final Pattern pattern = Pattern.compile(regex);
             Matcher matcher;
-            for (Urls urlRule : urlRules) {
+            for (UrlItem urlRule : urlRules) {
                 matcher = pattern.matcher(urlRule.getPairValue());
                 if (matcher.find()) {
                     try {
@@ -223,7 +235,7 @@ public class AuthHttpServlet extends HttpServlet {
                         //anon access allowed
                         if (authClass == null) {
                             policy = Optional.of(OdlPolicy.allowAll(urlRule.getPairKey()));
-                        } else if (authClass.equals(CLASSNAME_ODLBASICAUTH)) {
+                        } else if (authClass.equals(CLASSNAME_ODLBASICAUTH) || "authcBasic".equals(urlRule.getPairKey())) {
                             policy = isBasic(req) ? this.getTokenBasedPolicy(urlRule, matcher, data)
                                     : Optional.of(OdlPolicy.denyAll(urlRule.getPairKey()));
                         } else if (authClass.equals(CLASSNAME_ODLBEARERANDBASICAUTH)) {
@@ -259,7 +271,7 @@ public class AuthHttpServlet extends HttpServlet {
      * @param data
      * @return
      */
-    private Optional<OdlPolicy> getMdSalBasedPolicy(Urls urlRule, UserTokenPayload data) {
+    private Optional<OdlPolicy> getMdSalBasedPolicy(UrlItem urlRule, UserTokenPayload data) {
         if (mdsalAuthStore != null) {
             return data != null ? mdsalAuthStore.getPolicy(urlRule.getPairKey(), data.getRoles())
                     : Optional.of(OdlPolicy.denyAll(urlRule.getPairKey()));
@@ -275,7 +287,8 @@ public class AuthHttpServlet extends HttpServlet {
      * @param data
      * @return
      */
-    private Optional<OdlPolicy> getTokenBasedPolicy(Urls urlRule, Matcher matcher, UserTokenPayload data) {
+    private Optional<OdlPolicy> getTokenBasedPolicy(UrlItem urlRule, Matcher matcher,
+                                                    UserTokenPayload data) {
         final String url = urlRule.getPairKey();
         final String rule = urlRule.getPairValue();
         if (!rule.contains(",")) {
@@ -312,8 +325,11 @@ public class AuthHttpServlet extends HttpServlet {
         if ("anon".equals(key)) {
             return null;
         }
-        List<Main> list = shiroConfiguration.getMain();
-        Optional<Main> main =
+        if("authcBasic".equals(key)){
+            return CLASSNAME_ODLBASICAUTH;
+        }
+        List<MainItem> list = shiroConfiguration.getMain();
+        Optional<MainItem> main =
                 list == null ? Optional.empty() : list.stream().filter(e -> e.getPairKey().equals(key)).findFirst();
         if (main.isPresent()) {
             return main.get().getPairValue();
@@ -334,7 +350,7 @@ public class AuthHttpServlet extends HttpServlet {
                 if (!username.contains("@")) {
                     username = String.format("%s@%s", username, domain);
                 }
-                List<String> roles = odlIdentityService.listRoles(username, domain);
+                List<String> roles = List.of();// odlIdentityService.listRoles(username, domain);
                 return UserTokenPayload.createInternal(username, roles);
             }
         }
@@ -361,12 +377,12 @@ public class AuthHttpServlet extends HttpServlet {
 
     private static boolean isBasic(HttpServletRequest req) {
         final String header = req.getHeader(HEAEDER_AUTHORIZATION);
-        return header == null ? false : header.startsWith("Basic");
+        return header != null && header.startsWith("Basic");
     }
 
     private static boolean isBearer(HttpServletRequest req) {
         final String header = req.getHeader(HEAEDER_AUTHORIZATION);
-        return header == null ? false : header.startsWith("Bearer");
+        return header != null && header.startsWith("Bearer");
     }
 
     private boolean rolesMatch(List<String> userRoles, List<String> policyRoles, boolean any) {
@@ -399,7 +415,7 @@ public class AuthHttpServlet extends HttpServlet {
                 hostUrl = matcher.group(1);
             }
         }
-        LOG.debug("host={}", hostUrl);
+        LOG.info("host={}", hostUrl);
         return hostUrl;
 
     }
@@ -451,17 +467,21 @@ public class AuthHttpServlet extends HttpServlet {
             }
 
         }
-        resp.sendError(HttpServletResponse.SC_NOT_FOUND);
+        resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
     }
 
     private BearerToken doLogin(String username, String password, String domain) {
-        if (!username.contains("@")) {
-            username = String.format("%s@%s", username, domain);
+
+        PasswordCredentials pc =
+                (new PasswordCredentialBuilder()).setUserName(username).setPassword(password).setDomain(domain).build();
+        Claim claim = null;
+        try {
+            claim = this.passwordCredentialAuth.authenticate(pc);
+        } catch (AuthenticationException e) {
+            LOG.warn("unable to authentication user {} for domain {}: ", username, domain, e);
         }
-        HttpServletRequest req = new HeadersOnlyHttpServletRequest(
-                Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue(username, password)));
-        if (odlAuthenticator.authenticate(req)) {
-            List<String> roles = odlIdentityService.listRoles(username, domain);
+        if (claim != null) {
+            List<String> roles = claim.roles().stream().toList();//odlIdentityService.listRoles(username, domain);
             UserTokenPayload data = new UserTokenPayload();
             data.setPreferredUsername(username);
             data.setFamilyName("");
@@ -470,15 +490,16 @@ public class AuthHttpServlet extends HttpServlet {
             data.setExp(this.tokenCreator.getDefaultExp());
             data.setRoles(roles);
             return this.tokenCreator.createNewJWT(data);
-
+        } else {
+            LOG.info("unable to read auth from authservice");
         }
         return null;
     }
 
 
-    private void sendResponse(HttpServletResponse resp, int code) throws IOException {
+/*    private void sendResponse(HttpServletResponse resp, int code) throws IOException {
         this.sendResponse(resp, code, null);
-    }
+    }*/
 
     private void sendResponse(HttpServletResponse resp, int code, Object data) throws IOException {
         byte[] output = data != null ? mapper.writeValueAsString(data).getBytes() : new byte[0];
@@ -486,14 +507,13 @@ public class AuthHttpServlet extends HttpServlet {
         resp.setStatus(code);
         resp.setContentLength(output.length);
         resp.setContentType("application/json");
-        ServletOutputStream os = null;
-        os = resp.getOutputStream();
+        ServletOutputStream os = resp.getOutputStream();
         os.write(output);
 
     }
 
     private void logout() {
-        final Subject subject = SecurityUtils.getSubject();
+       /* final Subject subject = SecurityUtils.getSubject();
         try {
             subject.logout();
             Session session = subject.getSession(false);
@@ -502,6 +522,6 @@ public class AuthHttpServlet extends HttpServlet {
             }
         } catch (ShiroException e) {
             LOG.debug("Couldn't log out {}", subject, e);
-        }
+        }*/
     }
 }
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java
index 31b6d696f..31b6d696f 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/HeadersOnlyHttpServletRequest.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java
index 6b1a8eddd..6b1a8eddd 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappedBaseHttpResponse.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java
index ca455dc72..ca455dc72 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/http/client/MappingBaseHttpClient.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
index 2dc0b5746..2dc0b5746 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/AuthService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java
index fc6869751..d271948c2 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/GitlabProviderService.java
@@ -102,7 +102,7 @@ public class GitlabProviderService extends AuthService {
 
     @Override
     protected UserTokenPayload requestUserRoles(String access_token, long issued_at, long expires_at) {
-        LOG.debug("reqesting user roles with token={}", access_token);
+        LOG.info("reqesting user roles with token={}", access_token);
         Map<String, String> authHeaders = new HashMap<>();
         authHeaders.put("Authorization", String.format("Bearer %s", access_token));
         Optional<MappedBaseHttpResponse<GitlabUserInfo>> userInfo =
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
index bdbf9286a..bdbf9286a 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/KeycloakProviderService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
index 4bf35e72d..4bf35e72d 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/MdSalAuthorizationStore.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java
index 73bae5d4c..73bae5d4c 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/NextcloudProviderService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java
index 152569930..152569930 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/OAuthProviderFactory.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java
index fac46f6b1..fac46f6b1 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/PemUtils.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java
index 028dff9dd..028dff9dd 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/RSAKeyReader.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
index 436d47827..d8720e823 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/providers/TokenCreator.java
@@ -157,18 +157,16 @@ public class TokenCreator {
     public String getBearerToken(HttpServletRequest req, boolean checkCookie) {
         final String authHeader = req.getHeader("Authorization");
         if ((authHeader == null || !authHeader.startsWith("Bearer")) && checkCookie) {
-            if(req!=null) {
-                Cookie[] cookies = req.getCookies();
-                Optional<Cookie> ocookie = Optional.empty();
-                if (cookies != null) {
-                    ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName()))
-                            .findFirst();
-                }
-                if (ocookie.isEmpty()) {
-                    return null;
-                }
-                return ocookie.get().getValue();
+            Cookie[] cookies = req.getCookies();
+            Optional<Cookie> ocookie = Optional.empty();
+            if (cookies != null) {
+                ocookie = Arrays.stream(cookies).filter(c -> c != null && COOKIE_NAME_AUTH.equals(c.getName()))
+                        .findFirst();
             }
+            if (ocookie.isEmpty()) {
+                return null;
+            }
+            return ocookie.get().getValue();
         }
         return authHeader.substring(7);
     }
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java
index 7b4adefda..3e9205733 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestAuthHttpServlet.java
@@ -21,9 +21,11 @@
  */
 package org.onap.ccsdk.features.sdnr.wt.oauthprovider.test;
 
+import java.util.Set;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.fail;
+import org.junit.Ignore;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
@@ -45,6 +47,7 @@ import org.jolokia.osgi.security.Authenticator;
 import org.json.JSONArray;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.mockito.internal.matchers.Any;
 import org.onap.ccsdk.features.sdnr.wt.common.http.BaseHTTPClient;
 import org.onap.ccsdk.features.sdnr.wt.common.test.ServletOutputStreamToByteArrayOutputStream;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.Config;
@@ -57,8 +60,12 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.HeadersOnlyHttpServlet
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlJsonMapper;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.test.helper.OdlXmlMapper;
+import org.opendaylight.aaa.api.Claim;
 import org.opendaylight.aaa.api.IdMService;
 import org.apache.shiro.authc.BearerToken;
+import org.opendaylight.aaa.api.PasswordCredentialAuth;
+import org.opendaylight.aaa.api.PasswordCredentials;
+import org.opendaylight.aaa.shiro.web.env.AAAShiroWebEnvironment;
 import org.opendaylight.mdsal.binding.api.DataBroker;
 import org.opendaylight.mdsal.binding.api.ReadTransaction;
 import org.opendaylight.mdsal.common.api.LogicalDatastoreType;
@@ -79,7 +86,7 @@ public class TestAuthHttpServlet {
     private static DataBroker dataBroker = loadDynamicMdsalAuthDataBroker();
     private static Authenticator odlAuthenticator = mock(Authenticator.class);
     private static IdMService odlIdentityService = mock(IdMService.class);
-    private static ShiroConfiguration shiroConfiguration = null;
+    private static PasswordCredentialAuth passwordCredentialAuth;
     private static TokenCreator tokenCreator;
 //    private static final HttpServletRequest authreq = new HeadersOnlyHttpServletRequest(
 //            Map.of("Authorization", BaseHTTPClient.getAuthorizationHeaderValue("admin@sdn", "admin")));
@@ -91,14 +98,13 @@ public class TestAuthHttpServlet {
             Config config = createConfigFile();
             tokenCreator = TokenCreator.getInstance(config);
             servlet = new TestServlet();
-            shiroConfiguration = loadShiroConfig(TESTSHIROCONFIGFILE);
         } catch (IOException | InvalidConfigurationException e) {
             fail(e.getMessage());
         }
         servlet.setDataBroker(dataBroker);
-        servlet.setOdlAuthenticator(odlAuthenticator);
-        servlet.setOdlIdentityService(odlIdentityService);
-        servlet.setShiroConfiguration(shiroConfiguration);
+        passwordCredentialAuth = mock(PasswordCredentialAuth.class);
+
+        servlet.setPasswordCredentialAuth(passwordCredentialAuth);
     }
 
     private static DataBroker loadDynamicMdsalAuthDataBroker() {
@@ -170,7 +176,33 @@ public class TestAuthHttpServlet {
         when(req.getRequestURI()).thenReturn("/oauth/login");
         when(req.getParameter("username")).thenReturn("admin");
         when(req.getParameter("password")).thenReturn("admin");
-        when(odlAuthenticator.authenticate(any(HeadersOnlyHttpServletRequest.class))).thenReturn(true);
+        Claim claim = new Claim() {
+            @Override
+            public String clientId() {
+                return "admin";
+            }
+
+            @Override
+            public String userId() {
+                return "admin";
+            }
+
+            @Override
+            public String user() {
+                return null;
+            }
+
+            @Override
+            public String domain() {
+                return "sdn";
+            }
+
+            @Override
+            public Set<String> roles() {
+                return Set.of("admin");
+            }
+        };
+        when(passwordCredentialAuth.authenticate(any(PasswordCredentials.class))).thenReturn(claim);
         HttpServletResponse resp = mock(HttpServletResponse.class);
         ServletOutputStreamToByteArrayOutputStream printOut = new ServletOutputStreamToByteArrayOutputStream();
         try {
@@ -207,6 +239,9 @@ public class TestAuthHttpServlet {
     }
 
     @Test
+/*
+    @Ignore
+*/
     public void testPoliciesAnon() {
 
         HttpServletRequest req = mock(HttpServletRequest.class);
@@ -267,13 +302,13 @@ public class TestAuthHttpServlet {
         assertEquals(9, anonPolicies.length);
         OdlPolicy pApidoc = find(anonPolicies, "/apidoc/**");
         assertNotNull(pApidoc);
-        assertAllEquals(true, pApidoc);
+        assertAllEquals(false, pApidoc);
         OdlPolicy pOauth = find(anonPolicies, "/oauth/**");
         assertNotNull(pOauth);
         assertAllEquals(true, pOauth);
         OdlPolicy pRestconf = find(anonPolicies, "/rests/**");
         assertNotNull(pRestconf);
-        assertAllEquals(true, pRestconf);
+        assertAllEquals(false, pRestconf);
     }
 
     @Test
@@ -353,7 +388,7 @@ public class TestAuthHttpServlet {
         private static final long serialVersionUID = 1L;
 
         public TestServlet() throws IllegalArgumentException, Exception {
-            super();
+            super(TESTSHIROCONFIGFILE);
         }
 
         @Override
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java
index 80ae8cf95..80ae8cf95 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestConfig.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java
index 421b61919..421b61919 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestDeserializer.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
index 6c2390ea0..6c2390ea0 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestGitlabAuthService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
index acc7c6b36..acc7c6b36 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestKeycloakAuthService.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java
index 31d72944c..31d72944c 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestPolicy.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java
index 2d03bab1d..2d03bab1d 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestProperty.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java
index 84d8e0a96..84d8e0a96 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRSAAlgorithms.java
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java
index c1d3fd1ea..ebf01a1ba 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/TestRealm.java
@@ -31,8 +31,6 @@ import java.io.IOException;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
-import java.util.function.Supplier;
-
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationInfo;
 import org.apache.shiro.authc.AuthenticationToken;
@@ -48,50 +46,44 @@ import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UserTokenPayload;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.AuthService;
 import org.onap.ccsdk.features.sdnr.wt.oauthprovider.providers.TokenCreator;
 import org.opendaylight.aaa.api.Authentication;
-import org.opendaylight.aaa.api.AuthenticationService;
 import org.opendaylight.aaa.api.TokenStore;
 import org.opendaylight.aaa.api.shiro.principal.ODLPrincipal;
 import org.opendaylight.aaa.shiro.realm.TokenAuthRealm;
 import org.opendaylight.aaa.tokenauthrealm.auth.AuthenticationManager;
 import org.opendaylight.aaa.tokenauthrealm.auth.TokenAuthenticators;
-import org.opendaylight.mdsal.binding.api.DataBroker;
 
 public class TestRealm {
 
     private static OAuth2RealmToTest realm;
     private static TokenCreator tokenCreator;
 
-    private static final AuthenticationManager authManager  = new AuthenticationManager();
-    private static final TokenAuthenticators tokenAuth = new TokenAuthenticators();
-
-    private static final TokenStore tokenStore = new TokenStore(){
-
-        @Override
-        public void put(String token, Authentication auth) {
-
-        }
-
-        @Override
-        public Authentication get(String token) {
-            return null;
-        }
-
-        @Override
-        public boolean delete(String token) {
-            return false;
-        }
-
-        @Override
-        public long tokenExpiration() {
-            return 0;
-        }
-    };
     @BeforeClass
     public static void init() throws IllegalArgumentException, Exception {
-        TokenAuthRealm.prepareForLoad(authManager,tokenAuth,tokenStore);
+
         try {
             Config config = Config.getInstance(TestConfig.TEST_CONFIG_FILENAME);
             tokenCreator = TokenCreator.getInstance(config);
+            TokenAuthRealm.prepareForLoad(new AuthenticationManager(), new TokenAuthenticators(), new TokenStore() {
+                @Override
+                public void put(String token, Authentication auth) {
+
+                }
+
+                @Override
+                public Authentication get(String token) {
+                    return null;
+                }
+
+                @Override
+                public boolean delete(String token) {
+                    return false;
+                }
+
+                @Override
+                public long tokenExpiration() {
+                    return 0;
+                }
+            });
             realm = new OAuth2RealmToTest();
         } catch (IOException e) {
             fail(e.getMessage());
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java
index b0cc0253b..7d51b2fe8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlJsonMapper.java
@@ -42,12 +42,12 @@ public class OdlJsonMapper extends ObjectMapper {
         this.enable(MapperFeature.USE_GETTERS_AS_SETTERS);
         YangToolsBuilderAnnotationIntrospector introspector = new YangToolsBuilderAnnotationIntrospector();
         //introspector.addDeserializer(Main.class, ShiroMainBuilder.class.getName());
-        introspector.addDeserializer(Permissions.class,PermissionsBuilder.class.getName());
+        //introspector.addDeserializer(Permissions.class,PermissionsBuilder.class.getName());
         this.setAnnotationIntrospector(introspector);
         this.registerModule(new YangToolsModule());
     }
 
-    public static class PermissionsBuilder {
+   /* public static class PermissionsBuilder implements Builder<Permissions> {
         private Permissions _value;
 
         public PermissionsBuilder() {
@@ -57,9 +57,9 @@ public class OdlJsonMapper extends ObjectMapper {
             this._value = value;
         }
 
-
+        @Override
         public Permissions build() {
             return this._value;
         }
-    }
+    }*/
 }
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java
index b965878e8..b965878e8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/test/helper/OdlXmlMapper.java
diff --git a/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml
new file mode 100644
index 000000000..e46508d68
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/aaa-app-config.test.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" ?>
+
+
+<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
+
+
+    <main>
+        <pair-key>tokenAuthRealm</pair-key>
+        <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
+    </main>
+
+    <main>
+        <pair-key>securityManager.realms</pair-key>
+        <pair-value>$tokenAuthRealm</pair-value>
+    </main>
+
+    <main>
+        <pair-key>anyroles</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value>
+    </main>
+    <main>
+        <pair-key>authcBearer</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
+    </main>
+
+    <main>
+        <pair-key>accountingListener</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
+    </main>
+    <main>
+        <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
+        <pair-value>$accountingListener</pair-value>
+    </main>
+
+    <main>
+        <pair-key>dynamicAuthorization</pair-key>
+        <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
+    </main>
+
+    <urls>
+        <pair-key>/**/operations/cluster-admin**</pair-key>
+        <pair-value>dynamicAuthorization</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/**/v1/**</pair-key>
+        <pair-value>authcBearer, roles[admin]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/**/config/aaa*/**</pair-key>
+        <pair-value>authcBearer, roles[admin]</pair-value>
+    </urls>
+     <urls>
+        <pair-key>/oauth/**</pair-key>
+        <pair-value>anon</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/odlux/**</pair-key>
+        <pair-value>anon</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/apidoc/**</pair-key>
+        <pair-value>authcBasic, roles[admin]</pair-value>
+    </urls>
+     <urls>
+        <pair-key>/test123/**</pair-key>
+        <pair-value>authcBasic</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/rests/**</pair-key>
+        <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
+    </urls>
+    <urls>
+        <pair-key>/**</pair-key>
+        <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
+    </urls>
+</shiro-configuration>
+
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key
index c0c15e014..c0c15e014 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub
index add863aef..add863aef 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS256.key.pub
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS256.key.pub
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key
index 6b4e8c7bc..6b4e8c7bc 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub
index 7191c95f8..7191c95f8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/jwtRS512.key.pub
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/jwtRS512.key.pub
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json
index a1627682b..a1627682b 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/mdsalDynAuthData.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/mdsalDynAuthData.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json
index 85fc37cc8..85fc37cc8 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-groups-response.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-groups-response.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json
index 0a6bd7231..0a6bd7231 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-token-response.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-token-response.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json
index b08332b41..b08332b41 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/gitlab-user-response.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/gitlab-user-response.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json
index c62ed9458..c62ed9458 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oauth/keycloak-token-response.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oauth/keycloak-token-response.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json
index 4e5707fa1..4e5707fa1 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/oom.test.config.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/oom.test.config.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json
index a55576b9e..a55576b9e 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.config.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.config.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json
index 30b80c45a..30b80c45a 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256-invalid.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256-invalid.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json
index 02a4e8f5f..02a4e8f5f 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS256.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS256.json
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json
index eddc6c362..eddc6c362 100644
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/test.configRS512.json
+++ b/sdnr/wt/oauth-provider/oauth-core/src/test/resources/test.configRS512.json
diff --git a/sdnr/wt/oauth-provider/provider-osgi/pom.xml b/sdnr/wt/oauth-provider/oauth-realm/pom.xml
index 99634cbeb..ef8706ae0 100644
--- a/sdnr/wt/oauth-provider/provider-osgi/pom.xml
+++ b/sdnr/wt/oauth-provider/oauth-realm/pom.xml
@@ -22,6 +22,7 @@
   ~ ============LICENSE_END=======================================================
   ~
   -->
+
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
 
@@ -33,8 +34,8 @@
     </parent>
 
     <groupId>org.onap.ccsdk.features.sdnr.wt</groupId>
-    <artifactId>sdnr-wt-oauth-provider</artifactId>
-    <version>1.6.0-SNAPSHOT</version>
+    <artifactId>sdnr-wt-oauth-realm</artifactId>
+    <version>1.7.0-SNAPSHOT</version>
     <packaging>bundle</packaging>
 
     <name>ccsdk-features :: ${project.artifactId}</name>
@@ -53,7 +54,7 @@
     <dependencies>
         <dependency>
             <groupId>${project.groupId}</groupId>
-            <artifactId>sdnr-wt-oauth-provider-jar</artifactId>
+            <artifactId>sdnr-wt-oauth-core</artifactId>
             <version>${project.version}</version>
             <exclusions>
                 <exclusion>
@@ -88,8 +89,6 @@
                         <Export-Package>
                             org.onap.ccsdk.features.sdnr.wt.oauthprovider;version=${project.version},
                             org.onap.ccsdk.features.sdnr.wt.oauthprovider.filters;version=${project.version},
-                            org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;version=${project.version},
-                            org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client;version=${project.version},
                             org.onap.ccsdk.features.sdnr.wt.oauthprovider.data;version=${project.version},
                             org.onap.ccsdk.features.sdnr.wt.oauthprovider.services;version=${project.version}
                         </Export-Package>
@@ -108,22 +107,22 @@
                             javax.xml.parsers,
                             javax.xml.namespace,
                             javax.xml.transform.stream,
+                            org.apache.commons.codec.binary,
+                            org.apache.shiro,
                             org.apache.shiro.authc,
                             org.apache.shiro.authz,
                             org.apache.shiro.realm,
                             org.apache.shiro.subject,
+                            org.apache.shiro.web.filter.authc,
                             org.apache.shiro.web.filter.authz,
+                            org.apache.shiro.web.util,
                             org.jolokia.osgi.security,
                             org.onap.ccsdk.features.sdnr.wt.common.http,
                             org.opendaylight.aaa.api,
                             org.opendaylight.aaa.api.shiro.principal,
                             org.opendaylight.aaa.shiro.realm,
-                            org.opendaylight.aaa.shiro.filters,
-                            org.opendaylight.aaa.shiro.web.env,
                             org.opendaylight.mdsal.binding.api,
                             org.opendaylight.mdsal.common.api,
-                            org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619,
-                            org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.shiro.configuration,
                             org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214,
                             org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization,
                             org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies,
@@ -131,7 +130,7 @@
                             org.opendaylight.yangtools.concepts,
                             org.opendaylight.yangtools.yang.binding,
                             org.opendaylight.yangtools.yang.common,
-                            org.osgi.service.http,
+                            org.slf4j,
                             com.fasterxml.jackson.databind,
                             com.fasterxml.jackson.databind.deser.std,
                             com.fasterxml.jackson.databind.ser.std,
@@ -139,7 +138,6 @@
                             com.fasterxml.jackson.annotation,
                             com.fasterxml.jackson.core.type,
                             com.fasterxml.jackson.core,
-                            org.apache.commons.codec.binary,
                             com.google.common.base,
                             com.google.common.collect,
                             com.google.common.util.concurrent
@@ -147,7 +145,7 @@
                         <Embed-Dependency>*;scope=compile|runtime;inline=false</Embed-Dependency>
                         <Embed-Dependency>*;scope=compile|runtime;artifactId=!shiro-core;inline=false</Embed-Dependency>
                         <Embed-Transitive>true</Embed-Transitive>
-                        <Fragment-Host>org.opendaylight.aaa.repackaged-shiro</Fragment-Host>
+                        <Fragment-Host>org.opendaylight.aaa.shiro</Fragment-Host>
                     </instructions>
                 </configuration>
             </plugin>
diff --git a/sdnr/wt/oauth-provider/oauth-web/pom.xml b/sdnr/wt/oauth-provider/oauth-web/pom.xml
new file mode 100644
index 000000000..0fa834d2b
--- /dev/null
+++ b/sdnr/wt/oauth-provider/oauth-web/pom.xml
@@ -0,0 +1,155 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ ============LICENSE_START=======================================================
+  ~ ONAP : ccsdk features
+  ~ ================================================================================
+  ~ Copyright (C) 2019 highstreet technologies GmbH Intellectual Property.
+  ~ All rights reserved.
+  ~ ================================================================================
+  ~ Update Copyright (C) 2020 AT&T Intellectual Property. All rights reserved.
+  ~ ================================================================================
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~     http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  ~ ============LICENSE_END=======================================================
+  ~
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>org.onap.ccsdk.parent</groupId>
+        <artifactId>binding-parent</artifactId>
+        <version>2.6.1</version>
+        <relativePath/>
+    </parent>
+
+    <groupId>org.onap.ccsdk.features.sdnr.wt</groupId>
+    <artifactId>sdnr-wt-oauth-web</artifactId>
+    <version>1.7.0-SNAPSHOT</version>
+    <packaging>bundle</packaging>
+
+    <name>ccsdk-features :: ${project.artifactId}</name>
+    <licenses>
+        <license>
+            <name>Apache License, Version 2.0</name>
+            <url>http://www.apache.org/licenses/LICENSE-2.0</url>
+        </license>
+    </licenses>
+
+    <properties>
+        <maven.javadoc.skip>true</maven.javadoc.skip>
+        <checkstyle.skip>true</checkstyle.skip>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>${project.groupId}</groupId>
+            <artifactId>sdnr-wt-oauth-core</artifactId>
+            <version>${project.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.opendaylight.aaa</groupId>
+                    <artifactId>aaa-shiro</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.opendaylight.aaa</groupId>
+                    <artifactId>aaa-shiro</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.shiro</groupId>
+                    <artifactId>shiro-web</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>${project.groupId}</groupId>
+                    <artifactId>sdnr-wt-common</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>maven-bundle-plugin</artifactId>
+                <extensions>true</extensions>
+                <configuration>
+                    <instructions>
+                        <Bundle-SymbolicName>${project.artifactId}</Bundle-SymbolicName>
+                        <Bundle-Version>${project.version}</Bundle-Version>
+                        <Export-Package>
+                            org.onap.ccsdk.features.sdnr.wt.oauthprovider.http;version=${project.version},
+                            org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.client;version=${project.version}
+                        </Export-Package>
+                        <Import-Package>
+                            javax.servlet,
+                            javax.servlet.http,
+                            javax.net.ssl,
+                            javax.crypto,
+                            javax.crypto.spec,
+                            javax.xml.transform,
+                            javax.xml.datatype,
+                            javax.management,
+                            javax.security.auth,
+                            javax.security.auth.login,
+                            javax.security.auth.callback,
+                            javax.xml.parsers,
+                            javax.xml.namespace,
+                            javax.xml.transform.stream,
+                            org.apache.commons.codec.binary,
+                            org.apache.shiro,
+                            org.apache.shiro.authc,
+                            org.apache.shiro.authz,
+                            org.apache.shiro.config,
+                            org.apache.shiro.realm,
+                            org.apache.shiro.subject,
+                            org.apache.shiro.web.env,
+                            org.apache.shiro.web.filter.authz,
+                            org.jolokia.osgi.security,
+                            org.onap.ccsdk.features.sdnr.wt.common.http,
+                            org.onap.ccsdk.features.sdnr.wt.yang.mapper.mapperextensions,
+                            org.opendaylight.aaa.api,
+                            org.opendaylight.aaa.api.shiro.principal,
+                            org.opendaylight.aaa.shiro.realm,
+                            org.opendaylight.aaa.shiro.web.env,
+                            org.opendaylight.aaa.tokenauthrealm.auth,
+                            org.opendaylight.mdsal.binding.api,
+                            org.opendaylight.mdsal.common.api,
+                            org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214,
+                            org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization,
+                            org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.authorization.policies,
+                            org.opendaylight.yang.gen.v1.urn.opendaylight.params.xml.ns.yang.aaa.rev161214.http.permission,
+                            org.opendaylight.yangtools.concepts,
+                            org.opendaylight.yangtools.yang.binding,
+                            org.opendaylight.yangtools.yang.common,
+                            org.osgi.service.http,
+                            org.slf4j,
+                            com.fasterxml.jackson.databind,
+                            com.fasterxml.jackson.databind.deser.std,
+                            com.fasterxml.jackson.databind.ser.std,
+                            com.fasterxml.jackson.databind.module,
+                            com.fasterxml.jackson.dataformat.xml,
+                            com.fasterxml.jackson.annotation,
+                            com.fasterxml.jackson.core.type,
+                            com.fasterxml.jackson.core,
+                            com.google.common.base,
+                            com.google.common.collect,
+                            com.google.common.util.concurrent
+                        </Import-Package>
+                       <!-- <Embed-Dependency>*;scope=compile|runtime;inline=false</Embed-Dependency>-->
+                        <Embed-Dependency>*;scope=compile|runtime;artifactId=sdnr-wt-oauth-core,java-jwt,bcprov-jdk15on,aaa-shiro;inline=false</Embed-Dependency>
+                        <Embed-Transitive>true</Embed-Transitive>
+                    </instructions>
+                </configuration>
+            </plugin>
+        </plugins>
+    </build>
+</project>
diff --git a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml b/sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml
index a8258dc8b..c782e3ee1 100644
--- a/sdnr/wt/oauth-provider/provider-osgi/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml
+++ b/sdnr/wt/oauth-provider/oauth-web/src/main/resources/org/opendaylight/blueprint/impl-blueprint.xml
@@ -26,32 +26,16 @@
 <blueprint xmlns:odl="http://opendaylight.org/xmlns/blueprint/v1.0.0"
            xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0" odl:use-default-for-reference-types="true">
 
-    <reference id="odlAuthenticator" interface="org.jolokia.osgi.security.Authenticator" />
-
-    <reference id="odlIdentityService" interface="org.opendaylight.aaa.api.IdMService" />
-
-    <reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker" />
-
-    <bean id="provider" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.Helper" init-method="init" destroy-method="close">
-        <property ref="odlAuthenticator" name="odlAuthenticator" />
-        <property ref="odlIdentityService" name="odlIdentityService" />
-        <property ref="shiroConfiguration" name="shiroConfiguration" />
-        <property ref="dataBroker" name="dataBroker" />
-    </bean>
-
+    <reference id="dataBroker" interface="org.opendaylight.mdsal.binding.api.DataBroker"/>
+    <reference id="passwordCredentialAuth" interface="org.opendaylight.aaa.api.PasswordCredentialAuth"/>
     <reference id="onBindService" availability="mandatory" activation="eager" interface="org.osgi.service.http.HttpService">
-        <reference-listener ref="provider" bind-method="onBindService" unbind-method="onUnbindService"/>
+        <reference-listener ref="authServlet" bind-method="onBindService" unbind-method="onUnbindService"/>
     </reference>
 
-    <odl:clustered-app-config
-          binding-class="org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration"
-          id="shiroConfiguration" default-config-file-name="aaa-app-config.xml" />
-          
-    <bean id="authServlet" class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet">
-          <property ref="odlAuthenticator" name="odlAuthenticator" />
-          <property ref="odlIdentityService" name="odlIdentityService" />
-          <property ref="shiroConfiguration" name="shiroConfiguration" />
-          <property ref="dataBroker" name="dataBroker" />
+    <bean id="authServlet"
+          class="org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet">
+        <property ref="dataBroker" name="dataBroker" />
+        <property ref="passwordCredentialAuth" name="passwordCredentialAuth" />
     </bean>
 
 </blueprint>
diff --git a/sdnr/wt/oauth-provider/pom.xml b/sdnr/wt/oauth-provider/pom.xml
index 587d9679f..c4dbef2b8 100755
--- a/sdnr/wt/oauth-provider/pom.xml
+++ b/sdnr/wt/oauth-provider/pom.xml
@@ -40,8 +40,9 @@
     <name>ccsdk-features :: ${project.artifactId}</name>
 
     <modules>
-        <module>provider-jar</module>
-        <module>provider-osgi</module>
+        <module>oauth-core</module>
+        <module>oauth-realm</module>
+	    <module>oauth-web</module>
     </modules>
 
     <properties>
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java b/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java
deleted file mode 100644
index 38947a124..000000000
--- a/sdnr/wt/oauth-provider/provider-jar/src/main/java/org/onap/ccsdk/features/sdnr/wt/oauthprovider/Helper.java
+++ /dev/null
@@ -1,66 +0,0 @@
-package org.onap.ccsdk.features.sdnr.wt.oauthprovider;
-
-import org.jolokia.osgi.security.Authenticator;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.InvalidConfigurationException;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.data.UnableToConfigureOAuthService;
-import org.onap.ccsdk.features.sdnr.wt.oauthprovider.http.AuthHttpServlet;
-import org.opendaylight.aaa.api.IdMService;
-import org.opendaylight.mdsal.binding.api.DataBroker;
-import org.opendaylight.yang.gen.v1.urn.opendaylight.aaa.app.config.rev170619.ShiroConfiguration;
-import org.osgi.service.http.HttpService;
-import org.osgi.service.http.NamespaceException;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-import javax.servlet.ServletException;
-import java.io.IOException;
-
-public class Helper {
-
-    private static final Logger LOG = LoggerFactory.getLogger(Helper.class);
-    private AuthHttpServlet authServlet;
-
-    public Helper() throws UnableToConfigureOAuthService, IOException, InvalidConfigurationException {
-        this.authServlet = new AuthHttpServlet();
-
-    }
-
-    public void onUnbindService(HttpService httpService) {
-        httpService.unregister(AuthHttpServlet.BASEURI);
-        this.authServlet = null;
-    }
-
-    public void onBindService(HttpService httpService)
-            throws ServletException, NamespaceException {
-        if (httpService == null) {
-            LOG.warn("Unable to inject HttpService into loader.");
-        } else {
-            httpService.registerServlet(AuthHttpServlet.BASEURI, authServlet, null, null);
-            LOG.info("auth servlet registered.");
-        }
-    }
-
-    public void setOdlAuthenticator(Authenticator odlAuthenticator) {
-        authServlet.setOdlAuthenticator(odlAuthenticator);
-    }
-
-    public void setOdlIdentityService(IdMService odlIdentityService) {
-        this.authServlet.setOdlIdentityService(odlIdentityService);
-    }
-
-    public void setShiroConfiguration(ShiroConfiguration shiroConfiguration) {
-        this.authServlet.setShiroConfiguration(shiroConfiguration);
-    }
-
-    public void setDataBroker(DataBroker dataBroker) {
-        this.authServlet.setDataBroker(dataBroker);
-    }
-
-    public void init() {
-
-    }
-
-    public void close() {
-
-    }
-}
diff --git a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml b/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml
deleted file mode 100644
index 1929fde8e..000000000
--- a/sdnr/wt/oauth-provider/provider-jar/src/test/resources/aaa-app-config.test.xml
+++ /dev/null
@@ -1,353 +0,0 @@
-<?xml version="1.0" ?>
-<!--
-     Copyright (c) 2017 Inocybe Technologies and others.  All rights reserved.
-
-     This program and the accompanying materials are made available under the
-     terms of the Eclipse Public License v1.0 which accompanies this distribution,
-     and is available at http://www.eclipse.org/legal/epl-v10.html , or the Apache License,
-     Version 2.0 which is available at https://www.apache.org/licenses/LICENSE-2.0
-     SPDX-License-Identifier: EPL-1.0 OR Apache-2.0
--->
-
-<!--
-  ///////////////////////////////////////////////////////////////////////////////////////
-  // clustered-app-config instance responsible for AAA configuration.  In the future,  //
-  // this will contain all AAA related configuration.                                  //
-  ///////////////////////////////////////////////////////////////////////////////////////
--->
-
-<shiro-configuration xmlns="urn:opendaylight:aaa:app:config">
-
-    <!--
-      ///////////////////////////////////////////////////////////////////////////////////
-      // shiro-configuration is the model based container that contains all shiro      //
-      // related information used in ODL AAA configuration.  It is the sole pain of    //
-      // glass for shiro related configuration, and is how to configure shiro concepts //
-      // such as:                                                                      //
-      // * realms                                                                      //
-      // * urls                                                                        //
-      // * security manager settings                                                   //
-      //                                                                               //
-      // In general, you really shouldn't muck with the settings in this file.  The    //
-      // way an operator should configure AAA shiro settings is through one of ODL's   //
-      // northbound interfaces (i.e., RESTCONF or NETCONF).  These are just the        //
-      // defaults if no values are specified in MD-SAL.  The reason this file is so    //
-      // verbose is for two reasons:                                                   //
-      // 1) to demonstrate payload examples for plausible configuration scenarios      //
-      // 2) to allow bootstrap of the controller (first time start) since otherwise    //
-      //    configuration becomes a chicken and the egg problem.                       //
-      //                                                                               //
-      ///////////////////////////////////////////////////////////////////////////////////
-    -->
-
-    <!--
-      ===================================================================================
-      =                                                                                 =
-      =                                                                                 =
-      =                                      MAIN                                       =
-      =                                                                                 =
-      =                                                                                 =
-      ===================================================================================
-    -->
-
-    <!--
-      ===================================================================================
-      ============================ ODLJndiLdapRealmAuthNOnly ============================
-      ===================================================================================
-      =                                                                                 =
-      = Description:  A Realm implementation aimed at federating with an external LDAP  =
-      =               server for authentication only.  For authorization support, refer =
-      =               to ODLJndiLdapRealm.                                              =
-      ===================================================================================
-    -->
-    <!-- Start ldapRealm commented out
-    <main>
-        <pair-key>ldapRealm</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealmAuthNOnly</pair-value>
-    </main>
-    <main>
-        <pair-key>ldapRealm.userDnTemplate</pair-key>
-        <pair-value>uid={0},ou=People,dc=DOMAIN,dc=TLD</pair-value>
-    </main>
-    <main>
-        <pair-key>ldapRealm.contextFactory.url</pair-key>
-        <pair-value>ldap://&lt;URL&gt;:389</pair-value>
-    </main>
-    <main>
-        <pair-key>ldapRealm.searchBase</pair-key>
-        <pair-value>dc=DOMAIN,dc=TLD</pair-value>
-    </main>
-    <main>
-        <pair-key>ldapRealm.groupRolesMap</pair-key>
-        <pair-value>&quot;person&quot;:&quot;admin&quot;, &quot;organizationalPerson&quot;:&quot;user&quot;</pair-value>
-    </main>
-    <main>
-        <pair-key>ldapRealm.ldapAttributeForComparison</pair-key>
-        <pair-value>objectClass</pair-value>
-    </main>
-    End ldapRealm commented out-->
-
-    <!--
-      ===================================================================================
-      ============================= ODLActiveDirectoryRealm =============================
-      ===================================================================================
-      =                                                                                 =
-      = Description:  A Realm implementation aimed at federating with an external AD    =
-      =               IDP server.                                                       =
-      ===================================================================================
-    -->
-    <!-- Start adRealm commented out
-    <main>
-        <pair-key>adRealm</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.realm.ODLActiveDirectoryRealm</pair-value>
-    </main>
-    <main>
-        <pair-key>adRealm.searchBase</pair-key>
-        <pair-value>&quot;CN=Users,DC=example,DC=com&quot;</pair-value>
-    </main>
-    <main>
-        <pair-key>adRealm.systemUsername</pair-key>
-        <pair-value>aduser@example.com</pair-value>
-    </main>
-    <main>
-        <pair-key>adRealm.systemPassword</pair-key>
-        <pair-value>adpassword</pair-value>
-    </main>
-    <main>
-        <pair-key>adRealm.url</pair-key>
-        <pair-value>ldaps://adserver:636</pair-value>
-    </main>
-    <main>
-        <pair-key>adRealm.groupRolesMap</pair-key>
-        <pair-value>&quot;CN=sysadmin,CN=Users,DC=example,DC=com&quot;:&quot;admin&quot;, &quot;CN=unprivileged,CN=Users,DC=example,DC=com&quot;:&quot;user&quot;</pair-value>
-    </main>
-    End adRealm commented out-->
-
-    <!--
-      ===================================================================================
-      ================================== ODLJdbcRealm ===================================
-      ===================================================================================
-      =                                                                                 =
-      = Description:  A Realm implementation aimed at federating with an external JDBC  =
-      =               DBMS.                                                             =
-      ===================================================================================
-    -->
-    <!-- Start jdbcRealm commented out
-    <main>
-        <pair-key>ds</pair-key>
-        <pair-value>com.mysql.jdbc.Driver</pair-value>
-    </main>
-    <main>
-        <pair-key>ds.serverName</pair-key>
-        <pair-value>localhost</pair-value>
-    </main>
-    <main>
-        <pair-key>ds.user</pair-key>
-        <pair-value>user</pair-value>
-    </main>
-    <main>
-        <pair-key>ds.password</pair-key>
-        <pair-value>password</pair-value>
-    </main>
-    <main>
-        <pair-key>ds.databaseName</pair-key>
-        <pair-value>db_name</pair-value>
-    </main>
-    <main>
-        <pair-key>jdbcRealm</pair-key>
-        <pair-value>ODLJdbcRealm</pair-value>
-    </main>
-    <main>
-        <pair-key>jdbcRealm.dataSource</pair-key>
-        <pair-value>$ds</pair-value>
-    </main>
-    <main>
-        <pair-key>jdbcRealm.authenticationQuery</pair-key>
-        <pair-value>&quot;SELECT password FROM users WHERE user_name = ?&quot;</pair-value>
-    </main>
-    <main>
-        <pair-key>jdbcRealm.userRolesQuery</pair-key>
-        <pair-value>&quot;SELECT role_name FROM user_rolesWHERE user_name = ?&quot;</pair-value>
-    </main>
-    End jdbcRealm commented out-->
-
-    <!--
-      ===================================================================================
-      ================================= TokenAuthRealm ==================================
-      ===================================================================================
-      =                                                                                 =
-      = Description:  A Realm implementation utilizing a per node H2 database store.    =
-      ===================================================================================
-    -->
-<!--     <main> -->
-<!--         <pair-key>tokenAuthRealm</pair-key> -->
-<!--         <pair-value>org.opendaylight.aaa.shiro.realm.TokenAuthRealm</pair-value> -->
-<!--     </main> -->
-    <main>
-        <pair-key>tokenAuthRealm</pair-key>
-        <pair-value>org.onap.ccsdk.features.sdnr.wt.oauthprovider.OAuth2Realm</pair-value>
-    </main>
-
-    <!--
-      ===================================================================================
-      =================================== MdsalRealm ====================================
-      ===================================================================================
-      =                                                                                 =
-      = Description:  A Realm implementation utilizing the aaa.yang model.              =
-      ===================================================================================
-    -->
-    <!-- Start mdsalRealm commented out
-    <main>
-        <pair-key>mdsalRealm</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.realm.MdsalRealm</pair-value>
-    </main>
-    End mdsalRealm commented out-->
-
-    <!--
-      ===================================================================================
-      ================================= MoonAuthRealm ===================================
-      ===================================================================================
-      =                                                                                 =
-      = Description:  A Realm implementation aimed at federating with OPNFV Moon.       =
-      ===================================================================================
-    -->
-    <!-- Start moonAuthRealm commented out
-    <main>
-        <pair-key>moonAuthRealm</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.realm.MoonRealm</pair-value>
-    </main>
-    <main>
-        <pair-key>moonAuthRealm.moonServerURL</pair-key>
-        <pair-value>http://&lt;host&gt;:&lt;port&gt;</pair-value>
-    </main>
-    End moonAuthRealm commented out-->
-
-    <!--
-      ===================================================================================
-      ================================= KeystoneAuthRealm == ============================
-      ===================================================================================
-      =                                                                                 =
-      = Description:  A Realm implementation aimed at federating with an OpenStack      =
-      =               Keystone.                                                         =
-      ===================================================================================
-    -->
-    <!-- Start keystoneAuthRealm commented out
-    <main>
-        <pair-key>keystoneAuthRealm</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.realm.KeystoneAuthRealm</pair-value>
-    </main>
-    <main>
-        <pair-key>keystoneAuthRealm.url</pair-key>
-        <pair-value>https://&lt;host&gt;:&lt;port&gt;</pair-value>
-    </main>
-    <main>
-        <pair-key>keystoneAuthRealm.sslVerification</pair-key>
-        <pair-value>true</pair-value>
-    </main>
-    <main>
-        <pair-key>keystoneAuthRealm.defaultDomain</pair-key>
-        <pair-value>Default</pair-value>
-    </main>
-    -->
-
-    <!--
-    Add tokenAuthRealm as the only realm.  To enable mdsalRealm, add it to the list to he right of tokenAuthRealm.
-    -->
-    <main>
-        <pair-key>securityManager.realms</pair-key>
-        <pair-value>$tokenAuthRealm</pair-value>
-    </main>
-    <!-- Used to support OAuth2 use case. -->
-    <main>
-        <pair-key>authcBasic</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter</pair-value>
-    </main>
-    <main>
-        <pair-key>anyroles</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.AnyRoleHttpAuthenticationFilter</pair-value>
-    </main>
-    <main>
-        <pair-key>authcBearer</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.ODLHttpAuthenticationFilter2</pair-value>
-    </main>
-   
-    <!-- Start moonAuthRealm commented out
-    <main>
-        <pair-key>rest</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.MoonOAuthFilter</pair-value>
-    </main>
-    End moonAuthRealm commented out-->
-
-    <!-- in order to track AAA challenge attempts -->
-    <main>
-        <pair-key>accountingListener</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.filters.AuthenticationListener</pair-value>
-    </main>
-    <main>
-        <pair-key>securityManager.authenticator.authenticationListeners</pair-key>
-        <pair-value>$accountingListener</pair-value>
-    </main>
-
-    <!-- Model based authorization scheme supporting RBAC for REST endpoints -->
-    <main>
-        <pair-key>dynamicAuthorization</pair-key>
-        <pair-value>org.opendaylight.aaa.shiro.realm.MDSALDynamicAuthorizationFilter</pair-value>
-    </main>
-<!--     <main> -->
-<!--         <pair-key>securityManager.sessionManager.sessionIdCookieEnabled</pair-key> -->
-<!--         <pair-value>false</pair-value> -->
-<!--     </main> -->
-
-    <!--
-      ===================================================================================
-      =                                                                                 =
-      =                                                                                 =
-      =                                      URLS                                       =
-      =                                                                                 =
-      =                                                                                 =
-      ===================================================================================
-    -->
-    <!-- Start moonAuthRealm commented out
-    <urls>
-        <pair-key>/token</pair-key>
-        <pair-value>rest</pair-value>
-    </urls>
-    End moonAuthRealm commented out-->
-    <urls>
-        <pair-key>/**/operations/cluster-admin**</pair-key>
-        <pair-value>dynamicAuthorization</pair-value>
-    </urls>
-    <urls>
-        <pair-key>/**/v1/**</pair-key>
-        <pair-value>authcBearer, roles[admin]</pair-value>
-    </urls>
-    <urls>
-        <pair-key>/**/config/aaa*/**</pair-key>
-        <pair-value>authcBearer, roles[admin]</pair-value>
-    </urls>
-     <urls>
-        <pair-key>/oauth/**</pair-key>
-        <pair-value>anon</pair-value>
-    </urls>
-    <urls>
-        <pair-key>/odlux/**</pair-key>
-        <pair-value>anon</pair-value>
-    </urls>
-    <urls>
-        <pair-key>/apidoc/**</pair-key>
-        <pair-value>authcBasic, roles[admin]</pair-value>
-    </urls>
-     <urls>
-        <pair-key>/test123/**</pair-key>
-        <pair-value>authcBasic</pair-value>
-    </urls>
-    <urls>
-        <pair-key>/rests/**</pair-key>
-        <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
-    </urls>
-    <urls>
-        <pair-key>/**</pair-key>
-        <pair-value>authcBearer, anyroles["admin,provision"]</pair-value>
-    </urls>
-</shiro-configuration>
-
diff --git a/sdnr/wt/pom.xml b/sdnr/wt/pom.xml
index 13a34cd47..04fb07291 100644
--- a/sdnr/wt/pom.xml
+++ b/sdnr/wt/pom.xml
@@ -47,7 +47,7 @@
         <module>mountpoint-registrar</module>
         <module>netconfnode-state-service</module>
         <module>mountpoint-state-provider</module>
-        <!--<module>oauth-provider</module>-->
+        <module>oauth-provider</module>
         <module>featureaggregator</module>
     </modules>
 </project>