Upload preferences

Issue-ID: PORTAL-1082

Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
Change-Id: I265e0c8be481a279347aa653acc483c5017c996d

24 files changed, 1668 insertions, 0 deletions

diff --git a/app/LICENSE b/app/LICENSE
new file mode 100644
index 0000000..abe3069
--- /dev/null
+++ b/app/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright 2021 TNAP / development / system-team
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
diff --git a/app/LICENSE_HEADER b/app/LICENSE_HEADER
new file mode 100644
index 0000000..66e028a
--- /dev/null
+++ b/app/LICENSE_HEADER
@@ -0,0 +1,20 @@
+/*
+ *
+ * Copyright (c) ${year}. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
diff --git a/app/build.gradle b/app/build.gradle
new file mode 100644
index 0000000..1551d9e
--- /dev/null
+++ b/app/build.gradle
@@ -0,0 +1,109 @@
+plugins {
+	id 'java'
+	id 'idea'
+	id 'application'
+	id 'io.spring.dependency-management'
+	id 'org.springframework.boot'
+	id 'jacoco'
+	id 'org.sonarqube'
+	id 'com.gorylenko.gradle-git-properties'
+}
+
+group = 'org.onap'
+version = '0.1.1'
+sourceCompatibility = '17'
+targetCompatibility = '17'
+
+application {
+    mainClass = 'org.onap.portal.prefs.PortalPrefsApplication'
+}
+
+configurations {
+	compileOnly {
+		extendsFrom annotationProcessor
+	}
+
+	// avoid "LoggerFactory is not a Logback LoggerContext but Logback is on the classpath" error
+    all*.exclude module : 'logback-classic'
+}
+
+repositories {
+	mavenCentral()
+	maven {
+			url "https://plugins.gradle.org/m2/"
+	}
+}
+
+ext {
+        vavrVersion = '0.10.4'
+        problemVersion = '0.27.1'
+        logstashLogbackVersion = '7.2'
+		embedMongoVersion = '3.2.8'
+		embedMongoIntegrationVersion = '1.1.0-spring27x'
+        springCloudWiremockVersion = '3.1.0'
+}
+
+dependencies {
+	implementation project(':openapi')
+	implementation 'org.springframework.boot:spring-boot-starter-actuator'
+	implementation 'org.springframework.boot:spring-boot-starter-data-mongodb-reactive'
+	implementation 'org.springframework.boot:spring-boot-starter-oauth2-resource-server'
+	implementation 'org.springframework.boot:spring-boot-starter-security'
+	implementation 'org.springframework.boot:spring-boot-starter-webflux'
+	implementation 'org.springframework.boot:spring-boot-starter-validation'
+	implementation "io.vavr:vavr:$vavrVersion"
+	implementation "org.zalando:problem:$problemVersion"
+	implementation "net.logstash.logback:logstash-logback-encoder:$logstashLogbackVersion"
+
+	compileOnly 'org.projectlombok:lombok'
+
+	developmentOnly 'org.springframework.boot:spring-boot-devtools'
+
+	annotationProcessor 'org.springframework.boot:spring-boot-configuration-processor'
+	annotationProcessor 'org.projectlombok:lombok'
+
+	testImplementation 'org.springframework.boot:spring-boot-starter-test'
+	testImplementation 'io.projectreactor:reactor-test'
+	testImplementation 'io.rest-assured:rest-assured'
+	testImplementation "org.springframework.cloud:spring-cloud-contract-wiremock:$springCloudWiremockVersion"
+	testImplementation "de.flapdoodle.embed:de.flapdoodle.embed.mongo:$embedMongoVersion"
+	testImplementation "de.flapdoodle.embed:de.flapdoodle.embed.mongo.spring:$embedMongoIntegrationVersion"
+	testCompileOnly 'org.projectlombok:lombok'
+	testAnnotationProcessor 'org.projectlombok:lombok'
+}
+
+test {
+	useJUnitPlatform()
+	finalizedBy(jacocoTestReport)
+}
+
+jacocoTestReport {
+	reports {
+		xml.enabled true
+	}
+}
+
+sonarqube {
+	properties {
+		property "sonar.projectKey", "tnap.SONAR.portal.portal-prefs"
+		property "sonar.projectName", "portal-prefs"
+	}
+}
+
+configurations.implementation.setCanBeResolved(true)
+
+// avoid generating X.X.X-plain.jar
+jar {
+    enabled = false
+}
+
+springBoot {
+	buildInfo {
+		properties {
+			artifact = "onap-portal-prefs"
+			version = rootProject.file('version').text.trim()
+			group = "org.onap"
+			name = "Portal user preferences service"
+		}
+	}
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java b/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java
new file mode 100644
index 0000000..092c533
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/PortalPrefsApplication.java
@@ -0,0 +1,37 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs;
+
+import org.onap.portal.prefs.configuration.PortalPrefsConfig;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.context.properties.EnableConfigurationProperties;
+
+@EnableConfigurationProperties(PortalPrefsConfig.class)
+@SpringBootApplication
+public class PortalPrefsApplication {
+
+	public static void main(String[] args) {
+		SpringApplication.run(PortalPrefsApplication.class, args);
+	}
+
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java
new file mode 100644
index 0000000..77ef7f0
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/configuration/BeansConfig.java
@@ -0,0 +1,35 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.time.Clock;
+
+@Configuration
+public class BeansConfig {
+  @Bean
+  Clock clock() {
+    return Clock.systemUTC();
+  }
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java b/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java
new file mode 100644
index 0000000..b653fe3
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/configuration/LogInterceptor.java
@@ -0,0 +1,59 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.configuration;
+
+import org.onap.portal.prefs.util.Logger;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.reactive.ServerWebExchangeContextFilter;
+import org.springframework.web.server.ServerWebExchange;
+import org.springframework.web.server.WebFilter;
+import org.springframework.web.server.WebFilterChain;
+import reactor.core.publisher.Mono;
+
+import java.util.List;
+
+@Component
+public class LogInterceptor implements WebFilter {
+  public static final String EXCHANGE_CONTEXT_ATTRIBUTE =
+      ServerWebExchangeContextFilter.class.getName() + ".EXCHANGE_CONTEXT";
+
+  public static final String X_REQUEST_ID = "X-Request-Id";
+
+  @Override
+  public Mono<Void> filter(ServerWebExchange exchange, WebFilterChain chain) {
+    List<String> xRequestIdList = exchange.getRequest().getHeaders().get(X_REQUEST_ID);
+    if (xRequestIdList != null && !xRequestIdList.isEmpty()) {
+      String xRequestId = xRequestIdList.get(0);
+      Logger.requestLog(
+          xRequestId, exchange.getRequest().getMethod(), exchange.getRequest().getURI());
+      exchange.getResponse().getHeaders().add(X_REQUEST_ID, xRequestId);
+      exchange.getResponse().beforeCommit(() -> {
+        Logger.responseLog(xRequestId,exchange.getResponse().getStatusCode());
+        return Mono.empty();
+      });
+    }
+
+    return chain
+        .filter(exchange)
+        .contextWrite(cxt -> cxt.put(EXCHANGE_CONTEXT_ATTRIBUTE, exchange));
+  }
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java
new file mode 100644
index 0000000..3c03673
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/configuration/PortalPrefsConfig.java
@@ -0,0 +1,39 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.configuration;
+
+import javax.validation.constraints.NotBlank;
+
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.ConstructorBinding;
+
+import lombok.Data;
+
+@Data
+@ConstructorBinding
+@ConfigurationProperties("portal-prefs")
+public class PortalPrefsConfig {
+
+    @NotBlank
+    private final String realm;
+    
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java b/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java
new file mode 100644
index 0000000..531e90b
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/configuration/SecurityConfig.java
@@ -0,0 +1,53 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.configuration;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
+import org.springframework.security.config.web.server.ServerHttpSecurity;
+import org.springframework.security.web.server.SecurityWebFilterChain;
+
+/**
+ * Configures the access control of the API endpoints.
+ */
+// https://hantsy.github.io/spring-reactive-sample/security/config.html
+@EnableWebFluxSecurity
+@Configuration
+public class SecurityConfig {
+
+  @Bean
+  public SecurityWebFilterChain springSecurityWebFilterChain(ServerHttpSecurity http) {
+    return http.httpBasic().disable()
+        .formLogin().disable()
+        .csrf().disable()
+        .cors()
+        .and()
+        .authorizeExchange()
+        .pathMatchers(HttpMethod.GET, "/actuator/**").permitAll()
+        .anyExchange().authenticated()
+        .and()
+        .oauth2ResourceServer(ServerHttpSecurity.OAuth2ResourceServerSpec::jwt)
+        .build();
+  }
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java b/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java
new file mode 100644
index 0000000..584b3b4
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/controller/PreferencesController.java
@@ -0,0 +1,88 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.controller;
+
+
+import javax.validation.Valid;
+
+import org.onap.portal.prefs.exception.ProblemException;
+import org.onap.portal.prefs.openapi.api.PreferencesApi;
+import org.onap.portal.prefs.openapi.model.Preferences;
+import org.onap.portal.prefs.services.PreferencesService;
+import org.onap.portal.prefs.util.IdTokenExchange;
+import org.onap.portal.prefs.util.Logger;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.server.ServerWebExchange;
+
+import reactor.core.publisher.Mono;
+
+@RestController
+public class PreferencesController implements PreferencesApi {
+
+
+  private final PreferencesService preferencesService;
+
+  public PreferencesController(PreferencesService getPreferences){
+    this.preferencesService = getPreferences;
+  }
+
+  @Override
+  public Mono<ResponseEntity<Preferences>> getPreferences(String xRequestId, ServerWebExchange exchange) {
+    return IdTokenExchange
+      .extractUserId(exchange)
+      .flatMap(userid ->
+        preferencesService.getPreferences(userid)
+          .map(ResponseEntity::ok))
+          .onErrorResume(ProblemException.class, ex -> {
+              Logger.errorLog(xRequestId,"user preferences", null, "portal-prefs" );
+              return Mono.error(ex);
+          })
+      .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST));
+
+  }
+
+  @Override
+  public Mono<ResponseEntity<Preferences>> savePreferences(String xRequestId, @Valid Mono<Preferences> preferences,
+                                                           ServerWebExchange exchange) {
+  return IdTokenExchange
+    .extractUserId(exchange)
+    .flatMap(userid ->
+      preferences
+        .flatMap( pref ->
+          preferencesService
+            .savePreferences(xRequestId, userid, pref)))
+            .map( ResponseEntity::ok)
+        .onErrorResume(ProblemException.class, ex -> {
+          Logger.errorLog(xRequestId,"user preferences", null, "portal-prefs" );
+          return Mono.error(ex);
+        })
+    .onErrorReturn(new ResponseEntity<>(HttpStatus.BAD_REQUEST));
+  }
+
+  @Override
+  public Mono<ResponseEntity<Preferences>> updatePreferences(String xRequestId, @Valid Mono<Preferences> preferences, ServerWebExchange exchange) {
+    return savePreferences(xRequestId, preferences, exchange);
+  }
+
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java b/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java
new file mode 100644
index 0000000..45616a9
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/entities/PreferencesDto.java
@@ -0,0 +1,39 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.entities;
+
+import lombok.Getter;
+import lombok.Setter;
+import org.springframework.data.annotation.Id;
+import org.springframework.data.mongodb.core.mapping.Document;
+
+@Document
+@Getter
+@Setter
+public class PreferencesDto {
+  @Id
+  private String userId;
+
+  private Object properties;
+
+}
+
diff --git a/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java b/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java
new file mode 100644
index 0000000..b9d2a3d
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/exception/ProblemException.java
@@ -0,0 +1,53 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.exception;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.EqualsAndHashCode;
+import lombok.NoArgsConstructor;
+import org.zalando.problem.AbstractThrowableProblem;
+import org.zalando.problem.Problem;
+import org.zalando.problem.Status;
+import org.zalando.problem.StatusType;
+
+import java.net.URI;
+
+/** The default portal-prefs exception */
+@Data
+@Builder
+@AllArgsConstructor
+@NoArgsConstructor
+@EqualsAndHashCode(callSuper = true)
+public class ProblemException extends AbstractThrowableProblem {
+  @Builder.Default private final URI type = Problem.DEFAULT_TYPE;
+
+  @Builder.Default private final String title = "Bad preferences error";
+
+  @Builder.Default private final StatusType status = Status.BAD_REQUEST;
+
+  @Builder.Default private final String detail = "Please add more details here";
+
+  @Builder.Default private final URI instance = null;
+
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java b/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java
new file mode 100644
index 0000000..461ee1d
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/repository/PreferencesRepository.java
@@ -0,0 +1,28 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.repository;
+
+import org.onap.portal.prefs.entities.PreferencesDto;
+import org.springframework.data.mongodb.repository.ReactiveMongoRepository;
+
+public interface PreferencesRepository extends ReactiveMongoRepository<PreferencesDto, String> {
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java b/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java
new file mode 100644
index 0000000..f96dfea
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/services/PreferencesService.java
@@ -0,0 +1,80 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.services;
+
+import org.onap.portal.prefs.entities.PreferencesDto;
+import org.onap.portal.prefs.exception.ProblemException;
+import org.onap.portal.prefs.openapi.model.Preferences;
+import org.onap.portal.prefs.repository.PreferencesRepository;
+import org.onap.portal.prefs.util.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import reactor.core.publisher.Mono;
+
+@Service
+public class PreferencesService {
+
+  @Autowired
+  private PreferencesRepository repository;
+
+  public Mono<Preferences> getPreferences(String userId){
+    return repository
+      .findById(userId)
+      .switchIfEmpty(defaultPreferences())
+      .map(this::toPreferences);
+  }
+
+  public Mono<Preferences> savePreferences( String xRequestId, String userId, Preferences preferences){
+
+    var preferencesDto = new PreferencesDto();
+    preferencesDto.setUserId(userId);
+    preferencesDto.setProperties(preferences.getProperties());
+
+    return repository
+      .save(preferencesDto)
+      .map(this::toPreferences)  
+      .onErrorResume(ProblemException.class, ex -> {
+        Logger.errorLog(xRequestId,"user prefrences", userId, "portal-prefs" );
+        return Mono.error(ex);
+      });
+
+  }
+
+  private Preferences toPreferences(PreferencesDto preferencesDto) {
+    var preferences = new Preferences();
+    preferences.setProperties(preferencesDto.getProperties());
+    return preferences; 
+  }
+
+  /**
+   * Get a Preferences object that is initialised with an empty string.
+   * This is a) for convenience to not handle 404 on the consuming side and
+   * b) for security reasons
+   * @return PreferencesDto
+   */
+  private Mono<PreferencesDto> defaultPreferences() {
+    var preferencesDto = new PreferencesDto();
+    preferencesDto.setProperties("");
+    return Mono.just(preferencesDto);
+  }
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java b/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java
new file mode 100644
index 0000000..20f1581
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/util/IdTokenExchange.java
@@ -0,0 +1,91 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.util;
+
+import com.nimbusds.jwt.JWTParser;
+import io.vavr.control.Option;
+import io.vavr.control.Try;
+import org.springframework.web.server.ServerWebExchange;
+import org.zalando.problem.Problem;
+import org.zalando.problem.Status;
+import reactor.core.publisher.Mono;
+
+/**
+ * Represents a function that handles the <a href="https://jwt.io/introduction">JWT</a> identity token.
+ * Use this to check if the incoming requests are authorized to call the given endpoint
+ */
+
+public final class IdTokenExchange {
+
+  public static final String X_AUTH_IDENTITY_HEADER = "X-Auth-Identity";
+  public static final String JWT_CLAIM_USERID = "sub";
+
+  private IdTokenExchange(){
+
+  }
+
+  /**
+   * Extract the identity header from the given {@link ServerWebExchange}.
+   * @param exchange the ServerWebExchange that contains information about the incoming request
+   * @return the identity header in the form of <code>Bearer {@literal <Token>}<c/ode>
+   */
+  private static Mono<String> extractIdentityHeader(ServerWebExchange exchange) {
+    return io.vavr.collection.List.ofAll(
+            exchange.getRequest().getHeaders().getOrEmpty(X_AUTH_IDENTITY_HEADER))
+        .headOption()
+        .map(Mono::just)
+        .getOrElse(Mono.error(Problem.valueOf(Status.FORBIDDEN, "ID token is missing")));
+  }
+
+    /**
+   * Extract the identity token from the given {@link ServerWebExchange}.
+   * @see <a href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken">OpenId Connect ID Token</a>
+   * @param exchange the ServerWebExchange that contains information about the incoming request
+   * @return the identity token that contains user roles
+   */
+  private static Mono<String> extractIdToken(ServerWebExchange exchange) {
+    return extractIdentityHeader(exchange)
+        .map(identityHeader -> identityHeader.replace("Bearer ", ""));
+  }
+
+  /**
+   * Extract the <code>userId</code> from the given {@link ServerWebExchange}
+   * @param exchange the ServerWebExchange that contains information about the incoming request
+   * @return the id of the user
+   */
+  public static Mono<String> extractUserId(ServerWebExchange exchange) {
+     return extractIdToken(exchange)
+         .flatMap(
+             idToken ->
+                 Try.of(() -> JWTParser.parse(idToken))
+                     .mapTry(jwt -> Option.of(jwt.getJWTClaimsSet()))
+                     .map(
+                         optionJwtClaimSet ->
+                             optionJwtClaimSet
+                                 .flatMap(
+                                     jwtClaimSet ->
+                                         Option.of(jwtClaimSet.getClaim(JWT_CLAIM_USERID)))
+                                 .map(String.class::cast)
+                     .map( Mono::just).get())
+                     .getOrElseGet(Mono::error));
+  }
+}
diff --git a/app/src/main/java/org/onap/portal/prefs/util/Logger.java b/app/src/main/java/org/onap/portal/prefs/util/Logger.java
new file mode 100644
index 0000000..4f4ac6c
--- /dev/null
+++ b/app/src/main/java/org/onap/portal/prefs/util/Logger.java
@@ -0,0 +1,58 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.util;
+
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+
+import java.net.URI;
+
+@Slf4j
+public class Logger {
+
+  private Logger(){}
+
+  public static void requestLog(String xRequestId, HttpMethod methode, URI path) {
+    log.info("Portal-prefs - request - X-Request-Id {} {} {}", xRequestId, methode, path);
+  }
+
+  public static void responseLog(String xRequestId, HttpStatus code) {
+    log.info("Portal-prefs - response - X-Request-Id {} {}", xRequestId, code);
+  }
+
+  public static void errorLog(String xRequestId, String msg, String id, String app) {
+    log.info(
+        "Portal-prefs - error - X-Request-Id {} {} {} not found in {}", xRequestId, msg, id, app);
+  }
+
+  public static void errorLog(
+      String xRequestId, String msg, String id, String app, String errorDetails) {
+    log.info(
+        "Portal-prefs - error - X-Request-Id {} {} {} not found in {} error message: {}",
+        xRequestId,
+        msg,
+        id,
+        app,
+        errorDetails);
+  }
+}
diff --git a/app/src/main/resources/application-local.yml b/app/src/main/resources/application-local.yml
new file mode 100644
index 0000000..71fe8db
--- /dev/null
+++ b/app/src/main/resources/application-local.yml
@@ -0,0 +1,39 @@
+server:
+    port: 9001
+    address: 0.0.0.0
+
+spring:
+  jackson:
+    serialization:
+      # needed for serializing objects of type object
+      FAIL_ON_EMPTY_BEANS: false
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: http://localhost:8080/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint
+  data:
+    mongodb:
+      database: portal_prefs
+      host: localhost
+      port: 27017
+      username: root
+      password: password
+
+portal-prefs:
+    realm: ONAP
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: "*"
+  info:
+    build:
+      enabled: true
+    env:
+      enabled: true
+    git:
+      enabled: true
+    java:
+      enabled: true
diff --git a/app/src/main/resources/application.yml b/app/src/main/resources/application.yml
new file mode 100644
index 0000000..eb5b313
--- /dev/null
+++ b/app/src/main/resources/application.yml
@@ -0,0 +1,39 @@
+server:
+    port: 9001
+    address: 0.0.0.0
+
+spring:
+  jackson:
+    serialization:
+      # needed for serializing objects of type object
+      FAIL_ON_EMPTY_BEANS: false
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: ${KEYCLOAK_URL}/auth/realms/${KEYCLOAK_REALM}/protocol/openid-connect/certs #Keycloak Endpoint
+  data:
+    mongodb:
+      database: ${PORTALPREFS_DATABASE}
+      host: ${PORTALPREFS_HOST}
+      port: ${PORTALPREFS_PORT}
+      username: ${PORTALPREFS_USERNAME}
+      password: ${PORTALPREFS_PASSWORD}
+
+portal-prefs:
+    realm: ${KEYCLOAK_REALM}
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: "*"
+  info:
+    build:
+      enabled: true
+    env:
+      enabled: true
+    git:
+      enabled: true
+    java:
+      enabled: true
diff --git a/app/src/main/resources/logback-spring.xml b/app/src/main/resources/logback-spring.xml
new file mode 100644
index 0000000..05503bc
--- /dev/null
+++ b/app/src/main/resources/logback-spring.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration scan="true">
+    <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>${LOGBACK_LEVEL:-info}</level>
+        </filter>
+        <encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
+    </appender>
+
+    <root level="all">
+        <appender-ref ref="stdout"/>
+    </root>
+</configuration>
diff --git a/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java
new file mode 100644
index 0000000..7852c41
--- /dev/null
+++ b/app/src/test/java/org/onap/portal/prefs/BaseIntegrationTest.java
@@ -0,0 +1,163 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.github.tomakehurst.wiremock.client.WireMock;
+import com.nimbusds.jose.jwk.JWKSet;
+import org.onap.portal.prefs.util.IdTokenExchange;
+import org.onap.portal.prefs.configuration.PortalPrefsConfig;
+import io.restassured.RestAssured;
+import io.restassured.filter.log.RequestLoggingFilter;
+import io.restassured.filter.log.ResponseLoggingFilter;
+import io.restassured.specification.RequestSpecification;
+import io.vavr.collection.List;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.BeforeEach;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.web.server.LocalServerPort;
+import org.springframework.cloud.contract.wiremock.AutoConfigureWireMock;
+import org.springframework.http.MediaType;
+
+import java.util.UUID;
+
+/** Base class for all tests that has the common config including port, realm, logging and auth. */
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureWireMock(port = 0)
+public abstract class BaseIntegrationTest {
+
+//  @TestConfiguration
+//  public static class Config {
+//    @Bean
+//    WireMockConfigurationCustomizer optionsCustomizer() {
+//      return options -> options.extensions(new ResponseTemplateTransformer(true));
+//    }
+//  }
+
+  @LocalServerPort protected int port;
+  @Value("${portal-prefs.realm}")
+  protected String realm;
+
+  @Autowired protected ObjectMapper objectMapper;
+  @Autowired private TokenGenerator tokenGenerator;
+  @Autowired protected PortalPrefsConfig portalPrefsConfig;
+
+  @BeforeAll
+  public static void setup() {
+    RestAssured.filters(new RequestLoggingFilter(), new ResponseLoggingFilter());
+  }
+
+  /** Mocks the OIDC auth flow. */
+  @BeforeEach
+  public void mockAuth() {
+    WireMock.reset();
+
+    WireMock.stubFor(
+        WireMock.get(
+                WireMock.urlMatching(
+                    String.format("/auth/realms/%s/protocol/openid-connect/certs", realm)))
+            .willReturn(
+                WireMock.aResponse()
+                    .withHeader("Content-Type", JWKSet.MIME_TYPE)
+                    .withBody(tokenGenerator.getJwkSet().toString())));
+
+    final TokenGenerator.TokenGeneratorConfig config =
+        TokenGenerator.TokenGeneratorConfig.builder().port(port).realm(realm).sub("test-user").build();
+
+    WireMock.stubFor(
+        WireMock.post(
+                WireMock.urlMatching(
+                    String.format("/auth/realms/%s/protocol/openid-connect/token", realm)))
+            .withBasicAuth("test", "test")
+            .withRequestBody(WireMock.containing("grant_type=client_credentials"))
+            .willReturn(
+                WireMock.aResponse()
+                    .withHeader("Content-Type", MediaType.APPLICATION_JSON_VALUE)
+                    .withBody(
+                        objectMapper
+                            .createObjectNode()
+                            .put("token_type", "bearer")
+                            .put("access_token", tokenGenerator.generateToken(config))
+                            .put("expires_in", config.getExpireIn().getSeconds())
+                            .put("refresh_token", tokenGenerator.generateToken(config))
+                            .put("refresh_expires_in", config.getExpireIn().getSeconds())
+                            .put("not-before-policy", 0)
+                            .put("session_state", UUID.randomUUID().toString())
+                            .put("scope", "email profile")
+                            .toString())));
+  }
+
+    /**
+   * Builds an OAuth2 configuration including the roles, port and realm. This config can be used to
+   * generate OAuth2 access tokens.
+   *
+   * @param sub the userId
+   * @param roles the roles used for RBAC
+   * @return the OAuth2 configuration
+   */
+  protected TokenGenerator.TokenGeneratorConfig getTokenGeneratorConfig(String sub, List<String> roles) {
+    return TokenGenerator.TokenGeneratorConfig.builder()
+        .port(port)
+        .sub(sub)
+        .realm(realm)
+        .roles(roles)
+        .build();
+  }
+
+  /** Get a RequestSpecification that does not have an Identity header. */
+  protected RequestSpecification unauthenticatedRequestSpecification() {
+    return RestAssured.given().port(port);
+  }
+
+  /**
+   * Object to store common attributes of requests that are going to be made. Adds an Identity
+   * header for the <code>onap_admin</code> role to the request.
+   * @return the definition of the incoming request (northbound)
+   */
+  protected RequestSpecification requestSpecification() {
+    final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig("test-user", List.of("foo")));
+
+    return unauthenticatedRequestSpecification()
+        .auth()
+        .preemptive()
+        .oauth2(idToken)
+        .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken);
+  }
+
+  /**
+   * Object to store common attributes of requests that are going to be made. Adds an Identity
+   * header for the <code>onap_admin</code> role to the request.
+   * @param userId the userId that should be contained in the incoming request
+   * @return the definition of the incoming request (northbound)
+   */
+  protected RequestSpecification requestSpecification(String userId) {
+    final String idToken = tokenGenerator.generateToken(getTokenGeneratorConfig(userId, List.of("foo")));
+
+    return unauthenticatedRequestSpecification()
+        .auth()
+        .preemptive()
+        .oauth2(idToken)
+        .header(IdTokenExchange.X_AUTH_IDENTITY_HEADER, "Bearer " + idToken);
+  }
+}
diff --git a/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java
new file mode 100644
index 0000000..6883064
--- /dev/null
+++ b/app/src/test/java/org/onap/portal/prefs/TokenGenerator.java
@@ -0,0 +1,130 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs;
+
+import java.time.Clock;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Date;
+import java.util.UUID;
+
+import com.nimbusds.jose.JOSEObjectType;
+import com.nimbusds.jose.JWSAlgorithm;
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSSigner;
+import com.nimbusds.jose.crypto.RSASSASigner;
+import com.nimbusds.jose.jwk.JWKSet;
+import com.nimbusds.jose.jwk.KeyUse;
+import com.nimbusds.jose.jwk.RSAKey;
+import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
+import com.nimbusds.jwt.JWTClaimsSet;
+import com.nimbusds.jwt.SignedJWT;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import io.vavr.collection.List;
+import lombok.Builder;
+import lombok.Getter;
+import lombok.NonNull;
+
+@Component
+public class TokenGenerator {
+
+  private static final String ROLES_CLAIM = "roles";
+  private static final String USERID_CLAIM = "sub";
+
+  private final Clock clock;
+  private final RSAKey jwk;
+  private final JWKSet jwkSet;
+  private final JWSSigner signer;
+
+  @Autowired
+  public TokenGenerator(Clock clock) {
+    try {
+      this.clock = clock;
+      jwk =
+          new RSAKeyGenerator(2048)
+              .keyUse(KeyUse.SIGNATURE)
+              .keyID(UUID.randomUUID().toString())
+              .generate();
+      jwkSet = new JWKSet(jwk);
+      signer = new RSASSASigner(jwk);
+    } catch (Exception e) {
+      throw new RuntimeException(e);
+    }
+  }
+
+  public JWKSet getJwkSet() {
+    return jwkSet;
+  }
+
+  public String generateToken(TokenGeneratorConfig config) {
+    final Instant iat = clock.instant();
+    final Instant exp = iat.plus(config.expireIn);
+
+    final JWTClaimsSet claims =
+        new JWTClaimsSet.Builder()
+            .jwtID(UUID.randomUUID().toString())
+            .subject(UUID.randomUUID().toString())
+            .issuer(config.issuer())
+            .issueTime(Date.from(iat))
+            .expirationTime(Date.from(exp))
+            .claim(ROLES_CLAIM, config.getRoles())
+            .claim(USERID_CLAIM, config.getSub())
+            .build();
+
+    final SignedJWT jwt =
+        new SignedJWT(
+            new JWSHeader.Builder(JWSAlgorithm.RS256)
+                .keyID(jwk.getKeyID())
+                .type(JOSEObjectType.JWT)
+                .build(),
+            claims);
+
+    try {
+      jwt.sign(signer);
+    } catch (Exception e) {
+      throw new RuntimeException(e);
+    }
+
+    return jwt.serialize();
+  }
+
+  @Getter
+  @Builder
+  public static class TokenGeneratorConfig {
+    private final int port;
+
+    @NonNull private final String sub;
+
+    @NonNull private final String realm;
+
+    @NonNull @Builder.Default private final Duration expireIn = Duration.ofMinutes(5);
+
+    @Builder.Default private final List<String> roles = List.empty();
+
+    public String issuer() {
+      return String.format("http://localhost:%d/auth/realms/%s", port, realm);
+    }
+  }
+}
diff --git a/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java
new file mode 100644
index 0000000..95e9b2a
--- /dev/null
+++ b/app/src/test/java/org/onap/portal/prefs/actuator/ActuatorIntegrationTest.java
@@ -0,0 +1,48 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.actuator;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.onap.portal.prefs.BaseIntegrationTest;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.availability.ApplicationAvailability;
+import org.springframework.boot.availability.LivenessState;
+import org.springframework.boot.availability.ReadinessState;
+
+class ActuatorIntegrationTest extends BaseIntegrationTest {
+    
+    @Autowired private ApplicationAvailability applicationAvailability;
+
+    @Test
+    void livenessProbeIsAvailable() {
+      assertThat(applicationAvailability.getLivenessState()).isEqualTo(LivenessState.CORRECT);
+    }
+  
+    @Test
+    void readinessProbeIsAvailable() {
+  
+      assertThat(applicationAvailability.getReadinessState())
+          .isEqualTo(ReadinessState.ACCEPTING_TRAFFIC);
+    }
+}
diff --git a/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java
new file mode 100644
index 0000000..b5f4cf1
--- /dev/null
+++ b/app/src/test/java/org/onap/portal/prefs/preferences/PreferencesControllerIntegrationTest.java
@@ -0,0 +1,198 @@
+/*
+ *
+ * Copyright (c) 2022. Deutsche Telekom AG
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ *
+ */
+
+package org.onap.portal.prefs.preferences;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import org.junit.jupiter.api.Test;
+import org.onap.portal.prefs.BaseIntegrationTest;
+import org.onap.portal.prefs.openapi.model.Preferences;
+import org.onap.portal.prefs.services.PreferencesService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+
+import io.restassured.http.ContentType;
+import io.restassured.http.Header;
+
+class PreferencesControllerIntegrationTest extends BaseIntegrationTest {
+
+    protected static final String X_REQUEST_ID = "addf6005-3075-4c80-b7bc-2c70b7d42b57";
+
+    @Autowired
+    PreferencesService preferencesService;
+
+    @Test
+    void thatUserPreferencesCanBeRetrieved() {
+        // First save a user preference before a GET can run
+        Preferences expectedResponse = new Preferences()
+            .properties("{\n" +
+                "    \"properties\": { \"appStarter\": \"value1\",\n" +
+                "    \"dashboard\": {\"key1:\" : \"value2\"}\n" +
+                "    } \n" +
+                "}");
+        preferencesService
+            .savePreferences(X_REQUEST_ID,"test-user", expectedResponse)
+            .block();
+
+        Preferences actualResponse = requestSpecification("test-user")
+            .given()
+            .accept(MediaType.APPLICATION_JSON_VALUE)
+            .header(new Header("X-Request-Id", X_REQUEST_ID))
+            .when()
+            .get("/v1/preferences")
+            .then()
+            .statusCode(HttpStatus.OK.value())
+            .extract()
+            .body()
+            .as(Preferences.class);
+
+        assertThat(actualResponse).isNotNull();
+        assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties());
+    }
+    
+    @Test
+    void thatUserPreferencesCanNotBeRetrieved() {
+        unauthenticatedRequestSpecification()
+            .given()
+            .accept(MediaType.APPLICATION_JSON_VALUE)
+            .contentType(ContentType.JSON)
+            .header(new Header("X-Request-Id", X_REQUEST_ID))
+            .when()
+            .get("/v1/preferences")
+            .then()
+            .statusCode(HttpStatus.UNAUTHORIZED.value());
+    }
+
+    @Test
+    void thatUserPreferencesCanBeSaved() {
+        Preferences expectedResponse = new Preferences()
+            .properties("{\n" +
+                "    \"properties\": { \"appStarter\": \"value1\",\n" +
+                "    \"dashboard\": {\"key1:\" : \"value2\"}\n" +
+                "    } \n" +
+                "}");
+        Preferences actualResponse = requestSpecification()
+            .given()
+            .accept(MediaType.APPLICATION_JSON_VALUE)
+            .contentType(ContentType.JSON)
+            .header(new Header("X-Request-Id", X_REQUEST_ID))
+            .body(expectedResponse)
+            .when()
+            .post("/v1/preferences")
+            .then()
+            .statusCode(HttpStatus.OK.value())
+            .extract()
+            .body()
+            .as(Preferences.class);
+
+        assertThat(actualResponse).isNotNull();
+        assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties());
+    }
+
+    @Test
+    void thatUserPreferencesCanBeUpdated() {
+        // First save a user preference before a GET can run
+        Preferences initialPreferences = new Preferences()
+            .properties("{\n" +
+                "    \"properties\": { \"appStarter\": \"value1\",\n" +
+                "    \"dashboard\": {\"key1:\" : \"value2\"}\n" +
+                "    } \n" +
+                "}");
+        preferencesService
+            .savePreferences(X_REQUEST_ID,"test-user", initialPreferences)
+            .block();
+
+        Preferences expectedResponse = new Preferences()
+            .properties("{\n" +
+                "    \"properties\": { \"appStarter\": \"value3\",\n" +
+                "    \"dashboard\": {\"key2:\" : \"value4\"}\n" +
+                "    } \n" +
+                "}");
+        Preferences actualResponse = requestSpecification("test-user")
+            .given()
+            .accept(MediaType.APPLICATION_JSON_VALUE)
+            .contentType(ContentType.JSON)
+            .header(new Header("X-Request-Id", X_REQUEST_ID))
+            .body(expectedResponse)
+            .when()
+            .put("/v1/preferences")
+            .then()
+            .statusCode(HttpStatus.OK.value())
+            .extract()
+            .body()
+            .as(Preferences.class);
+
+        assertThat(actualResponse).isNotNull();
+        assertThat(actualResponse.getProperties()).isEqualTo(expectedResponse.getProperties());
+    }
+
+    @Test
+    void thatUserPreferencesCanNotBeFound() {
+
+        Preferences actualResponse = requestSpecification("test-canNotBeFound")
+            .given()
+            .accept(MediaType.APPLICATION_JSON_VALUE)
+            .header(new Header("X-Request-Id", X_REQUEST_ID))
+            .when()
+            .get("/v1/preferences")
+            .then()
+            .statusCode(HttpStatus.OK.value())
+            .extract()
+            .body()
+            .as(Preferences.class);
+
+        assertThat(actualResponse).isNotNull();
+        assertThat(actualResponse.getProperties()).isEqualTo("");
+    }
+
+    @Test
+    void thatUserPreferencesHasXRequestIdHeader() {
+
+        String actualResponse = requestSpecification("test-user")
+            .given()
+            .accept(MediaType.APPLICATION_JSON_VALUE)
+            .header(new Header("X-Request-Id", X_REQUEST_ID))
+            .when()
+            .get("/v1/preferences")
+            .then()
+            .statusCode(HttpStatus.OK.value())
+            .extract()
+            .header("X-Request-Id");
+
+        assertThat(actualResponse).isNotNull().isEqualTo(X_REQUEST_ID);
+    }
+
+    @Test
+    void thatUserPreferencesHasNoXRequestIdHeader() {
+
+         requestSpecification("test-user")
+            .given()
+            .accept(MediaType.APPLICATION_JSON_VALUE)
+            .when()
+            .get("/v1/preferences")
+            .then()
+            .statusCode(HttpStatus.BAD_REQUEST.value());
+
+
+    }
+}
diff --git a/app/src/test/resources/application.yml b/app/src/test/resources/application.yml
new file mode 100644
index 0000000..3316c0d
--- /dev/null
+++ b/app/src/test/resources/application.yml
@@ -0,0 +1,35 @@
+server:
+  port: 9001
+  address: 0.0.0.0
+
+spring:
+  mongodb:
+    embedded:
+      version: 3.2.8
+  jackson:
+    serialization:
+      # needed for serializing objects of type object
+      FAIL_ON_EMPTY_BEANS: false
+  security:
+    oauth2:
+      resourceserver:
+        jwt:
+          jwk-set-uri: http://localhost:${wiremock.server.port}/auth/realms/ONAP/protocol/openid-connect/certs #Keycloak Endpoint
+
+portal-prefs:
+  realm: ONAP
+
+management:
+  endpoints:
+    web:
+      exposure:
+        include: "*"
+  info:
+    build:
+      enabled: true
+    env:
+      enabled: true
+    git:
+      enabled: true
+    java:
+      enabled: true
diff --git a/app/src/test/resources/logback-spring.xml b/app/src/test/resources/logback-spring.xml
new file mode 100644
index 0000000..05503bc
--- /dev/null
+++ b/app/src/test/resources/logback-spring.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration scan="true">
+    <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
+        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+            <level>${LOGBACK_LEVEL:-info}</level>
+        </filter>
+        <encoder class="net.logstash.logback.encoder.LogstashEncoder"/>
+    </appender>
+
+    <root level="all">
+        <appender-ref ref="stdout"/>
+    </root>
+</configuration>